🚀 Welcome to CFG Ninja Audit Portal

CFG Ninja Audit Portal is your comprehensive platform for blockchain security analysis, smart contract auditing, and token safety verification. Our platform combines advanced AI technology with industry-standard security practices to provide you with reliable and actionable insights.

🎯 What Can You Do Here?

⚡ Quick Start Guide

Get started with CFG Ninja in just a few minutes:

1Navigate to Token Scanner

Click on "Token Scanner" in the main menu or use the search bar at the top of any page.

2Enter Token Details

Enter the token contract address and select the blockchain network. We support 32+ chains including Ethereum, BSC, Polygon, Arbitrum, Base, and more.

3Enable AI Analysis (Optional)

Toggle the AI analysis option for advanced risk scoring and intelligent insights about potential security concerns.

4Review Results

Get instant results including risk score, security flags, trading fees, liquidity analysis, and detailed contract information.

🔍 Token Scanner

Our Token Scanner is the most comprehensive free tool for analyzing token security across multiple blockchains. It provides real-time data and AI-powered insights to help you make informed decisions.

How to Use

1. Go to the Token Scanner page from the main menu
2. Paste the token contract address into the search field
3. Select the blockchain network from the dropdown
4. Optionally enable AI analysis for enhanced insights
5. Click "Scan Token" and wait for results (usually 3-5 seconds)

What You'll Get

📊 Risk Score (0-100)

An overall security rating based on multiple factors. Scores above 70 are generally considered safe, but always review the detailed findings.

🛡️ Honeypot Safety

• Honeypot Detection: Identifies if the token is a honeypot scam
• Transfer Pausable: Checks if transfers can be paused
• Cannot Buy: Detects if buying is restricted
• Trading Cooldown: Identifies if there are trading restrictions
• Blacklist Function: Checks for wallet blacklisting capabilities

🔒 Contract Security

• Source Code Verified: Contract code is publicly viewable
• Proxy Contract: Identifies upgradeable contracts
• Mint Function: Checks if new tokens can be created
• Owner Change Balance: Detects if owner can modify balances
• Hidden Owner: Identifies concealed ownership
• Self-Destruct: Checks if contract can be destroyed
• External Call: Identifies external contract interactions

💸 Trading Fees

• Buy Tax: Fee charged when purchasing tokens
• Sell Tax: Fee charged when selling tokens
• Anti-Whale Modifiable: Checks if limits can be changed
• Cannot Sell All: Detects if selling entire balance is restricted

⚠️ Rugpull Safety

• Liquidity Lock: Status and duration of locked liquidity
• LP Holders: List of major liquidity providers
• Creator Holdings: Token percentage held by creator
• Owner Holdings: Token percentage held by owner

👥 Top Holders

View the top 10 token holders with their balances and ownership percentages. High concentration in a few wallets can indicate risk.

🛡️ Request Audit

Professional smart contract audits are essential for any serious blockchain project. Our experienced security researchers perform comprehensive audits to identify vulnerabilities and recommend fixes.

Audit Process

1Submit Request

Fill out the audit request form with your project details, contract addresses, and specific concerns.

2Initial Review

Our team reviews your submission within 24-48 hours and provides a quote and timeline.

3Security Analysis

Expert auditors perform manual code review, automated testing, and security analysis of your smart contracts.

4Report Delivery

Receive a comprehensive audit report including findings, severity ratings, and recommendations for fixes.

5Fix Verification

After you implement fixes, we re-audit the contracts and issue a final verification report.

What's Included

• ✅ Comprehensive security analysis
• ✅ Manual code review by expert auditors
• ✅ Automated security testing
• ✅ Gas optimization recommendations
• ✅ Detailed findings report with severity ratings
• ✅ Fix verification and re-audit
• ✅ Public audit badge for your website
• ✅ Listing on our audits page

📊 View Audits

Browse our complete collection of published security audits. Each audit is publicly accessible and demonstrates our commitment to transparency and security.

Audit Information

Each published audit includes:

• Project Overview: Description and purpose
• Contract Details: Addresses and network information
• Security Findings: Detailed vulnerability reports
• Severity Ratings: Critical, High, Medium, Low classifications
• Recommendations: Suggested fixes and improvements
• Fix Status: Whether issues have been resolved
• Audit Badge: Verification badge with unique ID

Using Audit Badges

Projects that pass our audits receive a verification badge. This badge can be embedded on your website or documentation:

<a href="https://cfg.ninja/audits/[PROJECT_ID]" target="_blank">
  <img src="https://cfg.ninja/badge.png" alt="Audited by CFG Ninja" />
</a>

🤖 Telegram Bot

Access token scanning directly from Telegram with our powerful bot integration. Get instant security analysis without leaving your chat.

Getting Started

1. Open Telegram and search for @CFGNinjaBot
2. Start a chat and send /start
3. Use commands to scan tokens and get security reports

Available Commands

/check [address] [chain]

Scan a token and get comprehensive security analysis. Example:

/check 0x1234...5678 bsc

/start

Start the bot and see available commands.

/help

Get detailed help about bot features and usage.

