Risk Scoring
Every Sentinel scan produces a composite risk score from 0 to 100, where higher is safer. This page explains what goes into that number.
Score and letter grade
| Grade | Score range | Interpretation |
|---|---|---|
| A+ | 95–100 | Minimal detectable risk |
| A | 85–94 | Low risk; standard caution applies |
| B | 70–84 | Some flags present; review details |
| C | 55–69 | Notable risk factors; proceed carefully |
| D | 35–54 | Significant concerns; high caution |
| F | 0–34 | Severe risk indicators detected |
A grade is a convenience label — always read the individual check results before acting on a scan.
How the score is calculated
Sentinel runs six independent checks and combines them into the final score. Each check contributes a weighted sub-score based on severity:
1. Honeypot detection
Simulates buy and sell transactions on a forked environment. If sell transactions revert or are blocked by transfer restrictions, the contract is flagged. Honeypot flags carry heavy weight — a confirmed honeypot will result in an F grade regardless of other scores.
2. Holder concentration
Analyzes the top-10 holder distribution. Heavy concentration in a small number of wallets — especially wallets associated with the deployer — increases rug pull risk. Scoring is graduated: a top-10 concentration of >80% scores worse than 50%.
3. Liquidity depth
Assesses liquidity pool size relative to token market cap. Thin liquidity enables price manipulation and makes exit difficult for large holders. Pools below a depth threshold relative to reported cap are penalized.
4. Owner permissions
Maps all privileged functions on the contract: mint authority, burn authority, pause/freeze functions, blacklisting, fee modification, and proxy upgrade keys. Each additional live privileged function reduces the score. Renounced ownership and locked liquidity are positive signals.
5. Proxy pattern
Detects whether the contract is behind an upgradeable proxy (ERC-1967, transparent proxy, UUPS). Proxy contracts introduce upgrade risk — the underlying logic can be changed after deployment. Proxies are flagged and described; they're common in legitimate projects but warrant attention.
6. Source code verification
Checks whether the contract is verified on the relevant chain explorer and whether the deployed bytecode matches the verified source. Unverified contracts score significantly lower; bytecode mismatches are a critical flag.
What the score does not measure
Sentinel's automated scan covers contract-level risks. It does not assess:
- Team identity or track record
- Tokenomics design or vesting schedules
- Off-chain governance or multisig signer reputation
- Legal or regulatory risk
- Market manipulation or wash trading
For a comprehensive assessment, use the Full AI Audit, which covers vulnerability analysis and includes remediation guidance.
Score stability
Scores can change over time as on-chain state changes — liquidity can be removed, ownership can be transferred, new pools can be created. Sentinel's Monitoring tier (coming soon) runs daily re-scans and alerts you when a token's score changes materially.