ERC-4626 virtual-share offset (OZ ≥4.9)
Beefy Finance's assessment for RD-F-074 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
BeefyVaultV7 is explicitly NOT an ERC-4626 vault (confirmed by source read). No _decimalsOffset(), no virtual-share offset, no OpenZeppelin 4.9 ERC-4626 pattern in the core vault. This factor's definition asks about 'ERC-4626 vaults using OZ >=4.9 virtual-share offset' — inapplicable to a non-ERC-4626 architecture. Note: Beefy's separate thin ERC-4626 Wrapper product (audited by Zellic 2023-08) did have an inflation-attack finding which was fixed in commit 39a7e1a. The underlying BeefyVaultV7 mooToken share-accounting vulnerability is assessed in RD-F-075.
Sources #
- InternalBeefy protocol profile — architecture noteprofile 00-profile.md §11: 'BeefyVaultV7 does NOT implement ERC-4626 (confirmed by source inspection)'retrieved 2026-05-16
- BeefyVaultV7.sol — core vault implementationBeefyVaultV7.sol source — no _decimalsOffset, no virtual offset, no ERC-4626 interface (WebFetch 2026-05-16)retrieved 2026-05-16
- Beefy Zellic 4626 Wrapper AuditZellic ERC-4626 Wrapper Audit 2023-08-03 — inflation attack found in wrapper, fixed in commit 39a7e1a; core vault not ERC-4626retrieved 2026-05-16
Methodology #
Determine whether ERC-4626 vaults use OpenZeppelin ≥4.9 virtual-share offset pattern to prevent first-depositor share-inflation.
See the full factor methodology and distribution across all protocols →