Account Size Violation Remediation

Overview

Related Detector: Account Size Violation

Account data writes that exceed the allocated space cause runtime failures. The fix is to validate all variable-length input against maximum sizes before storing, and to allocate accounts with sufficient space including padding for future growth.

Recommended Fix

Before (Vulnerable)

metadata.name = name;  // No size check
metadata.uri = uri;

After (Fixed)

require!(name.len() <= MAX_NAME_LEN, ErrorCode::NameTooLong);
require!(uri.len() <= MAX_URI_LEN, ErrorCode::UriTooLong);
metadata.name = name;
metadata.uri = uri;

Alternative Mitigations

Anchor MAX_SIZE

Use Anchor’s #[account] attribute with INIT_SPACE to calculate exact space:

#[account]
#[derive(InitSpace)]
pub struct Metadata {
    #[max_len(32)]
    pub name: String,
    #[max_len(200)]
    pub uri: String,
}

Common Mistakes

Mistake: Not Accounting for Borsh Overhead

// WRONG: forgets Borsh Vec/String length prefix (4 bytes each)
const SPACE: usize = 8 + 32 + 200;  // discriminator + name + uri
// Correct: 8 + (4 + 32) + (4 + 200) = 248

Include the 4-byte length prefix for each dynamic field in space calculations.

References

• Solana — Accounts
• CWE-787: Out-of-bounds Write