Sally
SALLY
Guide

How to Check if a Token Is a Honeypot on Base

June 29, 20268 min read

What a honeypot is, and why a rising chart is not safety

A honeypot is a token you can buy but cannot sell. The contract accepts your money, shows a clean chart and even lets other people keep buying, but the code that handles transfers quietly blocks, reverts or taxes away any attempt to sell. Because the buy side works perfectly, a honeypot can run for hours or days, pulling in victims while the exit stays shut.

This is exactly why a price that "only goes up" is a warning sign rather than a green light. If nobody can sell, there is no sell pressure, so the chart climbs in a straight line. New traders read that as momentum; in reality it is the signature of a trap. You can read a fuller definition of a honeypot token in the glossary, but the practical takeaway is simple: never judge sellability from the chart.

Honeypots are one of the most common ways people lose money on a decentralized exchange, and they are cheap to deploy. The good news is that they are also detectable — if you test the one thing that matters, which is whether a round trip actually completes.

The only reliable test: simulate a real sell

Most "honeypot detectors" simply look up a static flag in a third-party database or read the verified source code. That fails in two ways: the source may be unverified or deliberately misleading, and a database entry is only as fresh as the last time someone reported the token. A contract deployed minutes ago, or one that was edited after listing, will not be in any list.

The dependable approach is to dry-run an actual buy followed by an actual sell against the live contract through real liquidity, and see whether both legs succeed. That is what Sally's honeypot checker does. It executes an on-chain buy then sell simulation on Base and BNB Smart Chain and reports whether the round trip works, alongside the buy and sell tax it measured, rather than trusting what the contract claims about itself.

Because the test runs against the live deployment, it catches traps that static checks miss: hidden whitelists, sell functions that revert for non-privileged wallets, and taxes that only bite on exit. A quote from a DEX will never show these — you only feel them at execution, which is too late.

Step by step: scan a token with Sally

Scanning takes under a minute and does not move any funds — the simulation is a read-only dry run, not a real trade. Follow these steps:

  • Copy the token contract address (not the pair address) from the explorer, the project site or wherever you found the token.
  • Open the honeypot checker and make sure the network is set to the chain the token lives on — Base or BNB Smart Chain.
  • Paste the address into the scanner and run the check.
  • Read the report top to bottom: sellability first, then buy and sell tax, then ownership, proxy status, and liquidity and lock signals.
  • If anything in the red-flags checklist below trips, stop and reconsider before buying.

How to read the report

Sellability is the headline. If the simulated sell fails, treat the token as a honeypot regardless of how good the chart looks. If it succeeds, move on to the details, because "sellable right now" is necessary but not sufficient.

Buy and sell tax tell you the real cost of a round trip. A modest, symmetric tax is survivable; a very high sell tax, or a sell tax far larger than the buy tax, can take most of your money on exit. A high tax is not the same as price slippage from a thin pool — it is charged by the token contract itself and will not appear in a normal swap quote.

Ownership and upgradeability decide how much can change after you buy. Renounced ownership means the deployer can no longer flip switches; an active owner can often raise taxes or pause selling later. A proxy or upgradeable contract means the logic itself can be swapped out, so a token that passes today can be made malicious tomorrow.

Liquidity and lock signals tell you whether the pool can be pulled. Thin liquidity makes exit expensive even on a clean token, and unlocked liquidity means the team can withdraw the pool — a rug pull — at any time. Sally surfaces locked value and lock status alongside the safety checks. An optional AI bytecode analysis can also flag suspicious patterns in the compiled contract when source is unverified.

Red-flags checklist

If you only remember one section, make it this one. Any single item here is a reason to slow down; several together is a reason to walk away.

  • The simulated sell fails — the token cannot be sold.
  • Sell tax is very high, or much higher than the buy tax.
  • Ownership is not renounced and the owner can change taxes or pause trading.
  • The contract is a proxy or otherwise upgradeable, so its logic can change after your scan.
  • Liquidity is thin, or the liquidity is not locked and can be withdrawn.
  • The chart only goes up with no sells — often a sign nobody can exit.

Limitations: re-check before a big buy

A scan is a snapshot of the contract at one moment, and an honest guide has to say so. Owner-controlled taxes can be raised after you pass a check. Time-delayed traps can keep selling open for a window and then close it. And because a proxy can be upgraded, a token that simulates a clean sell now can be pointed at malicious logic later.

The practical defence is to re-scan immediately before any significant purchase rather than relying on a result from an hour or a day ago, and to size positions on the assumption that conditions can change. A scan tells you the state of the trap right now; it cannot promise the trap will not be built after you look.

Pair the sell simulation with the ownership, proxy and liquidity signals rather than reading any one in isolation. Sellable plus renounced plus locked liquidity is a far stronger position than sellable alone.

Your address stays private

Some checkers send the address you are investigating to a third-party API, which leaks what you are about to buy. Sally's honeypot checker runs the simulation on its own infrastructure with no third-party lookup, so the scanned address never leaves Sally. Everything you might later sign — an actual swap, for instance — happens from your own wallet, non-custodially.

That keeps your research quiet and keeps custody where it belongs. The scan reads the chain; it never takes control of your funds.

FAQ

FAQ

Related

Command palette

Jump to a page or run an action