Improper Error Handling
Detects silently ignored errors or improper error propagation in Solana programs.
Improper Error Handling
Overview
The improper error handling detector identifies patterns where errors from critical operations are silently ignored, swallowed, or improperly propagated. This includes discarded CPI return values, error logging without propagation, and conditional branches that silently swallow error cases.
For remediation guidance, see Improper Error Handling Remediation.
Why This Is an Issue
When a CPI call, deserialization, or arithmetic operation returns an error that the program ignores, execution continues with potentially invalid state. A failed transfer that goes undetected could allow a user to withdraw tokens they never deposited. On Solana, silently swallowed errors can cause partial state corruption within a single instruction if later writes proceed with stale assumptions based on an operation that actually failed.
How to Resolve
Before (Vulnerable)
use solana_program::program::invoke;
// Vulnerable: CPI result ignored
pub fn process(accounts: &[AccountInfo], amount: u64) -> ProgramResult {
let ix = create_transfer_ix(accounts, amount);
let _ = invoke(&ix, accounts); // Error silently dropped
update_state(accounts, amount)?;
Ok(())
}After (Fixed)
use solana_program::program::invoke;
// Fixed: CPI result properly propagated
pub fn process(accounts: &[AccountInfo], amount: u64) -> ProgramResult {
let ix = create_transfer_ix(accounts, amount);
invoke(&ix, accounts)?; // Error propagated with ?
update_state(accounts, amount)?;
Ok(())
}Example JSON Finding
{
"detector": "improper-error-handling",
"severity": "medium",
"confidence": 0.6,
"message": "CPI return value discarded -- failure will not halt execution",
"location": { "function": "process", "block": 1, "statement": 3 }
}Detection Methodology
- Result value tracking: Identifies variables assigned from Result-producing operations (CPI, syscalls, deserialization).
- Usage analysis: Checks whether Result variables are consumed in branch conditions or propagated with
?. - CPI return validation: Specifically flags CPI invocations whose return values are discarded or assigned to
_. - Silent error pattern detection: Identifies catch-all patterns that log errors but do not propagate them.
Limitations
False positives: Intentionally ignored results on idempotent or best-effort operations (like logging) may be flagged. False negatives: Error handling that occurs in separate helper functions called after the operation may not be detected within the same function scope.
Related Detectors
- CPI Reentrancy — related CPI security concerns
- Input Validation — validates inputs before operations