Crypto token is a digital asset used in blockchain-based decentralized applications. Today, tokens have attracted many investors and collected a large amount of money. Unfortunately, the increasing interest from investors has also attracted the attention of scammers who have devised numerous scam schemes within the token ecosystem. Rug pull is one of the well-known scams, where fraudulent developers lure investors into seemingly profitable projects and then run off with their money, leaving the investors with worthless assets. To prevent future losses, researchers in both industry and academia have attempted to expose rug pull risks. However, rug pull can manifest in various scenarios during the transfer process, posing significant challenges for effective detection.

In this paper, we first conduct an in-depth study of 201 real-world rug pull incidents, and summarize 4 common types of rug pull risks. Then, we establish a component-configurable transfer model to locate and analyze the transfer process. Based on it, we generate effective oracles for the 4 rug pull risks. We propose Tokeer, a token verification tool that implements the transfer model and oracles with datalog technique to expose rug pull risks hidden in token contracts. We apply Tokeer on real-world tokens and compare it with state-of-the-art tools: the commercial tool GoPlus and the academic tool Pied-Piper. Tokeer achieves an average of 98.0% recall and 98.9% precision, significantly outperforming the commercial tool GoPlus and the academic tool Pied-Piper. Besides, Tokeer detects 27.2% more real rug pull risks in wild production than state-of-the-art tools.