CPI

CPI (Cross-Program Invocation)¶

Overview¶

CPI (Cross-Program Invocation) is an important mechanism in the Solana blockchain that allows one program to directly invoke another program's instructions. This is the core feature enabling program composability on Solana.

If Solana instructions can be thought of as API endpoints that programs expose to the network, then CPI is like one endpoint internally calling another endpoint. Through CPI, developers can build complex, modular applications that fully leverage the functionality of existing programs.

How It Works¶

When Program A invokes an instruction of Program B, account permissions are extended from one program to another. Program B can use the same accounts and their original permissions as Program A, meaning: - Program B can use signer accounts for signing - Program B can write to writable accounts

This permission propagation mechanism ensures the security and consistency of cross-program invocations.

Core Features¶

Account Permission Extension - The called program inherits the calling program's account permissions - Maintains the original account's writable and signer attributes - Ensures secure propagation of the permission chain

PDA Signing - Programs can sign on behalf of PDAs (Program Derived Addresses) derived from their program ID - Signer permissions are extended from the calling program to the called program - Allows programs to control accounts without private keys

Call Depth Limit - Stack height starts at 1 for the initial transaction - Each time a program invokes another instruction, the stack height increases by 1 - CPI call depth is limited to 4 levels - Prevents infinite recursion and resource exhaustion

Implementation Methods¶

Solana provides two primary methods for implementing CPI:

invoke Function - Used for CPI that does not require a PDA signer - Suitable for simple cross-program invocation scenarios - Internally calls invoke_signed with an empty signer seeds array

invoke_signed Function - Used for CPI that requires a PDA signer - Passes PDA seeds for signature verification - Allows programs to operate on behalf of their derived PDAs

Use Cases¶

• DeFi Protocol Composition: A DEX invokes a lending protocol to execute flash loan transactions
• NFT Marketplaces: A marketplace program invokes the Token program to transfer NFT ownership
• Cross-chain Bridges: A bridge program invokes multiple Token programs to handle asset transfers
• Gaming Applications: A game logic program invokes an NFT minting program to generate in-game items
• DAO Governance: A governance program invokes a treasury program to execute proposals

Best Practices¶

1. Validate Accounts: Always verify the accounts passed in before performing a CPI
2. Check Program ID: Ensure you are invoking the expected program
3. Handle Errors: Properly handle errors that the called program may return
4. Optimize Call Depth: Avoid unnecessary deeply nested calls
5. Security Considerations: Be mindful of reentrancy attacks and privilege escalation risks

Related Links¶

• Solana Official Documentation - CPI
• Anchor Framework CPI Guide
• QuickNode CPI Tutorial