Rent Exemption Violation

Overview

The rent exemption violation detector identifies cases where accounts are created or modified without maintaining the minimum rent-exempt balance. Accounts that fall below the rent-exempt threshold are subject to rent collection, which can drain their lamports over time and eventually delete the account, causing data loss.

For remediation guidance, see Rent Exemption Violation Remediation.

Why This Is an Issue

Solana requires accounts to maintain a minimum lamport balance proportional to their data size to remain rent-exempt. If a program creates an account without sufficient lamports, or transfers lamports out of an account below the rent-exempt minimum, the account becomes rent-paying. Over time, rent collection reduces the balance to zero, deleting the account and all its data. This can cause permanent data loss for user accounts and protocol state.

How to Resolve

Before (Vulnerable)

// Vulnerable: creates account without rent calculation
pub fn create_vault(accounts: &[AccountInfo], space: usize) -> ProgramResult {
    let vault = &accounts[0];
    let payer = &accounts[1];
    invoke(
        &system_instruction::create_account(
            payer.key, vault.key,
            1_000_000,  // Hardcoded -- may not be rent-exempt
            space as u64,
            &program_id,
        ),
        accounts,
    )
}

After (Fixed)

// Fixed: calculates rent-exempt minimum
pub fn create_vault(accounts: &[AccountInfo], space: usize) -> ProgramResult {
    let vault = &accounts[0];
    let payer = &accounts[1];
    let rent = Rent::get()?;
    let min_lamports = rent.minimum_balance(space);

    invoke(
        &system_instruction::create_account(
            payer.key, vault.key,
            min_lamports,
            space as u64,
            &program_id,
        ),
        accounts,
    )
}

Example JSON Finding

{
  "detector": "rent-exemption-violation",
  "severity": "high",
  "confidence": 0.65,
  "message": "Account creation with hardcoded lamport amount may violate rent exemption",
  "location": { "function": "create_vault", "block": 0, "statement": 3 }
}

Detection Methodology

1. Account creation detection: Identifies CPI calls to the System Program’s CreateAccount instruction.
2. Rent calculation search: Checks whether the lamport amount is derived from Rent::get()?.minimum_balance().
3. Hardcoded value flagging: Flags literal lamport values in account creation that are not dynamically computed.
4. Post-transfer validation: Checks whether lamport withdrawals verify remaining balance meets rent-exempt minimum.

Limitations

False positives: Programs that always create accounts with very large balances may use hardcoded values that are sufficient. False negatives: Rent violations caused by gradual lamport drainage across multiple transactions are not detected.

Related Detectors

• Rent Collection Exploit — rent drainage attacks
• Account Size Violation — account size issues affecting rent
• Insufficient Lamport Balance — balance validation

References

• Solana — Rent
• CWE-404: Improper Resource Shutdown or Release