Every token you have ever traded on Solana — from SOL itself to the latest memecoin — is an SPL token. SPL (Solana Program Library) tokens are Solana's equivalent of Ethereum's ERC-20 tokens, but with a fundamentally different architecture that enables features impossible on other blockchains.
Understanding how SPL tokens work gives you practical advantages. You will know why you sometimes need to "create a token account" before receiving a new token. You will understand what it means when a token's mint authority is revoked — and why it matters. And if you are a developer, you will know how to leverage Token-2022 extensions to build sophisticated token economics directly into the token itself.
This guide covers both the original SPL Token program and the newer Token-2022 standard, explaining the concepts practically for both users and developers.
How Solana Tokens Work: The Basics
Mint Accounts
Every SPL token starts with a mint account. Think of it as the token's birth certificate and control center. The mint account stores:
- Supply: The total number of tokens in existence
- Decimals: How divisible the token is (e.g., 9 decimals means 1 token = 1,000,000,000 smallest units)
- Mint authority: The address allowed to create new tokens (or null if minting is permanently disabled)
- Freeze authority: The address allowed to freeze token accounts (or null if freezing is disabled)
When someone says "check if mint authority is revoked," they are asking whether the mint authority field is set to null. If it is, no one can ever create more of that token — the supply is permanently fixed. This is one of the first safety checks traders perform on new tokens.
Token Accounts
Here is where Solana diverges significantly from Ethereum. On Ethereum, your wallet has a single balance for each ERC-20 token, tracked in the token contract itself. On Solana, every token you hold requires a separate token account.
A token account is a dedicated on-chain account that holds:
- The mint it belongs to (which token)
- The owner (which wallet controls it)
- The amount (how many tokens it holds)
- Additional state information (delegation, close authority, etc.)
This means if you hold 50 different tokens, your wallet has 50 separate token accounts plus your main SOL account.
Why does this matter to you?
- Rent: Each token account requires a rent-exempt balance of approximately 0.002 SOL. When you "close" a token account (remove a worthless token), you recover this SOL.
- Account creation: The first time you receive a new token, someone has to create your token account. This is usually handled automatically by wallets and DEXs, but the creation cost exists.
- Performance: Solana can process transactions on different token accounts in parallel because they are independent accounts. This is a key reason Solana is so fast.
Associated Token Accounts (ATAs)
To solve the problem of "which token account should I send tokens to?", Solana introduced Associated Token Accounts (ATAs). An ATA is a deterministically derived token account — given a wallet address and a token mint, there is exactly one ATA address.
This means:
- Wallets automatically create ATAs when you receive a new token
- Senders do not need to ask for your specific token account address — they derive it from your wallet address
- Every wallet has one canonical token account per token type
When you swap on Jupiter or receive tokens from a friend, ATAs are what make it seamless. You just provide your wallet address, and the system handles the rest.
Mint Authority Explained
The mint authority is the single most important security parameter for any SPL token.
What Mint Authority Controls
The mint authority address has the power to create new tokens at will. This means:
- If the mint authority is a team's wallet, the team can inflate the supply at any time
- If the mint authority is a governance program, the community controls minting through votes
- If the mint authority is null (revoked), no one can ever mint new tokens
Why Revocation Matters
For memecoins and community tokens, a revoked mint authority is considered essential. It guarantees that the supply is fixed — the team cannot rug-pull by minting millions of new tokens and dumping them on the market.
How to check mint authority:
- Find the token's mint address on Solana Explorer
- Look at the "Mint Authority" field
- If it shows an address, that wallet can mint new tokens
- If it shows "Disabled" or null, minting is permanently revoked
Important exception: Some legitimate tokens need mint authority. Stablecoins (USDC, USDT) require active mint authority to issue new tokens backed by reserves. Governance tokens may need mint authority controlled by a DAO for future emissions. Do not automatically dismiss tokens with active mint authority — evaluate the context.
Freeze Authority Explained
Freeze authority is the second critical security parameter. A wallet with freeze authority can freeze any token account, preventing the holder from transferring, selling, or interacting with their tokens.
Legitimate Uses
- Stablecoins: USDC's freeze authority allows Circle to freeze accounts involved in sanctions violations or criminal activity. This is a regulatory requirement.
- Securities tokens: Regulated token offerings may need freeze authority for compliance.
- Game tokens: In-game currencies might freeze tokens during game events or maintenance.
Red Flags
For memecoins and DeFi tokens, active freeze authority is a significant red flag. It means someone can:
- Let you buy the token
- Freeze your token account so you cannot sell
- Dump their own unfrozen tokens, crashing the price
- You are left holding frozen, worthless tokens
This is a common rug-pull vector on Solana. Always check freeze authority before buying new tokens, especially newly launched ones. Token safety tools like RugCheck automatically flag active freeze authority.
