# Cross-Chain Token Setup: BurnMint with SPL Token Multisig Tutorial Source: https://docs.chain.link/ccip/tutorials/svm/cross-chain-tokens/spl-token-multisig-tutorial Last Updated: 2026-06-15 > For the complete documentation index, see [llms.txt](/llms.txt). This educational tutorial demonstrates how to create and configure cross-chain tokens using Chainlink's Cross-Chain Interoperability Protocol (CCIP) between Solana Devnet and Ethereum Sepolia using **SPL token multisig concepts**. You will learn to implement the **SPL token multisig** approach within **Path A** from the [CCIP Cross-Chain Token Integration Guide](/ccip/concepts/cross-chain-token/svm/integration-guide#path-a-full-self-service-mint-authority-controlled). **Path A Mint Authority Options:** - **Direct Transfer**: Transfer mint authority directly to Pool Signer PDA - suitable for development and testing ([see tutorial](/ccip/tutorials/svm/cross-chain-tokens/direct-mint-authority)) - **Multisig Setup** (this tutorial): Learn SPL token multisig concepts with Pool Signer PDA as a member - foundation for production systems - **Production Multisig**: Enterprise-grade dual-layer governance with Squads + SPL multisig ([see tutorial](/ccip/tutorials/svm/cross-chain-tokens/production-multisig-tutorial)) This tutorial focuses on demonstrating multisig architecture concepts, helping you understand governance controls while maintaining autonomous cross-chain token transfers through BurnMint token pools. > **NOTE: Educational Multisig Tutorial** > > **Important**: This tutorial demonstrates **SPL token multisig concepts** for learning purposes, using simplified > configurations (1-of-2 with single admin wallet). While the multisig architecture shown provides a foundation for > production systems, **real production deployments require additional considerations**: proper governance multisig > (like Squads), higher signature thresholds, and comprehensive security audits. For development and testing > environments, consider the simpler [Direct Mint Authority Transfer > tutorial](/ccip/tutorials/svm/cross-chain-tokens/direct-mint-authority). > **CAUTION: SPL Token Multisig Limitations** > > **Critical Understanding**: The SPL token multisig demonstrated in this tutorial can **ONLY execute SPL token > instructions** (mint, burn, transfer, etc.). It **cannot execute arbitrary transactions** or general governance > operations like transferring CCIP admin roles or pool ownership. For comprehensive production governance, you would > typically implement a separate governance multisig (such as Squads) that controls broader aspects including CCIP > administration, while potentially being one of the signers in the SPL token multisig shown here. ## What You Will Build This tutorial implements the **SPL token multisig** variant of **Path A** from the [CCIP Cross-Chain Token Integration Guide](/ccip/concepts/cross-chain-token/svm/integration-guide). This approach is designed for **learning multisig concepts** and provides a foundation for production systems. ### Cross-Chain Token Architecture This tutorial implements the **[Burn and Mint](/ccip/concepts/cross-chain-token/overview#burn-and-mint)** token handling mechanism between Solana Devnet and Ethereum Sepolia with **SPL token multisig governance**. You'll deploy **two BurnMint pools** (one on each chain) that work together to maintain consistent token supply across chains while learning multisig architecture concepts. **How Burn and Mint Works:** 1. **Source Chain**: Burns tokens from sender's account 2. **CCIP Protocol**: Transmits message cross-chain 3. **Destination Chain**: Mints equivalent tokens to the receiver ### Component Overview | Component | Implementation | Authority Model | | -------------------- | ----------------------------------- | -------------------------------------------------- | | **Ethereum Sepolia** | ERC20 token with CCIP BurnMint pool | Multiple minters: EOA + Pool | | **Solana Devnet** | SPL token with CCIP BurnMint pool | SPL Token Multisig: Pool Signer PDA + Admin wallet | ### SPL Token Multisig Architecture **Key Approach**: You will create an SPL token multisig that includes the Pool Signer PDA as a required member, enabling both autonomous CCIP operations and