End-to-End Solana Smart Contract Development in Rust

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
End-to-End Solana Smart Contract Development in Rust
Complex
~3-5 days
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1347
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    948
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

End-to-End Solana Smart Contract Development in Rust

We develop Solana smart contracts in Rust turnkey — from accounts model design to multisig deployment. Solana attracts developers with sub-second finality and $0.00025 transaction cost. But behind that speed lies a fundamentally different execution model: accounts model instead of contract storage, stateless programs, PDA derivation instead of mappings. A developer coming from EVM spends the first two weeks thinking Solana is broken — because the familiar Solidity patterns either don't work here or lead to a different class of vulnerabilities. We've learned to sidestep these pitfalls over 5 years of practice.

Why Solana Programs Break EVM Developers

According to Solana documentation, programs do not own data — they only authorize operations on passed accounts. In EVM, the contract stores its state internally. In Solana, the program is a stateless executable, and data lives in separate accounts that the program does not own — it only authorizes operations on them. This means every instruction call requires explicitly passing all accounts involved.

Missing signer check

First pitfall: missing signer check. The program receives an account via AccountInfo but does not check that the passed authority actually signed the transaction. In Anchor, this is caught with the #[account(signer)] attribute or Signer<'info> type. In native Rust, it is done via explicit check if !authority.is_signer { return Err(...) }. It's easy to miss when writing your early programs.

Account substitution

The second classic vulnerability is account substitution. The program receives a token_account and authority but does not check that token_account.owner matches the passed authority. An attacker passes their own token_account and someone else's authority — the program executes without error and drains foreign tokens.

PDA derivation mismatch

The third major pain is PDA derivation mismatch. Program Derived Address is derived from seeds + program_id. If seeds are not explicitly verified via find_program_address with a constraint in Anchor (seeds = [b"vault", user.key().as_ref()]), an attacker can pass an arbitrary account that happens to match the PDA address but is not legitimate.

Vulnerability Cause Prevention
Missing signer Signature not checked Signer<'info> or #[account(signer)]
Account substitution Owner not checked Verify token_account.owner == authority
PDA mismatch Seeds not validated seeds = [...] constraint in Anchor

How Anchor Changes the Security Equation?

We mainly use the Anchor framework (current version 0.30.x). Anchor generates a discriminator for each account type and checks it during deserialization — this automatically closes a whole class of type confusion attacks where an attacker passes an account of the wrong type.

A typical instruction structure in our codebase:

#[derive(Accounts)]
pub struct Deposit<'info> {
    #[account(
        mut,
        seeds = [b"vault", user.key().as_ref()],
        bump,
        constraint = vault.authority == user.key() @ ErrorCode::Unauthorized
    )]
    pub vault: Account<'info, VaultState>,

    #[account(
        mut,
        associated_token::mint = mint,
        associated_token::authority = user
    )]
    pub user_token_account: Account<'info, TokenAccount>,

    pub user: Signer<'info>,
    pub mint: Account<'info, Mint>,
    pub token_program: Program<'info, Token>,
    pub system_program: Program<'info, System>,
}

Constraints in #[account(...)] are not just syntactic sugar. They compile to explicit checks executed before the instruction logic. If a constraint is violated — the transaction reverts before instruction logic runs.

How to Test Solana Programs Without Starting a Validator?

For most unit tests, we use solana-bankrun — it spins up a synthetic runtime in memory without starting a validator. A test that would take 3 seconds on localnet (a slot every 400 ms) executes in 50 ms — 60 times faster. This is critical for fuzzing.

Integration tests run on localnet via anchor test. We add --skip-local-validator where the test scenario requires real programs (Associated Token Program, Metaplex) — we clone their state from mainnet using --clone.

For fuzzing SPL programs, we use Trident (Ackee Blockchain's fuzzer). It generates random sequences of instructions and looks for panics, unexpected account state, integer overflow. On one project, Trident found in 4 hours a scenario where the sequence init → close → reinit led to reinitialization of an account with foreign data — Anchor discriminator passed because reinit used the same type.