Raw SPL tokens have no name, no symbol, no image — just a mint address and balances. Token metadata is stored separately using the Metaplex Token Metadata standard.
What Metadata Includes
- Name: The human-readable token name (e.g., "Jupiter")
- Symbol: The ticker (e.g., "JUP")
- URI: A link to a JSON file containing additional metadata (description, image URL, social links)
- Seller fee basis points: Royalty percentage for NFTs (not typically used for fungible tokens)
- Creators: List of creator addresses and their verified status
- Collection: For NFTs, which collection it belongs to
On-Chain vs. Off-Chain Metadata
Token metadata lives in two places:
- On-chain: The metadata account stores the name, symbol, and a URI pointing to off-chain data. This is immutable if the update authority is revoked.
- Off-chain: The JSON file at the URI contains the token image, description, and extended attributes. This is typically hosted on Arweave, IPFS, or a centralized server.
Why this matters: If the off-chain JSON is hosted on a centralized server, the token creator can change the image or description at any time. For immutability, look for metadata hosted on Arweave or IPFS with pinning.
SPL Token vs. Token-2022
In 2023, Solana introduced Token-2022 (also called Token Extensions), a new token program that extends the original SPL Token with powerful built-in features. Understanding the differences is increasingly important as more tokens adopt Token-2022.
Key Differences
| Feature | SPL Token | Token-2022 |
|---|
| Program ID | TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA | TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb |
| Transfer fees | Not supported | Built-in |
| Confidential transfers | Not supported | Supported |
| Permanent delegate | Not supported | Supported |
| Non-transferable tokens | Workarounds only | Native support |
| Interest-bearing | Not supported | Built-in |
| Default account state | Always initialized | Can default to frozen |
| Metadata | Requires Metaplex | Built-in metadata extension |
| CPI guard | Not available | Available |
Should You Care?
As a user: Yes. Token-2022 tokens may have transfer fees that take a percentage of every transfer. They may have different behavior than you expect from standard SPL tokens. Your wallet and DEX should handle these differences, but understanding them helps you make informed decisions.
As a developer: Absolutely. Token-2022 enables token designs that previously required custom programs. Transfer fees, for example, were previously impossible without wrapping tokens in a custom contract.
Token-2022 Extensions Deep Dive
Transfer Fees
The transfer fee extension allows token creators to set a fee on every token transfer. A percentage of each transfer is withheld and sent to a designated fee account.
How it works:
- The creator sets a fee rate (e.g., 1%) and a maximum fee
- Every transfer automatically withholds the fee
- The fee accumulates in a special "withheld" balance on the recipient's token account
- The fee authority can harvest withheld fees periodically
Use cases:
- Protocol revenue: Tokens that generate revenue for the protocol on every transfer
- Anti-bot measures: Making high-frequency trading more expensive
- Reflection tokens: Redistribute fees to holders (though this requires additional logic)
Impact on trading: If you are trading a Token-2022 token with transfer fees, factor the fee into your profit calculations. A 1% transfer fee means you lose 1% on buy and 1% on sell — your trade needs to generate at least 2% profit just to break even.
Confidential Transfers
Confidential transfers use zero-knowledge proofs to encrypt transfer amounts while keeping the transaction itself public. The sender, recipient, and amount are hidden, but the network can still verify the transaction is valid.
What is confidential:
- Transfer amounts are encrypted
- Account balances can be encrypted
What is NOT confidential:
- Sender and recipient addresses are still visible
- The fact that a transfer occurred is public
- The token type being transferred is visible
This extension is primarily designed for financial institutions and businesses that need privacy for competitive or regulatory reasons while still operating on a public blockchain.
Permanent Delegate
The permanent delegate extension gives a designated address the authority to transfer or burn tokens from any account holding that token — without the holder's permission.
This sounds alarming, and it can be. A permanent delegate can:
- Transfer your tokens out of your wallet
- Burn your tokens, reducing your balance to zero
Legitimate use cases:
- Stablecoins that need regulatory compliance controls
- Tokens representing real-world assets that may need clawback functionality
- Subscription tokens that expire and need to be reclaimed
Red flags: For community tokens and memecoins, permanent delegate is an extreme red flag. It is essentially unrestricted access to every holder's tokens. Always check for this extension before buying Token-2022 tokens.
Non-Transferable Tokens (Soulbound)
This extension creates tokens that cannot be transferred after initial issuance. Once a token is in your wallet, it stays there — you cannot send it, sell it, or trade it.
