★ Empty cToken-style market (zero supply/borrow)
Yearn Finance's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Yearn Finance is an original protocol (not a Compound V2 fork) and has no cToken-style borrow/supply markets. The donation/empty-market attack pattern (attacker donates assets to an empty cToken market, manipulating the exchange rate) requires a Compound V2 fork architecture with market primitives (totalSupply, totalBorrow, exchangeRateCurrent). No such architecture exists in any Yearn V2 or V3 contract. Hacksdatabase confirms: yearn-rekt1.md 'Forked? N -- original Yearn protocol'; yearn2-rekt.md 'Forked? N -- original iearn protocol'. Taxonomy Cat 4 explicitly marks RD-F-070 as Compound-fork-only. RD-F-070 is not_applicable with gap_reason not_applicable.
Sources #
- InternalHacksdatabase yearn-rekt1.md, yearn2-rekt.md (fork lineage)hacksdatabase yearn-rekt1.md: 'Forked? N -- original Yearn protocol'. hacksdatabase yearn2-rekt.md: 'Forked? N -- original iearn protocol'retrieved 2026-05-16
- Taxonomy Cat 4 Compound-fork-only noteresearch/outputs/03-taxonomy.md Cat 4: 'Compound-fork-only (subset of lending-only): RD-F-070 -- N/A for non-Compound-fork protocols; critical still applies when IS a Compound fork'. Yearn is not a Compound fork.retrieved 2026-05-16
- yearn/yearn-vaults-v3 - GitHubyearn-vaults-v3 README and VaultV3.vy: original ERC-4626 yield aggregator; no cToken/market/totalBorrow interface; VaultFactory.vy deploys via create2 clone, no market listingretrieved 2026-05-16
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →