Kavachswap is committed to on-chain transparency. This page documents deployed program IDs and how to verify that the on-chain binary matches the published source. Verifiable builds help guarantee that the code you review is the code running on Solana Mainnet.
Reproducible builds require identical toolchain versions. Typical versions: Rust stable (per rust-toolchain.toml), Solana Tools 1.18.x (cargo-build-sbf), solana-program 1.18.x, spl-token/spl-token-2022, borsh. Build on Linux x86-64 for reproducible hashes; macOS ARM may produce different binaries.
Use solana-verify (Ellipsis Labs) or manual hash comparison:
# Build Core AMM
cd programs/kavach_amm_core
cargo build-sbf
# SHA-256 of local build
sha256sum ../../target/deploy/kavach_amm_core.so
# Dump on-chain program and compare
solana program dump 9SYzdw4Wd3cxDyUotZ6nhrtZt4qDHVtKQnQsiJVUsHiM /tmp/on_chain_core.so
sha256sum /tmp/on_chain_core.soHashes should match if the deployed binary was built from the same source. Program IDs and upgrade authority: solana program show 9SYzdw4Wd3cxDyUotZ6nhrtZt4qDHVtKQnQsiJVUsHiM.
If a deployed program's binary does not match published source, this is a critical security issue. Report immediately:
Email: kavachswap@gmail.com
See: security.txt for disclosure policy.