Engine Update: Smarter Scores, Deeper Coverage, Better Protection

We just shipped the biggest update to BarryGuard's scoring engine since launch. The engine now runs 23 checks (up from 21), covers new attack vectors, and scores established assets like stablecoins more accurately. Here is what changed and what it means for your trading.

Post-Rug Detection

Some tokens look perfectly clean on paper — mint authority disabled, freeze authority disabled, token is sellable. But the pool is empty and thousands of holders are stuck with worthless bags. The creator dumped through insider selling, not through a technical exploit.

BarryGuard now detects this pattern. When a token has a large number of holders but virtually no liquidity left, the engine flags it as a post-rug token. This catches celebrity tokens, insider-dump schemes, and any token where the market collapsed while the on-chain permissions still look safe.

What this means for you: Tokens that passed all technical checks but were clearly rugged now show up as Danger instead of hiding behind a misleadingly moderate score.

Token-2022 Extension Scanning

Solana's Token-2022 program introduced powerful new extensions. Most are legitimate — transfer fees for protocol revenue, interest-bearing tokens for DeFi. But two extensions are extremely dangerous when misused:

• Permanent Delegate — allows a designated address to transfer tokens out of ANY holder's wallet without their consent. This is direct theft capability.
• Transfer Hook — runs a program on every transfer that can block, modify, or redirect it. On legitimate tokens this implements fees or compliance. On scam tokens it creates selective honeypots.

BarryGuard now scans for both extensions automatically. A token with Permanent Delegate is always flagged as Danger regardless of other signals. Transfer Hooks are evaluated in context — established tokens with transfer hooks (like protocol fee tokens) receive a warning rather than an automatic Danger classification.

What this means for you: Token-2022 tokens are no longer a blind spot. The most dangerous extensions are caught before you trade.

PumpSwap and Modern DEX Coverage

The Solana DEX landscape has evolved. Most tokens launched through pump.fun now graduate to PumpSwap instead of Raydium. BarryGuard's pool detection has been updated to recognize PumpSwap pools, detect their permanently burned liquidity, and correctly label graduated tokens.

The engine also expanded coverage for Meteora DAMM v2, Raydium concentrated liquidity pools, and additional liquidity lock programs. Pool depth estimates now come directly from DEX data when available, making liquidity assessments more reliable.

What this means for you: Tokens on PumpSwap and newer DEXes are now scored with the same accuracy as tokens on established platforms.

Smarter Stablecoin and Institutional Token Scoring

Stablecoins like USDC have active mint and freeze authorities by design — Circle needs them for issuance and regulatory compliance. Previously, these active authorities triggered the same risk signals as a random memecoin with active mint. That created misleadingly low scores for tokens that are clearly not rug pulls.

The engine now recognizes institutional asset patterns. When a token has active authorities but also demonstrates established market presence — massive holder adoption, significant liquidity, and no exclusion signals like rug history — the engine evaluates authority risks in that context rather than treating them as automatic red flags.

What this means for you: Stablecoins and established institutional tokens now receive scores that reflect their actual risk level instead of being penalized for operational controls that are expected for their asset class.

Holder Concentration in Context

A single wallet holding 35% of a token's supply is one of the strongest rug pull indicators. But for established DeFi protocols, large holdings can represent treasury wallets, staking contracts, or protocol reserves — not insider bags waiting to dump.

The engine now evaluates holder concentration in the context of market maturity. For tokens with proven market presence, high concentration generates a strong warning (High Risk) rather than an automatic Danger classification. For new or unproven tokens, extreme concentration remains an immediate Danger signal.

What this means for you: DeFi protocol tokens with legitimate treasury holdings are no longer classified as Danger purely based on concentration. The risk is still flagged — just evaluated proportionally.

Developer History Accuracy

A creator with past suspected rug pulls should never receive a clean score. Previously, creators with a small number of tokens could receive an inaccurately high developer history score even with non-zero rug indicators. This has been corrected — any creator with suspected rug pulls now receives a score that reflects the actual risk, scaled by the severity of their track record.

What this means for you: The developer history check is now more accurate for repeat offenders, even those with only a few tokens.

Under the Hood

Beyond the headline features, this update includes dozens of improvements to data quality and scoring reliability:

• More accurate holder counts for tokens with large communities
• Creator wallet detection now correctly identifies the token deployer even when on-chain data is complex
• Program-owned mint authorities (like bonding curve programs) are distinguished from wallet-owned authorities
• Scores now account for data coverage — when the engine cannot evaluate certain checks reliably, the overall score reflects that uncertainty instead of defaulting to a misleadingly safe rating
• Expanded detection for liquidity lock programs

Try It Now

All of these improvements are live. Paste any Solana token address into the checker and the engine runs all 23 checks automatically. Scores you saw before may have changed — that is the update working. Established tokens should score higher, rugged tokens should score lower, and new attack vectors that were invisible before are now caught.

Questions or feedback? We read everything. Reach out on X.