Lineagei
Frameworki
What's Anchor?
Batteries-included Rust framework. Ships account-validation codegen, 8-byte instruction discriminators, and an on-chain IDL — the program describes itself.
Bigger binary and higher rent in exchange for safety rails, introspection, and dev speed. The choice of a team optimizing for correctness over on-chain footprint.
Originally Coral (Armani Ferrante); now community-maintained.
What it is
The de facto standard. Rust macros (#[program], #[derive(Accounts)]) eliminate boilerplate: it auto-generates 8-byte account and instruction discriminators — SHA256("account:<Name>")[..8] and SHA256("global:<ix>")[..8] — handles Borsh (de)serialization, enforces account constraints declaratively (mut, has_one, seeds, init), and emits a JSON IDL that client libraries consume directly. The cost: Borsh copies data on every deserialize (not zero-copy), and the macro machinery adds binary bloat and compute overhead — irrelevant for ~99% of programs.
When to pick it
Building a new protocol, moving fast, or wanting maximum ecosystem compatibility. It's the beginner default and stays the right call for most production programs.
How it looks on-chain
The most recognizable framework. Every account it owns begins with an 8-byte discriminator, and the IDL is often published on-chain at a PDA derived from the program id. Both are strong, reliable fingerprints — this is the only framework we can label with confidence.
Others in the wild: Steel (Ore team — near-native performance on solana-program), Seahorse (Python → Anchor), and Poseidon & Quasar (TypeScript → Rust). Transpilers inherit their lowering target's fingerprint: a Quasar or Poseidon program that compiles down to Anchor will look like Anchor on-chain — discriminators and all.
Anchor docsFootprinti
Recovered architecturei
Reachi
Controli
What's upgrade authority?
The upgrade authority is the account allowed to replace a program's code after it's deployed.
If it's set (mutable), that key can push new bytecode at any time — including malicious code, the classic "rug" vector. If it's null (immutable / frozen), the code can never change; what 's on-chain is final. A Squads multisig sits in between — upgrades are possible but need M-of-N signers, not one hot wallet. So mutable + single hot-wallet = highest risk; immutable or multisig = stronger guarantees.
What's a verified build?
A verified build proves the program running on-chain was compiled from the public source you can read — nothing hidden.
Someone re-compiles the source in a deterministic (Docker) environment and checks the resulting bytecode is byte-for-byte identical to what's deployed; tools like solana-verify do this and record it with a verification service. "Not verified" isn't a red flag by itself — most programs simply never submit one. It just means you're trusting the deployed bytecode as-is, with no source cross-check.
Convictioni
Interface — the on-chain IDLi
6 of 9 instructions used · 3 never called in this window
Instructions 9
approve_result
- participantsignerwritable
- match_statewritable
- winnerpubkey
assign_participant_b
- match_statewritable
- new_participantsigner
deposit
- participantsignerwritable
- match_statewritable
- mint
- participant_atawritable
- escrowwritable
- config
- community_vault_authority
- community_vaultwritable
- token_program
- associated_token_program
- system_program
- rent
finalize
- match_statewritable
- mint
- escrowwritable
- winner
- winner_atawritable
- token_program
initialize_config
- initializersignerwritable
- configwritable
- system_program
- adminsVec<pubkey>
initialize_match
- creatorsignerwritable
- match_statewritable
- mint
- escrowwritable
- token_program
- associated_token_program
- system_program
- rent
- match_idbytes
- participant_apubkey
- amount_eachu64
- deadlineu64
refund
- callersigner
- match_statewritable
- config
- mint
- escrowwritable
- participant_a_atawritable
- participant_b_atawritableoptional
- token_program
update_admins
- adminsigner
- configwritable
- adminsVec<pubkey>
withdraw_fees
- adminsigner
- config
- mint
- community_vault_authority
- community_vaultwritable
- destinationwritable
- token_program
- amountu64
Accounts 2
Config
no fields
MatchState
no fields
Types 2
Configstruct
- bumpu8
- adminsVec<pubkey>
MatchStatestruct
- bumpu8
- match_idbytes
- mintpubkey
- participant_apubkey
- participant_bOption<pubkey>
- amount_eachu64
- deadlineu64
- approval_abool
- approval_bbool
- finalizedbool
- refundedbool
- deposited_abool
- deposited_bbool
- winnerOption<pubkey>
- approvals_conflictbool
Errors 29
- 6000ParticipantsMustDifferParticipants must be distinct
- 6001InvalidAmountInvalid amount
- 6002MatchIdTooLongMatch ID too long
- 6003BumpNotFoundBump not found
- 6004AlreadyClosedMatch already finalized or refunded
- 6005WrongParticipantWrong participant signer
- 6006AlreadyDepositedThis participant already deposited
- 6007EscrowWouldExceedCapEscrow would exceed cap
- 6008MintMismatchMint mismatch
- 6009InvalidWinnerInvalid winner
- 6010WinnerNotSetWinner not set
- 6011ApprovalsDoNotMatchApprovals do not match
- 6012MissingApprovalsMissing approvals
- 6013WrongWinnerAccountWrong winner account provided
- 6014InvalidWinnerTokenAccountInvalid winner token account
- 6015EscrowNotFullEscrow is not full (requires exactly 2 * amount_each)
- 6016DeadlineNotReachedDeadline not reached
- 6017OpponentAlreadyAssignedOpponent has already been assigned
- 6018OpponentNotAssignedOpponent has not been assigned yet
- 6019ParticipantBTokenAccountMissingParticipant B token account missing
- 6020InvalidParticipantBTokenAccountInvalid participant B token account provided
- 6021EscrowBalanceMismatchEscrow balance does not match expected deposits
- 6022ArithmeticOverflowArithmetic overflow
- 6023UnauthorizedAdminUnauthorized admin signer
- 6024TooManyAdminsToo many admins provided
- 6025NoAdminsProvidedAt least one admin must be provided
- 6026InsufficientVaultBalanceInsufficient vault balance
- 6027InvalidDestinationTokenAccountInvalid destination token account
- 6028UnauthorizedCancelOnly the match creator or an admin can cancel early
What's an IDL?
An IDL — Interface Description Language — is a JSON spec that describes how to talk to a program: its instructions, the accounts each one needs, argument and account types, events, and errors.
Anchor auto-generates it at build time. A program can publish it on-chain at a PDA derived from its id, so any client or explorer can decode the program's transactions without its source code.
Why it's often missing
Publishing is opt-in — a courtesy, not a requirement. Many programs never do, and non-Anchor frameworks (Pinocchio, native, Steel) don't produce one at all; their interface lives in an off-chain Shank/Codama artifact, or nowhere public. Absence means you can't auto-decode it — not that anything is wrong.
6 of 9 instructions used · 3 never called in this window · +3 more
Tractioni
The recordi
| Event | When | Detail | Receipt |
|---|---|---|---|
| DEPLOY | 3d ago | slot 431,917,102 | poll…7102 |