Supported Chains

The Telegram bot supports all major blockchains: bsc, eth,polygon, arbitrum, base, avalanche,optimism, fantom, and more.

Features

• 🔍 Instant token security analysis
• 📊 Risk score and safety ratings
• 🔒 Contract security checks
• 💰 Trading fee information
• 🔗 PinkSale launchpad detection
• ⚠️ Critical security alerts
• 📈 Holder concentration analysis
• 🔐 Liquidity lock status

📖 Understanding Results

Learn how to interpret the security analysis results and make informed decisions.

Risk Score Interpretation

• 90-100: Excellent - Very low risk, strong security
• 70-89: Good - Acceptable risk, standard security
• 50-69: Moderate - Some concerns, review carefully
• 30-49: High Risk - Multiple red flags present
• 0-29: Critical - Likely scam or severe vulnerabilities

Red Flags to Watch For

• 🚫 Honeypot detected
• 🚫 Cannot sell all tokens
• 🚫 Hidden owner functions
• 🚫 Self-destruct capability
• 🚫 High buy/sell taxes (>15%)
• 🚫 No liquidity lock
• 🚫 High creator/owner holdings (>20%)
• 🚫 Source code not verified

Positive Indicators

• ✅ Source code verified
• ✅ Liquidity locked for extended period
• ✅ Low or no buy/sell taxes
• ✅ No honeypot characteristics
• ✅ Distributed holder base
• ✅ Creator holdings renounced or low
• ✅ Professional audit completed
• ✅ Active development and community

🔗 Sharing Scans

Share your token scan results with others using shareable URLs. Anyone with the link can view the same analysis without running a new scan.

How to Share

1. Complete a token scan
2. Click the "Share Scan" button below the project name
3. The shareable URL is automatically copied to your clipboard
4. Paste and share the link anywhere

Shareable URL Format

https://cfg.ninja/token-scanner?address=0x...&chain=bsc

Auto-Scan Feature

When someone opens your shared link, the scanner automatically loads and displays the results. No manual input required!

Use Cases

• 📱 Share on social media (Twitter, Telegram, Discord)
• 💬 Send to friends and community members
• 📧 Include in email communications
• 📝 Embed in blog posts or articles
• 🔗 Add to project documentation

⛓️ Supported Blockchains

CFG Ninja Token Scanner supports 32+ blockchain networks, making it one of the most comprehensive multi-chain security tools available.

Major Networks

Additional Networks

• Cronos (CRO)
• Moonbeam (GLMR)
• Moonriver (MOVR)
• Metis
• Boba Network
• Aurora (NEAR)
• Harmony (ONE)
• Celo
• OKC (OKX Chain)
• Heco (Huobi ECO)
• And many more...

Click "View all supported blockchains" on the Token Scanner page to see the complete list.

🛠️ Security Tools

CFG Ninja provides 15 free security tools for smart contract developers, auditors, and researchers. Access all tools at /tools.

Contract Analysis Tools

Transaction & Address Tools

Developer Utilities

Web3 Safety Tools

📑 How to Read an Audit Report

CFG Ninja audit reports follow a standardized format designed for both technical and non-technical readers. Here's how to navigate and interpret each section.

Report Structure

1Project Overview

The top section shows the project name, logo, contract addresses, blockchain network, and a brief description. The security score (out of 100) is displayed prominently — this is the overall safety rating.

2Security Score Breakdown

The score is calculated by deducting points for each finding based on severity:

• Critical (-15 pts): Funds at immediate risk, exploitable vulnerabilities, or complete loss of control
• High (-10 pts): Significant security issues that could lead to fund loss under certain conditions
• Medium (-5 pts): Issues that don't immediately threaten funds but weaken overall security
• Low (-2 pts): Minor issues, best practice violations, or code quality improvements
• Informational (-1 pt): Suggestions, gas optimizations, or style recommendations

3Findings Table

Each finding includes:

• ID: Unique identifier (e.g., CFG-001)
• Title: Brief description of the issue
• Severity: Critical, High, Medium, Low, or Informational
• Category: Type of issue (Reentrancy, Access Control, Logic Error, Gas Optimization, etc.)
• Status: Open, Acknowledged, or Resolved
• Description: Detailed explanation of the vulnerability
• Recommendation: Suggested fix or mitigation

4Scope & Methodology

Lists which contracts and functions were audited, the tools used (Slither, Mythril, manual review), and the audit methodology. This helps you understand the depth and coverage of the review.

5GoPlus Security Data

If available, the report includes on-chain security data from GoPlus API: honeypot checks, trading tax analysis, holder distribution, liquidity lock status, and contract permission analysis.

6Audit Badge & Verification

The bottom of each report shows the official CFG Ninja audit badge with the score, date, and a unique verification ID. Projects can embed this badge on their own website.

Common Finding Categories

What to Do After Reading

• For investors: Check the overall score and severity of open findings. A score above 80 with no critical/high issues is generally a positive signal.
• For developers: Review each finding's recommendation and prioritize fixes by severity. Request a re-audit after implementing changes.
• For projects: Share the audit report with your community. Embed the badge on your website and social media. Address all findings publicly.

