Solana's original token standard — the SPL Token Program — has powered every SOL transfer, every memecoin trade, and every DeFi protocol since the network launched. It works, but it's deliberately simple. If you want your token to do anything beyond basic transfers and approvals, you have to build custom programs around it.
Token Extensions (officially the Token-2022 program) change that. They add a layer of configurable features directly into the token standard, letting creators build tokens with built-in transfer fees, confidential balances, permanent freeze authority, on-chain metadata, and more — all without deploying custom smart contracts.
This guide explains what Token Extensions are, how each extension works, what's been built with them, and what traders and developers need to know.
Token Extensions vs. Original SPL Tokens
The original SPL Token Program handles the basics: mint tokens, transfer them, set authorities (mint, freeze), approve delegates, and that's essentially it. Any additional behavior — royalty enforcement, transfer restrictions, metadata — requires external programs that wrap or gate token operations.
Token Extensions (Token-2022) is a new token program that's backwards-compatible with the core transfer/approve/mint model but adds 16+ optional extensions that token creators can enable at mint time. Once a token is created with certain extensions, those features are enforced at the protocol level — no wrapping, no separate programs, no workarounds.
Key difference: Token Extensions are enforced by the token program itself. A transfer fee isn't a suggestion that a frontend can ignore. It's deducted automatically on every transfer, by every wallet, on every DEX. The program enforces it.
| Feature | Original SPL Token | Token-2022 (Extensions) |
|---|
| Basic transfers | Yes | Yes |
| Mint/freeze authority | Yes | Yes |
| Transfer fees | No (requires custom program) | Built-in, enforced per-transfer |
| Confidential transfers | No | Yes (ZK-proof based) |
| On-chain metadata | No (requires Metaplex) | Built-in metadata pointer |
| Non-transferable tokens | No (workaround: freeze after mint) | Native support |
| Permanent delegate | No | Yes — authority can transfer/burn from any holder |
| Interest-bearing display | No | Yes (cosmetic balance adjustment) |
| Transfer hooks | No | Yes — call custom program on every transfer |
| Default account state | Frozen by default possible | Yes |
| CPI guard | No | Yes — prevents certain cross-program invocations |
| Required memo | No | Yes — transactions must include memo |
| Immutable owner | No | Yes — ATA owner cannot be reassigned |
| Reallocate | No | Yes — resize token accounts for new extensions |
| Group/member tokens | No | Yes — on-chain collection grouping |
| Closing mint accounts | Not safely possible | Yes — reclaim rent from unused mints |
The Key Extensions Explained
1. Confidential Transfers
This is the most technically ambitious extension. Confidential transfers use zero-knowledge proofs to hide transfer amounts while keeping the transaction itself visible on-chain.
How it works: When confidential transfers are enabled, token accounts hold two balances — a public (plaintext) balance and a confidential (encrypted) balance. Users can move funds between the two. Confidential transfers operate on encrypted balances, using ZK proofs to verify that the sender has sufficient funds and the amounts balance out, without revealing the actual numbers.
Validators can confirm the transaction is valid (no double-spending, no negative balances) without knowing the amounts. The sender and receiver can decrypt their own balances using their private keys.
Use cases:
- Payroll: Companies pay employees on-chain without revealing salaries to the public
- Business transactions: B2B payments where amounts are commercially sensitive
- Privacy-conscious users: People who want on-chain settlement without public balance exposure
- Compliance-friendly privacy: Unlike mixer protocols, confidential transfers keep sender/receiver visible — only amounts are hidden
What traders should know: Tokens with confidential transfers enabled work normally on DEXes. The confidential aspect is opt-in per transfer. You can hold and trade these tokens with visible balances and only use confidential mode when needed. Phantom and Solflare both support viewing confidential balances for accounts they control.
2. Transfer Fees
Transfer fees let token creators take a cut of every transfer, automatically, at the protocol level. The fee is defined as a percentage (in basis points) with a maximum cap.
How it works: When a transfer occurs, the specified fee is withheld from the recipient's account in a special "withheld" field. The fee authority can harvest these withheld fees periodically. For example, a token with a 100 basis point (1%) transfer fee and a 1000-token max: transferring 500 tokens delivers 495 to the recipient and withholds 5 as fees.
Use cases:
- Stablecoins: Issuers can build fee structures directly into the token (no separate fee contract)
- Loyalty tokens: Businesses implementing token-based rewards with built-in transaction fees
- Revenue-sharing tokens: Automatic fee collection that can be redistributed to holders
- Regulated tokens: Compliance fees enforced at the protocol level
What traders should know: This is the extension most likely to affect your trading. If you're buying a Token-2022 token with transfer fees, every swap, every transfer, every DEX trade will incur that fee. Check for this before trading. Jupiter displays transfer fee warnings for Token-2022 tokens. You can verify any token's extensions on Solana Explorer by looking at the token's mint account.
