Merge pull request #27 from lazor-kit/fix/audit-5-rent-sysvar

fix(audit-5): use Rent sysvar instead of hardcoded rent calculations

Author: onspeedhp

Cargo.lock

@@ -6,6 +6,7 @@ use pinocchio::{
     program::invoke_signed,
     program_error::ProgramError,
     pubkey::{find_program_address, Pubkey},
+    sysvars::rent::Rent,
     ProgramResult,
 };
 
@@ -65,6 +66,7 @@ impl CreateSessionArgs {
 /// 3. `[signer, writable]` Authorizer: Authority approving this session creation.
 /// 4. `[writable]` Session PDA: The new session account.
 /// 5. `[]` System Program.
+/// 6. `[]` Rent Sysvar.
 pub fn process(
     program_id: &Pubkey,
     accounts: &[AccountInfo],
@@ -88,6 +90,12 @@ pub fn process(
     let system_program = account_info_iter
         .next()
         .ok_or(ProgramError::NotEnoughAccountKeys)?;
+    let rent_sysvar = account_info_iter
+        .next()
+        .ok_or(ProgramError::NotEnoughAccountKeys)?;
+
+    // Get rent from sysvar (fixes audit issue #5 - hardcoded rent calculations)
+    let rent = Rent::from_account_info(rent_sysvar)?;
 
     if wallet_pda.owner() != program_id || authorizer_pda.owner() != program_id {
         return Err(ProgramError::IllegalOwner);
@@ -165,15 +173,11 @@ pub fn process(
 
     // Create Session Account
     let space = std::mem::size_of::<SessionAccount>();
-    // Rent: 897840 + (space * 6960)
-    let rent = (space as u64)
-        .checked_mul(6960)
-        .and_then(|val| val.checked_add(897840))
-        .ok_or(ProgramError::ArithmeticOverflow)?;
+    let session_rent = rent.minimum_balance(space);
 
     let mut create_ix_data = Vec::with_capacity(52);
     create_ix_data.extend_from_slice(&0u32.to_le_bytes());
-    create_ix_data.extend_from_slice(&rent.to_le_bytes());
+    create_ix_data.extend_from_slice(&session_rent.to_le_bytes());
     create_ix_data.extend_from_slice(&(space as u64).to_le_bytes());
     create_ix_data.extend_from_slice(program_id.as_ref());
 

program/src/processor/create_session.rs

@@ -5,6 +5,7 @@ use pinocchio::{
     instruction::Seed,
     program_error::ProgramError,
     pubkey::{find_program_address, Pubkey},
+    sysvars::rent::Rent,
     ProgramResult,
 };
 
@@ -68,6 +69,7 @@ impl CreateWalletArgs {
 /// 3. `[writable]` Vault PDA: Derived from `["vault", wallet_pubkey]`.
 /// 4. `[writable]` Authority PDA: Derived from `["authority", wallet_pubkey, id_seed]`.
 /// 5. `[]` System Program.
+/// 6. `[]` Rent Sysvar.
 pub fn process(
     program_id: &Pubkey,
     accounts: &[AccountInfo],
@@ -108,6 +110,12 @@ pub fn process(
     let system_program = account_info_iter
         .next()
         .ok_or(ProgramError::NotEnoughAccountKeys)?;
+    let rent_sysvar = account_info_iter
+        .next()
+        .ok_or(ProgramError::NotEnoughAccountKeys)?;
+
+    // Get rent from sysvar (fixes audit issue #5 - hardcoded rent calculations)
+    let rent = Rent::from_account_info(rent_sysvar)?;
 
     let (wallet_key, wallet_bump) = find_program_address(&[b"wallet", &args.user_seed], program_id);
     if !sol_assert_bytes_eq(wallet_pda.key().as_ref(), wallet_key.as_ref(), 32) {
@@ -131,13 +139,7 @@ pub fn process(
     // --- 1. Initialize Wallet Account ---
     // Calculate rent-exempt balance for fixed 8-byte wallet account layout.
     let wallet_space = 8;
-    // 897840 + (space * 6960)
-    let rent_base = 897840u64;
-    let rent_per_byte = 6960u64;
-    let wallet_rent = (wallet_space as u64)
-        .checked_mul(rent_per_byte)
-        .and_then(|val| val.checked_add(rent_base))
-        .ok_or(ProgramError::ArithmeticOverflow)?;
+    let wallet_rent = rent.minimum_balance(wallet_space);
 
     // Use secure transfer-allocate-assign pattern to prevent DoS (Issue #4)
     let wallet_bump_arr = [wallet_bump];
@@ -182,12 +184,7 @@ pub fn process(
     };
 
     let auth_space = header_size + variable_size;
-
-    // Rent calculation: 897840 + (space * 6960)
-    let auth_rent = (auth_space as u64)
-        .checked_mul(6960)
-        .and_then(|val| val.checked_add(897840))
-        .ok_or(ProgramError::ArithmeticOverflow)?;
+    let auth_rent = rent.minimum_balance(auth_space);
 
