Rent Collection Exploit
Detects rent collection exploit patterns and missing rent-exempt checks.
Rent Collection Exploit
Overview
The rent collection exploit detector identifies vulnerabilities in Solana rent collection handling where programs fail to properly account for rent-exempt requirements. It flags account creation without rent-exempt balance checks, lamport transfers that violate rent-exempt minimums, missing rent reclamation after account closure, and rent exemption bypass through partial lamport drainage.
For remediation guidance, see Rent Collection Exploit Remediation.
Why This Is an Issue
Accounts below the rent-exempt threshold are subject to rent collection which gradually drains their lamports. An attacker can deliberately reduce an account’s balance below the rent-exempt minimum, causing the runtime to eventually delete the account and all its data. This can be used to destroy user accounts, protocol state, or critical configuration data.
How to Resolve
Before (Vulnerable)
// Vulnerable: creates account without calculating rent
invoke(&system_instruction::create_account(
payer.key, account.key, 100_000, space, program_id // Hardcoded amount
), accounts)?;After (Fixed)
// Fixed: calculate rent-exempt minimum
let rent = Rent::get()?;
let lamports = rent.minimum_balance(space as usize);
invoke(&system_instruction::create_account(
payer.key, account.key, lamports, space, program_id
), accounts)?;Example JSON Finding
{
"detector": "rent-collection-exploit",
"severity": "high",
"confidence": 0.7,
"message": "Account creation without rent-exempt balance calculation",
"location": { "function": "initialize", "block": 0, "statement": 2 }
}Detection Methodology
- Account creation detection: Identifies CreateAccount CPI calls.
- Rent calculation check: Verifies lamport amounts are derived from
Rent::minimum_balance. - Post-transfer validation: Checks withdrawal operations for rent-exempt floor maintenance.
- Close pattern analysis: Verifies proper rent reclamation on account closure.
Limitations
False positives: Programs that always use amounts well above rent-exempt. False negatives: Gradual drainage across multiple transactions.
Related Detectors
- Rent Exemption Violation — rent requirement violations
- Insufficient Lamport Balance — balance validation