Cross-Program Invocations: Fundamentals — Forge College

Want to compose multiple on-chain programs into a single atomic operation? Cross-program-invocations (CPIs) are the primitive that let one Solana program invoke another inside the same transaction — understanding their mechanics is crucial to building secure, composable programs. What you'll learn In this lesson you'll get a concrete, protocol-aware model of CPIs: what gets packaged into a CPI (instruction data, program id, and account meta list), how the Solana runtime grafts that account list onto the current execution context, and which deterministic checks the runtime performs (account existence, writable/readable flags, and signer requirements). You will learn how state and lamports behave when accounts are passed between caller and callee, how invoke_signed affects PDA signing, and exactly how errors propagate and roll back across CPI boundaries. The lesson also covers where to implement defensive checks in your program and practical patterns for secure CPI configuration. Who this is for This lesson is designed for intermediate Solana developers who already understand transaction construction, account ownership, and basic instruction dispatch. Prior experience reading or writing on-chain programs (Rust or Anchor) will help you apply the patterns immediately. Key topics covered - What makes up a CPI: instruction data, program id, and AccountMeta list - How the runtime grafts accounts and enforces access, writable, and signer checks - Signer semantics and invoke_signed for PDA-authorized CPIs - State sharing, lamport transfers, and rollback behavior on CPI failure - Error propagation patterns and where to add defensive checks - Security considerations when composing programs via CPI Keep this lesson as the conceptual foundation before you design account flows or implement CPI error handling in code. Continue your learning and build with Forge College: https://www.forge.college/