Solana · Smart Contract Security · Updated Jun 09, 2026

Is Cup Markets Safe? CUP

On-chain security analysis — is it a scam or legit?

Contract bgaed7…9cup DexScreener ↗
Critical Risk
Volume 24h
$30.5K
Liquidity
$55.6K
Price
$0.0003248
Token Age
13d
Top 10 Holders
0.0%

Security Checklist

2/5 checks passed
Contract VerifiedFail
Ownership RenouncedFail
No Mint FunctionPass
Liquidity LockedFail
Not a ProxyPass

Security Analysis

This audit report analyzes the metadata of the Cup Markets (CUP) SPL Token Mint account. A critical finding is the mint's status as `Initialized: False` despite active trading, which poses a significant reinitialization vulnerability. Additionally, the governing token program and core token properties (supply, decimals) are unknown, hindering a complete security assessment. While the token exhibits normal trading volume and liquidity for its age, these fundamental configuration issues introduce substantial technical risk. External security signals from GoPlus and RugCheck are unavailable, limiting a comprehensive external risk assessment.

The Cup Markets (CUP) SPL Token Mint exhibits critical configuration vulnerabilities, most notably its `Initialized: False` status. This poses an immediate and severe risk of reinitialization, potentially leading to unauthorized control over the token's properties and supply. The unknown token program and undefined core properties further exacerbate these concerns. It is imperative that the Cup Markets team immediately investigates and rectifies the `Initialized` status of the mint account and clarifies the governing token program and its properties. Failure to address these fundamental issues could result in a complete loss of trust and value for the token. For projects with custom programs, a Premium Deploy option would typically be recommended to ensure robust pre-deployment security checks and ongoing monitoring. For an SPL Token Mint, the focus must be on correct initialization an…

Audit Summary

This audit report analyzes the metadata of the Cup Markets (CUP) SPL Token Mint account. A critical finding is the mint's status as `Initialized: False` despite active trading, which poses a significant reinitialization vulnerability. Additionally, the governing token program and core token properties (supply, decimals) are unknown, hindering a complete security assessment. While the token exhibits normal trading volume and liquidity for its age, these fundamental configuration issues introduce substantial technical risk. External security signals from GoPlus and RugCheck are unavailable, limiting a comprehensive external risk assessment.

Final Recommendation: The Cup Markets (CUP) SPL Token Mint exhibits critical configuration vulnerabilities, most notably its `Initialized: False` status. This poses an immediate and severe risk of reinitialization, potentially leading to unauthorized control over the token's properties and supply. The unknown token program and undefined core properties further exacerbate these concerns. It is imperative that the Cup Markets team immediately investigates and rectifies the `Initialized` status of the mint account and clarifies the governing token program and its properties. Failure to address these fundamental issues could result in a complete loss of trust and value for the token. For projects with custom programs, a Premium Deploy option would typically be recommended to ensure robust pre-deployment security checks and ongoing monitoring. For an SPL Token Mint, the focus must be on correct initialization an…

Category Ratings

TechnicalHigh
6/10

The technical assessment reveals critical configuration flaws. The SPL Token Mint account is reported as `Initialized: False` (7.2 Code Security), which for a standard SPL Token Program, allows any party to initialize the mint and gain control over its properties and authorities. The governing token

GovernanceMedium
6/10

The economic and governance risks are primarily driven by the technical configuration issues. The `Initialized: False` status (7.4 Economic) means that the token's supply and freeze authorities are not truly revoked but rather unset, allowing a malicious actor to potentially gain control over t

UpgradesLow
6/10

N/A. SPL Token Mints are data accounts managed by the SPL Token Program, not upgradable programs themselves. The SPL Token Program itself is maintained by Solana Labs and is subject to its own upgrade policies (7.7 Upgrades), which are outside the scope of this specific token mint audit.

