Unidentified program
This program's bytecode is byte-identical to other deploys on record — the same program under a fresh id. It was closed within 17m. The signature of a throwaway bot: deploy a disposable id, run it hot sniping Pump.fun launches, then close it to reclaim the rent — and repeat.
What's a throwaway bot?
A disposable on-chain program a trader deploys to run one strategy — almost always sniping new Pump.fun token launches — then closes minutes later to reclaim its rent, redeploying under a fresh id for the next run.
Why a program at all?
Sniping means "buy the instant the pool exists, atomically, or abort" — you can't do that reliably from a wallet. A tiny custom program bundles the whole attempt (and often multi-venue routing) into a single instruction that either lands complete or reverts.
Why thousands of failed transactions?
That's the race. The bot fires on every launch; most attempts lose the block or the token rugs, so they revert. The failures are the strategy — spray for the few that land.
Why redeploy and close?
The ~0.2 SOL of rent is refundable on close, and a fresh program id sidesteps any blocklist or reputation built against a known address. Cheaper and stealthier to burn identities than to keep one — so one operator can wear dozens of "new program" identities in a day.
How On Record catches it
Exact-bytecode dedup (same sha256 = same bot) collapses the redeploys into one cluster; lifecycle tracking sees the deploy → close; the failed-tx count confirms the intent. No explorer distinguishes "new protocol" from "same bot, 30th identity today" — that's a novelty-definition problem, which is exactly what this radar solves.
Lineagei
Frameworki
What's Pinocchio?
Zero-dependency, no-std entrypoint. No codegen, no IDL — the developer hand-writes account parsing against the raw C ABI (sol_invoke_signed_c).
Tiny binary and low compute-unit cost, at the price of manual safety and no self-description. The choice for a hot path — routing, MEV, high-frequency — where every CU and lamport of rent is optimized.
Built by Anza (the Agave client team).
What it is
A drop-in replacement for the solana-program crate — not an Anchor-style framework. Its core innovation is zero-copy AccountInfo: instead of deserializing account data into an owned struct, it returns a pointer directly into the input buffer, eliminating a major class of memory copies and cutting CU usage on hot instructions. It has zero external dependencies and is no_std. It's completely unopinionated — no IDL, no account-validation helpers, no standard layout — so you bring Shank + Codama to generate IDLs and clients yourself. Still unaudited and not at full feature parity with solana-program.
When to pick it
Programs that process enormous volume where CU cost is the bottleneck — token programs, AMM hot paths, Ore-style mining. Not beginner-friendly.
How it looks on-chain
No enforced discriminator or account layout, and no on-chain IDL — so it can't be positively identified from account data. The tiny, dependency-free binary is the main tell, which is why we label it 'inferred'.
Others in the wild: Steel (Ore team — near-native performance on solana-program), Seahorse (Python → Anchor), and Poseidon & Quasar (TypeScript → Rust). Transpilers inherit their lowering target's fingerprint: a Quasar or Poseidon program that compiles down to Anchor will look like Anchor on-chain — discriminators and all.
Pinocchio docsFootprinti
Recovered architecturei
Reachi
Controli
What's upgrade authority?
The upgrade authority is the account allowed to replace a program's code after it's deployed.
If it's set (mutable), that key can push new bytecode at any time — including malicious code, the classic "rug" vector. If it's null (immutable / frozen), the code can never change; what 's on-chain is final. A Squads multisig sits in between — upgrades are possible but need M-of-N signers, not one hot wallet. So mutable + single hot-wallet = highest risk; immutable or multisig = stronger guarantees.
What's a verified build?
A verified build proves the program running on-chain was compiled from the public source you can read — nothing hidden.
Someone re-compiles the source in a deterministic (Docker) environment and checks the resulting bytecode is byte-for-byte identical to what's deployed; tools like solana-verify do this and record it with a verification service. "Not verified" isn't a red flag by itself — most programs simply never submit one. It just means you're trusting the deployed bytecode as-is, with no source cross-check.
Convictioni
No IDL publishedi
This program hasn't published an IDL — the interface spec that would let its instructions be auto-decoded here.
That's normal, not a red flag. Publishing an IDL on-chain is opt-in — closer to a courtesy than a requirement. Anchor can write one to a PDA derived from the program id, but plenty of teams never do. And non-Anchor programs — like this Pinocchio one — have no built-in IDL at all; their interface lives in an off-chain Shank/Codama artifact, or nowhere public.
What's an IDL?
An IDL — Interface Description Language — is a JSON spec that describes how to talk to a program: its instructions, the accounts each one needs, argument and account types, events, and errors.
Anchor auto-generates it at build time. A program can publish it on-chain at a PDA derived from its id, so any client or explorer can decode the program's transactions without its source code.
Why it's often missing
Publishing is opt-in — a courtesy, not a requirement. Many programs never do, and non-Anchor frameworks (Pinocchio, native, Steel) don't produce one at all; their interface lives in an off-chain Shank/Codama artifact, or nowhere public. Absence means you can't auto-decode it — not that anything is wrong.
Tractioni
Code familyi
The recordi
| Event | When | Detail | Receipt |
|---|---|---|---|
| SIBLING DEPLOY | 18m ago | A5Hq…K1Hj | same code, fresh id |
| SIBLING DEPLOY | 28m ago | HA1M…Q4bM closed | same code, fresh id |
| SIBLING DEPLOY | 35m ago | CfPh…RMjM closed | same code, fresh id |
| SIBLING DEPLOY | 45m ago | CH6q…B3CJ closed | same code, fresh id |
| SIBLING DEPLOY | 55m ago | FCng…UpBR closed | same code, fresh id |
| SIBLING DEPLOY | 1h ago | 2QaZ…3rNe closed | same code, fresh id |
| SIBLING DEPLOY | 1h ago | A11A…Q2dd closed | same code, fresh id |
| SIBLING DEPLOY | 2h ago | D164…aH4W closed | same code, fresh id |
| SIBLING DEPLOY | 2h ago | A8Hj…uexK closed | same code, fresh id |
| SIBLING DEPLOY | 2h ago | DZ4g…hcT4 closed | same code, fresh id |
| SIBLING DEPLOY | 2h ago | 5Zwo…LMxE closed | same code, fresh id |
| SIBLING DEPLOY | 2h ago | 3g7u…BXCa closed | same code, fresh id |
| SIBLING DEPLOY | 3h ago | EFTV…NNyB closed | same code, fresh id |
| SIBLING DEPLOY | 3h ago | 79yA…9UQc closed | same code, fresh id |
| SIBLING DEPLOY | 3h ago | C51G…oYj5 closed | same code, fresh id |
| SIBLING DEPLOY | 3h ago | 5Q1a…J8Ut closed | same code, fresh id |
| SIBLING DEPLOY | 3h ago | 6Ybi…2LMp closed | same code, fresh id |
| SIBLING DEPLOY | 4h ago | CmzC…Unq9 closed | same code, fresh id |
| SIBLING DEPLOY | 4h ago | GEun…VH42 closed | same code, fresh id |
| SIBLING DEPLOY | 4h ago | 69Zp…8hdp closed | same code, fresh id |
| DEPLOY | 1d ago | slot 432,497,638 | poll…7638 |