Use cases:
- Proof of attendance (POAPs)
- Credentials and certifications
- Reputation tokens
- Achievement badges
- KYC/identity verification tokens
Interest-Bearing Tokens
The interest-bearing extension allows tokens to display an interest-accruing value without actually changing the on-chain balance. The token's UI value increases over time based on a configured interest rate, while the underlying balance remains the same.
How it works: A multiplier based on the configured rate and elapsed time is applied when displaying the token balance. The actual on-chain amount does not change — this is purely a display-layer feature.
Use cases: Yield-bearing stablecoins, lending protocol receipt tokens, savings products.
Default Account State
This extension allows token creators to set the default state of new token accounts to "frozen." When someone creates a token account for this token, it starts frozen — they cannot receive or send tokens until the freeze authority explicitly unfreezes the account.
Use cases: KYC-gated tokens where accounts must be approved before trading. Securities tokens that require accredited investor verification.
CPI Guard
The CPI Guard extension protects token accounts from being manipulated by programs through Cross-Program Invocations (CPI). When enabled, certain operations (like approving a delegate) can only be performed by the token account owner directly, not by a program acting on their behalf.
Why it matters: Without CPI guard, a malicious program could approve itself as a delegate on your token account during a CPI, then drain your tokens later. CPI guard prevents this class of attacks.
Practical Guide: Evaluating Token Safety
Whether you are looking at an SPL Token or Token-2022 token, here is a checklist for evaluating safety:
Standard SPL Tokens
- Mint authority — Revoked? If not, who controls it?
- Freeze authority — Revoked? If not, is there a legitimate reason?
- Supply — What is the total supply? What percentage is circulating?
- Top holders — Is supply concentrated in a few wallets?
- Liquidity — Is liquidity locked? How much SOL/USDC backs the trading pool?
- Metadata — Is the update authority revoked? Is metadata on decentralized storage?
Token-2022 Tokens
All of the above, plus:
- Transfer fees — Is there a fee? What percentage? Who receives it?
- Permanent delegate — Is one set? If so, extreme caution.
- Default account state — Is it frozen by default?
- Other extensions — Check which extensions are enabled and understand their implications.
Tools like RugCheck and SolSniffer automatically analyze many of these parameters and flag risks.
Creating SPL Tokens
For developers and project creators, creating an SPL token on Solana is straightforward.
Using the CLI
# Create a new token (SPL Token program)
spl-token create-token
# Create a Token-2022 token with transfer fees
spl-token create-token --program-id TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb \
--transfer-fee 100 10000000000
# Create a token account
spl-token create-account <TOKEN_MINT_ADDRESS>
# Mint tokens
spl-token mint <TOKEN_MINT_ADDRESS> 1000000
# Revoke mint authority
spl-token authorize <TOKEN_MINT_ADDRESS> mint --disable
Using Token Launchers
For non-developers, platforms like Pump.fun simplify token creation to a web form. These platforms handle mint creation, metadata, initial liquidity, and in some cases automatic mint authority revocation.
See our guide on creating a token on Solana for a detailed walkthrough.
Token Accounts and Your Wallet
Why You Have So Many Token Accounts
If you have been active on Solana for a while, your wallet likely has dozens or hundreds of token accounts — many for tokens worth fractions of a cent. Each one holds approximately 0.002 SOL in rent.
Closing Empty Token Accounts
You can recover rent from token accounts you no longer need:
- In Phantom: Settings → scroll to "Close Empty Accounts" or use the token list to close individual accounts
- Using CLI:
spl-token close --address <TOKEN_ACCOUNT_ADDRESS>
- Using dApps: Several Solana tools let you batch-close empty token accounts
Caution: Only close token accounts with zero balance that you do not intend to receive again. If someone sends you that token after you close the account, they will need to create a new ATA for you (which costs them SOL).
Unwanted Token Airdrops
Solana's low fees mean spam token airdrops are common. You may receive random tokens you never asked for. Most are worthless, but some contain malicious metadata (links to phishing sites).
Best practices:
- Do not interact with unknown airdropped tokens
- Do not click links in token metadata
- Use wallet tools to close and clean up airdrop token accounts
- Never approve transactions prompted by airdropped tokens
The Future of Solana Token Standards
Token-2022 adoption is accelerating as more projects realize the benefits of built-in token extensions over custom program logic. Key trends to watch:
- Transfer fee adoption — More projects using built-in transfer fees for protocol revenue
- Confidential transfers — Financial institutions exploring Solana for private transactions
- Metadata standardization — The built-in metadata extension in Token-2022 may eventually reduce dependence on Metaplex
- New extensions — The Token-2022 program is designed to be extensible, with new extensions being proposed and developed
Understanding SPL tokens and Token-2022 is not just technical knowledge — it is practical security literacy. The more you understand about how tokens work on Solana, the better equipped you are to evaluate risks, avoid scams, and make informed trading decisions.
