ProgramWatch: the Solana program explorer that surfaces what Solscan won't

Solana has had transaction explorers since day one. Solscan, Solana Beach, SolanaFM, the official Solana Explorer — they all do the same job: paste a transaction signature or an address, see the result. Great for "did my swap land?" Worse for "is this program safe to integrate with?"

That second question — the one that matters most to anyone shipping on Solana — needs different data:

• Is this program upgradeable? Who holds the upgrade authority?
• Has it been frozen (made immutable)?
• Is it a verified build? Does the deployed bytecode match a public source repo?
• Does it publish an IDL? Where? Anchor IDL or something else?
• When was it last upgraded? How often does it get upgraded?

General explorers either don't surface this, or you have to dig across three tabs to assemble it. ProgramWatch is the explorer built specifically around that question.

What it actually shows

ProgramWatch is a Solana program explorer focused on the metadata every integrator needs:

• Upgrade status — upgradeable vs frozen, who the upgrade authority is, deployment history.
• Verification status — has the program's on-chain bytecode been verified against a public source repo (per the verified-builds standard)?
• IDL availability — does the program publish an Anchor IDL or equivalent, and where to fetch it.
• Program metadata — name, owner program (usually one of the loaders), declared interface.

It's a focused tool with one job: tell you everything you need to make an integration decision about a program in one screen.

Why this matters for integrators

If you're writing a Solana program that CPIs into another program — a DEX aggregator routing through an AMM, a vault depositing into a lending market, a wallet UI that surfaces a token program's instructions — your security posture is downstream of that program's posture.

Three questions you actually need to answer before integrating:

1. Can the program change tomorrow? If it's upgradeable and the upgrade authority is a single key, tomorrow's version may not behave like today's. If the authority is a Squads multisig with public signers, the risk profile is different. If the program is frozen, the bytecode is locked.
2. Is the bytecode what the team says it is? A verified build proves the deployed program corresponds to a specific public source commit. Without verification, you're trusting a build pipeline you can't inspect.
3. Can I decode its instructions? No IDL means custom wire-format work and brittle integration. An IDL means codama-generated TypeScript clients, indexable transactions, and clear semantics.

Solscan answers none of these well. ProgramWatch answers all three in one place.

Concrete use cases

DeFi integration due diligence. You're routing users' capital through a third-party program. Check the upgrade authority, verification status, and how often the team ships upgrades. A program that gets upgraded weekly by an EOA is a different risk than a frozen, verified program.

Security review. Auditing a deployed protocol that depends on N external programs. ProgramWatch gives you the dependency surface — which of those N are verified, which are frozen, which have hot upgrade authorities. That's the input to your trust model.

Picking a wallet or aggregator. You want to use a new aggregator program. Has it published source? Is the deployed binary verified? Is the upgrade authority a multisig or a hot key? Decisions you can't make from Solscan alone.

Ecosystem watching. Which programs got upgraded this week? Which new programs are publishing IDLs? Useful for anyone building tooling, indexers, or documentation that needs to stay current with protocol movement.

What it doesn't replace

ProgramWatch isn't a transaction explorer — for "did my swap land", you still want Solscan or the official Solana Explorer. It's not an analytics dashboard either — for TVL, volumes, fees, look at DefiLlama or the protocol's own dashboards. It's the layer specifically about program identity, lifecycle, and trustworthiness, which the other tools deliberately don't prioritise.

The underwritten part of the Solana toolbox

Program-level metadata is one of Solana's most underexposed attack surfaces. A program with a hot upgrade authority can change its semantics in one transaction; users CPIing into that program the next slot will execute against the new logic, not the audited one. Verified builds, multisig authorities, and IDL publication are the public signals that mitigate this — but they're only useful if integrators can actually surface them.

ProgramWatch fills that gap. It doesn't need to be a category leader; it just needs to be the page you bookmark for "tell me about this program ID."

References

• programwatch.dev — the explorer itself
• Solana docs — Verified builds — the verification standard ProgramWatch surfaces
• Solana docs — IDLs — what the IDL field means and how programs publish them

If you ship anything that CPIs into a Solana program you didn't write, ProgramWatch is the explorer to check first. Then go back to Solscan for everything else.