> For the complete documentation index, see [llms.txt](https://docs.j.tools/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.j.tools/guides/rug-proof-token.md).
# Make your token rug-proof
A "rug-proof" token is one where the deployer can no longer pull the rug. Supply is fixed, accounts can't be frozen, metadata can't be swapped out, and liquidity is locked or gone. Buyers check for exactly these things before they touch a coin, and so do the scanners they trust.
{% hint style="danger" %}
Most of these actions are permanent. Once you revoke an authority or burn liquidity, there is no undo and no recovery. Finish your minting, metadata edits, and pool setup **before** you lock anything down.
{% endhint %}
## Why buyers care about each one
Each authority is a power the deployer holds. Holders treat every one you keep as a risk you could still use against them.
| What you lock | The risk it removes | Why a buyer cares |
| ---------------------------- | ---------------------------------------- | ------------------------------------------------- |
| Mint authority | You can no longer print more supply | Nobody can dilute their bag overnight |
| Freeze authority | You can no longer freeze holder accounts | Their tokens can't be locked so they can't sell |
| Update authority | The name, symbol, and image are frozen | The token can't be silently rebranded into a scam |
| Liquidity (locked or burned) | You can't drain the pool | The market can't vanish out from under them |
For what each authority controls on-chain, see [Authorities explained](/concepts/authorities.md).
## The checklist
Run these in order. The first three lock the token itself; liquidity comes last because it usually follows the pool.
{% stepper %}
{% step %}
### Revoke mint authority
This permanently caps the supply at whatever is already minted. No more tokens can ever be created. Use [Revoke Mint](/tools/secure/revoke-mint.md), or open it straight in the app at [j.tools/en/tools/revoke-mint](https://j.tools/en/tools/revoke-mint).
{% endstep %}
{% step %}
### Revoke freeze authority
This removes your power to freeze any holder's account, so nobody worries about being locked out of selling. Use [Revoke Freeze](/tools/secure/revoke-freeze.md), or run it directly at [j.tools/en/tools/revoke-freeze](https://j.tools/en/tools/revoke-freeze).
{% endstep %}
{% step %}
### Lock the metadata
Revoking the update authority freezes the name, symbol, and image for good. After this, the token's identity can't be changed. Use [Revoke Update Authority](/tools/secure/revoke-update-authority.md), or open it in the app at [j.tools/en/tools/revoke-update-authority](https://j.tools/en/tools/revoke-update-authority).
{% endstep %}
{% step %}
### Lock or burn liquidity
A locked supply means little if you can still pull the pool. Lock your LP for a fixed term or burn the LP tokens outright. See [Add liquidity](/tools/liquidity/create-lp.md) and the safe-launch checklist below.
{% endstep %}
{% endstepper %}
{% hint style="info" %}
**Want to do the first three in one go?** [Make Immutable](/tools/secure/make-immutable.md) revokes mint, freeze, and update authority in a single signed transaction. It's the fastest path to a fully locked token, and most teams use it right before opening a pool. Open it directly at [j.tools/en/tools/make-immutable](https://j.tools/en/tools/make-immutable).
{% endhint %}
[**Lock down your token in the app →**](https://j.tools/en/tools)
To understand exactly what each of these powers controls before you revoke it, read [Authorities explained](/concepts/authorities.md).
## All at once, or one at a time?
{% tabs %}
{% tab title="Make Immutable (all at once)" %}
[Make Immutable](/tools/secure/make-immutable.md) bundles the three token-level revokes into one signature. Pick this when you want a fully fixed token and you've finished any last minting or metadata edits. Fewer signatures, and the cleanest signal to a scanner that the token is locked.
{% endtab %}
{% tab title="One at a time" %}
Revoke each authority on its own with [Revoke Mint](/tools/secure/revoke-mint.md), [Revoke Freeze](/tools/secure/revoke-freeze.md), and [Revoke Update Authority](/tools/secure/revoke-update-authority.md).
Pick this when you want to keep one power a little longer, like locking mint and freeze now but keeping update authority so you can still fix the logo, then revoking it once the metadata is final.
{% endtab %}
{% endtabs %}
{% hint style="danger" %}
**This cannot be undone.** Once this transaction confirms on-chain, there is no way to reverse it. Check every field before you sign.
{% endhint %}
## Liquidity is the last lock
Locking the token does little if a deployer can still withdraw the pool. That's the classic rug. Two ways to close it:
* **Burn the LP tokens.** Sending the LP tokens to a burn address removes them from circulation, so the liquidity can never be pulled. Permanent.
* **Lock the LP for a term.** A time-lock holds the LP tokens until a set date. Buyers can verify the unlock date on-chain.
Either way, the liquidity step belongs in your launch plan from the start. The Safe-launch checklist covers the full sequence, timing included.
## FAQ
Do I have to revoke everything?
No, but buyers and scanners read whatever you leave open as a risk. Revoking mint and freeze is close to expected for a community token. Update authority is a judgment call: keep it if you might still fix the metadata, lock it once you're done.
Can I undo a revoke if I change my mind?
No. Revoking an authority is permanent and there is no recovery path. Make sure your supply, metadata, and pool are exactly how you want them first.
Does J Tools hold my token or keys while I do this?
No. Every revoke is signed in your own wallet, and the token never leaves your control. J Tools is non-custodial and never asks for your private key.
## Related
{% content-ref url="/pages/GJDrT6dgbr2AtEdxUrnc" %}
[Mint, freeze and update authorities](/concepts/authorities.md)
{% endcontent-ref %}
{% content-ref url="/pages/gbx1RbByQOVKZzt0PQkP" %}
[Make Immutable](/tools/secure/make-immutable.md)
{% endcontent-ref %}
{% hint style="success" %}
**J Tools is non-custodial.** We never hold your private keys and never ask for them. Every transaction is built in your browser and signed by your own wallet. If any page ever asks you to paste a private key, stop, close it, and let us know.
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.j.tools/guides/rug-proof-token.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.