Insecure Account Closing in Solana

Description

Writing the CLOSED_ACCOUNT_DISCRIMINATOR to a closed account is crucial to prevent the reuse of the account within the same transaction. This rule detects potential insecure account closing in Solana programs written in Rust.

Examples

Insecure Code

rust

fn close_account(ctx: Context<Bank>, account: &AccountInfo) {
    account.lamports.borrow_mut() = 0;
}

Secure Code

rust

fn close_account(ctx: Context<Bank>, account: &AccountInfo) {
    account.lamports.borrow_mut() = 0;
    cursor.write_all(&CLOSED_ACCOUNT_DISCRIMINATOR);
}

Remediation

Ensure that the CLOSED_ACCOUNT_DISCRIMINATOR is written to the account after it is closed.

Rule Details

Field	Value
ID	CODE-0004
Category	Crypto
Severity	CRITICAL
CWE	CWE-672
Confidence	LOW
Impact	HIGH
Likelihood	MEDIUM
Exploitability	EASY
Tags	solana, account closing, insecure
OWASP	N/A

References

https://github.com/Unboxed-Software/solana-course/blob/3718de75823c9d5f90c73ad7ab4feb1a5e4dd20c/content/closing-accounts.md#secure-account-closing

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure Account Closing in Solana

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Insecure Account Closing in Solana ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Insecure Account Closing in Solana

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References