✨ What's New

Stay up to date with the latest features and improvements to CFG Ninja Audit Portal.

📅 Full Changelog

Complete version history with all changes, improvements, and bug fixes.

v3.29.1 - February 12, 2026

New Features

• Backend emblem API route for project badge cards and logos
• Wizard parity: 4naly3er, AI Explain, Test Suite Gen, STRIDE Threat Model
• Contract visualization with metrics graph and inheritance diagrams
• GeckoTerminal fallback when CoinGecko is unavailable
• Shared MobileMenu component across all 25 pages

Security

• Added requireAuth + requireAdmin to TrustBlock publish routes
• Added requireAuth + requireAdmin to Upload routes
• Added requireAdmin to project admin PUT/DELETE/PATCH
• Removed hardcoded API keys (TrustBlock, DexView)
• Removed unsafe-eval from CSP scriptSrc
• Reduced parameterLimit to prevent parameter pollution
• Removed hardcoded Etherscan API key and dead debug files

Bug Fixes

• GoPlus fetch-goplus proxy 404 and backend env var standardization
• Slug fallback for letter-number boundary variants
• Emblem page crash on 404 and AdSense data-nscript warning
• CoinGecko proxy returning 200 with empty data instead of forwarding 404
• Badge 404 console.error silenced for expected missing emblems
• Backend URL normalization in next.config.js rewrites

Improvements

• Console.log cleanup: 66 removed from frontend, logger migration in backend
• Helmet CSP, CORS wildcard removed, error boundaries added
• Sitemap expanded with emblem and distribution pages

v3.24.0 - January 19, 2026

New Features

• Side-by-side card layout with responsive grid
• Shareable URLs with URL parameters
• Auto-scan functionality from shared links
• Share button with clipboard integration
• PinkSale HTML scraping fallback

Improvements

• Moved project title and share button above risk score
• Grouped related information cards together
• Enhanced visual hierarchy
• Improved mobile responsiveness

Bug Fixes

• Fixed SSR prerender errors with useSearchParams
• Fixed TypeScript onClick handler type errors
• Removed duplicate owner information

v3.23.0 - January 16, 2026

New Features

• AI-powered security tip generation with Gemini 2.0
• Twitter/X API integration for automated posting
• Telegram channel integration for security tips
• Category-based tip rotation system
• Engagement metrics tracking

v3.21.0 - January 2026

New Features

• Contract age display in Telegram bot
• Liquidity lock status and duration
• Holder concentration analysis
• Critical security flag detection

Improvements

• Reorganized /check message structure
• Enhanced security warnings
• Better mobile display

❓ Frequently Asked Questions

Is the Token Scanner free to use?

Yes! The Token Scanner is completely free. We believe everyone should have access to basic security analysis tools.

How accurate is the Token Scanner?

The scanner analyzes real-time blockchain data and uses industry-standard security checks. While highly accurate, it should be used as one of multiple research tools.

What's the difference between the free scanner and paid audit?

The Token Scanner provides automated analysis of public blockchain data. Professional audits include manual code review by expert security researchers, comprehensive testing, and detailed vulnerability reports.

How long does an audit take?

Standard audits typically take 1-2 weeks. Complex projects may require additional time. We provide a timeline estimate during the initial review.

Can I use the scanner for any blockchain?

We support 32+ major blockchains. If your chain isn't supported, contact us - we're constantly adding new networks.

Why is my risk score capped at 90?

Non-audited projects are capped at 90/100. Professional audits can increase the cap to 95, and KYC verification enables perfect 100 scores. This ensures users know which projects have been professionally verified.

How do I report a bug or request a feature?

Contact us on Telegram (@CFGNinja) or email support@cfg.ninja. We actively respond to user feedback and suggestions.

Is my data private?

We only analyze public blockchain data. We don't store scan results or track individual users. See our Privacy Policy for complete details.

🏆 Audit Badges

Official CFG Ninja Verified Badges are premium emblem widgets that allow audited projects to showcase their security credentials directly on their websites.

Badge Types

How to Get Your Badge

1. Visit your audit page at https://cfg.ninja/[your-project-slug]
2. Click the "Request Emblem" button in the audit actions section
3. Choose your badge style (Logo, Card, or Section)
4. Select your theme (Dark or Light)
5. Preview the badge and copy the embed code

Installation Methods

import BadgeCard from '@/components/BadgeCard';

<BadgeCard slug="your-project-slug" theme="dark" />

<iframe
  src="https://cfg.ninja/emblem/your-project-slug?type=card&theme=dark"
  width="380"
  height="480"
  frameborder="0"
  scrolling="no"
></iframe>

Score Calculation

Your security score is calculated from audit findings:

• Critical: -15 points
• High: -10 points
• Medium: -5 points
• Low: -2 points
• Informational: -1 point

Base Score: 100 points | Status Thresholds:Excellent (90+), Good (80-89), Fair (70-79), Poor (<70)

📞 Contact Support

Need help? Have questions? We're here to assist you.

Get in Touch

Response Times

• Telegram: Usually within 1-2 hours during business hours
• Email: Within 24-48 hours
• Twitter: Within 24 hours for DMs