Guide · Security

How to verify a token contract before trading

The address you trade is the token — not the name, not the logo, not the chart. Symbols and names can be copied freely, so the only reliable way to know you are trading the real asset is to verify its contract or mint address before you swap. This short, high-value routine takes under a minute and prevents the most common irreversible mistake in DeFi: buying a convincing impostor. This guide shows exactly how to confirm you have the right contract and what to look for on the explorer.

Get the address from an authoritative source

Start from a source you trust: the project's official website, its verified social account, or a reputable data aggregator. Copy the full contract (EVM) or mint (Solana) address from there. Do not copy addresses from random social-media posts, group chats, or search ads — those are the primary distribution channels for scam tokens that reuse popular names.

Compare the entire string

Address-poisoning attacks generate addresses whose first and last few characters match a legitimate one, betting that you only glance at the ends. Defeat this by comparing the whole address, character by character or by pasting both into a text comparison. In the swap interface, prefer pasting the verified address directly into the token field rather than selecting by symbol from a list, which can contain look-alikes.

Check that the contract is verified and readable

On the block explorer, a legitimate, established token usually has published, verified source code you can read. Unverified contracts are not automatically malicious, but for anything beyond a household name, the inability to inspect the code is a reason for extra caution. Look at the token's age, transaction history, and number of holders — a brand-new contract with a handful of holders and a spiking price deserves skepticism.

Read the permissions

Inspect what the contract can do. Mint functions let the team create new supply and dilute holders. Blacklist or pause functions let them block specific wallets from selling. Fee-on-transfer or tax logic can cause swaps to behave unexpectedly. None of these are automatically disqualifying for every token, but each is a risk you should price in consciously rather than discover after you are trapped.

Confirm you can exit

Finally, verify the token is actually tradable in both directions. Check that ordinary wallets — not just the deployer — have successfully sold it on-chain. The combination of a verified address, readable code, sane permissions, and a proven two-way market is what lets you trade with confidence instead of hope.

Make verification a fixed habit

Build this into a routine you never skip under time pressure: address from an official source, full-string comparison, a glance at the code and holder count, a read of the permissions, and confirmation of a two-way market. The whole pass takes under a minute. The single time it stops you from approving a convincing impostor pays for every minute you will ever spend on it, because that mistake is irreversible.

Legal

Risk disclosure

XAUConnect is a non-custodial swap aggregator. Digital assets are volatile and may lose value rapidly. Content on this page is educational and not investment advice. Verify every contract address on the official block explorer before approving a transaction.

Frequently asked questions

Why is verifying the contract so important?

Because names and symbols can be copied. The address is the only reliable identity of a token, and buying a copycat is the most common irreversible mistake in DeFi.

What is address poisoning?

An attack that creates an address matching the first and last characters of a legitimate one, exploiting traders who only check the ends. Compare the entire string to defeat it.

Is an unverified contract always a scam?

Not always, but for anything beyond a well-known token, the inability to read the code is a reason for extra caution alongside age, holder count, and permissions.

How do I confirm a token is tradable?

Check on the explorer that ordinary wallets, not just the deployer, have sold it, and consider a small test trade before committing size.

Live execution

Trade on XAUConnect

Open the swap page to compare live routes, set slippage, and sign from your own wallet — fully non-custodial.

Continue exploring

Related markets, guides & networks

Curated next steps based on this topic — deepen your research before you trade.

Build programmatically

Swap via API for bots and AI agents — quotes, builds, and cross-chain routes.

Developer quickstart