Yardstick: what Protocol 26 actually unlocks for developers
Yardstick (Protocol 26) is live on Testnet with a May 6 Mainnet vote. What the five new capabilities (v2 TTL host functions, checked 256-bit math, BN254 pairings, SAC improvements, ledger key freeze) actually unlock for Soroban developers.
Yardstick, the Stellar Protocol 26 upgrade, went live on Testnet on April 16, 2026. The Mainnet upgrade vote is scheduled for May 6. The upgrade guide from the Stellar Development Foundation covers the operational side in detail: SDK bumps, Docker builds, validator arm commands, release links per infrastructure component. What it does not spend much time on is what any of this unlocks at the contract layer. That is the part worth reading.
What is actually in Yardstick
Five new capabilities ship, per @BuildOnStellar's April 1 breakdown: v2 TTL host functions, checked 256-bit integer arithmetic, BN254 crypto host functions, ledger key freeze settings, and SAC improvements.
Read as a list, this reads small. Read as a set of things contracts could not do well before, and can now, it reads different.
BN254 is the one to pay attention to
BN254 is the pairing-friendly elliptic curve used by Groth16 and related zk-SNARK systems. Native host functions for pairing math are the difference between "you could technically verify a pairing proof on Stellar, at glacial cost" and "on-chain verification is cheap enough to treat as a building block."
Boundless's verifier shipped on Stellar in February 2026, pre-Yardstick. What BN254 host functions add is a floor on cost and latency for pairing-based verification going forward. That matters for privacy primitives, for verifiable off-chain compute, and for any protocol that wants to use succinct proofs as a trust root. Nothing in this release turns Stellar into a ZK chain. It does make pairing-based ZK workloads meaningfully cheaper to run on Stellar.
Checked arithmetic is the quiet DeFi upgrade
DeFi contract code that touches 256-bit integer math is a surface for silent overflow. Every yield calculation, every LP share math operation, every price aggregation is a place where a large number multiplied by a large number can wrap in the worst way. Checked 256-bit integer arithmetic adds overflow-failing ops as first-class host primitives. Operations that previously relied on SDK-level guards, custom safemath wrappers, or explicit range checks now fail the transaction instead of wrapping.
This is a small change in host surface and a large change in safety posture. It removes a class of bugs that show up only under adversarial input or extreme market moves.
TTL v2 hands contracts control of their own lifecycle
Soroban storage entries archive when their TTL expires. The cost of that has been a live design problem: long-running contracts that hold rarely-touched state have to either pay for aggressive extension or risk being caught with expired critical data. The v1 host-function set let contracts extend TTL. The v2 set is broader in what contracts can ask about and act on at runtime.
The concrete unlock is runtime storage lifecycle logic. Contracts can decide to extend rent based on usage, gate behavior on TTL proximity, or fall through to fallback paths when state is near expiry. That moves storage management from deploy-time accounting to contract-time behavior.
SAC improvements and ledger key freeze
SAC improvements refine the bridge between classic Stellar assets and Soroban contracts. The Stellar Asset Contract is how stablecoins, RWAs, and existing asset issuers expose themselves to the smart-contract world. Anything that reduces friction there compounds across DeFi and tokenization.
Ledger key freeze is primarily an ops tool. It gives the network a mechanism to pause specific ledger entries. Read it as the validator side of the feature list, not a dev primitive, but a safety rail worth knowing about if you build on top of assets that might one day need one.
What Yardstick does not change
Fee economics are unchanged. The contract ABI, subinvocation rules, and the Soroban host interface shape are the same. Contracts you have already deployed will continue to work after the vote.
Yardstick is also not, on its own, a ZK story. BN254 host functions are necessary but not sufficient. Someone still has to ship the SNARK verifier contract, the proof generation toolchain, and the application logic. The Boundless integration is the current concrete example, and it predates Yardstick. What Yardstick changes is the cost curve.
What to do before May 6
Testnet is already live. Before the Mainnet vote: test your contracts against a Protocol 26 Testnet deployment, bump your SDK versions (Rust, JS, Go, Java, Python, iOS, PHP, .NET, Flutter, and Elixir releases are all linked in the SDF guide), and update your infrastructure (Stellar Core, Horizon, RPC, Galexie) to the April 8 stable builds. Validators arm the upgrade command per the guide.
Denelle Dixon framed the upgrade as "more reliable execution. Better state control. Stronger foundations for real-world financial use." The SDK-level story matches that framing. The dev-level story is slightly more specific: BN254 changes what is practical to build at the trust-root layer, checked math changes what is safe to build at the DeFi math layer, and TTL v2 changes how contracts handle their own storage.
Sources
- Stellar Yardstick, Protocol 26 Upgrade Guide (SDF, April 1, 2026)
- @BuildOnStellar feature breakdown (April 1, 2026)
- @StellarOrg Testnet-live announcement (April 16, 2026)
- @DenelleDixon commentary (April 2, 2026)
- Boundless verifier live on Stellar (Boundless, February 11, 2026)
