Solana Authorities: The Pattern That Governs Everything
This is Part 1 of the Solana Authorities series. If you work with tokens, NFTs, staking, or governance on Solana, this series maps every authority field you will encounter, what each one controls, and what happens when you hand it off or burn it. The problem Every Solana intro tutorial mentions “the mint authority” once, in passing, when teaching spl-token create-token. Almost no tutorial explains: That the mint has a separate freeze authority that can disable transfers for any holder. That Token-2022 added roughly a dozen additional authority slots through extensions, several of which can move user funds without consent. That stake accounts have two authorities (stake and withdraw), and losing the withdraw authority is permanent loss of principal, not just rewards. That Metaplex metadata has its own update authority that controls how wallets and marketplaces render an NFT, independent of who holds it. That governance programs (SPL Governance, Squads, Realms) are themselves just programs that hold authorities on behalf of a DAO, and the security model collapses to whatever those programs enforce. Most rugs, freezes, and operational mistakes on Solana trace back to one of these fields being misunderstood. ...