Compute Budget Injection
Detects hardcoded compute budget assumptions vulnerable to injection.
Compute Budget Injection
Overview
The compute budget injection detector identifies programs that make assumptions about available compute units by comparing against constants or using compute-dependent loop bounds without calling sol_remaining_compute_units(). Attackers can inject SetComputeUnitLimit instructions in the transaction to manipulate program behavior.
For remediation guidance, see Compute Budget Injection Remediation.
Why This Is an Issue
Solana transactions can include SetComputeUnitLimit instructions that change the compute budget. Programs that hardcode values like 200,000 or 1,400,000 in comparisons or loop bounds can be manipulated by attackers who set a different compute budget, causing the program to behave unexpectedly — either processing too few or too many iterations.
How to Resolve
Before (Vulnerable)
// Vulnerable: hardcoded compute budget assumption
const BUDGET: u64 = 200_000;
let iterations = BUDGET / COST_PER_ITERATION;
for i in 0..iterations { process(i)?; }After (Fixed)
// Fixed: use runtime compute budget query
let remaining = sol_remaining_compute_units();
let safe_iterations = remaining / (COST_PER_ITERATION * 2); // 50% safety margin
for i in 0..safe_iterations { process(i)?; }Example JSON Finding
{
"detector": "compute-budget-injection",
"severity": "medium",
"confidence": 0.6,
"message": "Hardcoded compute budget constant used without runtime validation",
"location": { "function": "process", "block": 0, "statement": 1 }
}Detection Methodology
- Constant identification: Detects well-known compute budget constants (200K, 1.4M) in comparisons.
- Runtime check search: Verifies whether
sol_remaining_compute_units()is called. - Loop bound analysis: Flags loop bounds derived from hardcoded compute assumptions.
Limitations
False positives: Programs that use these constants for non-compute-related purposes. False negatives: Custom constants that happen to match compute budget values.
Related Detectors
- Compute Exhaustion — compute budget exhaustion
- DoS Compute Exhaustion — unbounded compute