Skip to content

Solana Frontier Hackathon · Recoverable DeFi Operations

Transactions are atomic. Operations are not.

Solana Workflow Engine That Recovers From Every Failure

When step 4 of a 6-step DeFi operation fails, orch8 rolls back steps 1–3 automatically. Retry, compensate, park assets, resume after downtime — all from a single Rust binary with a declarative workflow definition.

Watch Recovery DemoView Source →
Rust engine · 50μs tickSingle binary · no JVMDevnet verifiedOpen source

Position migration

compensated

Without Orch8

1Get quotegatePrice impact OK
2Swap USDCexecuteJupiter confirmed
3Provide LPexecuteSLIPPAGE_EXCEEDED
4Stake LPexecuteNever reached

Stuck

Wallet holds unexpected SOL. Manual recovery required.

With Orch8

1Get quotegatePrice impact OK
2Swap USDCexecuteJupiter confirmed
3Provide LPexecuteSLIPPAGE_EXCEEDED
4Stake LPexecuteNever reached
recovery
Retry LPretryPool still full
Undo swaprollbackReversed step 2
USDC parkedsafeNo funds at risk

Safe

Funds parked in money-market. Zero manual intervention.

The problem

Smart contracts can't retry.

On-chain programs execute once. If they fail, your funds are stuck mid-flow. Off-chain orchestration is the only way to build reliable multi-step operations on Solana.

50% failure rate during congestion

Solana's transaction inclusion during peak load is a coin flip. Your 6-step liquidity provision becomes 3 steps done and 3 steps orphaned — with funds stuck between protocols.

RPC timeouts at the worst moment

Your RPC provider drops the connection during a swap confirmation. Is the transaction pending? Confirmed? Failed? You don't know — and your code doesn't either.

Priority fees are a guessing game

Too low: transaction dropped. Too high: wasted SOL. Dynamic fee estimation requires retry logic that adapts to network conditions in real-time.

No rollback for partial execution

Step 1 swapped USDC→SOL. Step 2 swapped USDC→mSOL. Step 3 failed to provide liquidity. Now you hold two tokens doing nothing. No automatic recovery.

Multi-step operations span time

Unstaking takes epochs. Governance votes take days. Bridge finality takes hours. Your orchestration must survive restarts across these timescales.

Existing tools are dead or simple

Clockwork shut down. Cron jobs can't track state. Retry loops lose context on restart. There's no Temporal for Solana — until now.

Interactive use cases

Demo the failure. Then demo the recovery.

Most teams demo the happy path. This page demos the ugly part: what happens after Solana says no.

🛡GateExecuteRetryRollbackFallbackWait
JupiterOrcaMarinadeCompensation

Swap, provide liquidity, stake — with automatic rollback

Enter a SOL/mSOL strategy across Jupiter, Orca, and Marinade without leaving idle capital when pool conditions move mid-flow.

1

GateCheck APY + depth

🛡

Check APY + depth

Gate

Read pool depth, price impact, and minimum APY before any transaction is submitted.

Without Orch8

No pre-check. Swaps execute blindly even when the pool is too shallow or APY has dropped below target.

Flow stops dead

Outcome

Liquidity provision fails after two swaps, leaving the wallet holding split tokens instead of the intended LP position.

With Orch8

Read pool depth, price impact, and minimum APY before any transaction is submitted.

Outcome

Retries the pool step, then runs compensation handlers in reverse order when slippage or liquidity gates fail.

Signals in this flow:Gate (1)Retry (1)Rollback (1)

How it works

Define the sequence. Orch8 handles failure.

1

Define your DeFi sequence as JSON

Describe each step, its retry policy, compensation handler (for rollback), and rate limits. The engine handles crash recovery, deduplication, and state persistence automatically.

