Compute Exhaustion

Overview

The compute exhaustion detector identifies resource management issues related to Solana’s compute unit budget constraints (200K base, 1.4M with optimization). It focuses on CPI calls in loops (always flagged since even bounded loops with CPI are expensive) and true infinite loops with no exit condition.

For remediation guidance, see Compute Exhaustion Remediation.

Why This Is an Issue

Each CPI call consumes a significant portion of the compute budget. A single CPI invocation inside a loop that iterates even 5-10 times can exhaust the budget, causing the entire transaction to fail. True infinite loops without exit conditions will always exhaust compute units. Both patterns create denial-of-service vectors where attackers can prevent legitimate operations.

How to Resolve

Before (Vulnerable)

// Vulnerable: CPI in loop -- expensive even when bounded
pub fn settle_all(ctx: Context<Settle>) -> Result<()> {
    let positions = load_positions(&ctx.accounts.state)?;
    for pos in positions.iter() {
        settle_position(ctx.accounts, pos)?;  // CPI call per iteration
    }
    Ok(())
}

After (Fixed)

// Fixed: settle one position per transaction
pub fn settle_one(ctx: Context<Settle>, position_index: u32) -> Result<()> {
    let positions = load_positions(&ctx.accounts.state)?;
    require!((position_index as usize) < positions.len(), ErrorCode::InvalidIndex);
    settle_position(ctx.accounts, &positions[position_index as usize])?;
    Ok(())
}

Example JSON Finding

{
  "detector": "compute-exhaustion",
  "severity": "high",
  "confidence": 0.85,
  "message": "CPI call in loop body -- even bounded iteration risks compute budget exhaustion",
  "location": { "function": "settle_all", "block": 2, "statement": 1 }
}

Detection Methodology

1. Loop identification via back-edge analysis: Uses CFG analysis to identify actual loops, not just jump instructions.
2. CPI-in-loop flagging: Any CPI call within a loop body is flagged regardless of bounds.
3. Infinite loop detection: Identifies loops where no block in the loop structure contains an exit condition.
4. Normal bounded loops excluded: Loops with proper exit conditions and no CPI calls are not flagged.

Limitations

False positives: CPI calls in loops with very small, constant bounds (e.g., exactly 2 iterations) may be acceptable in practice. False negatives: Expensive computation without CPI (pure arithmetic) may not be detected.

Related Detectors

• DoS Compute Exhaustion — user-input-driven compute exhaustion
• Stack Depth Violation — CPI depth limit violations

References

• Solana — Compute Budget
• CWE-835: Loop with Unreachable Exit Condition