TL;DR
A smart contract (called a “program” on Solana) is self-executing code deployed on the blockchain that automatically enforces rules and processes transactions without intermediaries.
Solana calls them “programs” rather than smart contracts, but the concept is the same: code deployed on-chain that executes when called. Key difference: Solana programs are stateless — they don’t store data themselves but read and write to separate “account” data structures. Ethereum smart contracts store their own state. This separation is what allows Solana to parallelize transactions more effectively.
Every DeFi interaction on Solana involves programs. Swapping on Jupiter calls the Jupiter program, which calls the underlying AMM programs (Raydium, Orca). Lending on Kamino calls Kamino’s program. Launching a token on Pump.fun calls the Pump.fun program. These programs are transparent (code is on-chain and often verified), deterministic (same input always produces same output), and permissionless (anyone can interact with them).
Program bugs can lead to exploits and stolen funds. Auditing is critical for programs handling user funds. Upgradeable programs can be changed by their upgrade authority (a risk if controlled by a single key). Immutable programs (upgrade authority revoked) can’t be fixed but also can’t be maliciously altered. When evaluating a protocol’s safety, check: has it been audited? Is the program upgradeable? Who holds the upgrade authority?