Introduction
In digital assets, coverage sounds impressive. It promises support for many chains and protocols. Auditors do not sign off on coverage lists. They sign off on evidence. On Solana, confidence comes from an evidence chain that starts at the signature, follows every cross-program step, and ends in a schedule that ties out without guesswork.
This post shows what that evidence chain looks like and how NODE40 produces it for Solana activity at scale.
What we mean by the evidence chain
A reliable Solana audit trail links every reported figure to verifiable sources. It starts with the transaction signature, slot, and block time, then walks the full instruction tree, including inner instructions and program IDs. It records every writable account, maps Program-Derived Addresses (PDAs) to the beneficial owner, and captures token and lamport deltas with complete fee attribution. Classifications are deterministic and reflect economic intent. Valuation relies on independent price references with clear cutoffs. Finally, a roll-forward reconciles prior period to current balances and P&L so reviewers can test the result without assumptions.
If any link is missing, confidence erodes because reviewers must infer intent rather than test it.
CPI and PDAs for reviewers
On Solana, programs call other programs within a single transaction. These calls are cross-program invocations (CPI). Value often moves inside those calls. Assets are frequently held temporarily by PDAs that act on behalf of a user.
A surface read of only the outer instruction will miss key movements. A confidence‑first workflow always walks the instruction tree, maps PDAs to the beneficial owner, and attributes all fees and token flows to the correct line items.
A CLMM example, from event to evidence
Take a SOL/USDC position in a concentrated liquidity pool. Inside a chosen tick range, the mix of SOL and USDC shifts as price moves, while trading activity accrues fees to the position before you collect them. The evidence chain identifies the position and its range, shows each add and remove with exact token amounts and timestamps, and separates fee accruals and reward emissions from principal. At period end, it values the tokens inside the position along with any uncollected fees and rewards using a defensible source and a stated cutoff. Recognition is explicit: fee income when collected; basis adjustments when fees are compounded or principal is removed; realized P&L on removals. The schedules read as a roll-forward that an auditor can retest.
Five Solana edge cases that break surface coverage
- PDA custody without ownership mapping: assets move into PDAs during swaps, staking flows, or vault operations. Without a ledger of PDA‑to‑owner relationships, balances appear to vanish.
- Stake split and merge interactions: changes to stake accounts alter lot composition and timing. Rewards and delegation changes must reconcile across epochs.
- Network and protocol fee attribution: fee components can be scattered across instructions; misattribution distorts P&L and cost basis.
- Router paths with CPI hops: multi‑pool swaps and program calls hide economic intent unless you trace the full instruction tree.
- CLMM fee treatment: accrued fees are income, the changing token mix is not. Mixing them creates incorrect performance.
The vignette below shows how this package resolves a real review with minimal back and forth.
A short vignette
An institutional LP on Solana operated several CLMM positions and executed high‑volume swaps through a router. Their prior reporting showed the right totals but could not prove how fees and rewards were recognized. NODE40 rebuilt the evidence chain by walking CPI paths, mapping PDAs, and separating fee accruals from principal movements. The auditor requested a tie‑out for three signatures. The lineage views and schedules resolved the review in a single session, and the client adopted the same package as a standard for future periods.
How to evaluate vendors on Solana
Use questions that test for proof, not breadth.
- If I give you a single signature, can you produce the full evidence chain without manual hunting?
- How do you attribute network and protocol fee components at the transaction level?
- When assets move through PDAs, how do you maintain ownership and timing attribution across the instruction tree?
- Can you show a CLMM position roll-forward that separates principal from fee income and values uncollected fees at period end?
- What exception handling prevents silent drift when programs update or add new instruction variants?
If the response is a list of covered protocols, you still do not know whether the numbers will stand up.
Conclusion
Coverage may fill spreadsheets. Proof closes reviews. On Solana, confidence is the evidence chain from signature to schedule. That is the standard NODE40 applies so teams can move fast without compromising defensibility.
