★ Empty cToken-style market (zero supply/borrow)

Spark Protocol's assessment for RD-F-070 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

sUSDS ERC4626 implementation does not include virtual-share offset (_decimalsOffset() = 0). First-depositor inflation attack theoretically possible on empty vault initialization. Critical ★ factor scored yellow given mitigating controls.

Sources #

GitHub
https://github.com/makerdao/sdai/blob/susds/src/SUsds.solretrieved 2026-04-21

Methodology #

Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spark factor RD-F-070 score yellow collected_at 2026-04-27 01:00:42