Solana internals Part 2: how is a Solana program deployed and upgraded

What happens inside Solana when you deploy a smart contract to the Solana Mainnet? Can a Solana program be modified or closed? How to upgrade a Solana program? Who is authorized to change a Solana program?

This article focuses on the upgradability of Solana programs and highlights some intricacies.

Here is a list of take-away notes:

• Solana programs can be modified and upgraded (by default)
• The BPFLoaderUpgradeab1e loader is the owner of every upgradable Solana program account
• Solana program data (i.e., the smart contract code) is stored in a separate buffer account) and it has a maximal size limit.
• The upgrade authority has super power and must be securely managed
• Users of an upgradable Solana program should be cautious to avoid Rug pull
• Updates to Solana programs can introduce new security vulnerabilities and must be audited

Figure 1. The program account info of jet-v1 (link)

Solana program account

Every user-deployed smart contract on Solana corresponds to a Solana program account, which (on a high level) has a few important pieces of information: program_id, owner , program_data , authority , etc.