MOONSALE
a product of IGH
Security

MoonSale Security Standards Explained

By MoonSale Team··8 min read

Why we wrote this

Every launchpad claims to be "safe." Most of those claims do not survive a 60-second on-chain check. We wrote this so buyers and founders can compare what MoonSale actually enforces against what other platforms only describe in marketing copy.

This is the long answer to "is this safe?" Every standard below is verifiable on chain or in our public audit report. None of it requires trusting our word.

The threats every launchpad has to defend against

Before listing the standards, here is the threat model they exist to address:

  • Rug pulls: team withdraws the liquidity pool and the price collapses
  • Honeypots: contracts that accept buys but block sells
  • Soft rugs: listing rate set lower than the presale rate, so insiders sell at a profit on minute one
  • Insider dumps: team tokens unlock at TGE and the team sells everything on day one
  • Sniper bots: front-run the public on launch and dump on humans 60 seconds later
  • Token cloning: scam project deploys a near-identical contract to a real one to steal traffic
  • Admin abuse: launchpad operator pauses or modifies contracts to favor specific outcomes

A real launchpad needs a defense for each of these. Standards 1 through 10 below map directly to these threats.

Standard 1: audited contract templates

All 8 production contracts on MoonSale (token factory, presale factory, fair launch factory, liquidity lock, vesting, token manager, and supporting infrastructure) were audited by ICOGemHunters in audit IGH-MSL-2026-015 with a final score of 96 out of 100.

The audit report is public and linked from every project page. All 8 contracts are verified on BscScan with source code visible. You can read the bytecode of every contract that handles your funds.

The audit covers the templates themselves. Custom code added by founders is the founder's responsibility, which is why the CA audits page lets founders attach their own audit reports for any custom logic.

Standard 2: automatic source verification

Every token deployed through Create Token has its source code automatically published to BscScan within seconds of deploy. Every presale deployed through Create Presale and every fair launch through Create Fair Launch does the same.

Unverified contracts are bytecode only, which means buyers cannot read what the contract does. We treat unverified deploys as unacceptable. The verification step is built into the deploy flow so founders cannot accidentally skip it.

Standard 3: on-chain parameter validation

Most launchpads accept whatever parameters the founder fills in the form. PinkSale and DxSale do this. The result is that a founder can claim a 51 percent LP percentage in the marketing and ship a 20 percent LP percentage in the contract, and the platform will not catch the discrepancy.

MoonSale reads the actual deployed contract state before publishing the project page. The listing rate, LP percentage, lock duration, and tax parameters that appear on the project card are pulled directly from the on-chain contract, not from form fields. If the contract state does not match the founder's claims, the project page will not publish.

This standard alone catches most soft rugs before they go live.

Standard 4: non-custodial liquidity locks

Every launch on MoonSale locks its liquidity pool through the public lock contract. The LP tokens are sent to the lock contract at finalize and cannot be withdrawn until the unlock date.

Critical properties of the lock:

  • The lock contract is non-custodial. We cannot withdraw your LP, even if we wanted to.
  • The unlock date is set by the founder at deploy time and cannot be shortened.
  • Default lock duration is 365 days. The minimum the form will accept depends on platform policy, but most launches lock for 12 to 24 months.
  • The lock state is visible on chain and surfaced on the project card.

If MoonSale disappeared tomorrow, every locked LP would still be locked, and every buyer could verify the lock independently on BscScan.

Standard 5: time-locked team vesting

Team token allocations are locked through the vesting contracts with configurable cliffs and linear unlock schedules. Like the LP lock, the vesting contracts are non-custodial. The founder cannot accelerate their own vesting, and we cannot accelerate it on their behalf.

The post Common Mistakes New Token Creators Make covers why team vesting is the second most important trust signal after locked liquidity.

Standard 6: opt-in anti-bot protections

Every fair launch on the fair launch flow exposes anti-bot protections as toggles on the create form, not buried in advanced settings:

  • Per-wallet cap on the first block (typically 1 to 2 percent of supply)
  • 30 to 120 second trading-disabled window after deploy
  • Optional 99 percent buy tax for the first 30 seconds (sniper tax)
  • Anti-whale max wallet for the first 24 hours

These are visible at deploy time, not hidden behind documentation links. Skipping them is a deliberate choice, not an accident.

Standard 7: KYC and audit badge system

Real KYC and audit reports surface as badges on the project card. The CA audits page shows which audit firms are accepted, the audit report URLs, and the validation rules applied to each badge.

