Follow this checklist when deploying the Anchor program to Solana mainnet-beta.
- Anchor CLI
v0.32.1(matchesAnchor.toml) - Solana CLI
v2.3.13configured with a funded mainnet wallet - Program keypair generated and recorded in
Anchor.toml - Oracle operator keypair JSON file (distinct from deployer if desired)
- Fresh mainnet deployer keypair created solely for production; store the secret key offline (hardware wallet or encrypted cold storage) and keep redundant, secure backups
Create the deployer key on an air-gapped or otherwise trusted machine:
solana-keygen new --outfile /tmp/timba-mainnet-deployer.json --no-bip39-passphraseRecord the public key (you will copy this into Anchor.toml):
solana-keygen pubkey /tmp/timba-mainnet-deployer.jsonImmediately move the JSON file into secure, offline storage (hardware wallet export, encrypted drive, or sealed USB) and delete any plaintext copy from the online workstation once the deployment is complete.
cd contracts
solana config set --url https://api.mainnet-beta.solana.com
solana config set --keypair /path/to/deployer.json
export ORACLE_OPERATOR_KEYPAIR_PATH=/path/to/oracle-operator.json
ORACLE_OPERATOR_KEYPAIR_PATHensures the migration script assigns oracle authority to a dedicated key instead of the deployer. Bring the deployer key onto a locked-down machine only long enough to sign the deployment, then remove it from the online system once the program is live.
anchor build
anchor deploy --no-idlIf you rely on Anchor migrations (e.g., migrations/deploy.ts) run:
anchor migrate- Copy
target/idl/timba.jsonto:../bot/idl/idl.json../oracle/idl/idl.json
- Commit the updated IDL if appropriate.
solana program show 32Jr4JnXWvqq9GqPQynkooHsszaucUUvZfNLh2hdX2L5- Confirm the oracle account was created with the intended operator:
anchor account oracle $(anchor keys list timba --program-id) - Ensure both oracle and bot wallets are funded for fees.
- Archive the deployer key backups in offline storage after confirming the deployment; ongoing operations should not require this key.
Run the bot utility scripts from the project root after services are configured:
cd ../bot
ORACLE_OPERATOR_KEYPAIR_PATH=/path/to/oracle-operator.json bun run scripts/initialize-game-token.tsThis registers the mainnet TIMBA and WSOL tokens with the on-chain oracle configuration.
When you need to retire the program, follow this sequence to halt new activity, settle outstanding games, and recover funds before closing the program.
-
Disable new games From the
bot/directory, turn off each supported token so players cannot create additional games:cd ../bot ORACLE_OPERATOR_KEYPAIR_PATH=/path/to/oracle-operator.json bun run scripts/disable-game-tokens.ts -
Force completion/cancellation of existing games Run a manual scan with the oracle service (repeat until completed/not ready both return zero):
cd ../oracle bun run scripts/manual-shutdown.tsThis drives the
scanAndCompleteActiveGames()loop, refunding players or distributing winnings so vaults empty out. Allow time for timeout-based cancellations to mature if any games remain “not ready”. -
Withdraw protocol fees Use the bot helper to drain accumulated fees into the oracle operator wallet:
cd ../bot ORACLE_OPERATOR_KEYPAIR_PATH=/path/to/oracle-operator.json bun run scripts/withdraw-token-fees.tsThe script creates missing ATAs for the operator (if needed) and withdraws fees for each configured token mint.
-
Verify no state remains
solana account <game_token_pda>should report zero lamports for every configured mint.anchor account oracle <oracle_pda>should show zero outstanding balances and the intended operator key.
-
Close the program (upgradeable loader)
solana program close 32Jr4JnXWvqq9GqPQynkooHsszaucUUvZfNLh2hdX2L5 --recipient <SAFE_RECIPIENT_PUBKEY>The recipient address receives the reclaimed rent from remaining program accounts. Run this from the workstation holding the deployer/upgrade authority key, then remove that key from the machine and return it to offline storage.