governance-controlled minting. **Educational Focus**: This tutorial demonstrates multisig architecture concepts using a simplified 1-of-2 configuration for learning purposes. ## Prerequisites This tutorial uses a **two-terminal workflow** across two repositories. Install the system tools below, clone both repos, then complete environment setup before starting Phase 1. ### System Requirements - **Node.js v22 or higher**: Verify with `node -v` ([nvm](https://www.npmjs.com/package/nvm) recommended) - **pnpm**: Required for the BS58 generator (`npm install -g pnpm`) - **Solana CLI**: [Installation guide](https://docs.solana.com/cli/install-solana-cli-tools) (includes `spl-token`) - **Git**: For cloning repositories - **CCIP CLI**: For cross-chain transfer testing in the final phase Install the [CCIP CLI](https://github.com/smartcontractkit/ccip-tools-ts) globally: ```bash npm install -g @chainlink/ccip-cli ccip-cli --help ``` See the [CCIP CLI documentation](https://docs.chain.link/ccip/tools/cli/) for RPC and wallet configuration. ### Tutorial Workflow | Terminal | Repository | Purpose | Commands | | -------------- | --------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | --------------- | | **Terminal 1** | [CCIP Solana BS58 Generator](https://github.com/smartcontractkit/ccip-solana-bs58-generator) | Solana setup and configuration | `pnpm bs58` | | **Terminal 2** | [Smart Contract Examples (Hardhat)](https://github.com/smartcontractkit/smart-contract-examples/tree/main/ccip/cct/hardhat) | EVM deploy and configuration | `npx hardhat` | | **Either** | Global `@chainlink/ccip-cli` | Cross-chain transfer testing (final) | `ccip-cli send` | ### Terminal 1: CCIP Solana BS58 Generator **Clone and install** (skip `git clone` if you already have the repo): ```bash git clone https://github.com/smartcontractkit/ccip-solana-bs58-generator.git cd ccip-solana-bs58-generator pnpm install ``` **Configure Solana CLI for devnet:** First, check whether your environment is already set up: ```bash solana config get solana address solana balance ``` If the RPC URL is already `https://api.devnet.solana.com`, your keypair path is correct, and you have sufficient SOL, skip to [Terminal 2 setup](#terminal-2-smart-contract-examples-hardhat) below. Otherwise, run only the steps you need: ```bash # Set devnet (skip if config get already shows devnet) solana config set --url https://api.devnet.solana.com # Point to your keypair (skip if config get already shows the path you want) solana config set --keypair ~/.config/solana/id.json # Create a keypair only if the file does not exist yet solana-keygen new --outfile ~/.config/solana/id.json # Fund your wallet if balance is low solana airdrop 2 solana balance ``` > **NOTE: Direct Execution** > > Append `--execute` to **mutating** `pnpm bs58` commands in Terminal 1 so your local wallet signs and sends > transactions. **Read-only** commands (`get-state`, `get-chain-config`, `derive-accounts`) omit `--execute`. See the > [CCIP Solana BS58 Generator > README](https://github.com/smartcontractkit/ccip-solana-bs58-generator/blob/main/README.md) for command syntax. ### Terminal 2: Smart Contract Examples (Hardhat) **Clone, install, and compile** (skip `git clone` if you already have the repo): ```bash git clone https://github.com/smartcontractkit/smart-contract-examples.git cd smart-contract-examples/ccip/cct/hardhat npm install npm run compile ``` **Set up encrypted environment variables:** ```bash # Required at the start of each session npx env-enc set-pw # Verify existing variables (skip npx env-enc set if all required vars are already configured) npx env-enc view # Add or update variables only if missing npx env-enc set ``` **Required variables for Ethereum Sepolia:** - `ETHEREUM_SEPOLIA_RPC_URL`: RPC endpoint from [Alchemy](https://www.alchemy.com/) or [Infura](https://www.infura.io/) - `PRIVATE_KEY`: Your testnet wallet private key ([MetaMask export guide](https://support.metamask.io/managing-my-wallet/secret-recovery-phrase-and-private-keys/how-to-export-an-accounts-private-key/)) - `ETHERSCAN_API_KEY`: API key from [Etherscan](https://docs.etherscan.io/getting-started/viewing-api-usage-statistics) **Fund your EVM wallet:** - Acquire **ETH** on Ethereum Sepolia for