Another week, another Sunday Shipment! There’s not too much on the content side this week as we’ve been focused on a few larger-scale product initiatives.
I was planning on making a trip to Los Angeles this week for the Solana Hacker House, but ended up going on an impromptu offsite with a few other Ship Capital team members. Let me know if there’s any future events I should check out (right now looking at ETHDenver)!
Solana Program Registry
This week’s drop is the Solana Program Registry—a way for users to easily verify the programs they interact with on-chain.
One of Solana’s main weak points as a decentralized network is its surprisingly large number of closed-source projects. According to a recent article by The Block, about half of Solana’s ~$10B TVL (total value locked) lies in closed-sourced programs.
For most other large blockchain networks, there’s an implicit social norm around only using open-source smart contract protocols due to transparency and security. Through the Solana Program Registry and other Ship Capital initiatives, we aim to bring this same culture to the Solana ecosystem. We see verified builds being baked directly into user interfaces, like wallets that warn users if they are interacting with unverified source code.
Other ideas for tools we'd like to see built on top of SPR:
A tool to download the program binary from the blockchain and verify the hash locally, either via CLI or via the browser
A tool to verify the contents of BPF Upgradeable Loader program data buffers
An integration with a Solana block explorer
Transformation into a DAO, to eliminate the central point of failure of GitHub
A website for browsing the programs and artifacts that have been published
How it works
The Solana Program Registry (SPR) is a set of scripts that automatically builds verifiable sources of Solana programs using GitHub Actions.
It works as follows:
A dev adds their GitHub repo and tag to
programs.yml
GitHub Actions sees this change and creates a Workflow for building the program.
The workflow gets added to the Verified Programs Builder repo.
The Verified Programs Builder sees the new Workflow and executes it, building the binaries and generating checksums.
The Verified Programs Builder uploads the result to the Verified Program Artifacts repo.
To verify your own programs, follow the instructions in the Solana Program Registry repository.