Skip to main content
Sigvex

Frozen Account Operations

Detects token operations performed without checking if the account is frozen.

Frozen Account Operations

Overview

Remediation Guide: How to Fix Frozen Account Operations

The frozen account operations detector identifies token operations (transfers, mints, burns) performed on accounts without first checking whether the account’s state is Frozen. The SPL Token program rejects operations on frozen accounts at runtime, but programs that lack explicit checks produce confusing error messages and may have unexpected control flow behavior.

Why This Is an Issue

Token accounts have a state field that can be Initialized or Frozen. When a program attempts operations on frozen accounts without checking:

  • Unclear error handling: The SPL Token program returns a generic error rather than a program-specific message
  • Unexpected transaction failures: Operations silently fail without clear indication to users
  • Logic errors: Programs that rely on operation success may enter inconsistent states

This is a low-severity finding because the SPL Token runtime enforces frozen checks – operations on frozen accounts are rejected regardless. The issue is about code quality and error handling rather than direct exploitability.

CWE mapping: CWE-754 (Improper Check for Unusual Conditions).

How to Resolve

pub fn transfer(accounts: &[AccountInfo], amount: u64) -> ProgramResult {
    let source = &accounts[0];
    let token_data = Account::unpack(&source.data.borrow())?;

    // Check frozen state before attempting transfer
    if token_data.state == AccountState::Frozen {
        msg!("Source token account is frozen");
        return Err(ProgramError::Custom(ErrorCode::AccountFrozen as u32));
    }

    // Proceed with transfer
    Ok(())
}

Examples

Sample Sigvex Output

{
  "detector_id": "spl-token-frozen-account-operations",
  "severity": "low",
  "confidence": 0.65,
  "description": "Token operation performed without checking if account is frozen. SPL Token runtime will reject the operation, but explicit checks provide better error handling.",
  "location": { "function": "transfer", "offset": 2 }
}

Detection Methodology

  1. State field tracking: Identifies reads from the token account state field (offset 108 in the Account struct).
  2. Frozen check detection: Tracks comparison operations that check the state field against the frozen value.
  3. Operation analysis: Flags Transfer, TransferChecked, and MintTo operations on accounts without prior frozen state validation.

Limitations

  • This is a code quality issue, not a direct security vulnerability, since SPL Token enforces frozen checks at runtime.
  • State field reads at specific offsets are heuristic-based and may not cover all access patterns.

References