transaction gas and CCIP fees ([Chainlink faucet](https://faucets.chain.link/) or [Google Cloud Faucet](https://cloud.google.com/application/web3/faucet/ethereum/sepolia)) - **LINK** is optional — use `--fee-token LINK` on EVM → Solana sends if you prefer paying CCIP fees in LINK ### Cross-Chain Transfers (CCIP CLI) The final tutorial phase uses globally installed `ccip-cli` (not the BS58 generator): - **Solana → EVM**: Run from Terminal 1 with `--wallet ~/.config/solana/id.json` - **EVM → Solana**: Run from Terminal 2 (Hardhat directory). Prefer `--wallet hardhat:` ([Hardhat keystore](https://hardhat.org/docs/plugins/hardhat-keystore)) so the signing key stays encrypted. Hardhat tasks load env-enc automatically; `ccip-cli` does not. As an alternative, view the same key with `npx env-enc view` and export `PRIVATE_KEY` manually for the send command. **RPC endpoints** (required for source and destination chains). You can provide them any of these ways — see [CCIP CLI configuration](https://docs.chain.link/ccip/tools/cli/configuration): - **Command line:** pass `--rpc` on each command (repeat for multiple networks), or `--rpcs` with comma-separated URLs - **Environment variables:** export `RPC_*` variables (e.g., `RPC_SEPOLIA`, `RPC_SOLANA_DEVNET`) or the tutorial's `SOLANA_DEVNET_RPC` and `ETHEREUM_SEPOLIA_RPC_URL` exports - **File:** create a `.env` file in the directory where you run `ccip-cli` (default `--rpcs-file`, one URL per line) See the tutorial's **Configure CCIP CLI** section for the recommended `--rpc` examples. ### Environment Variables Variables use prefixes to prevent confusion across repositories and tools: | Prefix | Usage | Examples | | ------------ | ----------------------- | ------------------------------------------------------------------------- | | `ETH_*` | Ethereum addresses | `ETH_TOKEN_ADDRESS`, `ETH_POOL_ADDRESS` | | `SOL_*` | Solana addresses | `SOL_TOKEN_MINT`, `SOL_POOL_ADDRESS`, `SOL_WALLET_ADDRESS` | | `SOL_CCIP_*` | Solana CCIP program IDs | `SOL_CCIP_POOL_PROGRAM`, `SOL_CCIP_ROUTER`, `SOL_CCIP_FEE_QUOTER_PROGRAM` | > **NOTE: Two-Terminal Workflow** > > Keep both terminal windows open throughout the tutorial. Switch between the CCIP Solana BS58 Generator (Terminal 1) > and the Hardhat project (Terminal 2) as each phase indicates. Cross-chain transfer commands use `ccip-cli` from the > terminal that matches the source chain. ## Tutorial Approach This tutorial provides step-by-step instructions with detailed explanations of what each command does and why. You'll work primarily in Terminal 1 (CCIP Solana BS58 Generator) with occasional switches to Terminal 2 (EVM). **Environment Variable Management**: This tutorial uses phase-based variable files (e.g., `~/.phase1_vars`, `~/.ccip_complete_vars`) to eliminate manual variable re-entry when switching between terminals. Each phase saves its variables to files that subsequent phases can load automatically. For detailed implementation code explanations, refer to: - **[CCIP Solana BS58 Generator README](https://github.com/smartcontractkit/ccip-solana-bs58-generator/blob/main/README.md)**: Solana CLI command details, `--execute` EOA workflow, and options - **[Smart Contract Examples README](https://github.com/smartcontractkit/smart-contract-examples/blob/main/ccip/cct/hardhat/README.md)**: EVM implementation guide **EOA execution**: In Terminal 1, append `--execute` to each `pnpm bs58` command so your local Solana wallet signs and sends transactions directly. Set `--authority` to your wallet address (`$SOL_ADMIN_WALLET`). Read-only commands (`get-state`, `get-chain-config`, `derive-accounts`) do not use `--execute`. ## Phase 1: Ethereum Sepolia Token Setup In this step, you will use Hardhat tasks to deploy an ERC20 token contract and a corresponding burn and mint token pool on Ethereum Sepolia. The tasks interact with the `BurnMintERC20` contract for token deployment and the `BurnMintTokenPool` contract for pool creation. **Current Terminal: Terminal 2** (Smart Contract Examples - Hardhat) Verify your location: ```bash pwd # Should show: .../smart-contract-examples/ccip/cct/hardhat ``` ### Step 1: Deploy ERC20 Token Using the `deployToken` task, deploy a burnable and mintable ERC20 token on Ethereum Sepolia: