What is Mint Authority (and Freeze Authority)
Every Solana token mint has two flags: mint authority and freeze authority. Mint authority = the ability to mint more. Freeze authority = the ability to freeze an account (a frozen account can neither send nor receive). Both are just regular fields on the mint account and anyone can read them. Both can be permanently removed by setting to null.
Think of concert tickets. The show sells out. The promoter retains control of the printer. Anybody could walk in, print ten thousand more tickets, and blow up the secondary market. The promoter also owns the freeze function that can deactivate any ticket barcode at the venue. The ticket printer is the mint authority and the barcode freeze function is the freeze authority. Which authority is OK to retain depends on who controls it.
Mint and Freeze Authority in the Wild
Real. Circles, for example, retain both. Mint authority to mint new USDC as US dollars settle in reserve accounts. Freeze authority to freeze accounts on sanctions / law enforcement requests- a feature, not a bug, for a compliance- focused regulated stablecoin. The balance on a frozen token account stays exactly the same but the owner can't move a single cent.
Not real. A community token where an anon team retained mint authority can (has) just minted a few billion additional and dumped them in a Raydium pool, effectively exiting out of every other liquidity provider in that pool. Retained freeze authority can be even more devious. The anon team has the power to freeze your account after you have purchased. This effectively makes the token a honeypot (it is perfectly sellable but you are specifically locked out). Removing those rights closes both the printer and the barcode freeze function once and for all. The removal process is a simple one-off transaction that costs a single base fee of 5,000 lamports (fractions of a cent), so "the anon team just never got around to it" is no longer a credible answer.
Mint & Freeze Authority in the Context of Ethereum
The exact same risk and abuse exist in Ethereum; they just hide better. An ERC-20 with a mint function that can only be called by an owner or a blacklist mapping in a contract has the exact same mint/freeze function as Solana authorities but the code is arbitrary and varies by contract. You have to read the code of each unique contract or trust third-party scanners to audit these. Even malicious code obfuscated through a scanner can slip by. Solana has standardised these two controls into two separate fields in a known location in every single mint. Look at any token on Solscan and both mint and freeze authority are displayed on the mint page: an address or a null. 10 seconds and you don't need to read any code.
But it's a two way trade-off. If the mint authority is revoked there is no way for the contract team to ever fix an error or raise more capital for a treasury, and having null authorities does not tell you how the team might hold 40% of the supply in three different wallets.
The Bottom Line
Mint and Freeze authority is the cheapest due diligence. Paste your mint into a Solscan lookup and read two lines. Mint authority null = no more inflation, freeze authority null = nobody can lock your account. Rug-check tools will check this for you. Pump.fun even does this for you as a default on every launch. Having mint or freeze authority set is not evidence of fraud- it might be Circle. But the fact an anon team controls the ticket printer should raise a flag.
Ethereum DeFi has trained you to ask "is this contract renounced?" then squint at the source code in hopes that the verified contract is telling the truth. Solana standardises that entire process into two fields with consistent meaning across every single token. That standardisation does not make any token safer, by itself. What it does change is who can perform this simple check: any one of us, before every purchase, in less time than the trade even confirms.
Is the mint authority reversible?
Once revoked, a mint authority can never be reinstated. The field is set to null, it cannot be set again. The irreversibility is exactly what makes the null field trust-worthy.