Compute Units Optimization

Solana limits each transaction to 1.4M compute units by default (you can request up to 1.4M via SetComputeUnitLimit). Serialization/deserialization via Borsh is expensive for large structures.

Practice: split large state structures into multiple accounts. Instead of one ProgramState with 50 fields — several specialized accounts. Less data deserialized per call — less CU spent.

Second technique: zero_copy accounts via #[account(zero_copy)] in Anchor. Data is read directly from memory without Borsh deserialization. On structures >1KB, we save 30-50% CU.

Approach CU for 1KB deserialization Mutability
Standard Borsh ~8000 CU Full
zero_copy (bytemuck) ~500 CU Limited (repr(C))

Development Process

Analytics and design (2-5 days). We break down the accounts model for the task: which PDAs are needed, what seeds, where CPI to Token Program or Associated Token Program is required. We design state before writing code — reworking accounts structure during testing is expensive.

Development (3-10 days depending on complexity). Anchor + Rust stable. We cover each instruction with tests via Bankrun. Complex scenarios (PDA lifecycle, CPI chains) run on localnet.

Security review. We run it through Soteria (static analysis for Solana programs) and a manual review based on a checklist: missing signer, ownership checks, PDA validation, integer arithmetic (we use checked_add, checked_mul everywhere).

Solana Program Security Checklist
  • [ ] All signers verified
  • [ ] Ownership checks on each account
  • [ ] PDA derivation with seeds constraint
  • [ ] Arithmetic with checked_ops
  • [ ] No reinit vulnerabilities
  • [ ] Upgrade authority set to multisig

Deployment. anchor deploy with multisig upgrade authority (Squads Protocol). Upgrade authority should not be an EOA — if the private key leaks, the program can be rewritten.

What's Included

  • Accounts model and PDA structure design
  • Program writing in Rust with Anchor
  • Unit tests (Bankrun) and integration tests (localnet)
  • Security review (static analysis + manual audit)
  • Deployment with multisig upgrade authority
  • Documentation of instructions and accounts

Our team has 5+ years of experience in blockchain development and over 10 delivered projects on Solana. If you are developing a DeFi protocol or NFT marketplace on Solana — reach out, we will help avoid common mistakes. Contact us to evaluate your project and get a development plan.

Smart Contract Development

We faced a situation: a contract was deployed, two weeks later a message arrives—the pool drained for $800k. Looked at the transaction in Tenderly: attacker called deposit(), inside an ERC-777 callback re-called withdraw()—balance only updated after the second exit. Classic reentrancy, but not via ETH transfer—through an ERC-777 hook. ReentrancyGuard was only on withdraw().

Such cases are not rare. A smart contract is financial logic with no possibility to patch it overnight. Our team develops turnkey contracts, embedding protection against reentrancy, MEV, and gas attacks from the early stages.

How We Develop Smart Contracts Turnkey

We start with business logic audit and stack selection. Solidity 0.8.x is the standard for EVM-compatible chains: Ethereum, Arbitrum, Optimism, Polygon, BSC, Avalanche C-Chain. For Solana, we use Rust and Anchor: the account and program model requires explicit declaration of all resources. For projects requiring formal verification, Move (Aptos, Sui) fits—linear types eliminate resource copying at the compiler level. Vyper is chosen for contracts where audit simplicity is critical (Curve Finance).

Language Execution Model Typical Domain Risks
Solidity 0.8.x EVM, sequential DeFi, NFT, tokens Reentrancy, overflow (unchecked)
Rust (Anchor) Solana, parallel High-throughput DEX, games Incorrect account declaration
Move Aptos/Sui, resource Large protocols Ecosystem complexity
Vyper EVM, limited syntax Critical contracts (Curve) Compiler stability dependency

Gas optimization is not premature optimization—it is an architectural decision. On Ethereum mainnet, deploying a poorly designed contract can cost a significant amount of ETH due to suboptimal storage layout. Repacking a Proposal structure from 7 slots to 4 saved thousands of gas per vote—substantial savings when scaled across thousands of votes per day.

