Insufficient Lamport Balance Remediation
How to fix missing lamport balance validation before transfers.
Insufficient Lamport Balance Remediation
Overview
Related Detector: Insufficient Lamport Balance
Missing balance validation before lamport transfers can cause underflow panics or denial-of-service. The fix is to always validate that the source account holds enough lamports to cover the transfer while maintaining rent-exempt minimum balance.
Recommended Fix
Before (Vulnerable)
// Vulnerable: no balance check
**vault.lamports.borrow_mut() -= amount;
**user.lamports.borrow_mut() += amount;After (Fixed)
// Fixed: check balance and rent exemption
let rent = Rent::get()?;
let min_balance = rent.minimum_balance(vault.data_len());
require!(
vault.lamports() >= amount + min_balance,
ProgramError::InsufficientFunds
);
**vault.lamports.borrow_mut() -= amount;
**user.lamports.borrow_mut() += amount;Alternative Mitigations
Use Checked Arithmetic
let new_balance = vault.lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
require!(new_balance >= min_balance, ProgramError::InsufficientFunds);
**vault.lamports.borrow_mut() = new_balance;Common Mistakes
Mistake: Checking Against Zero Only
// WRONG: allows draining below rent-exempt minimum
require!(vault.lamports() >= amount, ProgramError::InsufficientFunds);Always account for rent-exempt minimum: balance - amount >= rent_minimum.
Mistake: Checking After Transfer
// WRONG: underflow already happened
**vault.lamports.borrow_mut() -= amount;
require!(vault.lamports() >= min_balance, Error::BelowRentExempt);Always validate before mutation.