Security Findings

4 total
1 Critical 1 High 1 Medium 1 Info
C-01CriticalUnresolved

Uninitialized SPL Token Mint Account

The SPL Token Mint account for Cup Markets (CUP) is reported as `Initialized: False` despite having active liquidity and trading volume. For a standard SPL Token Program, an uninitialized mint account can be initialized by any party, allowing them to define the token's decimals, set a new mint authority, and establish a freeze authority. This effectively grants control over the token's supply and transferability to the initializer, overriding the reported 'revoked' authorities which are not truly revoked if the account is uninitialized.

Recommendation: Immediately investigate the `Initialized` status of the mint account. If it is indeed uninitialized, the token is highly vulnerable to a hostile takeover. The project team must ensure the mint is properly initialized with desired properties and authorities, or migrate liquidity to a correctly configured mint.
H-01HighUnresolved

Unknown Token Program Governing Mint

The program responsible for governing the `bgaed7f6ecbbwpamiwxcpgxqpkgm7zpyoxmx29jh9cup` mint account is reported as 'unknown'. For standard SPL tokens, this should be the well-known `TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA` program. An unknown token program prevents a proper security assessment of the token's behavior and underlying logic, especially when combined with the `Initialized: False` status. It introduces significant uncertainty regarding the token's adherence to expected SPL standards and potential custom vulnerabilities.

Recommendation: The project team must identify and disclose the exact program ID governing this mint account. If it is a custom program, its source code should be made available for audit to ensure it implements token functionalities securely and as expected. If it is intended to be the standard SPL Token Program, the discrepancy should be investigated.
M-01MediumUnresolved

Undefined Core Token Properties

Fundamental properties of the Cup Markets (CUP) token, specifically its `Supply (raw)` and `Decimals`, are reported as 'unknown'. These properties are crucial for understanding the token's total issuance, divisibility, and economic model. Their unknown status, particularly in conjunction with an uninitialized mint account, introduces ambiguity and potential for unexpected behavior or manipulation if these properties can be set by an unauthorized party upon initialization.

Recommendation: The project team should ensure that all core properties of the token, including total supply and decimals, are clearly defined, publicly verifiable, and correctly configured within the mint account. This information is essential for transparency and investor confidence.
I-01InformationalUnresolved

Incomplete External Security Signal Data

External security signals from GoPlus Solana and RugCheck are unavailable for the Cup Markets (CUP) token. These services often provide valuable insights into potential risks such as rug pulls, honeypots, or other malicious token characteristics based on on-chain heuristics and community reports. The absence of this data limits the comprehensive external risk assessment of the token.

Recommendation: While not a direct vulnerability in the token's configuration, the project team should strive for maximum transparency and ensure their token is scannable by reputable security services. Users should exercise caution and conduct their own due diligence in the absence of such external validations.

Frequently Asked Questions

Is Cup Markets a scam?

The provided data points for Cup Markets (CUP) indicate several high-risk factors that are commonly associated with potential scams, though it does not definitively label it as such. Key concerns include an unverified contract, unrenounced ownership, and unlocked liquidity. However, the absence of a mint function is a positive signal. Investors should be aware of these fundamental risks when evaluating CUP and conduct thorough due diligence.

Is Cup Markets safe to buy?

Investing in Cup Markets (CUP) carries significant risks, highlighted by its high-risk score of 65/100. Key safety concerns include the contract not being verified, making its underlying code opaque. Furthermore, ownership of the contract has not been renounced, leaving significant control with the deployer. The liquidity also remains unlocked, posing a risk of removal. These factors suggest a high-risk environment that investors should carefully consider.

Has Cup Markets been audited?

The provided information indicates that the Cup Markets (CUP) contract has not been verified. Contract verification is a foundational step, making the code publicly visible and available for review by security analysts and the community. Without verification, a formal audit by a reputable third-party security firm is highly unlikely, as the auditor would first require access to the verifiable source code.

Would You Like a More Detailed Audit of Cup Markets?

Our AI-powered scanner gives you a deeper, real-time smart contract analysis — free, no signup required.

Get Detailed Audit
Run Free Audit →