Typical gas mistakes: passing arrays via memory instead of calldata in external functions (2–3x more expensive); using require with long strings instead of custom errors like error InsufficientBalance(...). Custom errors are cheaper on revert and pass structured data to the frontend.

Why Smart Contract Audit Is Critical for Security

Audit is not a one-time check—it is a built-in development stage. We use three levels:

  1. Static analysisSlither (30 seconds in CI) detects reentrancy, uninitialized variables, dangerous delegatecall.
  2. Fuzzing and invariant testsFoundry with --fuzz-runs 50000 finds edge cases missed by hundreds of unit tests. Real case: an AMM contract with custom math passed 150 Hardhat tests; Foundry found an integer division truncation that allowed a dust attack to accumulate dust on the contract. Echidna checks invariants ("sum of all balances ≤ totalSupply").
  3. Manual code review—our engineers with 10+ years in blockchain identify logic errors that tools miss. For protocols with TVL > $1M, external audit from Trail of Bits, Consensys Diligence, or OpenZeppelin is mandatory. Timeline: 2–4 weeks.

Any upgradeable protocol must have a timelock. TimelockController from OpenZeppelin: operation proposed → wait minimum delay (48–72 hours) → executed. Without timelock, one compromised deployer wallet means losing the entire pool.

What Upgrade Patterns Do We Choose?

Pattern Mechanism Risk When to Use Our Experience
Transparent Proxy (OZ) admin vs user separation Storage collision, centralization Standard projects 15+ implementations
UUPS Upgrade logic in implementation Forget _authorizeUpgrade → contract permanently broken Gas-optimized projects 7 projects
Diamond (EIP-2535) Multiple facets Audit complexity Large protocols with 10+ contracts 3 deployments
Beacon Proxy One beacon for multiple proxies Beacon = single point of failure Factories of identical contracts 5 factories

Storage collision is the main danger of proxies. Implementation v2 must not add variables before existing ones. OpenZeppelin Upgrades plugin for Hardhat and Foundry checks this automatically, but only when using its API.

How to Protect a Contract from MEV and Front-Running

On Ethereum mainnet, transactions in the mempool are visible to all. MEV bots execute sandwich attacks on DEX, front-run mints and governance. Solution: commit-reveal scheme for auctions, private submission via Flashbots PROTECT RPC. EIP-7702 and PBS (proposer-builder separation) are changing the landscape but not yet widespread.

What Is the Development Process?

  1. Analysis—functional specification, call diagram, edge case analysis. Without this, coding starts in vain.
  2. Development—Solidity/Rust with tests in parallel. Test → code → refactoring. Use Foundry for fuzz and invariant tests.
  3. Internal audit—Slither + Echidna + manual code review. Foundry invariant tests for protocol invariants.
  4. External audit—for projects with real money. Timeline: 2–4 weeks.
  5. Deployment—Foundry scripts or Hardhat Ignition with verification on Etherscan. Gnosis Safe for ownership transfer immediately after deployment.
  6. Monitoring—Tenderly alerts, OpenZeppelin Defender, Forta Network.

What Is Included

  • Architecture documentation and contract specification (NatSpec).
  • Source code with repository and CI (Slither, Foundry, coverage).
  • Deployed contract with verification on blockchain explorer.
  • Audit results (internal and external upon request).
  • Access to monitoring and management (Gnosis Safe).
  • Code warranty: critical bug fixes within one month after deployment.
  • Consultation on web integration (wagmi, RainbowKit).

Estimated Timelines

  • ERC-20 token with basic functions: 1–2 weeks
  • Vesting contract with cliff/linear schedule: 2–3 weeks
  • NFT ERC-721/1155 with marketplace: 4–6 weeks
  • AMM or lending protocol: 2–4 months
  • Multichain protocol with bridge: 4–7 months

Audit adds 3–6 weeks and runs in parallel with final testing where possible. Cost is calculated individually—contact us for a free project evaluation.

Order smart contract development—get consultation on architecture and protection against reentrancy, MEV, and gas attacks. Want to discuss details? Write to us—we will select the optimal stack for your task.