Solana Development

Build Solana programs using Anchor framework or native Rust. Both approaches share the same core concepts (accounts, PDAs, CPIs, tokens) but differ in syntax and abstraction level.

Quick Start

Recommended: Anchor Framework

Anchor provides macros and tooling that reduce boilerplate and increase developer productivity:

use anchor_lang::prelude::*;

declare_id!("YourProgramID");

#[program]
pub mod my_program {
    use super::*;

    pub fn initialize(ctx: Context<Initialize>, data: u64) -> Result<()> {
        ctx.accounts.account.data = data;
        Ok(())
    }
}

#[derive(Accounts)]
pub struct Initialize<'info> {
    #[account(init, payer = user, space = 8 + 8)]
    pub account: Account<'info, MyAccount>,
    #[account(mut)]
    pub user: Signer<'info>,
    pub system_program: Program<'info, System>,
}

#[account]
pub struct MyAccount {
    pub data: u64,
}

When to use Anchor:

Building DeFi, NFT, or standard programs
Need TypeScript client generation with IDL
Want faster development with less boilerplate
Following common Solana patterns
New to Solana development

Installation:

cargo install --git https://github.com/coral-xyz/anchor avm --locked --force
avm install latest
avm use latest
anchor --version

Create project:

anchor init my_project
cd my_project
anchor build
anchor test

→ See references/anchor.md for complete Anchor guide

Advanced: Native Rust

Native Rust provides maximum control, optimization potential, and deeper understanding of Solana's runtime:

use solana_program::{
    account_info::AccountInfo,
    entrypoint,
    entrypoint::ProgramResult,
    pubkey::Pubkey,
    msg,
};

entrypoint!(process_instruction);

pub fn process_instruction(
    program_id: &Pubkey,
    accounts: &[AccountInfo],
    instruction_data: &[u8],
) -> ProgramResult {
    msg!("Processing instruction");
    // Manual account parsing and validation
    // Manual instruction routing
    Ok(())
}

When to use Native Rust:

Need maximum compute efficiency (CU optimization critical)
Require advanced features (versioned transactions, durable nonces, ALTs)
Learning Solana fundamentals from first principles
Building highly optimized or specialized programs
Framework overhead is unacceptable

Setup:

cargo new my_program --lib
cd my_program
# Configure Cargo.toml (see native-rust.md)
cargo build-sbf

→ See references/native-rust.md for complete native Rust guide

Core Concepts

Essential knowledge for all Solana developers, regardless of framework:

Foundational Concepts

accounts.md - Account model, ownership, rent, validation patterns
pda.md - Program Derived Addresses: derivation, canonical bumps, signing patterns
cpi.md - Cross-Program Invocations: calling other programs safely

Program Integration

tokens-overview.md - Token account structures and ATAs
tokens-operations.md - Create, mint, transfer, burn, close operations
tokens-validation.md - Account validation patterns
tokens-2022.md - Token Extensions Program features
tokens-patterns.md - Common patterns and security
testing-overview.md - Test pyramid and strategy
testing-frameworks.md - Mollusk, Anchor test, Native Rust
testing-practices.md - Best practices and patterns
surfpool.md - Local development with Surfpool: mainnet forking, cheatcodes, IaC
deployment.md - Deploy, upgrade, verify, and manage programs
production-deployment.md - Verified builds for production (Anchor 0.32.1 workflow)

Implementation Details

serialization.md - Account data layout, Borsh, zero-copy patterns
error-handling.md - Custom error types, propagation, client-side handling
security.md - Security best practices and defensive programming patterns

Advanced Features

compute-optimization.md - CU optimization techniques and benchmarking
versioned-transactions.md - Address Lookup Tables for 256+ accounts
durable-nonces.md - Offline signing with durable transaction nonces
transaction-lifecycle.md - Submission, retry patterns, confirmations

Low-Level Details

sysvars.md - System variables (Clock, Rent, EpochSchedule, SlotHashes)
builtin-programs.md - System Program and Compute Budget Program

Resources

resources.md - Official docs, tools, learning paths, community

Common Tasks Quick Reference

Create a new program:

Anchor: anchor init my_project → anchor.md#getting-started
Native: cargo new my_program --lib → native-rust.md#setup

Initialize a PDA account:

Anchor: Use #[account(init, seeds = [...], bump)] → pda.md#anchor
Native: Manual invoke_signed with System Program → pda.md#native

Transfer SPL tokens:

Anchor: Use anchor_spl::token::transfer → tokens-operations.md#transferring-tokens
Native: CPI to Token Program → tokens-operations.md#transferring-tokens

Test your program:

Both: Mollusk for fast unit tests → testing-frameworks.md#mollusk-testing
Anchor: anchor test for integration tests → testing-frameworks.md#anchor-specific-testing

Local development with mainnet forking:

Both: surfpool start for mainnet-forked local network → surfpool.md

Test with mainnet state (Jupiter, Raydium CPIs):

Both: Use Surfpool JIT forking → surfpool.md#mainnet-forking

Profile compute units in detail:

Both: surfnet_profileTransaction cheatcode → surfpool.md#transaction-profiling

Deploy to devnet:

Anchor: anchor deploy → deployment.md#anchor
Native: solana program deploy → deployment.md#native

Deploy to production (verified builds):

Both: solana-verify build + solana program deploy → production-deployment.md

Optimize compute units:

Both: Profile with Mollusk bencher → compute-optimization.md

Handle 40+ accounts:

Both: Use Address Lookup Tables → versioned-transactions.md

Offline transaction signing:

Both: Use durable nonces → durable-nonces.md

Decision Guide

Your Need	Recommended Approach	Reason
Standard DeFi/NFT program	Anchor	Faster development, proven patterns
TypeScript client needed	Anchor	Auto-generates IDL and client types
Learning Solana fundamentals	Native Rust first	Understand the platform deeply
Compute optimization critical	Native Rust	Direct control, minimal overhead
Advanced tx features (ALTs, nonces)	Either (slight edge to Native)	Framework-agnostic features
Fast prototyping	Anchor	Less boilerplate, faster iteration
Maximum control over every detail	Native Rust	No abstraction layer
Team familiar with frameworks	Anchor	Lower learning curve
Program size matters	Native Rust	Smaller compiled programs

Note: You can also start with Anchor for rapid development, then optimize critical paths with native Rust patterns if needed.

