Skip to main content
GET
/
token-risks
Get smart-contract risk analysis for a token (honeypot, mint/blacklist authority, hidden fees, upgradeable proxy, and more) — powered by Hexens
curl --request GET \
  --url https://openapiv1.coinstats.app/token-risks \
  --header 'X-API-KEY: <api-key>'
{
  "results": [
    {
      "title": "Blockable Transfer",
      "key": "risk_blockable_transfer",
      "value": "true",
      "subtitle": "Transfers can be blocked for specific senders using various checks",
      "note": "Dev can stop you from sending tokens",
      "description": "The token contract's transfer functionality includes checks such as transfer pausing, cooldown period checks, big transfer amounts checks etc. This may cause a transfer freeze for certain holders.",
      "severity": "medium"
    }
  ],
  "score": 80,
  "marketEndorsed": false,
  "ownershipRenounced": true,
  "risksProviderUrl": "https://hexens.io/blog/glider-api-new-benchmark-in-smart-contract-security",
  "risksProviderLogo": {
    "dark": "https://static.coinstats.app/icons/token_risks_dark.png",
    "light": "https://static.coinstats.app/icons/token_risks_light.png"
  },
  "learnMoreUrl": "https://coinstats.app/blog/risks/"
}

Documentation Index

Fetch the complete documentation index at: https://coinstats.app/docs/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

X-API-KEY
string
header
required

API key required to access the endpoints. Generate one from your dashboard at https://openapi.coinstats.app and pass it in the X-API-KEY request header. Never expose your key in client-side code.

Query Parameters

coinId
string

CoinStats coin id (e.g. bitcoin, ethereum). When provided, the coin is resolved to its on-chain contract automatically. Either coinId or both contractAddress and chain are required.

Example:

"ethereum"

contractAddress
string

Token contract address. Required (together with chain) when coinId is not provided.

Example:

"0xdac17f958d2ee523a2206206994597c13d831ec7"

chain
string

Blockchain identifier for contractAddress (e.g. ethereum, binance_smart, polygon-pos, base, arbitrum-one, optimism, avalanche). Required (together with contractAddress) when coinId is not provided.

Example:

"ethereum"

sortBy
enum<string>

Sort the returned risk findings. severity orders by critical → high → medium → low → minor. Defaults to detected-risks-first.

Available options:
severity

Response

results
object[]
required

List of risk findings. Empty when no risk data is available for the token (e.g. non-EVM or unindexed contract).

score
number

Overall risk score (0–100). Higher means riskier. Absent when no risk data is available for the token.

Example:

80

marketEndorsed
boolean

Whether the token is endorsed by market consensus

Example:

false

ownershipRenounced
boolean

Whether contract ownership has been renounced

Example:

true

risksProviderUrl
string

Link to the risk-analysis provider (Hexens)

Example:

"https://hexens.io/blog/glider-api-new-benchmark-in-smart-contract-security"

Provider branding logos

learnMoreUrl
string

Link to documentation explaining the risk categories

Example:

"https://coinstats.app/blog/risks/"