First-depositor / share-inflation guard

GMX v2 (GMX Synthetics)'s assessment for RD-F-075 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GMX v2 implements an explicit first-depositor guard in ExecuteDepositUtils.sol via the _validateFirstDeposit function. When marketTokensSupply equals zero (new or empty pool): (1) RECEIVER_FOR_FIRST_DEPOSIT is defined as address(1) — a burn address — and the function reverts with InvalidReceiverForFirstDeposit if the deposit receiver is any other address; (2) deposit.minMarketTokens() must meet a protocol-defined minimum floor, reverting with InvalidMinMarketTokensForFirstDeposit otherwise; (3) any positive price impact USD amount is set to zero to prevent double-counting on the first deposit. The contract includes the inline comment 'this also helps to prevent manipulation of the market token price by the first depositor.' The classic share-inflation attack (first depositor mints 1 wei of shares, donates collateral to inflate share price, second depositor gets zero shares due to rounding) is blocked by routing all initial shares to the burn address. This is an on-chain code-enforced g

Sources #

GitHub
GMX synthetics — ExecuteDepositUtils.sol (first-depositor guard, not Compound model)https://raw.githubusercontent.com/gmx-io/gmx-synthetics/main/contracts/deposit/ExecuteDepositUtils.solretrieved 2026-05-05
GitHub
GMX synthetics — MarketToken.sol source (ERC20+Bank inheritance, no Compound interface)https://raw.githubusercontent.com/gmx-io/gmx-synthetics/main/contracts/market/MarketToken.solretrieved 2026-05-05

Methodology #

Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-075 score green collected_at 2026-05-05 11:15:06