★ Empty cToken-style market (zero supply/borrow)
Frax Finance's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Fraxlend is an original isolated-pair lending design, NOT a Compound V2 fork. The empty-cToken-market / donation-attack vector requires a Compound-style shared market with a zero-supply cToken pool. Fraxlend uses: (1) isolated pairs with independent accounting (no shared totalSupply across markets); (2) ERC-4626-based fToken system, not cToken mechanics; (3) original architecture confirmed by profile §5 'not forked', fraxlend GitHub README, and Trail of Bits 2022-11 audit scope. The Compound-fork prerequisite for RD-F-070 ★ does not apply. Note: the broader ERC-4626 share-inflation class (F074/F075) IS assessed separately for sfrxETH and Fraxlend fTokens.
Sources #
- URLFraxFinance/fraxlend GitHub READMEFraxFinance/fraxlend GitHub README: 'adheres to EIP-4626 Tokenized Vault Standard'; 'isolated market which allows anyone to create a market'retrieved 2026-05-17
- Frax Finance Protocol Profile §5 Fork Lineage00-profile.md §5 Fork Lineage: 'Fraxlend is an original isolated-pair lending design (not a Compound v2 or Aave fork)'retrieved 2026-05-17
- Trail of Bits 2022-11: Fraxlend & FraxFerry Security ReviewTrail of Bits 2022-11 audit (Fraxlend + FraxFerry): scoped Fraxlend as original design — scope description treats as novel isolated-pair architecture, no Compound fork characterizationretrieved 2026-05-17
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →