← Back to simd.watch
Review

SIMD-0418

Enable Loader v2 to v3 Program Migrations

Author: febo (Anza) · Category: Core Protocol GitHub →

TL;DR

This proposal introduces a feature-gated mechanism for runtime-level migration of Loader v2 programs to Loader v3.

Summary

This proposal introduces a feature-gated mechanism for runtime-level migration of Loader v2 programs to Loader v3.

Motivation

Loader v2 programs are immutable by design, as the loader does not support program upgrades. However, several essential Loader v2 programs would benefit from a feature-gated, consensus-driven mechanism that allows the community to approve targeted upgrades to specific programs (e.g., SPL Token).

Key Changes

  • Create the program data account: A program data account is derived from the program ID. This account must not already exist, with one exception: if an account with the derived address exists, holds lamports, and is owned by the System Program, it may be reused. In that case, any excess lamports are burned. The ELF bytes from the buffer account are then copied into this program data account.
  • Rewrite the program account: The existing Loader v2 program account is replaced with a Loader v3 program account that references the newly created program data account. Because Loader v2 programs are not upgradable, they do not have an upgrade authority, and None is assigned during migration.
  • Close the buffer account: Once both program and program data accounts have been created and populated, the buffer account is closed and any remaining lamports are burned.

Impact

This change introduces a feature-gated, consensus-driven mechanism that allows the community to approve targeted upgrades for specific programs that would otherwise be non-upgradeable.

Backwards Compatibility

This proposal itself does not directly introduce any breaking changes. The code introduced to migrate Loader v2 programs to Loader v3 programs will exist off of the runtime's "hot path" until it's actually used for a migration. When a migration is conducted, the Loader v3 version of a program is expected to be backwards compatible *functionally* — its Loader v3 version must provide the exact same results as the Loader v2 program it aims to replace.

Security Considerations

Migrating Loader v2 programs have serious security implications surrounding the replacement of essential programs with the contents of another account. This is an extremely sensitive process that must be handled with maximum caution.

← View all SIMDs on simd.watch