The Token Safety
Scanner
Not a green light. A flashlight. See a token's structural risks — and exactly what these reads can't see.
Paste a token. The Scanner reads three independent facts — is it an upgradeable proxy, does it carry a mint entrypoint, who controls it — each triple-verified. No safe/unsafe score: facts and named blind spots, so you judge with your eyes open.
Every “token checker” gives you a green light. Green lights get people rekt.
A single SAFE/UNSAFE score is a buy signal wearing a lab coat — and the moment it says “safe” and someone loses money, the tool is worthless. So this scanner refuses to give one. Instead it reads three independent structural facts off the chain — is the contract an upgradeable proxy (someone can swap its code), does its bytecode carry a mint entrypoint (supply can potentially grow), and who controls it — and it tells you exactly what each fact does not establish. You get the flashlight, not the verdict.
The detection is adversarially hardened, because a malicious author engineers a token to look clean under naive checks. It reads six canonical proxy-storage slots (not just EIP-1967 — the older zeppelinos layout that USDC itself uses would otherwise slip through), scans the implementation's bytecode when a token is a proxy, and reads owner and proxy-admin as separate power surfaces. Every value is triple-verified across three RPCs; anything that doesn't reach 3/3 is shown as “not verified”, never guessed.
It is the token-level companion to the LP Risk Radar and the Fork-Mirror Detector. Same rule as all of them: facts, named blind spots, no advice.
Three facts, and what they don't cover
Proxy, mint, ownership — read straight off the chain, 3 RPCs each, presented as facts you can act on, never a score you can blame us for.