All articles
solanaprogramsprogramwatchdatadefiecosystem

The 10 most-invoked Solana programs, per ProgramWatch

ProgramWatch ranks programs by instruction invocations over 24 hours — and the leaderboard is a portrait of Solana in 2026: token plumbing on top, the Pump.fun machine claiming three of ten slots (~100M invocations/day), Token-2022 arriving, one private 2.5KB bot program out-calling Jupiter, and a metadata lesson: on-chain verification flags systematically under-report how open these programs actually are.

Share
devrels.xyz/a/142short link

TVL rankings tell you where capital parks. ProgramWatch's top-programs leaderboard tells you what Solana actually executes: programs ranked by instruction invocations — including CPIs — over the last 24 hours, with Vote and ComputeBudget noise excluded (data via Dune, refreshed daily). We pulled the snapshot from ProgramWatch's free API on July 9 and annotated the top ten. It's a strikingly honest portrait of the chain in 2026.

The list

  1. SPL Token Program346,058,670 invocations/24h Tokenkeg
  2. System Program147,269,875 invocations/24h 11111111
  3. Associated Token Account62,616,949 invocations/24h ATokenGP
  4. PumpSwap (Pump.fun AMM)52,735,883 invocations/24h pAMMBay6
  5. SPL Token-202239,299,566 invocations/24h TokenzQd
  6. Private bot program (Etrn…)37,745,326 invocations/24h EtrnLzgb
  7. Pump Fees Program29,090,129 invocations/24h pfeeUxB6
  8. Meteora DAMM v222,890,250 invocations/24h cpamdpZC
  9. Jupiter Aggregator v619,238,554 invocations/24h JUP6LkbZ
  10. Pump.fun (bonding curve)17,828,379 invocations/24h 6EF8rrec

Ranks 1–3: the plumbing tax

Nothing surprising on the podium, and that's the point. Every token transfer touches the SPL Token Program; every account creation and lamport move touches the System Program; nearly every token interaction derives or creates an Associated Token Account. Because this ranking counts CPIs, these three compound: one swap can invoke SPL Token half a dozen times through nested calls. 346 million daily invocations of the token program is less a leaderboard win than a utility bill — the cost of everything else on the list existing.

The Pump.fun machine: three of the top ten

Add up ranks 4, 7, and 10 and the memecoin factory clears ~100 million invocations a day:

  • PumpSwap (#4, 52.7M) — the AMM where graduated tokens trade.
  • Pump Fees (#7, 29.1M) — the fee program CPI'd by PumpSwap to apply market-cap-tiered fees — a program that ranks #7 on the entire chain purely by riding along on #4's swaps.
  • Pump.fun (#10, 17.8M) — the original bonding curve where tokens launch.

Whatever you think of memecoins, the engineering read is unambiguous: a single product's pipeline — launch, graduate, trade, collect fees — is one of the heaviest workloads on the network, and its fee logic alone out-executes almost every DeFi protocol on Solana.

Rank 5: Token-2022 is no longer "coming"

The Token-2022 program at 39.3M daily invocations — over a tenth of classic SPL Token's volume — is the quiet headline. Extensions (transfer fees, confidential transfers, metadata pointers) were long dismissed as a standard waiting for adoption. Stablecoin issuers, tokenized stocks, and newer AMMs that support Token-2022 mints (Meteora DAMM v2, below) have ended that conversation.

Rank 6: the anonymous workhorse

Here's the row that justifies the whole exercise. EtrnLzgb… is 2,513 bytes of unlabeled bytecode, deployed May 1, 2026, executing 37.7 million invocations a day — more than Jupiter. The shape — tiny program, colossal call count, recent deploy, no public identity — is the classic profile of high-frequency trading infrastructure: an arb or MEV operator's on-chain leg, built for one job and never meant to be integrated by anyone else. Private programs like this are a normal, structural part of Solana's traffic, and they routinely occupy top-ten slots. What's useful is being able to see that profile at a glance — deploy date, size, authority, activity — which is exactly the metadata ProgramWatch surfaces.

Ranks 8–9: Meteora out-calls Jupiter

Meteora's DAMM v2 (cpam… — an open-source, audited constant-product AMM with Token-2022 support, position NFTs, and single-sided fee collection) beats Jupiter v6 on raw invocations, 22.9M to 19.2M — with DLMM sitting just outside the ten at #11. Two caveats before drawing conclusions: Jupiter is a router whose swaps largely execute as CPIs into venues like Meteora (inflating the venue, not the router), and launchpad flow parks heavily in Meteora pools. Jupiter's own distinction: it's the only program of the ten with an on-chain Anchor IDL, decodable by any explorer or indexer with zero off-chain lookups.

What the metadata column actually says

Here's where a lazy read goes wrong — and where we initially went wrong ourselves. The bulk API's verified: false / hasIdl: false flags make the top ten look like a trust wasteland. Check each program against the actual sources of truth and the picture inverts:

  • SPL Token is a verified build — the OtterSec registry matches its on-chain hash to the public repo. Token-2022's repo is registered there too.
  • Pump.fun publishes IDLs for all three of its programspump.json, pump_amm.json, and pump_fees.json live in pump-public-docs. They're just not posted to on-chain IDL accounts.
  • Meteora DAMM v2 is fully open source and audited — program source, IDL, and SDKs all public.

So the honest finding isn't "nothing is trustworthy" — it's that on-chain registration lags off-chain reality. Teams ship source, audits, and IDLs in their repos, but few register verified builds or post IDLs on-chain, so explorer flags systematically under-report. If you're doing integration due diligence, treat the flags as a starting point, not a verdict — and if you ship one of these programs, registering the verified build is an afternoon's work that makes every explorer tell your story correctly.

Methodology, honestly

Invocations are not users and not value. CPIs multiply (one transaction can ring the token program six times), bots dwarf humans in call counts, and a fee program can hit #7 without a single user ever addressing it directly. Rankings by active wallets or volume would reshuffle everything below rank 3. What invocation counts uniquely measure is execution reality — which bytecode the validators actually spend their cycles running. By that measure, Solana in July 2026 is: token plumbing, one memecoin conglomerate, an arriving token standard, two AMMs, a router — and the private trading infrastructure that keeps its markets efficient.

Pulling the data yourself

Everything above came from ProgramWatch's API — free, no auth, no keys, CORS-open, with an llms.txt for agents:

bash
# top 100 by 24h invocations
curl https://programwatch.dev/api/top-programs

# metadata for any program (authority, deploy, IDL, verification)
curl https://programwatch.dev/api/program/JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4

# live on-chain check
curl "https://programwatch.dev/api/check?address=JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4"

Resources

Keep reading

Get new articles in your inbox

Technical deep-dives on Solana tooling, infrastructure, and ecosystem. No noise.

The 10 most-invoked Solana programs, per ProgramWatch | devrels.xyz