Rug Pull Due Diligence

With experience & expertise of serving the due diligence in the DeFi ecosystem globally, we have come up with a Rug Pull diligence service to help mitigate risks associated with projects.

Protect your investments like a pro with our Rug Pull diligence service, and stay on top of the game with QuillCheck, the industry-leading rug pull detector.

Why Get Your Project A Diligence By QuillAudits

Having a due diligence done by a competent firm is a must have for any project, and with the expertise of QuillAudits it will be done flawlessly. The due diligence process for Rug Pull is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.


Why Rug Pull Due Diligence?

Ever since their introduction, cryptocurrencies have attracted the eyes of investors and hucksters alike. Though the crypto space is characterized by some institutional investors and thin liquidity, it is also rife with scammers.
Rug pulls are quite common in DeFi because it is not regulated like the stock market. High APYs and APRs and 100x returns are alluring for new investors.
Rug pull is derived from the phrase “to pull the rug out from under someone”, In the crypto space, rug pull is described as a situation wherein the developers of a crypto project pull out support, thereby leaving the investors and users with worthless tokens.


How does Rug Pull Work?

Rug pulls occur because decentralized exchanges (DEXs) – unlike centralized exchanges (CEXs) – do not audit or verify tokens being listed on them. Anyone can list a cryptocurrency on DEXs, irrespective of whether it’s legit or not. Though there are various ways a scammer can pull out rug using DEXs, they are categorized into mainly three:

Rug pull safeguard process


Common Signs of a Rug Pull

Rocket Icon
The Project is Newly Launched
Developer Icon
Unknown Developers
Chart Icon
Low Liquidity
Arrow Icon
Low Total Value Locked (TVL)
File Icon
Never Audited


Who Needs To Perform Rug Pull Due Diligence?

Investors & Institutions

Investors as well as institutions looking for high gains should carefully infuse the funds considering the possible risk scenarios.

Crypto Exchanges & Token Platforms

Exchanges in the Blockchain ecosystem are in a hurry to whitelist new tokens that could be risky considering its volatile nature.

Crypto Based Startups

They can take advantage by self-evaluating their strengths & weaknesses, and can discover valuable associates by examining the market.


What One Should Look For While Carrying out Rug Pull Diligence?
Functions & Contracts

Migrator functions, proxy functions, unverified contracts, unusual EOA powers, Hardcoded wallet address, also check for concrete proof whether a dev has pulled off malicious scams previously or not.

Admin Properties

Check for the owner/admin capabilities along with the owner/admin type, Whether it is a time lock or it is owned by multiple or single entities(Multi-sig wallet).

Check for Dependencies

Check the usual Masterchef Migrator Code, what dependencies could be changed. Some scams switched the Masterchef or the router to an unverified Masterchef or router to steal the locked money.

Unstake Fees

Some projects don’t add constant (defined) fees as max fee allowed. In this case, the project wonders could unstake fees to 100% and steal the user-funds.


Benefits of Rug-Pull Diligence


All potential issues are highlighted in the audit report submitted to the project.


Issues are clearly highlighted with explanations in the report including what functions could be hazardous in the future.


All audit reports are produced in-house by highly qualified industry professionals at QuillAudits.


Thorough Rug-pull diligence is carried out by experienced & qualified experts at QuillAudits in a very cost-effective manner.


How we Process

Process Flow Diagram
Know More


Our Smart Contract Security Blueprint

Ownership Permissions:

Owner Can Change Balance
Mint Functionality
Self Destructibility
Pausable Transfers
Can Change Strategies
Can Remove Liquidity
Emergency Withdrawal
Tax Modifiable
Blacklist Present
Modifiable Anti-Whale
Whitelist Present
Modifiable Slippage

Other Contract Dependency:

Child Contracts Present
Is a Cloned Contract
Has External Calls
Proxy Contract Present

Transaction Limiters:

Trading CoolTime
Anti-Whale Strategies
Sell All Limiter
Not Buy Limiter

Other Checks:

Is Open Source
Is a Honey Pot
Is Tracked by CoinGecko
WhitePaper Present
Social Sentiments
Is not a FakeToken
Is an Airdrop Scam

Market Checks:

Buy and Sell Tax Threshold
Number of Trading Pairs
Available Liquidity Status
Liquidity Pool Tokens Status
Owner Balance
Is not a FakeToken
Holder Numbers
QuillAcademy IconLearn More about Web3 Security

A Comprehensive Look at Hacks and Scams in Web3

Between 2012 and 2019, approximately $700 million was lost to hackers, with a low 0.2% recovery rate.

In 2020, $300 million was lost to hacks, but $55 million was recovered with an 18% recovery rate.

In 2021, Web 3.0 saw an immense loss of $2.3 billion, but $652 million of the funds were returned to victims, the highest recovery rate to date.

In 2022, Web 3.0 projects lost ~$4 billion to hacks, scams, and exploits, surpassing the total funds lost between 2012 and 2020.

Hacks GraphCurious about the most common types of vulnerabilities and attack vectors in the Web3 space? Our Hackerboard can help you stay informed


Latest Work

Therapoid Smart Contract Audit Report

Therapoid Smart Contract Audit Report

TheRugGame Smart Contract Audit Report

TheRugGame Smart Contract Audit Report

Bored & Lucky Smart Contract Audit Report

Bored & Lucky Smart Contract Audit Report

PixelWar Smart Contract Audit Report

PixelWar Smart Contract Audit Report


Why QuillAudits

Check List

Audits Completed

Money Bag


Software Development

Lines of Code Audited

Years of Experience

Years of Experience


What our Clients are saying

Very professional and timed delivery. Also very prompt in responses and queries.

Stack OS

Vishnu Korde

CEO, StackOS

The team is very supportive and they were able to work as per our requirements

Drife Logo



QuillAudits did a great job with our audit, was very professional and provided quick service

Pandora Logo



QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.

Polygon DAO Logo




Frequently Asked Questions

Visit our FAQs help centre to clear out any doubts or queries you may have regarding us and our services. or reach out to us directly at Telegram.

Explore FAQs
What is Rug Pull in Crypto?

In the Cryptocurrency market, the term ‘rug-pull’ means a malicious act in which owners of a crypto project abandon it after stealing investors money.

What are Common signs of a Crypto Rug Pull?
What is the Difference Between a Crypto Rug Pull and DeFi Hack?
Is it possible to recover funds lost in a Crypto Rug Pull?
What kind of Due Diligence does QuillAudits offer?

Trusted by 850+ Web3 Products

Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo


Security First Newsletter by QuillAudits

DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.