JSON
{
  "id": "yield_farm_entry",
  "blocks": [
    {
      "type": "step",
      "handler": "check_pool_conditions",
      "retry": { "max_attempts": 3, "backoff": "2s" }
    },
    {
      "type": "step",
      "handler": "swap_usdc_to_sol",
      "retry": { "max_attempts": 5, "backoff": "3s" },
      "compensation": "reverse_swap_sol_to_usdc",
      "rate_limit_key": "rpc:helius",
      "rate_limit": { "max": 50, "window_seconds": 1 }
    },
    {
      "type": "step",
      "handler": "swap_usdc_to_msol",
      "compensation": "reverse_swap_msol_to_usdc"
    },
    {
      "type": "step",
      "handler": "provide_liquidity_orca",
      "retry": { "max_attempts": 10, "backoff": "5s" },
      "compensation": "withdraw_liquidity_orca"
    },
    {
      "type": "step",
      "handler": "stake_lp_token"
    }
  ]
}
2

Write handlers with @solana/web3.js

Handlers are plain HTTP endpoints. Use any Solana SDK — web3.js, Anchor, Solana-py. Orch8 calls them, tracks outputs, and never re-executes a completed step. Your handler focuses on the transaction logic, not the reliability infrastructure.

TypeScript
// TypeScript handler — Jupiter swap with priority fees
app.post('/workers/swap_usdc_to_sol', async (req, res) => {
  const { context } = req.body;
  const { amount, slippage } = context.data;

  // Get Jupiter quote
  const quote = await jupiter.getQuote({
    inputMint: USDC_MINT,
    outputMint: SOL_MINT,
    amount,
    slippageBps: slippage,
  });

  // Build transaction with priority fee
  const { transaction } = await jupiter.getSwapTransaction({
    quoteResponse: quote,
    userPublicKey: wallet.publicKey,
    prioritizationFeeLamports: 'auto',
  });

  // Sign and send
  const signature = await connection.sendTransaction(
    transaction, { skipPreflight: true }
  );

  // Confirm with timeout
  await connection.confirmTransaction(signature, 'confirmed');

  // Output is memoized — never re-executed on crash
  res.json({
    signature,
    amount_out: quote.outAmount,
    status: 'confirmed'
  });
});
3

Start sequences from events or your API

Trigger from webhooks, on-chain events (Helius webhooks), cron schedules, or manual API calls. Idempotency keys prevent duplicate execution — the same event never creates two sequences.

POST /sequences/yield_farm_entry/instances
{
  "context": {
    "data": {
      "amount": 1000000000,
      "slippage": 50,
      "pool": "7XawhbbxtsRcQA8KTkHT9f9nc6d69UwqCDh6U5EEbEmX",
      "min_apy": 12.5
    }
  },
  "idempotency_key": "yield-farm-entry-2026-05-10-pool-7Xaw"
}

Why Orch8 for Solana

Built for Solana's failure modes.

Not a generic workflow engine bolted onto Solana. Built to handle the specific ways Solana operations fail — transaction drops, RPC timeouts, partial execution, and epoch-spanning flows.

  • Compensation handlers — when step N fails, execute rollback for steps 1 to N-1
  • Circuit breaker — if RPC fails 3× in 60s, pause all sequences on that endpoint
  • Priority fee escalation — retry with increasing compute budget until inclusion
  • Epoch-aware scheduling — handle unstaking and governance across epoch boundaries
  • Idempotent execution — transaction never submitted twice, even across crashes
  • Written in Rust — 50μs tick latency, single binary, Solana-native language

Automatic compensation on failure

// When provide_liquidity fails after 10 retries:

Engine executes compensation in reverse order:
  ✗ provide_liquidity_orca  — FAILED (slippage exceeded)
  ← reverse_swap_msol_to_usdc — executing...
  ← reverse_swap_sol_to_usdc  — executing...

Result: All funds returned to USDC.
        Sequence marked as "compensated".
        Alert fired to EngineListener.
        Ready to retry when conditions improve.

What happens on failure at step 4

check_pool_conditions — passed
swap_usdc_to_sol — confirmed, output memoized
swap_usdc_to_msol — confirmed, output memoized
provide_liquidity_orca — FAILED after 10 retries
Compensation triggered — reversing steps 2, 3
All funds returned to USDC — zero loss

Comparison

Orch8 vs the alternatives

Clockwork is gone. Cron jobs lose state. Temporal needs a cluster. Custom retry loops don't rollback. Orch8 is the middle ground — powerful enough for multi-step sagas, simple enough to run as a single binary.

