Document security hazards of system_interface::instruction::create_account (#416)

tobias-nd · web-flow · commit 488a3caa85f6 · 2025-11-08T00:18:47.000+01:00
diff --git a/system-interface/src/instruction.rs b/system-interface/src/instruction.rs
@@ -298,7 +298,7 @@ pub enum SystemInstruction {
     },
 }
 
-/// Create an account.
+/// Create an account, failing if the account previously had any balance.
 ///
 /// This function produces an [`Instruction`] which must be submitted in a
 /// [`Transaction`] or [invoked] to take effect, containing a serialized
@@ -312,6 +312,13 @@ pub enum SystemInstruction {
 /// [`transfer`] lamports for rent, [`assign`] to its owning program. The
 /// [`create_account`] function does all three at once.
 ///
+/// # Security issues
+///
+/// Using this function is a security issue if the `to_address` is predictable
+/// by an attacker. The attacker can prefund the address with lamports and
+/// thereby prevent the successful execution of the `create_account` call. This
+/// can DoS an on-chain program.
+///
 /// # Required signers
 ///
 /// The `from_address` and `to_address` signers must sign the transaction.
