defirisk.co
rubric v1.7.0

ERC-4626 virtual-share offset (OZ ≥4.9)

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-074 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not_applicable per PD-024 (lending-only factor) and protocol structure. bUSD0 (formerly USD0++) is a locked bond token, not an ERC-4626 vault. The virtual-share inflation attack requires a share-ratio accounting model (ERC-4626 previewDeposit/convertToShares); bUSD0 is a 1:1 lock-and-mint bond mechanism with no share-ratio computation. USUALx (staked USUAL) may use a vault pattern but that is code-security-analyst scope (Cat 1).

Sources #

  • Docs
    Usual docs — bUSD0 bond mechanismdocs.usual.money/llms-full.txt — bUSD0 described as bond token with maturity June 11, 2028; 1:1 USD0 lock mechanism, no share-ratio accountingretrieved 2026-05-17
  • Internal
    Protocol profile §3 — bUSD0 as locked bond, not ERC-4626Profile 00-profile.md §3 — bUSD0 Token at 0x35D8949372D46B7a3D5A56006AE77B215fc69bC0, described as locked bond token; no ERC-4626 vault descriptionretrieved 2026-05-17

Methodology #

Determine whether ERC-4626 vaults use OpenZeppelin ≥4.9 virtual-share offset pattern to prevent first-depositor share-inflation.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-074 score not_applicable collected_at 2026-05-16 20:39:44