© 2026 Della Group. All Rights Reserved.
Okay, so here's the deal. You fire up your first Solana token mint, pump in some supply, and forget to touch the authorities. Boom. Next thing you know, anyone's got the keys to print infinite tokens because you left the mint authority wide open. Happens all the time. I did it my first project - minted 1 million tokens, thought I was done, then some rando figures out the authority's still live and dumps extras. Total mess.
But look, it's an easy fix. The right way? Set your mint authority from the jump, use it to control supply, then revoke it when you're good. Makes your token fixed supply, builds trust. Why does this matter? Communities freak if they think you can inflate whenever. Sound familiar? Let's get you mastering this.
Mint authority's the big one. It's the wallet or account that says "yeah, go ahead and create more tokens." Points to any token account and adds supply. Freeze authority? That's for locking accounts so no transfers happen. Kinda nuclear, right? Most folks revoke both after launch.
Token accounts have their own bosses too. Owner runs the show - transfers, burns, delegates. Close authority just shuts it down when balance hits zero. Thing is, only the current authority can hand off or kill these powers. Set it to null? Gone forever. No take backs.
| Authority Type | What It Does | When to Revoke |
|---|---|---|
| Mint | Mints new tokens to any account | After initial supply - locks total forever |
| Freeze | Freezes/thaws accounts (no transfers) | Immediately, unless you need control |
In my experience, always revoke freeze first. Nobody wants surprise locks post launch.
Don't overthink it. Grab Anchor or straight JS. I usually go JS for quick tests. Fees? Tiny - like 0.000005 SOL per tx. Here's how you create a mint with authority set to your wallet.
const rpc = new Connection("https://api.devnet.solana.com");const mint = generateKeyPairSigner();const space = BigInt(getMintSize()); const rent = await rpc.getMinimumBalanceForRentExemption(space); Around 2.2k lamports.getCreateAccountInstruction with payer (your wallet), space, etc.getInitializeMintInstruction({mint: mint.address, decimals: 9, mintAuthority: yourWallet.address, freezeAuthority: yourWallet.address}); Decimals? 9's standard, means 1 token = 1e9 units.findAssociatedTokenPda and create it.Tx fee? Under 0.00001 SOL. Check explorer for mint address. Now you've got authority.
Got the mint? Time to print. Only mint authority signs this. Say you wanna send 100 tokens (with 9 decimals, that's 100 * 1e9 units).
getMintToInstruction({mint: mint.address, destination: ata.address, amount: 100n * 10n9n, mintAuthority: yourWallet,});What's next? Verify on Solscan. Supply jumps, balance shows. Pro tip: Mint to non ATA? It'll fail. Always create ATA first.
But here's a gotcha. Decimals trip people. Set to 6? 1 token = 1,000,000 units. Mess up amount? You mint 0.000001 instead of 1. Happened to me - laughable supply.
So you wanna give control to a multisig? Or just nuke it? Use getSetAuthorityInstruction.
{owned: mint.address, owner: currentAuth, authorityType: AuthorityType.MintTokens, newAuthority: newAuth.address}AuthorityType.FreezeAccountnewAuthority: null. Poof. Irreversible.I usually do this in one tx: change to safe wallet, then revoke from there. Current auth must sign every time.
Anchor fan? Simpler.
In your IDL:
#[account( init, payer = feepayer, mint::decimals = 9, mint::authority = yourauth, mint::freezeauthority = yourauth,
)]
pub mint: InterfaceAccount<'info, Mint>,
For set authority in CPI: setauthority(&tokenprogram, &mint.(), Some(&newauth), AuthorityType::MintTokens, ¤tauth, &[])?;
Rust's verbose but rock solid. Revoke with None. Tx still ~0.000005 SOL.
Issue 1: "Invalid authority." Fix: Check you're signing with the right wallet. Explorer shows current auth.
Wrong network? Devnet mint won't work mainnet. Always match RPC.
ATA missing? MintTo fails. Create it first - one extra instr, no biggie.
Revoked too soon? Can't mint more. If supply's low, recreate mint. Lesson learned.
Multisig? Use Coral's multisig program. Authority becomes PDA, needs sigs from members.
| Action | Approx SOL Cost |
|---|---|
| Create Mint | 0.002 (rent) + 0.000005 |
| Mint Tokens | 0.000005 |
| Set Authority | 0.000005 |
| Revoke | 0.000005 |
Day 1: Create mint, mint initial 1B supply to your ATA. Fee payer covers rent.
Distribute via airdrops or liquidity. Then, announce "revoking mint auth now."
Tx it live on stream. Community sees supply cap forever. Trust skyrockets.
Why revoke freeze too? No one wants surprise freezes. Unless it's a scam flag, but don't.
Scaling up? Use Token Extensions for interest bearing or transfer hooks. But basics first.
spl token create token for quick mint. Then spl token authorize MINT new_auth.CLI's fastest for tests. spl token mint <mint> 1000 - done. Authority auto checks.
Forgot to revoke? Community yelling? Emergency tx to null it. But if hacked.. yeah, pray.
Check explorer: Mint page shows auth fields. Null mint auth = safe. Non null? Red flag.
In my experience, always PDA for programs. Wallets get phished.
Testing? Devnet faucet every time. Burn through 10 SOL free.
Don't hand to single wallet. Coral multisig: Create 2/3 sig group. Set as mint auth.
Steps: Deploy multisig program, init with members, use its PDA as authority.
Revoke? Multisig signs the null tx. Distributed trust. Perfect for DAOs.
Token-2022? Same funcs, extra powers like confidential balances. Stick SPL for now.
Grab Phantom, switch devnet. spl token create token. Mint 1000. Authorize null. Check supply capped? You got it.
Scale to mainnet: Same, but real SOL. Start small, 0.01 covers 10 txs.
© 2026 Della Group. All Rights Reserved.