3. Permanent Delegate
A permanent delegate is an authority that can transfer or burn tokens from any holder's account at any time, without the holder's approval.
How it works: The mint creator designates a permanent delegate address. This address can execute transfer or burn instructions on any token account holding that mint, bypassing the normal owner-must-sign requirement.
Use cases:
- Regulated securities: Issuers can recall tokens for compliance (e.g., sanctioned addresses)
- Subscription tokens: Auto-revoke access when subscriptions expire
- Recoverable tokens: Issuer can help users recover tokens sent to wrong addresses
- Escrow-less systems: Authority can move tokens between parties without escrow contracts
What traders should know: A permanent delegate means the issuer can take your tokens at any time. For regulated assets (tokenized securities, compliance tokens), this is expected and necessary. For random tokens on a DEX, a permanent delegate is a major red flag — it's essentially a built-in rug mechanism. Always check for this extension before buying.
4. Non-Transferable Tokens (Soulbound)
Non-transferable tokens cannot be moved between wallets once minted. They're bound to the wallet that received them.
How it works: The extension simply prevents all transfer instructions. Tokens can be minted to a wallet and burned, but never transferred. This is the on-chain equivalent of soulbound tokens.
Use cases:
- Credentials and certifications: Proof of completion, membership, or achievement
- Governance identity: One-person-one-vote systems where the token proves identity
- Reputation tokens: On-chain reputation that can't be bought or sold
- Compliance attestations: KYC/AML verification tokens that stay with the verified wallet
5. Interest-Bearing Tokens
This extension adds a configurable interest rate that adjusts the displayed balance over time, without actually minting new tokens.
How it works: The mint stores an interest rate and a timestamp. When a wallet or app queries the "UI amount" (the human-readable balance), the token program calculates accrued interest based on the rate and elapsed time. The raw on-chain amount doesn't change — it's a display-layer adjustment.
Important caveat: This extension does NOT automatically mint interest. It only adjusts how the balance is displayed. To actually accrue interest (create real tokens), the issuer must run a separate process to mint tokens to holders periodically. The extension ensures the displayed balance matches what users expect while the actual minting happens on a schedule.
Use cases:
- Yield-bearing stablecoins: Display accrued yield in real-time even if distributions are periodic
- Bond tokens: Show accruing face value
- Savings products: Display projected returns
These extensions allow on-chain metadata to be stored directly in the mint account or point to an external metadata account — without depending on Metaplex or any third-party metadata standard.
How it works: The metadata extension stores name, symbol, URI, and additional key-value pairs directly in the mint account. The metadata pointer extension allows the mint to reference a separate account for metadata. Both are readable by any client that understands the Token-2022 metadata format.
Why it matters: Previously, all Solana token metadata lived in Metaplex metadata accounts. Token-2022 metadata is simpler, cheaper (no separate account rent for basic metadata), and doesn't depend on an external program. Many new token launches use Token-2022 metadata instead of or alongside Metaplex.
7. Transfer Hooks
Transfer hooks let token creators attach custom program logic that executes on every transfer. The hook program is called automatically by the Token-2022 program whenever tokens move.
How it works: The mint specifies a transfer hook program ID. On every transfer, Token-2022 invokes this program with the transfer details. The hook can implement any logic: allowlist/blocklist enforcement, additional fee collection, audit logging, compliance checks, or custom business rules.
Use cases:
- Compliance: Check transfers against a sanctions list
- Royalties: Enforce creator royalties on secondary transfers (works for any token, not just NFTs)
- Dynamic fees: Implement complex fee structures that change based on conditions
- Audit trails: Log every transfer to a separate program for record-keeping
What traders should know: Transfer hooks add computational cost to every transfer, which means higher transaction fees. They can also reject transfers, so a token with a transfer hook could prevent you from selling under certain conditions. This is another extension to check for before trading.
8. Default Account State
This extension sets whether new token accounts are created in an initialized or frozen state.
How it works: When set to "frozen," every new token account starts frozen and must be explicitly thawed by the freeze authority before the holder can transact. This enables allowlist-based token systems where only approved addresses can hold and transfer tokens.
Use cases:
- Regulated securities: Only KYC-verified addresses can be thawed to trade
- Controlled distributions: Prevent trading until a specific date
- Allowlist-based access: Gated token communities