5IVE DSL
The safest way to build on Solana.
5IVE is a domain-specific language designed for writing secure, predictable, and efficient smart contracts on the Solana blockchain. It abstracts away low-level complexity while enforcing strict security boundaries at compile time.
Quick Start
Here is a simple counter program. It defines a state account and instructions to modify it.
Language Reference
Data Types
Account Architecture
Accounts & Instructions
Account Definition
Define the structure of your on-chain data accounts.
Instructions
Use pub to expose instructions. Helpers can be private.
Interfaces & CPI
Define interfaces to interact with external programs via Cross-Program Invocation (CPI).
Constraints & Safety
@mutMutable Account
Required to modify an account's data. Without this, accounts are read-only.
@signerSigner Check
Ensures the transaction was signed by this account. Essential for authority checks.
@initInitialize Account
Creates a new account. Typically requires a funded @signer to pay for rent.
On-Chain Fees
Deploy and execute can include native SOL fees configured by the VM admin (basis points of rent and the standard Solana tx fee). The IDE cost estimate includes this deploy fee when it can read the on-chain configuration.
@requiresPre-condition
Runtime check. If the condition is false, the transaction aborts.
Zero-Cost Imports & Import Verification
Importing Other Bytecode
Importing other Five bytecode accounts allows you to call their internal functions directly, without the overhead of CPI (Cross-Program Invocation). This is much cheaper and faster than traditional Solana program calls.
đź”’ Import Verification (Security Feature)
When you declare an import, Five automatically embeds verification metadata in your bytecode. At runtime, the Five VM verifies that the account being called matches your declared import address—preventing attackers from substituting a different bytecode account.
Compile-time: Import address stored in bytecode metadata with FEATURE_IMPORT_VERIFICATION flag
Runtime: VM verifies account address matches before CALL_EXTERNAL execution
Result: Unauthorized bytecode invocation rejected with error
Why Import Verification Matters
- âś“Prevents Bytecode Substitution Attacks: Attacker cannot swap your imported bytecode for a malicious one
- âś“Zero Runtime Cost for Valid Imports: Single 32-byte address comparison (<1ÎĽs)
- ✓Transparent Security: Verification happens automatically—no code changes needed
- âś“Backward Compatible: Existing bytecode without imports continues to work
- âś“Future PDA Support: Metadata format supports PDA-derived bytecode accounts
Security Rules
5IVE enforces strict security rules at compile time to prevent common exploits.
Read-Only External Fields
You can read fields from imported contracts, but you cannot modify them directly. This prevents unauthorized state changes.
Explicit Function Calls
To modify an external contract's state, you must call one of its public instructions.