Building a Real-Time Solana Token Launch Radar: Protecting Users from Rug Pulls with AI-Assisted Development

The Problem: The Wild West of Meme Coin Launches

If you’ve spent any time in the Solana ecosystem, you’ve probably heard of Pump.fun - a platform where anyone can launch a token in seconds with minimal barriers to entry. While this democratization of token creation is exciting, it’s also created a significant problem: rug pulls.

Every day, hundreds of new tokens are created on Pump.fun. Some are legitimate community projects, but many are designed to extract value from unsuspecting buyers through various scam mechanisms:

• Mint Authority Exploitation: Creators who retain the ability to mint unlimited tokens can dilute holders instantly
• Freeze Authority Abuse: Tokens where creators can freeze trading, trapping users’ funds
• Extreme Holder Concentration: When the top wallet controls 50%+ of supply, a dump is inevitable
• Honey Pots: Tokens you can buy but mysteriously can’t sell

The average crypto user doesn’t have time to manually analyze smart contract authorities, holder distributions, and liquidity conditions before making a purchase decision. By the time they realize something is wrong, it’s often too late.

This is the problem I set out to solve with Cryptopunk.

The Solution: Real-Time Risk Detection

Cryptopunk is an open-source blockchain data platform that combines real-time detection with explainable risk scoring. The flagship feature is the Solana Pump.fun Launch Radar + Rug-Risk Scanner - a production-ready system that:

1. Detects new token launches in real-time via webhook ingestion from Solana transaction streams
2. Parses Pump.fun program instructions to identify token creation events
3. Analyzes on-chain data including mint/freeze authorities, holder concentration, and metadata
4. Generates explainable risk scores (0-100) with clear, human-readable reasons
5. Exposes a REST API for querying launches and risk reports

How It Works

The architecture follows a clean pipeline design:

Webhook Provider (Helius/QuickNode)
  → Fastify Server
  → Pump.fun Detection Engine
  → SQLite Database (via Prisma)
  → Async Processing Queue
  → Risk Scoring Engine
  → REST API Endpoints

When a webhook arrives containing Solana transaction data:

1. Authentication & Validation: The system verifies the webhook signature and validates the payload structure using Zod schemas
2. Instruction Parsing: Each transaction instruction is analyzed to detect Pump.fun’s token creation discriminator ([24, 30, 200, 40, 5, 28, 7, 119])
3. Event Storage: Detected launches are stored with deduplication (idempotent by signature)
4. Async Risk Computation: The launch is queued for background processing to avoid blocking the webhook response
5. RPC Analysis: The risk scorer fetches on-chain data via Solana RPC to analyze authorities and holder distribution
6. Heuristic Scoring: A transparent scoring algorithm assigns points based on risk factors:
   • Mint Authority Active: +35 points
   • Freeze Authority Active: +25 points
   • Top Holder >50%: +30 points
   • Top Holder 30-50%: +20 points
   • Top 5 Holders >80%: +10 points
   • Missing Metadata: +5 points

The final score is labeled as LOW (<30), MED (30-59), or HIGH (≥60) with explicit reasons provided.

Why This Matters

Transparency: Unlike black-box machine learning models, every risk score comes with clear explanations. Users know exactly why a token is flagged as high-risk.

Speed: Webhook responses return in <100ms. Risk analysis happens asynchronously, ensuring the detection pipeline never drops events.

Idempotency: Webhooks can be retried and duplicated - the system handles this gracefully with signature-based deduplication.

Production-Ready: The codebase includes comprehensive documentation (PRD, Decision Log, Risk Register, Runbook), CI/CD pipelines, quality gates, and structured logging.

Building with AI: The Claude Code Experience

What makes this project particularly interesting is how it was built. I used Claude Code (Anthropic’s CLI tool for AI-assisted development) to architect and implement the entire system.

This wasn’t about letting AI write code blindly. Instead, it was a collaborative process where I:

• Defined the requirements and constraints
• Made all architectural decisions
• Reviewed and validated every implementation detail
• Ensured adherence to best practices and security standards

Claude Code helped me:

• Scaffold the project structure efficiently
• Generate comprehensive documentation following industry standards
• Implement TypeScript patterns with type safety
• Write unit tests and CI/CD workflows
• Create detailed runbooks and decision logs

The result? A production-grade system built in a fraction of the time it would have taken solo, while maintaining full control over design decisions and code quality.

