Closing Accounts Vulnerability
A vulnerability that arises when a program closes an account by zeroing its data and transferring lamports without setting the account's discriminator or data to a sentinel closed state before the end of the instruction, leaving a window within the same transaction where other instructions can still interact with the now-empty account. The Solana runtime only removes an account from the account set when its lamports reach zero at the end of a transaction, so mid-transaction the account still exists and a subsequent instruction can re-fund it and reinstate stale data, enabling an account revival attack. Anchor's close constraint writes a CLOSED_ACCOUNT_DISCRIMINATOR (8 bytes of 0xff) and uses a force-defund mechanism to prevent resurrection.
Sua exploração
0 termos visitados no totalTermos Relacionados
The process of reclaiming an account's lamports and marking it for deletion. To close an a…
Ver termo →A fee mechanism that charges accounts for storing data on-chain. Accounts must maintain a …
Ver termo →An exploit that resurrects an account that a program has logically closed within the same …
Ver termo →