← Back to Glossary

Token-2022

Solana token standard (Token Extensions) that adds programmable features like Transfer Hooks, Confidential Transfers, and CPI guards, reintroducing control-flow and reentrancy considerations.

Token-2022 (also called Token Extensions) extends the original SPL Token program with optional extensions such as Transfer Hooks, Confidential Transfers, Interest-Bearing Tokens, and CPI guards. These features enable richer DeFi and compliance use cases but reintroduce risks that were largely absent in the original Solana account model—including context confusion via ExtraAccountMetaList, infinite recursion in hooks, and the need to audit the Auditor Key in Confidential Transfer for compliance backdoors.

Programs integrating Token-2022 must validate hook PDAs strictly, enforce least privilege on external state, respect CPI depth limits, and enable CpiGuardInstruction::Enable and ImmutableOwner where appropriate.

Articles Using This Term

Learn more about Token-2022 in these articles:

Solana Smart Contract Audit Guide 2026: Firedancer, Token-2022 & Security Checklist

Solana Smart Contract Audit Guide 2026: Firedancer, Token-2022 & Security Checklist

Complete 2026 Solana audit guide: Firedancer skip-vote risks, Token-2022 transfer hooks, localized DoS attacks. Essential security checklist.

Feb 7, 20269 min read
Solana Security Checklist: 45 Critical Checks for Anchor & Native Programs

Solana Security Checklist: 45 Critical Checks for Anchor & Native Programs

Complete Solana smart contract security checklist with 45 vulnerability categories. Prevent exploits with checks for account validation, CPI security, PDAs, Token-2022, and more. Essential guide for Solana developers and auditors.

Jan 28, 202614 min read

Related Terms

Transfer Hook

Token-2022 extension that runs custom program logic on every transfer of a mint, enabling compliance and composability but introducing reentrancy-like and context-validation risks.

Reentrancy Guard

Smart contract security pattern preventing attackers from recursively calling functions to drain funds during execution.

Hooks

External smart contracts in Uniswap v4 that execute custom logic at specific points in a pool's lifecycle.

Need expert guidance on Token-2022?

Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.

Get a Quote

oog
zealynx

Subscribe to Our Newsletter

Stay updated with our latest security insights and blog posts

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2024 Zealynx