Anchor: Today and Tomorrow

The Solana developer ecosystem just received a major upgrade. At Breakpoint 2024, Jacob Creech from Solana Foundation and Robert Chen, CEO of security firm OtterSec, announced the release of Anchor 1.0 – the stable, production-ready version of Solana's most popular smart contract development framework. But that's just the beginning: the duo also unveiled an ambitious roadmap for Anchor 2.0 that promises to transform the framework into a comprehensive toolchain with native fuzzing, security linting, and dramatic performance improvements through Pinocchio integration.

Summary

Anchor has long been the go-to framework for Solana developers, simplifying the process of building and deploying smart contracts (called "programs" on Solana). However, the framework has faced criticism for dependency conflicts, maintenance issues, and missing security features. The new Anchor 1.0 release directly addresses these pain points while laying the groundwork for even more significant improvements in version 2.0.

The release represents months of intensive work. Since OtterSec and Solana Foundation took over maintenance of Anchor, they've closed hundreds of issues and pull requests, bringing the project from over 300 pending PRs to under 100. This cleanup effort wasn't just about housekeeping – it was about creating a stable foundation that developers and auditors can rely on.

Perhaps most significantly, the team is repositioning Anchor from just a framework to a complete toolchain. This means developers building with any approach – whether using Anchor's framework features, native Rust, or ultra-optimized solutions like Pinocchio – can use Anchor's CLI tools for building, testing, and deploying their programs. This unification addresses one of the ecosystem's most frustrating problems: the proliferation of incompatible frameworks and dependency conflicts.

Looking ahead, Anchor 2.0 promises to bring Pinocchio's performance optimizations directly into the framework, eliminating the current situation where teams spend months rewriting their programs for better efficiency. Combined with native fuzzing capabilities and security linting, the roadmap positions Anchor as the one-stop solution for Solana development regardless of developer skill level.

Key Points:

Eliminating the Duplicate Mutable Accounts Bug

One of the most dangerous and common vulnerabilities in Solana development has been the duplicate mutable accounts issue. This occurs when developers inadvertently pass the same account into multiple fields of a transaction context. In previous versions of Anchor, only the last account would persist its changes – a technical quirk that could lead to critical security vulnerabilities.

Consider a token transfer operation: if the same token account is passed twice, only the second serialization would be saved back to the blockchain, potentially causing funds to be lost or stolen. This bug has been the source of numerous critical security issues identified during audits. Anchor 1.0 automatically prevents this by default, checking that no two mutable accounts share the same public key. Developers who specifically need this behavior can opt-in, but the dangerous default is eliminated.

Dependency Management Revolution

Solana developers have long struggled with what Robert Chen called the nightmare of "how do I compile this thing?" The ecosystem has suffered from version conflicts between the Solana SDK, platform tools, and Anchor itself. Different projects require different combinations of these dependencies, leading to frustrating build failures and compatibility issues.

Anchor 1.0 takes a bold approach: it removes the requirement for the Solana SDK entirely and ties the platform tools version directly to the Anchor version. This means developers only need to know one version number – the Anchor version – and everything else falls into place automatically. The Borsh serialization library has also been upgraded to V1 after being stuck on a three-year-old version, enabling compatibility with Solana SDK 3.0 and beyond.

Anchor as a Universal Toolchain

The philosophical shift from "Anchor the framework" to "Anchor the toolchain" represents a major evolution. Popular community tools like Surfbull (an enhanced test validator), LightSVM, and Molist are being packaged under the Anchor umbrella. Crucially, these tools work regardless of whether you're building an Anchor framework program, a native Rust program, or a Pinocchio-optimized program.

This addresses a key frustration for auditors like OtterSec. As Chen explained, "framework proliferation" – where multiple protocols built their own custom frameworks – increases complexity for everyone. By making Anchor powerful and flexible enough to support any development approach, the hope is to reduce fragmentation and create a unified tooling standard.

Pinocchio Integration in Anchor 2.0

For teams that need maximum performance, Pinocchio offers significant optimizations over the standard Solana program library. However, migrating existing programs to Pinocchio has been notoriously difficult – some teams have spent eight months or more on the transition. Anchor 2.0 will swap out the internal Solana program dependencies with Pinocchio, giving developers the performance benefits without the migration pain.

The upgrade also includes zero-copy functionality, eliminating the overhead of deserializing and re-serializing account data. This is particularly important for programs that handle large amounts of data or need to process transactions as quickly as possible.

Extensibility Through Traits

A common complaint about frameworks is that they're either too restrictive or too opinionated. Some teams start with Anchor, realize they need more control, and then have to abandon the framework entirely. Anchor 2.0 introduces a trait-based system that allows developers to override specific parts of the framework while keeping the rest.

Want to customize how accounts are parsed? Override just that trait. Need a special entry point for your high-frequency trading AMM? You can do that while still using Anchor for everything else. This flexibility means developers can grow with the framework rather than outgrowing it.

Native Fuzzing with Anchor Fuzz

Fuzz testing – where software is bombarded with random or semi-random inputs to discover bugs – is one of the most effective security techniques available. Anchor 2.0 will include native fuzzing capabilities, making it as easy to write a fuzz test as it is to write a unit test.