Badges are issued by the audit firms themselves, not minted by founders or the platform. A "verified KYC" badge means a real KYC firm signed off on the founder's identity. A "verified audit" badge means a real audit firm published a report covering the project's specific contract.

Buyers see these badges before they see the buy button.

Standard 8: the weighted Security Score

The security score page rates every project on the launchpad against 11 weighted categories totaling 50 points. The categories cover:

  • LP locked and lock duration
  • Team tokens vested and vesting duration
  • KYC verified
  • Audit completed
  • Source code verified
  • Holder distribution
  • Anti-whale settings
  • Anti-bot settings
  • Founder doxx status
  • Tokenomics transparency
  • Listing rate vs presale rate ratio

Each project card displays the score prominently. The scoring logic is open and described on the security score page itself, so founders know exactly which boxes to tick to maximize their score and buyers know exactly what each tier means.

The score is computed independently of platform admin settings. We cannot inflate scores for favored projects.

Standard 9: no admin pause and no admin upgrade

The launchpad contracts themselves are not upgradeable through proxies. There is no pause function the platform admin can call to freeze user funds. There is no admin function to modify a deployed presale or fair launch.

This is the critical property that makes the platform self-custodial. Every BNB raised flows through smart contract logic from buyer wallet to LP and team treasury. None of it touches a platform-controlled wallet. If we vanished, every buyer could refund directly via BscScan using the public refund function on the deployed contract.

This is not a marketing claim. The contracts are verified on BscScan. You can read the code.

Standard 10: pre-launch token scanning

Before any project page publishes, the token scanner runs an automated analysis of the deployed token contract. It flags:

  • Honeypot patterns (transfer restrictions, hidden taxes)
  • Blacklist functions
  • Mint functions usable after deploy
  • Pause and freeze functions
  • Upgradeable proxy patterns
  • Owner-modifiable parameters

If the scanner returns critical flags, the project page is held for manual review. The same scanner is exposed to investors at the public token-scanner URL so anyone can scan any contract before buying.

For the buyer-side detection playbook, see How to Spot a Honeypot in 60 Seconds.

What this means in practice

For an investor browsing the launchpad, these 10 standards mean every project card carries verifiable trust signals. You can verify the LP lock on BscScan in 10 seconds. You can verify the team vesting on BscScan in another 10. You can read the audit report. You can scan the token. None of it requires trusting our judgment.

For a founder shipping a launch, these 10 standards mean credibility is a configuration job, not a "trust me" job. Tick the boxes (lock LP for 365 days, vest team for 12 months, enable anti-bot, ship the audit and KYC badges) and the security score reflects the work directly. Buyers do not have to take your word for it.

What we do NOT claim to solve

Honest section. There are real risks the platform cannot prevent, and we will not pretend it can:

  • Fake communities. Bot-padded Telegram counts and fake X engagement are off-chain. The platform cannot detect or filter them.
  • Marketing claims. If a founder promises a CEX listing or a partnership that never materializes, that is between the founder and the buyers.
  • Off-chain partnerships. Logos on a website that the partners never approved are fraud, but they are not on-chain fraud. We cannot validate them.
  • Long-term execution. Whether a project ships features in month 2, 3, and 6 depends on the team, not the contract. We covered this in What Makes a Successful Token Launch?.
  • Founder honesty about doxx and identity. KYC firms verify identity at submission time. They cannot prevent a founder from ghosting later.

The platform handles contract-risk, founders handle narrative-risk. Buyers should verify both.

Where to verify all of this yourself

Every claim in this post is independently verifiable:

  • Audit report (96/100): linked from the CA audits page
  • Contract source on BscScan: every contract is verified, click the BscScan link on any project page
  • LP lock state: click the project's LP lock badge, opens the on-chain lock
  • Vesting schedule: click the team vesting badge, opens the vesting contract
  • Security score logic: open the security score page
  • Fees: posted at the fees page, enforced on chain

Ready to launch or invest with verified safety?

For founders, start at Create Token for a token-only deploy or Create Fair Launch for the full launch flow. The 10 standards above are built into every launch by default, not as an upsell.

For investors, every public project page on MoonSale displays the security score, the LP lock status, the team vesting status, and links to verify everything on chain. If you want to scan a contract from a different launchpad, the token scanner works on any BSC contract.

We built MoonSale because the launchpads we ourselves used as builders did not enforce the standards above. Most still do not. Until they do, this is the answer to "is this safe": here is what we enforce, here is what you can verify, here is what we will not pretend to solve.

More from Security

How to Spot a Honeypot in 60 Seconds

3 May 2026