Export your token address for later use: ### Step 2: Deploy Token Pool In this step, you will use the `deployTokenPool` task to deploy a CCIP BurnMint token pool for the token on Ethereum Sepolia. This task interacts with the `BurnMintTokenPool` contract and grants the necessary mint and burn privileges to the pool. Export your pool address for later use: ### Step 3: Mint Tokens In this step, you will use the `mintTokens` task to mint tokens on Ethereum Sepolia for your Externally Owned Account (EOA). Since you assigned mint and burn privileges to your EOA when deploying the tokens, you can now mint tokens for testing purposes. This ensures that you have enough tokens in your EOA to perform cross-chain transfers later. ### Step 4: Claim Admin In this step, you will use the `claimAdmin` task to register your EOA as the administrator for the deployed token on Ethereum Sepolia. This process involves calling the `RegistryModuleOwnerCustom` contract, which will fetch the CCIP admin of the token and set it up as the admin in the registry. ### Step 5: Accept Admin Role In this step, you will use the `acceptAdminRole` task to accept the admin role for the deployed token on Ethereum Sepolia. Once you have claimed the role, accepting the role finalizes your control over the token administration. Save the Phase 1 variables for cross-terminal access: ## Phase 2: Solana Devnet Token Setup In this phase, you will create an SPL token, initialize the CCIP token pool, and complete CCIP registration **before\*\*** setting up the SPL token multisig. This sequence is critical because the self-service registration requires you to hold the mint authority. **Switch to Terminal 1** (CCIP Solana BS58 Generator) Verify your location: ```bash pwd # Should show: .../ccip-solana-bs58-generator ``` Load the Ethereum addresses from Phase 1 and set CCIP constants: ### Step 1: Create SPL Token Create an SPL token with Metaplex metadata and initial supply using direct EOA execution: Set the token mint variable: ### Step 2: Initialize CCIP Token Pool Initialize a CCIP token pool for your SPL token. This creates the on-chain state for cross-chain operations and establishes the Pool Signer PDA that will become a multisig member. ### Step 3: Verify Pool Creation Derive pool accounts using the read-only `derive-accounts` command: Copy the **Pool Signer PDA** and **Pool State PDA** from the output, then export them: ### Step 4: Create Pool Token Account Create an Associated Token Account (ATA) for the Pool Signer PDA. This ATA is required for the pool to hold and manage tokens during cross-chain transfer operations. ### Step 5: Claim Admin Register yourself as the CCIP administrator for the Solana token. This must be completed while you still hold the mint authority. ### Step 6: Accept Admin Role Accept the proposed administrator role to establish CCIP admin control: ### Step 7: Create SPL Token Multisig Now that CCIP registration is complete, create the SPL token multisig that will serve as the mint authority: **Set the multisig address environment variable:** ### Step 8: Transfer Mint Authority to Multisig Now transfer the mint authority from your wallet to the multisig: ### Step 9: Verify Multisig Configuration Verify that the multisig has been properly configured and the mint authority has been transferred: Save the Phase 2 variables for cross-terminal access: ## Phase 3: Cross-Chain Configuration In this step, you will configure bidirectional connectivity between the token pools on both chains. Each chain uses different tools: **Solana** uses [CCIP Solana BS58 Generator](https://github.com/smartcontractkit/ccip-solana-bs58-generator) commands to configure its pool to recognize Ethereum tokens and pools, while **Ethereum** uses Hardhat tasks to configure its pool to recognize Solana tokens and pools. ### Step 1: Configure Solana -> Ethereum #### Initialize Chain Remote Configuration In this step, you will initialize the configuration for Ethereum Sepolia as a remote chain. This creates the basic chain configuration with token information but without pool addresses (those will be added in the next step). #### Add Ethereum Pool Address In this step, you will update the previously created chain configuration with the Ethereum