★ Empty cToken-style market (zero supply/borrow)
Dolomite's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
NOT APPLICABLE. Dolomite is derived from dYdX Solo-Margin (github.com/dydxprotocol/solo), NOT from Compound V2. The DolomiteMargin core uses a per-account Wei/Par balance model: Par tracks principal shares per subaccount; Wei tracks actual asset value after interest index application via Interest.parToWei() / Interest.totalParToWei(). No fungible cToken is minted per depositor; no shared pool exists whose share-price can be inflated by a first-depositor donation. The empty-cToken donation attack vector targets the Compound V2 architecture specifically (shared totalSupply/totalBorrow pool where first-depositor can inflate exchange rate via direct transfer). This attack surface is architecturally absent in the dYdX-Solo-Margin-derived design. Verified from OperationImpl.sol source inspection. A distinct ERC-4626 first-depositor risk exists in dTokens and is assessed separately under F074/F075.
Sources #
- DocsDolomite dTokens DocumentationdTokens are ERC-4626 wrappers on top of the Par/Wei account model, documented separately; base layer is NOT cToken-styleretrieved 2026-05-16
- dolomite-exchange/dolomite-margin - Fork of dydxprotocol/solodolomite-margin repository explicitly states forked from dydxprotocol/solo in repository metadata; Apache-2.0 license consistent with dYdX Solo lineageretrieved 2026-05-16
- DolomiteMargin OperationImpl.sol - accounting model verificationOperationImpl.sol inspection confirms per-account Wei/Par balance tracking via Interest.parToWei() and Interest.totalParToWei(); no cToken minting path; fork lineage from dydxprotocol/solo confirmedretrieved 2026-05-16
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →