A 0–100 wallet stability score
for the pump.fun ecosystem.

Stable Boy assigns every Solana wallet a single number between 0 and 100. The number describes how legible the wallet looks: how much it behaves like a human trader versus a coordinated bundle, an instant-dump bot, or an insider that traded a token before its visible launch.

The score is computed from eight behavioral signals (Layer 1) and reduced by up to six trust penalties (Layer 2). Both layers run against on-chain data sourced from three independent providers — no opinions, no allowlists, no editorial overrides.

A high score is not a profitability claim. A low score is not an accusation. The number is a heuristic shaped by the pump.fun ecosystem's actual patterns; it's designed to be legible and shareable, not authoritative.

Pump.fun trading is dominated by patterns that look identical to a human at a glance: a wallet bought a token, made money or didn't, moved on. But on-chain, those wallets fall into very different categories.

• ·Diamond hands — real users who pick a few tokens, hold for hours or days, exit on conviction.
• ·Active traders — legitimate but high-velocity rotators. Take profit, move to the next.
• ·Degens / snipers — buy in the first blocks of a launch, exit within minutes, do this on dozens of tokens a day. Not insiders, but not investors either.
• ·Bundlers / insiders — coordinated actors. Multiple wallets buying the same token in the same Jito bundle. Funded by a shared upstream wallet. Often the dev or someone with pre-launch knowledge.

Tools like trench.bot show some of this per-token. Bubblemaps shows the funding-cluster graph. GMGN tags traders inside a token's top-buyers list. None of them give you one number per wallet that distills which category the wallet falls into based on its full behavior.

That number is Stable Boy.

Two layers, composed additively:

final_score = clamp(layer1 + layer2, 0, 100)

• ·Layer 1 (behavioral, 0–100) — weighted average of eight factors describing how the wallet trades.
• ·Layer 2 (penalties, capped at -60) — hard deductions for coordinated-actor patterns. Stack additively; total layer-2 contribution can never exceed half the score.

Wallets with fewer than 5 lifetime trades AND fewer than 3 lifetime tokens return insufficient_data instead of a faked score. We refuse to score what we can't meaningfully measure.

Eight signals, each producing a sub-score 0–100, weighted into a single Layer 1 number. The weights sum to 100. Curves are tuned to the pump.fun memecoin context; what counts as “long hold” here would be milliseconds in a market with longer time horizons.

< 2 min     → 0
2–10 min    → 20
10 min–1 h  → 40
1–6 h       → 60
6–24 h      → 75
1–7 d       → 88
> 7 d       → 100

> 80% paperhand  → 0
60–80%           → 15
40–60%           → 35
20–40%           → 60
5–20%            → 85
< 5%             → 100

< 7 d       → 20
7–30 d      → 45
30–180 d    → 75
> 180 d     → 100

sell/buy ratio:
> 3       → 30   (dump-heavy)
> 1.5     → 55
> 0.7     → 80
≤ 0.7     → 70   (accumulator-leaning)

> 20/day                 → 15
10–20/day                → 35
3–10/day                 → 65
1–3/day                  → 85
< 1/day with multi-token → 100
< 1/day, single token    → 60 (anomaly)

Six independent flags. Each detects a specific coordinated- actor pattern; each carries a fixed deduction. Layer 2 totals are capped at -60 so penalties can never exceed half the score range.

The score range is sliced into four named bands. The boundaries are deliberately wide so small variations don't flip the verdict.

Three providers, each used for what it's best at. No single provider can be replaced without losing functionality; none of them sponsor or endorse Stable Boy.

