A rug pull is rarely a mysterious hack. It is usually a permissions event. Someone has the ability to change a rule, remove a backstop, or redirect value. The project may look “decentralized” on the surface while still having a single key that controls taxes, blacklists, minting, upgradeability, or liquidity custody.
The repeatable way to evaluate a risk is to map the project to three questions.
Who can change the token’s transfer rules? Who can change the pool’s liquidity conditions? Who controls the execution path for swaps and approvals?
Those questions produce practical checks that catch most recurring rug patterns.
This is the classic. The token may be transferable, the pool may be real, and the UI may look clean. The failure is simple: the liquidity is removable.
In v2-style pools, liquidity is represented by LP tokens. Whoever holds the LP tokens can remove liquidity, which pulls reserves out of the pool and collapses price.
The real check is to identify where the LP tokens are held. If the deployer wallet holds most LP tokens, the project can rug at any moment. If a locker contract holds LP tokens, the locker terms determine safety, not the marketing copy. If the LP tokens are burned to a dead address, the liquidity becomes effectively permanent, though the project still can rug via token mechanics.
A supporting sanity check is to confirm the pool’s reserves and whether they move in a suspicious pattern. Uniswap v2 pairs expose reserves via getReserves. A sudden reserve drop without a corresponding market event often indicates liquidity removal.
A honeypot allows buys but blocks sells, or allows sells only for whitelisted addresses. These tokens often present as normal ERC-20s at a glance. The restrictions hide behind custom transfer logic that checks the recipient, the sender, the router, or the pair address.
A practical check is to run a controlled sell attempt with a very small amount, but doing that with a live transaction still risks loss. A safer option is transaction simulation, which can show whether the sell call reverts or routes value unexpectedly.
Even without simulation, transfer gates leave clues: If the token has functions that set or update a blacklist, whitelist, trading status, or max transaction amounts, there is a path to enforcement. Access control becomes the next question.
Tax tokens are not inherently a rug. Mutable taxes are. A typical trap starts with a low buy tax to attract early volume. Once liquidity builds, a privileged function increases the sell tax dramatically, sometimes near 100%. Exiting becomes uneconomical or impossible.
The real check is not the tax level. It is whether the tax can change, and who can change it.
Projects often implement ownership-based permissioning. OpenZeppelin’s Ownable pattern shows how an owner role is typically enforced and how ownership can be transferred. If ownership exists and there is no governance delay, tax changes can be instant.
Projects also use role-based permissions. AccessControl has a DEFAULT_ADMIN_ROLE that can manage other roles, which concentrates power unless it is constrained by a process or delay.
A token can “renounce” ownership and still retain privileged roles through AccessControl, or retain upgrade rights through a proxy. Ownership renunciation is irreversible in standard Ownable patterns, but it is not a universal guarantee of decentralization because it may not cover every privilege path.
Some rugs do not touch liquidity at all. They inflate supply. If a token can mint new tokens to a privileged address, the project can dump into the pool, draining reserves and crashing price. Burning supply does not stop this if minting stays possible.
The real checks here are:
A quick scan of “write” functions on the token contract often reveals mint, setMinter, or role assignment pathways. If the explorer shows a proxy or upgradeability, the check expands to whether new mint functions can be introduced later.
Upgradeable contracts are used for legitimate reasons, but they change the risk model. With a proxy, the visible contract address can keep the same, while the logic behind it changes. A token can behave safely today and behave maliciously tomorrow.
OpenZeppelin’s proxy documentation outlines how upgradeability works and how upgrade logic is handled in common proxy patterns. When an admin can upgrade without delay, governance is effectively centralized.
The real check is to identify the upgrade authority and whether the upgrade process has friction. A multisig and a timelock do not eliminate risk, but they raise the cost of sudden malicious changes and give observers time to react.
Some rugs avoid token restrictions and instead manipulate the execution path. A lookalike front-end can call a fake router that has a hidden recipient, or can request approvals to an unfamiliar spender. The user experiences a “swap” but signs permissions that enable later theft.
The real check is to treat approvals as primary risk signals. If a transaction requests an unlimited approval, the spender address must be understood. If the spender is not the expected router or settlement contract, the permission is likely unsafe.
After interacting, approvals are reviewed and revoked. Revoke.cash provides an approvals view and revocation flow across many chains.
Some rugs are not contract-level at all. They are copy-paste failures. Address poisoning places lookalike addresses in a wallet’s transaction history, nudging a user to copy the wrong address later. This is especially dangerous when a user manually pastes token or router addresses from recent activity.
The real check is operational: addresses come from a verified source page or a verified contract profile, not from history and not from social posts.
These checks are most effective when they become routine. A small checklist prevents “research fatigue” and catches the patterns that repeat most often.
This is not a guarantee of safety. It is a way to avoid the most common avoidable failures.
Rug pulls repeat because the same levers keep working: liquidity custody, mutable permissions, upgradeability, and execution-path manipulation. A field guide mindset turns those levers into concrete, fast checks that improve survival odds across cycles.
The post Rug Pull Patterns That Repeat: A Field Guide With Real Checks appeared first on Crypto Adventure.
