Skip to main content

Tok{In} API (beta)

The Tok{In} API offers an array of features that can help determine on whether a token is malicious or not. From storage checks, to simulation and static analsysis features. In its current form the Tok{In} API supports all ERC20 contracts on Ethereum, with more chains coming soon. The features are across all Uniswap V2/V3 pools with V4 support coming soon.

Static Analysis Features

We leverage the Gigahorse decompiler to analyze contracts whose source code is unavailable. The decompiled bytecode is checked for patterns commonly associated with undesirable behaviors in ERC20 tokens.

mint_or_burn_function:

There is a public function that changes the token’s total supply

selfdestruct:

The contract contains a selfdestruct call. (Note: The EVM no longer supports the SELFDESTRUCT opcode, so this is now a no-op.)

trading_cooldown:

An address must wait for a certain period after its last transfer before it can transfer tokens again.

view_function_modifies_state:

A function with the signature of one of the view functions defined by EIP-20 updates a storage variable.

has_trading_cap:

The amount of tokens transferred by a single call to transfer cannot exceed a value, either constant or held in storage.

has_trading_cap_functionality:

There is code that could enforce a trading cap. This can be true even if the cap is disabled.

trading_cap_can_be_modified:

The transfer amount cap is held in storage and there is function that can update it.

has_position_cap:

The amount of tokens an address can hold cannot exceed a value, either constant or held in storage.

position_cap_can_be_modified:

The position cap is held in storage and there is function that can update it.

has_position_cap_functionality:

There is code that could enforce a position cap. This can be true even if the cap is disabled.

has_owner_functionality:

There is functionality that could let one or more addresses have access to functionality of the token that the rest do not. This can be true even if the owner has been renounced.

owner_address

The address of the owner.

has_pause_functionality:

The token has code that could pause trading. Can be true even if the current state of the contract does not allow pausing functionality to be re-enabled.

pause_status_can_be_modified

The pause status can be changed in the future.

has_blacklist_or_whitelist:

Addresses can be restricted from trading the token.

external_call:

There is a call to another contract, whose target is not statically known and/or returns arbitrary data that are used by the token.

timebomb:

Certain functionality is only enabled after a specific timestamp.

has_tax_functionality:

This token has a tax functionality implemented. This could be true even if the current tax is 0 as the taxes could have been wiped.

tax_can_be_modified:

Tax value can be updated.

is_open_source:

This indicates whether the contract's source code is available.

is_proxy:

Indicates if the contract is a proxy contract.

Simulation Features

transfer_tax

  • send_tax (%): Calculated as the percentage loss from the sender's balance — e.g., if the sender sent 100 tokens and 110 were deducted, the send tax is 10%.
  • receive_tax (%): Calculated as the percentage the recipient received — e.g., if the sender sent 100 tokens and the recipient only received 90, the receive tax is 10%.
  • All values are expressed as percentages (e.g., 0.0 means 0%).

dex

An array of liquidity pools (Uniswap V2/V3 forks) where the token is paired with WETH, USDC, or USDT, along with details on liquidity and trading behavior.

{
  "pair": "0x...",
  "liquidity_type": "UniV2" | "UniV3",
  "liquidity": 2455608.22,
  "buy_success": true,
  "buy_tax": 0.0,
  "sell_success": true,
  "sell_tax": 0.0,
  "errorMessage": null,
  "errorCode": null
}

  • pair: Address of the liquidity pair.

  • liquidity_type: Type of the pool. UniV2 = Uniswap V2 or compatible fork; UniV3 = Uniswap V3 or compatible fork.

  • liquidity: USD value of the pool's known-token reserves:

    • For V2 pools: Calculated using the USD value of the known side of the pair (WETH, USDC or USDT) by calling getReserves().
    • For V3 pools: Estimated using balanceOf() on the known token — while not exact, it is a practical approximation that serves as a useful indicator of pool health and liquidity status.

  • buy_success: Whether buying the token (e.g., WETH -> token) succeeded during simulation.

  • buy_tax (%): Tax incurred on a buy.

  • sell_success: Whether selling the token succeeded.

  • sell_tax (%): Tax incurred on a sell.

  • errorMessage / errorCode: Populated for failed queries (e.g., low liquidity, failed swaps).

is_liquid:

This boolean indicates if the token is liquid, i.e. if at least one pool has more than $100 (in weth/usdc/usdt) value in it.

Notes on liquidity

  • For V2 pools, using the known token side (e.g., WETH in WETH/XYZ) is reliable since the reserves are fixed.
  • For V3 pools, the balanceOf() method on the known token offers a fast heuristic to assess pool liquidity. While it has some limitations — such as including uncollected fees or dust and not reflecting active price ranges — it still provides a strong signal of pool activity and health. In most cases, very low balances are a reliable indicator of illiquidity or abandoned pools.

Other features

name

Name of the token.

symbol

Symbol of the token.

supply

Total supply of the token

creator_address

Address of the creator of the token.

creator_balance

Amount of tokens held by the creator.

creator_percent

Percentage of the total supply held by the creator of the token.

is_in_dex

The token has is in at least one DEX.

cannot_buy

Returns true if the token cannot be bought through any of the listed pools or if all the pools are too illiquid (less than $100).