Rent Epoch Validation
Detects improper rent epoch validation and handling.
Rent Epoch Validation
Overview
Remediation Guide: How to Fix Rent Epoch Validation
The rent epoch validation detector identifies Solana programs that modify account data or transfer variable lamport amounts without validating rent-exempt status. Since most modern Solana programs use rent-exempt accounts (post-2021), this is primarily informational. However, programs handling account closure, reallocation, or working with non-rent-exempt accounts should validate rent status to prevent garbage collection.
Sigvex checks whether the function accesses the Rent sysvar before performing account modifications or variable lamport transfers.
Why This Is an Issue
- Account garbage collection: non-rent-exempt accounts can be purged by the runtime during epoch transitions, destroying state.
- Legacy compatibility: programs interacting with pre-2021 accounts or non-rent-exempt accounts must handle rent epochs correctly.
- Reallocation risks: changing account size changes the rent-exempt minimum, requiring re-validation.
CWE mapping: CWE-754 (Improper Check for Unusual Conditions), CWE-404 (Improper Resource Shutdown).
How to Resolve
Native Solana
let rent = Rent::get()?;
let min_balance = rent.minimum_balance(account.data_len());
require!(account.lamports() >= min_balance, ErrorCode::NotRentExempt);
// Now safe to modify account data
let mut data = account.data.borrow_mut();
data[8..16].copy_from_slice(&new_value.to_le_bytes());Anchor
// Anchor accounts are rent-exempt by default
// For manual operations, add rent validation
#[account(mut, constraint = account.to_account_info().lamports() >= Rent::get()?.minimum_balance(account.to_account_info().data_len()))]
pub account: Account<'info, MyState>,Examples
JSON Finding
{
"detector": "rent-epoch-validation",
"severity": "Low",
"confidence": 0.60,
"title": "Account Data Modification Without Rent Validation",
"description": "Program modifies account data without validating rent-exempt status.",
"cwe": [754]
}Detection Methodology
The detector scans for Rent sysvar access (syscalls containing “rent”, “minimum_balance”, or “is_exempt”) and checks whether such access exists before StoreAccountData operations with variable values or variable-amount TransferLamports. Constant value stores and constant transfers are excluded as low risk.
Limitations
- The detector is informational for modern programs since most accounts are rent-exempt.
- It cannot distinguish between programs that genuinely need rent validation and those that only use rent-exempt accounts.
- Anchor programs receive reduced confidence since Anchor enforces rent exemption at account creation.
Related Detectors
- Missing Rent Check - detects missing rent checks on transfers.
- Rent Exempt Epoch Transition - detects cached rent values.
- Rent Withdrawal Balance - detects withdrawals without balance checks.