mm-defi-tips.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

How to Find & Verify Token Contract Addresses for MetaMask

Leo Pemberton Leo Pemberton
Try Tangem secure wallet →

Who this guide is for (and quick note on methodology)

If you're using MetaMask to interact with DeFi, swaps, or dApps, this article shows how to find and verify token contract addresses before you add them. I wrote this from hands-on work with extensions and mobile MetaMask and from troubleshooting token mix-ups I've made myself. In my experience, a single wrong contract address can turn a routine swap into a painful recovery effort.

What you'll get: practical steps you can repeat (with screenshots you can capture yourself), checks to separate legit token contracts from copycats, and links to deeper guides like how to add custom tokens to MetaMask or deal with the wrong-network-recovery situation.

Why verifying a token contract address matters

Short answer: a token name and symbol are not unique. Two different contracts can both use the same ticker. That creates opportunity for scams (typosquatting and fake liquidity pools) and for accidental losses (adding a token on the wrong chain). I've accidentally approved a low-value token that shared a name with a real token — and I lost time reversing approvals. Lessons learned? Always verify the contract address before approving or swapping.

Risks you avoid by verifying:

Try Tangem secure wallet →
  • Sending funds to a token contract on the wrong network
  • Swapping into a fake token with a malicious mint function
  • Approving unlimited allowances for contracts you didn’t verify

And yes—this takes two minutes. But the payoff is huge.

Where to find a token contract address (comparison table)

Source Speed Trust level (relative) What to confirm Caveats
Block explorer (Etherscan, Polygonscan, BscScan) Fast High if contract verified Contract address, verified source code, total supply, number of holders Some scam contracts are verified; must cross-check with project docs
Aggregators (CoinGecko, CoinMarketCap) Fast Medium-high Token address on listed chains, official links Aggregator can list wrong addresses; check timestamps and project links
Official project website / GitHub Medium High if HTTPS + repo tags Contract address, contract audit links, multisig details Websites can be cloned; verify TLS and social media posts
Token lists (Uniswap lists, community lists) Fast Medium Verified token metadata, decimals A list can be manipulated; always cross-check
Social media & Discord (pinned posts) Fast Medium Pinned contract announcements, audit links Social accounts can be spoofed; look for verification badges and signed posts

![explorer screenshot placeholder]

On-chain explorers (Etherscan / Polygonscan / BscScan)

Start here. Search the token name or paste the suspected contract address. Then check:

  • Is the contract source code verified? (Look for green check or "Contract Verified")
  • Does the contract match the token metadata (symbol, decimals)?
  • How many holders does the token have? A real token usually has many holders and active transfers.
  • Are there admin functions (mint, burn, pause) visible in the source code or read/write tabs?

If a new token shows 1 holder and all supply held in one address, treat it as risky.

Token aggregators and token lists

Sites like CoinGecko and CoinMarketCap often list the contract address and link to the explorer and project website. Token lists (e.g., community token lists used by swap UIs) include metadata and are convenient for adding tokens, but they can lag or be manipulated. Use aggregators as a second source, not the only source.

Official project channels and GitHub

Look for an announcement post with the contract address on the project's verified social channels, or a tagged release on GitHub. If the team publishes an address, confirm it on the block explorer too. (Yes, social posts can be impersonated — cross-check two or more sources.)

Step-by-step: Verify then add a token to MetaMask (extension + mobile)

Follow these steps exactly. Replicate them with a small test amount first.

  1. Identify the chain. Is the token on Ethereum, Polygon (MATIC), BSC, or another EVM-compatible chain? Switch MetaMask to that network (see /add-polygon-to-metamask and /add-bsc-smart-chain-to-metamask).
  2. Find the contract address from at least two sources (block explorer + official site or aggregator).
  3. Paste the contract address into the block explorer and confirm: verified source code, token decimals, and total supply.
  4. In MetaMask (extension): Menu → Import Tokens → Custom Token → paste address → confirm symbol + decimals → Add Token. On mobile: Wallet → Assets → Add Token → Custom token.
  5. Watch the token appear in your wallet. Confirm balances by looking up the address on the block explorer.

Quick pre-add checklist

  • Contract verified on explorer? ✅
  • Contract address matches project site/CoinGecko? ✅
  • Network is correct in MetaMask? ✅
  • Token decimals look sane (usually 18 for ERC-20)? ✅

Advanced contract checks to help you spot red flags

If you want more certainty, peek at the verified source code on the block explorer:

  • Search for owner-only functions (transferOwnership, renounceOwnership). Does the owner have the power to mint tokens or change critical parameters?
  • Look for common mint/burn functions and for external calls that could be used to freeze transfers.
  • Check whether ownership has been renounced or transferred to a multisig. Multisig addresses and Gnosis safe addresses are safer than a single wallet owner.
  • Watch for proxy patterns (upgradeable contracts). Upgradeability is not inherently bad, but it adds risk if the upgrader key is centralized.

I once found a token that allowed owner-only minting and discovered it by checking the "Read Contract" tab — saved me from a swap that could have gone wrong. Always check.

If you added the wrong token or sent to the wrong network

Don’t panic. First, confirm whether it's a UI issue (token not recognized) vs an actual transfer to the wrong chain. If you accidentally approved a malicious contract, go to token-approvals-and-revoke and revoke access. If you sent tokens to the wrong network, follow the steps at /wrong-network-recovery — recovery is sometimes possible but often requires access to the private keys and the bridge service that supports that route.

And remember: small test transfers are your friend.

How I tested this guide (replicable methodology)

I verified procedures by adding a set of tokens across Ethereum mainnet and Polygon using the MetaMask extension and mobile app. Steps I repeated for each token:

  • Locate contract address on a block explorer and on CoinGecko.
  • Confirm verified source code and token metadata on the explorer.
  • Add the token in MetaMask with zero-value test transfers where applicable.
  • Attempt a small swap using the MetaMask built-in swap aggregator to confirm routing and gas estimates.

You can replicate: pick a token, cross-check two sources, add to MetaMask, and do a 0.001 test swap or a 0.01 transfer. Keep gas fees in mind (use L2s or testnets to practice).

FAQ

Q: Is it safe to add unknown tokens to MetaMask?
A: Adding is safe (it only displays the token). Interacting or approving is where risk appears. Use small test amounts and verify contract code first.

Q: How do I revoke token approvals?
A: Use the token approvals and revoke guide. Revoke unlimited allowances and re-approve limited amounts when needed.

Q: What happens if I lose my phone?
A: If you have your seed phrase (recovery phrase), you can restore your wallet on another device. See /backup-and-recovery-seed-phrase. If you don't, funds in that hot wallet are likely unrecoverable.

Q: How do I find the ICE or MATIC contract address for MetaMask?
A: Search reputable explorers and aggregators for the token name, then cross-check with the project's official channels. (Keywords people use: “ice contract address metamask”, “matic contract address metamask”, “ice metamask contract address”.) Never trust a single source.

Conclusion and next steps (CTA)

Verifying a token contract address takes minutes and can prevent irreversible mistakes. My practical tip: always cross-check the explorer, an aggregator, and the project page before you approve or swap. For hands-on steps check /add-custom-tokens-to-metamask and /add-tokens-mobile. If you suspect a scam or need to revoke access, see /token-approvals-and-revoke. Want to practice safely? Try the same routine on a testnet or with tiny amounts first.

If you found this helpful, the site has more guides on gas fees and L2s, detecting scams and spam tokens, and wrong-network recovery to keep you moving in DeFi with fewer surprises.

Try Tangem secure wallet →