The CLI will support creating fuzz harnesses, running them, checking code coverage, and analyzing crashes. This democratizes a technique that previously required specialized knowledge and separate tooling, raising the security baseline for all Solana programs.

Security Linting

Before submitting code for an expensive security audit, developers will be able to run Anchor's built-in linter to catch common vulnerabilities. The linter includes hard-coded rules for known issues – like the common mistake of not reloading an account after a cross-program invocation (CPI).

But the real power comes from community contributions. Anyone can write and publish their own linting rules, either contributing to the official repository or hosting them independently. This creates a living, growing knowledge base of security patterns that the entire ecosystem benefits from.

Facts + Figures

• Anchor 1.0 release candidate was published approximately 20 minutes before the Breakpoint presentation
• The maintenance effort reduced pending pull requests from over 300 to under 100
• Borsh serialization library updated from a 3-year-old version to V1
• Monthly community calls are held, with the next scheduled for January 14th
• OtterSec CTF at Dev Cave offers a top prize of 30 SOL (approximately $4,000 at announcement time)
• Anchor has been professionally audited, with audit reports available through OtterSec
• Bug bounty program launched with direct email access to core maintainers
• Some teams have spent 8+ months migrating programs from Anchor to Pinocchio for performance gains
• At least two to three custom frameworks were created by various protocols in the past three years
• Community Discord channels available: anchor contributor channel

Top Quotes

"One thing that we really hate as auditors is framework proliferation."

"Having different frameworks increases the complexity, not just for developers, but also for auditors."

"The idea for Anchor 1.0 is it is a step in the direction of what we just said – it is a stable version that you can rely on to build Solana programs for now and for the foreseeable future."

"We can't overstate how amazing this is. There's been countless times where we're trying to audit a program and I'm like, how do I compile this thing?"

"If you're a developer, maybe you don't care that much about this. But if an auditor, hopefully you're super excited."

"The goal here in the hope here is that regardless of your level as a developer, you can use Anchor and it can be the framework that you stick with."

"We want to bring native fuzz testing to Anchor framework. Fuzzing is an immensely useful tool and we think every developer should be able to access it and write it similar to how you might write a unit test."

"Before you submit your code to an audit, you should be able to run Anchor rules, see how it looks and fix them before you even submit it."

"One thing we need to figure out is the disambiguation of the naming. There is Anchor framework and now we have Anchor the toolchain. That is a tomorrow problem."

Questions Answered

What is Anchor and why does it matter for Solana?

Anchor is the most widely-used framework for building smart contracts (called programs) on Solana. It provides developers with helpful abstractions, automated account validation, and simplified error handling that makes Solana development much more accessible. Without Anchor, developers would need to write significantly more boilerplate code and handle many low-level details manually. The framework has become so central to the ecosystem that improvements to Anchor effectively improve the entire Solana developer experience.

What security improvements does Anchor 1.0 bring?

The most significant security improvement is the automatic prevention of duplicate mutable accounts, which has been a source of critical vulnerabilities in Solana programs. Previously, passing the same account into multiple fields would result in only the last serialization being saved, potentially causing funds loss. Anchor 1.0 blocks this by default. Additionally, the framework has been professionally audited by OtterSec, and a bug bounty program has been established where security researchers can report vulnerabilities directly to the maintainers.

How does Anchor 1.0 solve dependency conflicts?

Anchor 1.0 eliminates the complex version juggling that has plagued Solana developers by removing the requirement for the Solana SDK entirely and tying platform tools versions to the Anchor version itself. Previously, developers needed to ensure compatibility between their Anchor version, Solana SDK version, platform tools version, and various other dependencies. Now, knowing just the Anchor version is sufficient – everything else is handled automatically, making builds more reliable and reproducible.

What performance improvements will Anchor 2.0 bring?

Anchor 2.0 will integrate Pinocchio internally, bringing significant performance optimizations that previously required manual program rewrites. Some teams have spent eight months or more migrating their programs to Pinocchio for better efficiency. With Anchor 2.0, developers will get these benefits automatically. The update also includes zero-copy functionality, which eliminates the overhead of deserializing and re-serializing account data during program execution.

How can developers participate in Anchor's development?

The Anchor team actively encourages community participation through several channels. Monthly community calls are held (next one January 14th) where developers can share feedback and ideas. The anchor contributor channel on Discord provides direct access to the maintainers. Developers can also contribute linting rules, report bugs through the bug bounty program, or submit pull requests to the GitHub repository. The team has emphasized that they're particularly interested in hearing about pain points and feature requests.

What is Anchor Fuzz and how does it improve security?

Anchor Fuzz is a native fuzzing tool being built into Anchor 2.0 that will make security testing as accessible as writing unit tests. Fuzzing involves bombarding programs with varied inputs to discover unexpected behaviors and vulnerabilities. The tool will include CLI commands to create test harnesses, run fuzz tests, check code coverage, and analyze crashes. By building this directly into Anchor, the barrier to sophisticated security testing is dramatically lowered, potentially catching vulnerabilities before code ever reaches production.

Can existing Anchor programs be upgraded to use new features?

While specific migration details weren't covered in depth, the framework is designed for backward compatibility and incremental adoption. The extensibility features in Anchor 2.0, based on traits, allow developers to override specific components without rewriting entire programs. This modular approach means teams can adopt new features like Pinocchio integration or custom entry points without abandoning their existing codebase.