pool address. #### Verify Configuration In this step, you will verify that the Solana pool configuration for Ethereum Sepolia has been set up correctly. ### Step 2: Configure Ethereum → Solana **Switch to Terminal 2 (Smart Contract Examples)** ```bash pwd # Should show: .../smart-contract-examples/ccip/cct/hardhat ``` Load all variables from previous phases: #### Configure Remote Chain In this step, you will use the `applyChainUpdates` Hardhat task to configure the Ethereum pool to recognize the Solana token and pool. This tells the Ethereum pool which Solana pool (via its Pool Config PDA) and token it should interact with for cross-chain transfers. #### Verify Remote Chain Configuration Verify that the Ethereum pool is correctly configured to recognize the Solana chain: ## Phase 4: Pool Registration In this step, you will register the token pools with their respective tokens on both chains. This is the final configuration step that enables cross-chain operations by linking tokens to their pools in the CCIP registry. Pool registration works differently on each platform: - **Ethereum**: Links the token directly to its pool contract address - **Solana**: Links the token to an Address Lookup Table containing all necessary pool accounts ### Step 1: Ethereum Sepolia Pool Registration **Stay in Terminal 2 (Smart Contract Examples)** ```bash pwd # Should show: .../smart-contract-examples/ccip/cct/hardhat ``` In this step, you will use the `setPool` Hardhat task to register the BurnMint token pool with the token in Ethereum's TokenAdminRegistry contract. This function sets the pool contract address for the token, enabling it for CCIP cross-chain transfers. Only the token administrator can call this function. ### Step 2: Solana Devnet Pool Registration **Switch to Terminal 1** (CCIP Solana BS58 Generator) ```bash pwd # Should show: .../ccip-solana-bs58-generator ``` #### Create Address Lookup Table Create an Address Lookup Table (ALT) containing all required CCIP accounts plus your multisig address: **Set ALT environment variable:** #### Register Pool with Router Register your token pool with the CCIP Router using the Address Lookup Table: Save the complete configuration including the ALT address: ## Phase 5: Pre-Transfer Setup Before validating your configuration, complete final setup steps. **Stay in Terminal 1** (CCIP Solana BS58 Generator) ```bash pwd # Should show: .../ccip-solana-bs58-generator ``` ### Step 1: Delegate Token Authority Delegate token approval to the CCIP fee-billing signer PDA, which enables CCIP to transfer tokens on your behalf when sending cross-chain messages. Approve the fee-billing signer to transfer tokens from your ATA: ### Step 2: Verify Delegation Check that your token account is delegated to the fee-billing signer: Display token account and delegation status: ## Phase 6: Test Cross-Chain Transfers Validate your configuration, then execute bidirectional token transfers using the CCIP CLI. > **NOTE: Cross-Chain Transfers with CCIP CLI** > > Use [`@chainlink/ccip-cli`](https://github.com/smartcontractkit/ccip-tools-ts) for bidirectional token transfers. Run Solana → EVM sends from Terminal 1 and EVM → Solana sends from Terminal 2. See the [CCIP CLI documentation](https://docs.chain.link/ccip/tools/cli/) for full options. ### Step 1: Load Complete Configuration ### Step 2: Verify Solana Pool and Chain Config ### Step 3: Verify Ethereum Pool (Terminal 2) **Switch to Terminal 2** (Smart Contract Examples - Hardhat): ```bash npx hardhat getPoolConfig \ --pooladdress $ETH_POOL_ADDRESS \ --network ethereumSepolia ``` Confirm the Ethereum pool recognizes Solana Devnet with your `$SOL_POOL_CONFIG_PDA` and `$SOL_TOKEN_MINT`. ### Configure CCIP CLI Export these RPC URLs once before your first transfer: ```bash export SOLANA_DEVNET_RPC="https://api.devnet.solana.com" export ETHEREUM_SEPOLIA_RPC_URL="" export ETH_CCIP_ROUTER="0x0BF3dE8c5D3e8A2B34D2BEeB17ABfCeBaf363A59" ``` Use the same `ETHEREUM_SEPOLIA_RPC_URL` from your env-enc setup in Terminal 2 (`npx env-enc view`). On `ccip-cli send`, the source chain RPC quotes fees and submits the transaction; for token-only transfers in this tutorial, that is the only RPC strictly required to send. Pass both RPCs on cross-chain