From 0dc32f67dfa2d296bf48eb0b63f8869eae0d5d74 Mon Sep 17 00:00:00 2001
From: Ryo Onodera <ryoqun@gmail.com>
Date: Fri, 30 Oct 2020 15:17:41 +0900
Subject: [PATCH] Document about the known fake rent issue (#753)

* Document about the known fake rent issue

* Bad english

* Apply suggestions from code review

Co-authored-by: Tyera Eulberg <teulberg@gmail.com>

* Fix link

* Apply more suggestions

Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
---
 docs/src/token.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/docs/src/token.md b/docs/src/token.md
index 8b57bed9..73cb8c9a 100644
--- a/docs/src/token.md
+++ b/docs/src/token.md
@@ -389,6 +389,15 @@ instruction from within their program.
 The `Burn` instruction decreases an Account's token balance without transferring
 to another Account, effectively removing the token from circulation permanently.
 
+There is no other way to reduce supply on chain. This is similar to transferring
+to an account with unknown private key or destroying a private key. But the act
+of burning by using `Burn` instructions is more explicit and can be confirmed on
+chain by any parties.
+
+Note: there is a method by which a malicious and determined account owner
+can silently burn their tokens without updating supply on chain by making an
+account that is removed by rent collection because of [this known issue](#rent-exemption-loophole).
+
 ### Authority delegation
 
 Account owners may delegate authority over some or all of their token balance
@@ -449,6 +458,15 @@ consistently valid Multisig accounts all Solana accounts holding a Account,
 Mint, or Multisig must contain enough SOL to be considered [rent
 exempt](https://docs.solana.com/implemented-proposals/rent)
 
+#### Rent-exemption loophole
+
+However note that there is currently a loophole to escape from the rent-exemption
+rule. It is possible to create SPL Token accounts that are not rent exempt by
+spoofing the Rent sysvar, since
+[there are insufficient sysvar checks](https://github.com/solana-labs/solana/pull/13175)
+in the program. This could be abused to burn tokens by transferring tokens to
+a non-exempt Account that is subsequently rent-collected out of existence.
+
 ### Closing accounts
 
 An account may be closed using the `CloseAccount` instruction. When closing an