The live top-20 diamond hands board (last 7 days) defines a rolling set of eligible wallets. Each rank earns a fixed allocation from a 100,000,000 $Stable pool, distributed linearly.

amount(rank) = (21 − rank) / 210 × 100,000,000

showing ranks 1, 5, 10, 15, 20 · full table on /airdrop

Claim flow

1. 1.User connects their Solana wallet via standard wallet adapter (Phantom, Solflare, Backpack, etc.).
2. 2.Frontend hits /api/airdrop/eligibility with the connected address. Server checks the current top 20 + the airdrop_claims table and returns rank + amount or a not-eligible reason.
3. 3.If eligible, user clicks Claim. Frontend builds a claim message (wallet + timestamp), asks the wallet to sign it.
4. 4.Frontend POSTs /api/airdrop/claim with the wallet, message, and signature. Server verifies the ed25519 signature, re-checks eligibility (never trusting client-supplied amount), reserves the wallet in airdrop_claims, then signs and submits an SPL transferChecked from the dev wallet to the user's associated token account.
5. 5.On confirmation, the row is updated with the real tx signature and the user gets a solscan link.

Security model

• ·Server-signed transfer (hot-key model). The dev wallet's secret lives in a Vercel env var. Trade-off accepted: simplest UX in exchange for a finite blast radius (the dev wallet holds only the airdrop allocation, not a treasury).
• ·Signed-message ownership proof. No transfer fires until the recipient signs a message containing their wallet address and a fresh timestamp. Defeats spoofed POSTs. Replays past 5 minutes are rejected.
• ·Database-level double-claim prevention. Primary key on wallet_address means two concurrent claims for the same wallet produce one winner and one 409 Conflict — no race window.
• ·Reservation-first transfer. The claim row is inserted with a placeholder signature before the on-chain call. If the transfer fails, the row is deleted so the user can retry; if it succeeds, the row is updated with the real signature.
• ·transferChecked asserts decimals on-chain. Accidental 10× sends from a wrong decimals config are rejected by the SPL program itself.

Stable Boy stores three things in its database, all keyed by public Solana wallet address (a public identifier, not PII):

• ·scored_wallets — the most-recent score per wallet, plus the full receipt JSON, for 24 hours (cache-with-TTL).
• ·funder_lookups — immutable map of wallet → its funder address, derived from public on-chain data.
• ·bundler_taglog — append-only log of per-token trader labels (sniper/bundler/insider/smart-money) observed from public GMGN data.
• ·airdrop_claims — one row per successful claim: wallet, rank, amount, tx signature, timestamp.

Local browser state: a short recently scored list in localStorage, capped at 5 entries. Never transmitted.

No accounts. No emails. No tracking pixels. No analytics SDKs. The site doesn't know who you are.

• ·30-day window. GMGN's deepest period is 30d, so a wallet dormant in that window scores insufficient_data even if it has years of history.
• ·Pump.fun-flavored. A wallet that primarily trades Jupiter routes or pure Raydium pools will look small through this lens. Stable Boy is intentionally scoped to memecoin behavior.
• ·Cluster cold start. The bundler registry grows from observed tag events. Early scores produce weaker cluster signal than later scores once the registry has compounded.
• ·Wash detection misses cross-wallet wash. Catches a wallet self-churning but not a wallet washing through another wallet it controls — v3 work.
• ·SOL balance is a snapshot. A wallet that just received SOL looks identical to one that's held SOL for months. Real time-series scoring is v3.
• ·Airdrop eligibility is live, not snapshot. If you get bumped from the top 20 between when you check and when you claim, you lose the claim. Race the leaderboard.

Stable Boy is MIT licensed. Self-host it, fork it, embed the badge, contribute back. The entire scoring engine — every curve, every weight, every penalty trigger — is in src/lib/scoring/. The airdrop primitives are in src/lib/airdrop/.

The most useful contributions:

• ·Score-disagreement reports. If you know a wallet is a bundler / diamond / etc. and Stable Boy disagrees, open the Score Disagreement issue template with the wallet address and your expected score. Curves get better with real adversarial examples.
• ·New Layer-2 signals — cross-wallet wash, dormant-then- coordinated, anything else that catches what the existing six miss.
• ·Score-curve tuning PRs with the score-impact analysis the PR template asks for.