     // Use secure transfer-allocate-assign pattern to prevent DoS (Issue #4)
     let auth_bump_arr = [auth_bump];

program/src/processor/create_wallet.rs

@@ -127,6 +127,7 @@ export async function createWalletInstruction(
             { address: vaultPda, role: 1 }, // writable
             { address: authorityPda, role: 1 }, // writable
             { address: address("11111111111111111111111111111111"), role: 0 }, // system program
+            { address: address("SysvarRent111111111111111111111111111111111"), role: 0 }, // rent sysvar
         ],
         data,
     };
@@ -260,6 +261,7 @@ export async function createSessionInstruction(
         { address: authorizerPda, role: 1 },
         { address: sessionPda, role: 1 },
         { address: address("11111111111111111111111111111111"), role: 0 },
+        { address: address("SysvarRent111111111111111111111111111111111"), role: 0 }, // rent sysvar
     ];
 
     if (authorizerSigner) {

sdk/src/instructions.ts

@@ -9,9 +9,7 @@ path = "src/main.rs"
 
 [dependencies]
 litesvm = "0.9.1"
-solana-pubkey = { version = "2.1", features = [
-    "std",
-] } # Assuming 2.1 is compatible or latest
+solana-pubkey = { version = "2.1", features = ["std"] }
 solana-account = "3.4"
 solana-hash = "4.1"
 solana-keypair = "3.1"
@@ -21,8 +19,9 @@ solana-message = "3.0"
 solana-system-program = "3.1"
 solana-clock = "3.0"
 solana-signer = "3.0"
-solana-address = "2.1" # Check if litesvm uses 2.1 (yes, see output)
-solana-program = "2.1" # Contract uses this, keep it for constants?
+solana-address = "2.1"
+solana-program = "2.1"
+solana-sysvar = "3.0"
 anyhow = "1.0"
 rand = "0.8"
 p256 = { version = "0.13", features = ["ecdsa"] }

tests-e2e/Cargo.toml

@@ -6,6 +6,7 @@ use solana_message::Message;
 use solana_pubkey::Pubkey;
 use solana_signer::Signer;
 use solana_system_program;
+use solana_sysvar;
 use solana_transaction::Transaction;
 
 pub fn run(ctx: &mut TestContext) -> Result<()> {
@@ -57,6 +58,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(vault_a.to_address(), false),
             AccountMeta::new(owner_a_auth.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data: data_a,
     };
@@ -87,6 +89,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(vault_b.to_address(), false),
             AccountMeta::new(owner_b_auth.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data: data_b,
     };

tests-e2e/src/scenarios/cross_wallet_attacks.rs

@@ -6,6 +6,7 @@ use solana_message::Message;
 use solana_pubkey::Pubkey;
 use solana_signer::Signer;
 use solana_system_program;
+use solana_sysvar;
 use solana_transaction::Transaction;
 
 pub fn run(ctx: &mut TestContext) -> Result<()> {
@@ -79,6 +80,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(vault_pda.to_address(), false),
             AccountMeta::new(auth_pda.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data,
     };

tests-e2e/src/scenarios/dos_attack.rs

@@ -5,6 +5,7 @@ use solana_keypair::Keypair;
 use solana_pubkey::Pubkey;
 use solana_signer::Signer;
 use solana_system_program;
+use solana_sysvar;
 // use solana_transaction::Transaction; // Transaction usage needs refactor
 use solana_message::Message;
 use solana_transaction::Transaction;
@@ -46,6 +47,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(Signer::pubkey(&owner_keypair).to_address(), true), // owner
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data,
     };
@@ -262,6 +264,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(Signer::pubkey(&owner_keypair).to_address(), true),
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data: [
             vec![1, 3],                         // AddAuthority(Session)

tests-e2e/src/scenarios/failures.rs

@@ -9,6 +9,7 @@ use solana_program::hash::hash;
 use solana_pubkey::Pubkey;
 use solana_signer::Signer;
 use solana_system_program;
+use solana_sysvar;
 use solana_transaction::Transaction;
 
 pub fn run(ctx: &mut TestContext) -> Result<()> {
@@ -50,6 +51,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new(vault_pda.to_address(), false),
             AccountMeta::new(owner_auth_pda.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
         ],
         data,
     };
@@ -204,6 +206,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new_readonly(owner_auth_pda.to_address(), false),
             AccountMeta::new(session_pda.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
             AccountMeta::new_readonly(Signer::pubkey(&owner_keypair).to_address(), true),
         ],
         data: session_data,

tests-e2e/src/scenarios/happy_path.rs

@@ -1,3 +1,4 @@
 pub mod cross_wallet_attacks;
+pub mod dos_attack;
 pub mod failures;
 pub mod happy_path;