What is a honeypot token?

A honeypot is a token whose contract or liquidity setup lets you buy but blocks or punishes selling, usually via hidden fees, blacklists, or paused transfers.

Can scanners like Honeypot.is or GoPlus detect every honeypot?

No. They simulate trades against current state, but contracts with owner-toggled flags or proxy upgrades can flip from safe to malicious after the scan.

Are presales themselves honeypots?

Not all, but presale tokens are higher risk because the contract often isn't tradeable yet, so live sell-side simulation isn't possible until launch.

Presale honeypot detection for retail buyers. How to spot tokens you can buy but never sell, with on-chain checks, scanner caveats, and red flags.

Presale Honeypot Detection: A Practical Skeptic’s Checklist

If you have spent any time in this space, you already know the pattern. A new token launches, the chart goes vertical, the Telegram is euphoric, and then the first person tries to sell and the transaction reverts. That is presale honeypot detection in its most painful form: learning after the fact. This guide is for retail buyers who would rather learn before. It assumes you have been burned at least once, or know someone who has, and that you do not want to outsource your judgement to a green checkmark on a scanner.

We are going to walk through what a honeypot actually is at the contract level, why presale tokens are a particularly nasty version of the problem, what the popular scanners can and cannot see, and a manual checklist you can run in fifteen minutes before sending money.

What a honeypot actually is

A honeypot is not a single technique. It is a category of contract behaviour where buying works and selling does not, or where selling works only for a privileged address. The common implementations are:

Hidden sell tax of 99 or 100 percent. Buys go through with a normal fee. Sells route almost the entire amount to the deployer wallet.
Blacklist on transfer. A mapping called _blacklist, _bots, _excluded, or similar. The owner can add any address. Blacklisted wallets cannot call transfer or transferFrom.
Whitelist-only sells. The inverse. Only addresses in a whitelist can sell. Everyone else reverts.
Paused transfers. A boolean flag, often tradingEnabled, that the owner can flip. Buys are allowed; the moment buy pressure dries up, sells get paused.
Max transaction or max wallet that you exceed by design. Some contracts let you buy more than you are allowed to sell in one transaction, trapping the position.
Proxy upgrades. The contract today is fine. Tomorrow the proxy points to a new logic contract that is not.

These are not exotic. They are well-documented patterns, and you can read the underlying mechanics in the Solidity function modifier docs. The point is that the contract is the law, and the law can be written to favour the deployer.

Why presales are the worst case for detection

Most honeypot scanners work by simulating a buy and a sell against a forked state of the chain. That requires liquidity to exist. A presale token, by definition, has not launched yet. There is no DEX pair to simulate against. So the entire automated detection toolkit is blind until the moment trading goes live, which is the same moment your money is already in.

This is why presale due diligence has to be code-first and reputation-first, not scanner-first. We covered the broader framework in our presale scoring methodology, and the honeypot question is one input into that score.

What the scanners can and cannot do

Three tools come up constantly: Honeypot.is, GoPlus, and Token Sniffer. They are useful, but you should understand their limits.

What they catch well: static contract patterns like obvious blacklist mappings, missing renounceOwnership, mintable supply, hidden fees above a threshold, and proxy patterns. The GoPlus Token Security API returns a structured set of flags, and most reputable aggregators consume it.

What they miss: owner-controlled flags that are currently set to a safe value. If sellTax is 5 percent at scan time but the setter function lets the owner push it to 99, the scanner records 5. SlowMist’s public incident archive is full of cases where a contract scanned clean for days and then flipped.

Treat scanners as necessary but not sufficient. A clean scan is the floor, not the ceiling.

The fifteen-minute manual checklist

Run this before any presale purchase. If you cannot answer at least seven of the ten, walk away.

Is the contract verified on the block explorer? Unverified means you cannot read the code. That is an automatic no.
Who can call setFee, setTax, setMaxTx, setBlacklist? Search the source for onlyOwner modifiers. Note every privileged function.
Is ownership renounced, multisig, or single EOA? A single externally owned account is a single point of failure. A multisig is better but only if you can identify the signers. We discuss signer hygiene in our hardware wallet shortlist guide.
Is the contract a proxy? If yes, who controls the implementation slot? An upgradeable proxy controlled by one wallet means the contract you read today is not the contract you trade tomorrow.
Are there blacklist or whitelist mappings? Grep the source for blacklist, bots, excluded, whitelist. Their existence is not always malicious, but every one needs a justification.
What is the max sell tax the contract permits? Look at the setter function. If setSellTax accepts any uint256 up to 100, the deployer can rug the exit at any time.
Is liquidity going to be locked, and where? Unicrypt, Team Finance, or a verifiable timelock contract. Screenshots are not proof. Get the lock contract address.
Who is the deployer wallet? Check its history on Etherscan or the relevant explorer. A wallet that deployed three rugs in the last six months is telling you something.
Does an independent audit exist, and did the auditor publish a report? A logo on a website is not an audit. The report must enumerate findings and resolutions.
Can you find the team? Anonymous teams are not automatically scams, but combined with any of the above flags they tilt the risk sharply. See our breakdown in the doxxed-versus-anonymous founders guide.

Reputation signals that matter

According to the Chainalysis 2024 Crypto Crime Report, the majority of rug-pull losses come from a small number of repeat-offender deployer clusters. That means deployer history is one of the cheapest and most predictive signals you have. Etherscan’s “contract creator” link, the deployer’s nonce history, and their connected wallets via Arkham or Nansen are all worth ten minutes of your time.

We track the worst repeat offenders we have seen in our presale red-flag tracker, and the same handful of patterns shows up over and over.

What to do if you are already in

If you bought into a presale and you now think it might be a honeypot, do not panic-sell at any price the contract offers, because the price the contract offers may itself be the trap. Try a small test sell of the smallest unit you can. If it reverts or the received amount is near zero, you have your answer. Move on, write off the loss, and document the deployer wallet so you do not interact with it again. Do not throw good money after bad chasing the “bounce.”

Honest summary

Presale honeypot detection is mostly unglamorous reading: contract source, deployer history, setter functions, lock contracts. Scanners help, but they cannot see what has not launched yet, and they cannot see flags the owner has not yet flipped. If you are not willing to spend fifteen minutes on the checklist above, you are not investing, you are donating. The good news is that the same fifteen minutes filters out the overwhelming majority of obvious traps, and the projects that survive that filter are the only ones worth a second look.

Research, not advice. This article is editorial. We are not your financial adviser. Crypto presales can lose 100% of capital.

Presale Honeypot Detection: A Practical Skeptic's Checklist