Skip to content

CLI tool for deterministically building and verifying executable against on-chain programs or buffer accounts

Notifications You must be signed in to change notification settings

otter-sec/solana-verifiable-build

 
 

Repository files navigation

Solana Verified Builds

This repository demonstrates how to implement verified builds for Solana programs. Verified builds ensure that your deployed program matches exactly with your public source code, promoting transparency and security in the Solana ecosystem.

What are Verified Builds?

Verified builds allow developers and users to verify that a deployed Solana program matches its source code. This verification:

  • Ensures program authenticity
  • Promotes transparency
  • Builds user trust
  • Makes source code discoverable

Quick Start

  1. Install prerequisites:

    • Docker
    • Cargo
    • Solana Verify CLI (cargo install solana-verify)
  2. Build your program:

solana-verify build
  1. Deploy and verify:
# Deploy
solana program deploy -u $NETWORK_URL target/deploy/$PROGRAM_LIB_NAME.so --program-id $PROGRAM_ID

# Verify against repository -> upload your build data on chain
solana-verify verify-from-repo -u $NETWORK_URL --program-id $PROGRAM_ID https://github.com/$REPO_PATH

# Trigger a remote job
solana-verify remote submit-job --program-id $PROGRAM_ID --uploader $THE_PUBKEY_THAT_UPLOADED_YOUR_BUILD_DATA

Documentation

For detailed instructions and best practices, please refer to the official Solana documentation on verified builds.

Security Considerations

While verified builds enhance transparency, they should not be considered a complete security solution. Always:

  • Review the source code
  • Use trusted build environments
  • Consider using governance solutions for program upgrades

For responsible disclosure of bugs related to verified builds CLI, please email maintainers@ellipsislabs.xyz with a detailed description of the attack vector.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

About

CLI tool for deterministically building and verifying executable against on-chain programs or buffer accounts

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 52.5%
  • Dockerfile 38.8%
  • Python 6.3%
  • Shell 2.4%