ERC-4626 virtual-share offset (OZ ≥4.9)
Pendle Finance's assessment for RD-F-074 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Pendle's LP AMM accounting is not ERC-4626 — it uses exchange-rate-based SYUtils.sol conversion with MINIMUM_LIQUIDITY = 1000 LP locked at first deposit (Uniswap-V2 pattern). This mitigates the direct ERC-4626 virtual-share inflation attack for LP tokens. However, Pendle's SY wrapper contracts wrap external ERC-4626 vaults (Aave aTokens, Ethena sUSDe, Lido stETH, etc.). While the protocol uses OZ 4.9.3 (which includes the virtual-share offset in its ERC-4626 implementation), it cannot be confirmed from available evidence that all individual SY wrapper contracts across hundreds of deployed markets on 6+ chains uniformly implement the OZ 4.9.3 virtual-share offset. Coverage uncertainty across the SY wrapper population produces a yellow rating.
Sources #
- URLMixBytes — Yield Tokenization Protocols: PendleMixBytes analysis: MINIMUM_LIQUIDITY added to protocol reserves to protect against front-running initial depositretrieved 2026-04-29
- MarketMathCore.sol — MINIMUM_LIQUIDITYMarketMathCore.sol: MINIMUM_LIQUIDITY = 10^3 locked at first LP deposit — partial first-depositor protectionretrieved 2026-04-29
- SYUtils.sol — Exchange Rate ConversionSYUtils.sol: exchange rate conversion (syToAsset, assetToSy) using ONE=1e18, not ERC-4626 share patternretrieved 2026-04-29
- Pendle Data Cache — GitHub oz_contracts_versiondata-cache: oz_contracts_version = 4.9.3 — OZ 4.9.3 includes virtual-share offset in ERC-4626retrieved 2026-04-28
Methodology #
Determine whether ERC-4626 vaults use OpenZeppelin ≥4.9 virtual-share offset pattern to prevent first-depositor share-inflation.
See the full factor methodology and distribution across all protocols →