Framework Comparison

Aspect	Anchor	Native Rust
Setup complexity	Simple (`anchor init`)	Manual (Cargo.toml, entrypoint)
Boilerplate	Minimal (macros handle it)	Significant (manual everything)
Account validation	Declarative (`#[account(...)]`)	Manual (explicit checks)
Serialization	Automatic (Borsh via macros)	Manual (Borsh or custom)
Type safety	High (compile-time checks)	High (but more verbose)
IDL generation	Automatic	Manual or tools
Client library	TypeScript + Rust auto-gen	Manual client code
Testing	`anchor test`, Mollusk	Mollusk, cargo test
Deployment	`anchor deploy`	`solana program deploy`
Compute overhead	Small (~1-3% typical)	None (direct)
Program size	Slightly larger	Smaller
Learning curve	Gentler (abstractions help)	Steeper (need SVM knowledge)
Debugging	Good (clear macro errors)	More complex (lower level)
Community	Large (most use Anchor)	Growing (optimization focus)

Typical Development Workflow

Anchor Workflow

Init: anchor init my_project
Define accounts: Use #[derive(Accounts)] with constraints
Implement instructions: Write functions in #[program] module
Define state: Use #[account] macro for account structures
Test: Write tests in tests/, run anchor test
Deploy: anchor deploy to configured network
Client: Import generated IDL and types in TypeScript/Rust

Native Rust Workflow

Setup: cargo new my_program --lib, configure Cargo.toml
Define entrypoint: Implement process_instruction function
Define state: Manual Borsh serialization structs
Implement instructions: Manual routing and account parsing
Validate accounts: Explicit ownership, signer, writable checks
Test: Write Mollusk tests, run cargo test
Build: cargo build-sbf
Deploy: solana program deploy target/deploy/program.so
Client: Build client manually or use web3.js/rs

Best Practices

General (Both Approaches)

✅ Always validate accounts: Check ownership, signers, mutability ✅ Use checked arithmetic: .checked_add(), .checked_sub(), etc. ✅ Test extensively: Unit tests, integration tests, edge cases ✅ Handle errors gracefully: Return descriptive errors ✅ Document your code: Explain account requirements and constraints ✅ Version your programs: Plan for upgrades and migrations ✅ Use PDAs for program-owned accounts: Don't pass private keys ✅ Minimize compute units: Profile and optimize hot paths ✅ Add security.txt: Make it easy for researchers to contact you

Anchor-Specific

✅ Use InitSpace derive: Auto-calculate account space ✅ Prefer has_one constraints: Clearer than custom constraints ✅ Use Program<'info, T>: Validate program accounts in CPIs ✅ Emit events: Use emit! for important state changes ✅ Group related constraints: Keep account validation readable

Native Rust-Specific

✅ Use next_account_info: Safe account iteration ✅ Cache PDA bumps: Store bump in account, use create_program_address ✅ Zero-copy when possible: 50%+ CU savings for large structs ✅ Minimize logging: Especially avoid pubkey formatting (expensive) ✅ Build verifiable: Use solana-verify build for production

Security Considerations

Both frameworks require security vigilance:

⚠️ Common vulnerabilities:

Missing signer checks
Integer overflow/underflow
Account confusion attacks
PDA substitution
Arbitrary CPI targets
Missing account ownership checks
Insufficient rent exemption
Account closing without zeroing

→ For defensive programming patterns and secure coding practices, see security.md

That guide provides:

Core security rules and principles
Account validation patterns
Arithmetic safety guidelines
Pre-deployment security checklist

→ For comprehensive security audits, use the solana-security skill

That skill provides:

Systematic vulnerability analysis
Attack scenarios and exploit POCs
Framework-specific security reviews
Professional audit workflows

When to Switch or Combine

Start with Anchor, optimize later:

Build MVP with Anchor for speed
Profile to find CU bottlenecks
Optimize critical paths with native patterns
Keep Anchor for non-critical code

Start with Native, add Anchor features:

Build core program logic in native Rust
Use Anchor's client generation separately
Leverage anchor-spl for common patterns
Maintain control where it matters

Use both in a workspace:

[workspace]
members = [
    "programs/core",      # Native Rust
    "programs/wrapper",   # Anchor facade
]

Getting Help

Anchor: Discord, Docs
Solana: Stack Exchange, Discord
General: See resources.md for comprehensive links

Next Steps

New to Solana?

Read accounts.md - Understand the account model
Read anchor.md - Start with Anchor framework
Read security.md - Learn secure coding from the start
Build a simple program following testing-overview.md
Deploy to devnet using deployment.md

Coming from another blockchain?

Read accounts.md - Solana's model is different
Read pda.md - Unique to Solana
Choose Anchor for familiar framework experience
Explore resources.md for migration guides

Want to optimize?

Start with working Anchor program
Profile with compute-optimization.md
Learn native patterns from native-rust.md
Refactor bottlenecks selectively

Building production apps?

Master security considerations
Use testing-practices.md for comprehensive best practices
Follow production-deployment.md for verified builds
Get security audit with solana-security skill

solana-development