commands anyway: the destination RPC is required for `ccip-cli show --wait` and for optional send features such as `--estimate-gas-limit` or `send --wait`. > **NOTE: RPC and wallet configuration** > > Repeat `--rpc` for multiple networks, or use `--rpcs` with comma-separated URLs. Alternatively, set `RPC_*` environment variables or a `.env` file — see [CCIP CLI configuration](https://docs.chain.link/ccip/tools/cli/configuration). Solana sends use `--wallet ~/.config/solana/id.json`. EVM sends: prefer `--wallet hardhat:` from the Hardhat project directory ([Hardhat keystore](https://hardhat.org/docs/plugins/hardhat-keystore)); alternatively export `PRIVATE_KEY` manually after `npx env-enc view` (Hardhat tasks load env-enc automatically, but `ccip-cli` does not). See [CCIP CLI wallet configuration](https://docs.chain.link/ccip/tools/cli/configuration#wallet-configuration). ### Transfer Solana → Ethereum **Terminal 1** (CCIP Solana BS58 Generator): The `-t` flag uses human-readable amounts (0.001 tokens with 9 decimals = 1,000,000 smallest units). ### Transfer Ethereum → Solana **Switch to Terminal 2** (Smart Contract Examples - Hardhat): `ccip-cli` does not load Hardhat env-enc automatically. Run these commands from the Hardhat project directory. Prefer [Hardhat keystore](https://hardhat.org/docs/plugins/hardhat-keystore) over exporting a private key in plain text. For token-only transfers to Solana, `--to` is the destination wallet that receives minted tokens. CCIP fees are paid in native Sepolia ETH by default — ensure your wallet has sufficient ETH for gas and fees. > **NOTE: Pay fees in LINK (optional)** > > Add `--fee-token LINK` to pay CCIP fees in LINK instead of ETH (Sepolia LINK: > `0x779877A7B0D9E8603169DdbD7836e478b4624789`). **Congratulations!** Your cross-chain token infrastructure with SPL token multisig governance is fully configured on both chains. ## Optional: Verify Mint Authority Control ### Demonstrate Manual Minting Through Multisig This optional section demonstrates that transferring mint authority to the multisig doesn't mean "losing control" - you can still mint tokens manually through the **Admin Wallet** (the non-PDA signer in your multisig). This proves the multisig setup is working correctly and that you retain administrative capabilities. > **TIP: Understanding This Demonstration** > > **What This Proves**: Successfully minting tokens through the multisig confirms that: - Mint authority transfer was successful - The multisig is properly configured (1-of-2 with Pool Signer PDA + Admin Wallet) - You retain administrative control through your Admin Wallet - The Pool Signer PDA can autonomously handle CCIP operations **Key Insight**: Since you're one of the multisig signers, you can still perform administrative mints. The Pool Signer PDA handles CCIP burns/mints automatically, while you handle manual operations. > **CAUTION: Production Considerations** > > **Tutorial vs Production**: This tutorial uses your single wallet as the admin signer for simplicity. In production, replace the admin wallet with a proper governance multisig (Such as [Squads](https://squads.so/)) for enhanced security. **Scope Limitation**: This SPL token multisig only controls mint authority. For comprehensive governance (CCIP admin roles, pool ownership), implement separate governance infrastructure. To learn more, see the [Production Multisig Tutorial](/ccip/tutorials/svm/cross-chain-tokens/production-multisig-tutorial). > **CAUTION: Educational Example Disclaimer** > > This page includes an educational example to use a Chainlink system, product, or service and is provided to > demonstrate how to interact with Chainlink's systems, products, and services to integrate them into your own. This > template is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, it has not been audited, and it may be > missing key checks or error handling to make the usage of the system, product or service more clear. Do not use the > code in this example in a production environment without completing your own audits and application of best practices. > Neither Chainlink Labs, the Chainlink Foundation, nor Chainlink node operators are responsible for unintended outputs > that are generated due to errors in code.