Upgradability (Canton)
On Canton, CCIP logic ships as Daml packages packaged in DAR files. Participants load and vet packages on their nodes before they can interpret transactions. CCIP evolves by publishing new DAR versions — see the chainlink-canton repository for contract sources.
For participant operations (uploading DARs, vetting, and unvetting packages), see the Canton Network documentation — for example Manage Daml packages and archives.
Package structure
CCIP on Canton is organized as a tree of Daml packages with stable interface packages at the top, core implementations in the middle, and third-party owned packages — such as token pools, executors, and Committee Verifier operators — at the bottom.
Figure 1. CCIP Canton package dependencies. Downstream packages import upstream packages.
Interface packages are not modified in place. When an implementation package is updated, any downstream package that imports it must be rebuilt and released. CCIP minimizes this by keeping extension points behind stable interfaces.
Upgrading DARs on your participant
When Chainlink CCIP communicates a new version, every validator that interacts with the updated contracts must upload and vet the new DARs. In practice:
- Users who send or execute CCIP messages must vet new DARs for packages their workflows depend on.
- Third-party operators — token pool owners, Committee Verifier operators, executors, and similar parties — must upgrade when packages they operate are updated.
Typical rollout:
- Chainlink builds the new DAR and communicates it to affected parties.
- Chainlink uploads the DAR on its validators.
- After a coordination window, affected parties upload the DAR on their own participants.
- Depending on urgency, operators may unvet the previous package version so validators still on the old DAR can no longer interpret new transactions.
For low-impact enhancements, step 4 may be skipped — both versions can coexist until participants choose to upgrade.
Upload new DARs on your participant using the process in Upload a DAR.
Token pools
If a new DAR affecting token pools is released, deploy a new token pool, register it in the Token Admin Registry, and retire the old pool once traffic has moved.
See the BurnMint and LockRelease deployment guides for pool setup and TAR registration.
Staying current
- Monitor communications from Chainlink CCIP operations for required DAR versions on your lanes.
- Confirm your participant has the CCIP DARs your workflows need before sending or executing — see Key Concepts and source prerequisites.
- Confirm party IDs and contract addresses with Chainlink CCIP when deployments change.