Direct binary comparison
The on-chain program dump matched the local Anchor verifiable-build artifact at target/deploy/bootstrap_bond_program.so.
Build Verification
The deployed program can be checked against public source.
Verifiable builds let reviewers compare the program running on Solana mainnet-beta with a binary built from the public Bootstrap bond source in a controlled Docker environment.
This is a reproducibility and deployment-integrity signal. It is not a substitute for source review, audit, or ongoing monitoring, but it meaningfully narrows the question: does the deployed binary match the public source and recorded build inputs?
Deterministic Solana Verify build
Solana Verify produced the same executable hash when built with the Anchor 0.31.1 Docker image.
Remote verification passed
The hosted verification job reports that the GitHub build matches the on-chain hash.
Current Mainnet Record
Recorded verification inputs
- Program ID
- 4dgQ3H3XPWFh56h1AdZCzYt1WNfnD5R94d2pgTFx1jA6
- Program library
- bootstrap_bond_program
- Deployment source commit
- aba967fa9c8f233b87f6b832cd4d726d35ac2522
- Solana Verify source commit
- 2a52dc5f42c42db809fe0df6e539303df7b133f1
- On-chain program SHA-256
- afe44c7c1925d923cfc0df6ce162ecccc37b965a8c1737396a7f2f9641624eb3
- Solana executable hash
- a8c078857d1ff4618d326d27bf6829d200c19f26fdb5fdf9353d8ec9feaf0ea0
- Verified-build PDA
- Gd7yYxSmGCJRMpDcisHnzfGErpmaiWJoRuiYzNiS4pv6
- Verification uploader
- H2xjBMvUKjXsbdM4Kx7B17W1bCHVqN5rJdWDqgj96Pzg
Independent Checkpoints
External records
These records expose the deployed program, the uploaded verified-build metadata, and the hosted verification result.
Reviewer Path
Three ways to inspect the match.
1. Rebuild with Anchor
Run the Anchor verifiable build, dump the mainnet program, and compare the generated artifact with the deployed binary.
npm run verify:build solana program dump 4dgQ3H3XPWFh56h1AdZCzYt1WNfnD5R94d2pgTFx1jA6 /tmp/bootstrap_bond_program-mainnet.so --url mainnet-beta sha256sum /tmp/bootstrap_bond_program-mainnet.so target/deploy/bootstrap_bond_program.so
2. Compare executable hashes
Build with Solana Verify using the same Anchor image, then compare the local executable hash to the on-chain program hash.
solana-verify build --library-name bootstrap_bond_program --base-image solanafoundation/anchor:v0.31.1 solana-verify get-executable-hash target/verifiable/bootstrap_bond_program.so solana-verify get-program-hash --url https://api.mainnet-beta.solana.com 4dgQ3H3XPWFh56h1AdZCzYt1WNfnD5R94d2pgTFx1jA6
3. Verify from the public repo
Use the recorded source commit and build arguments to verify the deployed program directly against the public repository.
solana-verify verify-from-repo --url https://api.mainnet-beta.solana.com --program-id 4dgQ3H3XPWFh56h1AdZCzYt1WNfnD5R94d2pgTFx1jA6 --commit-hash 2a52dc5f42c42db809fe0df6e539303df7b133f1 --library-name bootstrap_bond_program --base-image solanafoundation/anchor:v0.31.1 https://github.com/BootstrapToken/bootstrap-bond-program
Prefer the source guide?
The program repository keeps the full command log, expected hashes, and verification status links.