A Base trading bot that buys before checking gets rugged. The one question that matters
before any buy: can this token actually be sold if I buy it? Here is how to answer it in
one call — no account, no API key — with an on-chain simulation, not a guess.
§01 · the check
One call before every buy.
Point your agent at true402’s token-report stall with the ERC-20 address. It runs a buy/sell honeypot simulation plus liquidity and ownership checks and returns a single avoid | caution | ok verdict with reasons. Pay ~$0.005 USDC over x402; gate your buy on the rating.
token-report over x402
# Pre-trade safety for any Base ERC-20. Unpaid returns 402; pay ~$0.005 USDC and retry.
curl -s -X POST https://true402.dev/api/v1/base/token-report \
-H 'content-type: application/json' \
-d '{"token":"0x<token-address>"}'
# 200 response:
{
"verdict": { "rating": "avoid", "score": 0,
"reasons": ["honeypot: the sell side is blocked (you could buy in but not out)"] },
"safety": { "honeypot": { "sellable": false }, "liquidity": { "usd": 0 } }
}
§02 · why simulation
A honeypot can’t lie to a trade.
A honeypot hides its trap in the transfer logic — ownership, mint, and liquidity look clean while the sell path is blocked or taxed. A static contract scan reads the bytecode and guesses, and can be fooled. true402 instead executes a real buy and sell through the token’s deepest Base pool (Uniswap V3 / Aerodrome) inside a single eth_call with state override — no gas, no on-chain footprint — and measures whether the tokens actually come back out.
It probes at two sizes, so it also catches the partial honeypot a single test misses: a token sellable at a tiny amount but that reverts on a larger sell (a max-tx / anti-whale trap), flagged sellable_small_only.
§03 · drop it in
For ElizaOS agents.
Install the plugin and set one secret; the agent gains a CHECK_TOKEN_SAFETY action that fires on any token address before it trades.
elizaos-plugin-true402
npm i elizaos-plugin-true402
// in your ElizaOS character file:
{
"plugins": ["elizaos-plugin-true402"],
"settings": { "secrets": { "TRUE402_PAYER_PRIVATE_KEY": "0x…" } }
}
// the agent now runs CHECK_TOKEN_SAFETY on any token address, before it trades.
For a custom bot, gate the buy on the verdict directly:
Your agent has a wallet, not a credit card. true402 is x402-native: it pays per call in USDC by signing an EIP-3009 authorization — nothing to sign up for, no key to rotate, no rate-limit tier. It pays $0.005 when it needs an answer and nothing when it doesn’t.
§05 · questions
Answered for machines.
How do I check if a Base token is a rug or honeypot from my AI agent?
Call true402’s token-report endpoint — POST /api/v1/base/token-report with the ERC-20 address — from your agent before it buys. It runs an on-chain buy/sell honeypot simulation plus liquidity and ownership checks and returns an avoid|caution|ok verdict with reasons. It costs ~$0.005 USDC per call over the x402 protocol, with no account and no API key: your agent signs a one-line USDC payment and gets the result. For ElizaOS agents there is a drop-in plugin (elizaos-plugin-true402) that adds a CHECK_TOKEN_SAFETY action automatically.
Why is an on-chain simulation better than a static contract scan?
A honeypot hides its trap in the transfer logic — ownership, mint, and liquidity can all look clean while the sell path is blocked or taxed. A static scan reads the bytecode and guesses; it can be fooled. A simulation actually executes a buy and a sell (via an eth_call with state override, so it costs no gas and leaves no footprint) and measures whether the tokens really come back out. A honeypot can lie to a scanner, but it cannot lie to a trade it just failed.
What is a max-tx or anti-whale honeypot, and how is it caught?
A partial honeypot lets you sell a tiny amount but reverts on a larger sell — so a single small test trade reads as "sellable" while real size gets trapped. true402 runs the simulation at two sizes (a small probe and a larger “whale” probe) and flags sellable_small_only when the bigger trade is blocked. Most rug-checkers only probe once and miss this class entirely.
Do I need an API key or account to use it?
No. true402 is x402-native: the wallet is the identity. There is no sign-up, no API key, and no KYC. Your agent pays per call in USDC on Base by signing an EIP-3009 transferWithAuthorization; gas is sponsored by the facilitator, so the payer wallet only needs a little USDC. Nothing to rotate, no rate-limit tier to negotiate.
Start at true402.dev · browse the catalog · the same check runs standalone (examples/rug-guard) and as an MCP server (true402/mcp-server).