Frozen Account Operations
Detects token operations performed without checking if the account is frozen.
Frozen Account Operations
Overview
Remediation Guide: How to Fix Frozen Account Operations
The frozen account operations detector identifies token operations (transfers, mints, burns) performed on accounts without first checking whether the account’s state is Frozen. The SPL Token program rejects operations on frozen accounts at runtime, but programs that lack explicit checks produce confusing error messages and may have unexpected control flow behavior.
Why This Is an Issue
Token accounts have a state field that can be Initialized or Frozen. When a program attempts operations on frozen accounts without checking:
- Unclear error handling: The SPL Token program returns a generic error rather than a program-specific message
- Unexpected transaction failures: Operations silently fail without clear indication to users
- Logic errors: Programs that rely on operation success may enter inconsistent states
This is a low-severity finding because the SPL Token runtime enforces frozen checks — operations on frozen accounts are rejected regardless. The issue is about code quality and error handling rather than direct exploitability.
CWE mapping: CWE-754 (Improper Check for Unusual Conditions).
How to Resolve
pub fn transfer(accounts: &[AccountInfo], amount: u64) -> ProgramResult {
let source = &accounts[0];
let token_data = Account::unpack(&source.data.borrow())?;
// Check frozen state before attempting transfer
if token_data.state == AccountState::Frozen {
msg!("Source token account is frozen");
return Err(ProgramError::Custom(ErrorCode::AccountFrozen as u32));
}
// Proceed with transfer
Ok(())
}Examples
Sample Sigvex Output
{
"detector_id": "spl-token-frozen-account-operations",
"severity": "low",
"confidence": 0.65,
"description": "Token operation performed without checking if account is frozen. SPL Token runtime will reject the operation, but explicit checks provide better error handling.",
"location": { "function": "transfer", "offset": 2 }
}Detection Methodology
- State field tracking: Identifies reads from the token account state field (offset 108 in the Account struct).
- Frozen check detection: Tracks comparison operations that check the state field against the frozen value.
- Operation analysis: Flags Transfer, TransferChecked, and MintTo operations on accounts without prior frozen state validation.
Limitations
- This is a code quality issue, not a direct security vulnerability, since SPL Token enforces frozen checks at runtime.
- State field reads at specific offsets are heuristic-based and may not cover all access patterns.
Related Detectors
- SPL Token Freeze Burn — detects freeze/burn authority issues
- SPL Token Account Close — detects unsafe account close operations