Feature comparison across Clockwork, Cron jobs, Custom code, Temporal, and Orch8
DimensionClockworkCron jobsCustom codeTemporalOrch8
StatusShut downActiveActiveActiveActive
Multi-step state trackingNoNoManualYesYes
Compensation / rollbackNoNoManualManualBuilt-in
Solana-specific featuresYes (on-chain)NoManualNoYes
Crash recoveryN/ANoNoReplaySnapshot
Operational complexityN/ALowHighVery HighLow

Proof

Run the demo yourself. Verify on-chain.

The deterministic demo runs locally with no network dependency. The devnet proof submits a real SOL transfer that you can verify on Solana Explorer.

Demo terminal output

Terminal
Recoverable Position Migration Demo
====================================

Unprotected migration
Initial: wallet=0, protocolA=100, protocolB=0, moneyMarket=0, usdc=0
ok   withdraw_collateral: withdrawn
ok   claim_rewards: rewards_claimed
ok   swap_rewards: swapped
fail deposit_protocol_b: protocol_b_capacity_full
Stopped with assets idle: wallet=100, protocolA=0, usdc=5

Recoverable migration
Initial: wallet=0, protocolA=100, protocolB=0, moneyMarket=0, usdc=0
ok   withdraw_collateral: withdrawn
ok   claim_rewards: rewards_claimed
ok   swap_rewards: swapped
fail deposit_protocol_b: protocol_b_capacity_full
recovery deposit_protocol_b: park_assets
ok   park_assets: parked_assets
Recovered: wallet=0, moneyMarket=100, usdc=5

Validated generated workflows against local orch8 engine

Devnet transaction proof

Real SOL transfer on Solana devnet — confirmed on-chain, verifiable via Explorer.

View on Solana Explorer →

What's proven vs mocked

Real

  • Recoverable operation constructor & workflow generation
  • Retry, rollback, fallback, and user-decision branches
  • Local engine validation of generated workflows
  • Devnet SOL transfer with on-chain confirmation

Mocked for demo

  • Protocol balances and capacity checks
  • DeFi protocol transaction effects

Try it yourself

Clone. Run. See recovery.

The full demo runs locally in under 30 seconds. No Solana validator, no RPC keys, no configuration. One command shows both the unprotected failure and the recoverable flow.

  • Deterministic — same output every run
  • No network dependency — runs fully offline
  • Validates workflows against the real orch8 engine
Bash
git clone https://github.com/orch8-io/orch8-solana.git
cd orch8-solana
npm install
npm run demo:frontier

Requires Node.js 18+. Runs on Linux and macOS. Full docs →

FAQ

Common questions

How does Orch8 handle Solana transaction failures?
Orch8 automatically retries failed transactions with configurable backoff and priority fee escalation. If retries are exhausted, it triggers compensation handlers that execute rollback steps in reverse order, returning funds to their original state. See the retry and compensation docs for configuration details. resilience docs
What happens when a multi-step Solana operation partially fails?
Orch8 tracks the state of every step. When step N fails, compensation handlers for steps 1 through N-1 execute in reverse order. Funds are returned to their pre-operation state with zero manual intervention.
Is Orch8 a replacement for Clockwork on Solana?
Orch8 fills the gap left by Clockwork's shutdown. Unlike Clockwork (on-chain), Orch8 runs off-chain as a single Rust binary, providing multi-step orchestration, compensation, circuit breakers, and crash recovery without on-chain program deployment.
What languages can I use to write Solana handlers?
Handlers are plain HTTP endpoints — use any language or SDK. Orch8 provides first-class support for TypeScript, Python, and Go through official SDKs. SDK documentation
How do I get started with Orch8 on Solana?
Clone the repo, run the single-binary engine, and point your handlers at it. The quickstart guide walks you through a working example in under 5 minutes. quickstart guide

Run the demo. Read the code. Judge for yourself.

Clone the repo. Run one command. See an unprotected DeFi migration fail, then the same migration recover automatically. The full source, generated workflows, and devnet proof are in the repository.

View on GitHubDevnet Proof →

Self-host free. No feature gates. No vendor lock-in. Quickstart → · Docs →