← Back to Glossary Technology

PDA (Program Derived Address)

A deterministic Solana account address derived from program seeds, used in Sails.to for trustless, programmatic state management.

Full Definition

A Program Derived Address (PDA) is a Solana account address that is deterministically derived from a combination of seed values and a program ID. Unlike regular Solana accounts, PDAs have no private key — they are controlled exclusively by the program that derived them. This makes them the perfect primitive for trustless state management: no human, no wallet, no external entity can modify a PDA's data except through the program's own logic.

Sails.to uses PDAs extensively across the Melusina system for critical state accounts:

  • OfferingState: Derived from [offering_id, "state"] — holds all parameters for an active offering
  • InvestorPosition: Derived from [offering_id, investor_wallet, "position"] — tracks individual holdings
  • CrossConversionLockbox: Derived from [offering_id, "lockbox"] — holds tokens locked during CrossConversion
  • DistributionRecord: Derived from [offering_id, epoch, "distribution"] — immutable record of each distribution
  • ComplianceConfig: Derived from [offering_id, "compliance"] — jurisdiction whitelists, lock-up periods, accreditation requirements

Why It Matters

PDAs are the reason Sails.to's on-chain state is trustless. When a smart contract stores an investor's position in a PDA, that data can only be modified by the program's own verified logic. No admin key. No multisig override. No database migration. The program is the sole authority, and the program's logic is auditable, deployed, and immutable.

Because PDAs are deterministic, any party can independently derive the address and verify the data. An auditor doesn't need API access or database credentials — they need a Solana RPC endpoint and the seed schema. The state is public, verifiable, and incorruptible.

How It Works

  1. The program defines a seed schema — a combination of identifiers that uniquely describe the account's purpose
  2. Solana computes hash(seeds, program_id) and finds an address that falls off the Ed25519 curve (no valid private key exists)
  3. The program creates and initializes the account at this address, writing structured data via Borsh serialization
  4. Only the originating program can sign transactions modifying this account — enforced at the Solana runtime level
  5. Anyone can derive the same address from the same seeds and read the account's data trustlessly

The result: every piece of Sails.to platform state is stored at a predictable, verifiable, program-controlled address.

Related Terms

Solana Smart Contract Melusina CrossConversion

State you can verify

Deterministic addresses. Program-controlled data. Zero trust required.

Learn More