Key Takeaways from AI-Assisted Development

1. AI excels at boilerplate and structure - Setting up Prisma schemas, Fastify routes, and test scaffolding was dramatically faster
2. Humans must drive architecture - AI can suggest patterns, but critical decisions (database choice, queue strategy, scoring heuristics) require human judgment
3. Documentation becomes easier - Generating PRDs, decision logs, and runbooks from technical discussions is a game-changer
4. Quality gates are non-negotiable - The “Hellfire Mode” quality enforcement (linting, type-checking, tests, builds) ensures AI-generated code meets production standards

The Ethereum Side: CryptoPunks Subgraph

The repository also includes a CryptoPunksMarket subgraph built with The Graph Protocol - indexing the iconic CryptoPunks NFT marketplace on Ethereum. This demonstrates multi-chain data indexing capabilities and provides a GraphQL API for querying historical punk trades.

While this is a “legacy” component compared to the new Solana work, it showcases:

• AssemblyScript mapping skills
• The Graph protocol expertise
• Event-driven blockchain data processing
• GraphQL schema design

What’s Next: Stretch Goals

The current implementation is an MVP, but there’s significant room for enhancement:

Enhanced Risk Detection

• Liquidity Pool Analysis: Monitor LP burns, token locks, and unlock schedules
• Honey Pot Detection: Test buy/sell functionality programmatically
• Social Signals: Integrate sentiment analysis from Twitter/X, Discord, and Telegram
• Developer Tracking: Monitor GitHub activity and wallet history

User-Facing Applications

• Live Dashboard: Web UI with real-time token feeds and interactive charts (Next.js + Recharts)
• Telegram Bot: Push notifications for high-risk launches
• Discord Bot: Community-driven monitoring
• Mobile App: On-the-go alerts

Try It Yourself

The entire project is open-source and ready to deploy:

GitHub Repository: https://github.com/Keya-Moradi/Cryptopunk

Quick Start

# Clone the repo
git clone https://github.com/Keya-Moradi/Cryptopunk.git
cd Cryptopunk/solana-pump-radar

# Install dependencies
npm install

# Configure environment
cp .env.example .env
# Edit .env with your Solana RPC URL and webhook secret

# Set up database
npm run db:generate
npm run db:migrate

# Start the server
npm run dev

# Test webhook (optional)
npm run replay

API Endpoints

Once running, you can:

• POST /webhooks/helius - Ingest Solana transaction webhooks
• GET /launches - List recent token launches
• GET /tokens/:mint - Get detailed risk analysis for a specific token
• GET /healthz - Health check

Final Thoughts

The crypto space needs better tools for user protection. Scammers will always exist, but we can level the playing field by giving users access to real-time risk intelligence.

This project demonstrates that individual developers can build production-grade infrastructure when combining:

1. Clear problem definition
2. Sound architectural decisions
3. Modern tooling (TypeScript, Prisma, Fastify)
4. AI-assisted development (Claude Code)
5. Rigorous quality standards

Whether you’re a crypto trader looking for safer tools, a developer interested in blockchain indexing, or someone exploring AI-assisted development workflows - I hope this project provides value.

Star the repo if you find it useful, and feel free to contribute!

---

Reference Materials & Resources

Project Links

• GitHub Repository: https://github.com/Keya-Moradi/Cryptopunk
• Solana Pump Radar Documentation: https://github.com/Keya-Moradi/Cryptopunk/tree/main/solana-pump-radar/docs

Technologies Used

• Solana Web3.js: https://solana-labs.github.io/solana-web3.js/
• Fastify: https://fastify.dev/
• Prisma: https://www.prisma.io/
• TypeScript: https://www.typescriptlang.org/
• Vitest: https://vitest.dev/
• The Graph Protocol: https://thegraph.com/
• Claude Code by Anthropic: https://claude.com/claude-code

Solana Ecosystem

• Pump.fun: https://pump.fun/
• Helius (RPC Provider): https://www.helius.dev/
• Solana Documentation: https://docs.solana.com/
• Solana Cookbook: https://solanacookbook.com/

Security Research

• Solana Token Security Best Practices: https://spl.solana.com/token#authority
• Token Sniffer: https://tokensniffer.com/
• CertiK: https://www.certik.com/
• OWASP Top 10: https://owasp.org/www-project-top-ten/

AI-Assisted Development

• Anthropic Claude: https://www.anthropic.com/claude
• Claude Code CLI: https://claude.com/claude-code
• AI-Assisted Development Best Practices: See project’s CODEX_SAFE.md

Future Enhancement References

• Raydium (LP Data): https://docs.raydium.io/
• Jupiter Aggregator: https://docs.jup.ag/
• DexScreener API: https://docs.dexscreener.com/api/reference
• Twitter/X API: https://developer.twitter.com/en/docs/twitter-api
• Discord.js: https://discord.js.org/
• Telegram Bot API: https://core.telegram.org/bots/api

---

Disclaimer: This tool provides heuristic-based risk assessments and is not financial advice. Always do your own research (DYOR) before investing in any cryptocurrency.