Back to Course
8/8
30 XP
quiz12 min

Cross-Program Invocations

Cross-Program Invocations (CPIs)

CPIs allow one program to call another program's instructions. This is how composability works on Solana.

CPI Basics

// Simple CPI — caller is NOT a PDA

invoke(


    &instruction,            // The instruction to execute


    &[account1, account2],   // All accounts needed


)?;



// CPI with PDA signer — caller IS a PDA


invoke_signed(


    &instruction,


    &[pda_account, other_accounts],


    &[&[seeds, &[bump]]],   // PDA signer seeds


)?;

Security Considerations

When making CPIs, always verify:

  • Program ID — ensure you're calling the correct program
  • Account ownership — verify account owners match expectations
  • Signer privileges — don't pass through signer privileges unnecessarily

    • CPI depth is limited to 4 levels. Program A → B → C → D is the max chain.

    Knowledge Check

    1

    What function do you use when a PDA needs to sign a CPI?

    2

    Which of the following are valid CPI security checks? (Select all that apply)

    Select all that apply

    3

    What is the maximum CPI depth on Solana?

    4

    Complete the invoke_signed call to transfer SOL from a PDA vault:

    Hints

    0/3 revealed
    🔒 Hint 2 — reveal previous hints first
    🔒 Hint 3 — reveal previous hints first
    PreviousProgram Derived Addresses
    Back to Course