Liquidity Pool Locks vs. Renounced Contracts: What Actually Protects You
"LP locked, contract renounced" gets pasted in every Telegram. Most retail treats it as a single safety badge. They are two different protections against two different attacks β and neither is the protection people think it is.
The two attacks you are defending against
Before defining the protections, name the threats. There are two distinct rugs that matter on a memecoin or low-cap token:
- The liquidity rug. The deployer (or whoever holds LP tokens) removes their share of the AMM pool. Token side stays in their wallet, USDC/SOL/ETH side goes to a fresh address. The token is now untradeable at any meaningful price.
- The contract rug. The deployer calls a privileged function on the token contract β mint new supply, blacklist holders, set transfer fee to 99%, pause transfers, change router. The pool is intact but the token is now worthless or trapped.
An LP lock blocks attack #1. A renounced contract blocks attack #2. They do not substitute for each other.
How LP locks actually work
When you provide liquidity to an AMM, you receive an LP token (or, on Solana / Raydium V3, an NFT position). That LP token is the receipt β whoever holds it can withdraw the underlying tokens. A "lock" is just the LP token sent somewhere it can't be removed:
- Burn address. The LP token is sent to
0x000β¦dEaDor a Solana address with no known signer. Permanent. Can never be undone β including by the team if they want to migrate. - Time-locked vault. The LP token is deposited into a contract (UNCX, PinkSale, Streamflow, Team Finance) that releases it on a date. Until that date, the LP cannot move. After the date, the team can pull it instantly.
- Multisig. LP held by a 2-of-3 or 3-of-5 multisig. Better than a single wallet, weaker than a time-lock. Trust depends on the signers.
What to actually verify on a "locked LP" claim:
- Find the pool's LP token address (Raydium pool page β "LP mint" or the pair contract on Etherscan β balance of LP holders).
- Identify which wallet holds the majority of LP tokens.
- If burn address: confirm. Done.
- If a lock contract: check the unlock date and the % locked. A 7-day lock is theatre. A 1-year lock with 100% of LP locked is meaningful.
- Check the second largest LP holder. If 95% is locked but the deployer holds 5% unlocked, that 5% can still be pulled and the chart will dump 30%+.
How contract renouncing works
An ERC-20 / SPL token contract can have privileged roles: owner, minter, pauser, blacklist admin, fee admin, etc. Renouncing means transferring those roles to the zero address (or, on Solana, setting the mint authority to None). After renouncement, the function literally can't be called by anyone.
How to verify renouncement:
| Chain | Check |
|---|---|
| Ethereum / Base / BSC | Etherscan β Read Contract β call owner(). Should return 0x0000β¦0000. Also check for onlyOwner functions in the source β sometimes owner is renounced but a separate admin role is not. |
| Solana SPL token | Solscan β token page β Mint Authority and Freeze Authority. Both should read None. Freeze authority is the silent killer β if it exists, the holder can freeze your token account permanently. |
| Solana Token-2022 | Same as SPL plus check enabled extensions. TransferHook, PermanentDelegate, and InterestBearing can each be used as backdoors. |
# Solana β verify mint authority is renounced
solana spl-token display <MINT_ADDRESS>
# or via RPC
curl -s -X POST $RPC -H "Content-Type: application/json" -d '{
"jsonrpc":"2.0","id":1,"method":"getAccountInfo",
"params":["MINT_ADDRESS",{"encoding":"jsonParsed"}]
}' | jq '.result.value.data.parsed.info | {mintAuthority, freezeAuthority}'
The proxy-contract problem
EVM tokens often use upgradeable proxy patterns (Transparent Proxy, UUPS). The visible contract calls a separate implementation contract via delegatecall. Renouncing the proxy's owner is meaningless if the implementation has its own admin β or if the proxy admin is a different role that was not renounced.
If RugCheck or TokenSniffer flags an unverified proxy, treat the token as fully privileged regardless of any "renounced" claim until you've read the proxy admin slot manually:
# EIP-1967 admin slot β read directly via Etherscan or eth_getStorageAt
ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
cast storage <PROXY_ADDR> $ADMIN_SLOT --rpc-url $RPC
# non-zero = there's still an admin who can swap implementation
Practical decision matrix
| State | Liquidity rug? | Contract rug? | Verdict |
|---|---|---|---|
| LP burned + mint authority None + freeze None | No | No | Hard to rug. Other risks remain (whales, market). |
| LP locked 1y + renounced | Until unlock | No | Acceptable for short to mid-term holds. |
| LP locked 1y + NOT renounced | Until unlock | Yes | Tax/blacklist/mint risk lives. Treat as deployer trust. |
| LP unlocked + renounced | Yes | No | Soft-rug risk. Liquidity can vanish overnight. |
| Both unlocked | Yes | Yes | Pure trust. Only acceptable for tiny degen sizing. |
| Proxy / Token-2022 with active extensions | ? | ? | Read the code. "Renounced" claim is meaningless without it. |
What protection you actually have
Even with both protections in place, you are still exposed to: dev wallet sells, sniper distribution, market-wide drawdowns, exchange manipulation, and the possibility that someone discovers a bug in the lock contract itself. LP lock + renounce reduce one specific class of risk. They are necessary, not sufficient. The frame to keep: "are these protections in place?" is a filter to throw out obviously bad tokens, not a filter to identify good ones.