Before mainnet deployment or external audit, teams should self-review token contracts against a structured checklist. Self-review complements—but does not replace—independent professional audit.

Supply and minting controls

  • Is total supply capped or documented if inflationary?
  • Who can mint, pause, or burn—and under what conditions?
  • Are admin functions protected by roles, timelocks, or multisig?
  • Are testnet deployments clearly separated from production keys?

Transfer and fee logic

  • Do transfer hooks or taxes behave as documented?
  • Can blacklists or fees trap users unexpectedly?
  • Are decimal handling and rounding consistent with integrations?
  • Do integrations (DEX pools, lending) handle fee-on-transfer tokens correctly?

Standards compliance

  • ERC-20 interface compatibility and event emissions
  • Permit/EIP-2612 domains configured correctly if used
  • Upgrade patterns documented if proxy-based

Deployment verification

  1. Verify source code on block explorers matches audited commit hash.
  2. Confirm constructor arguments and initial holder allocations.
  3. Run automated static analysis and unit tests on final bytecode.
  4. Publish tokenomics, admin key custody, and audit status publicly.