defirisk.co
rubric v1.7.0

Seed-deposit requirement for new market listing

A economic risk factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor evaluates whether the protocol's market-listing governance or code requires a minimum seed deposit before a new market's borrow functionality is enabled. The seed-deposit requirement is the primary defense against the empty-cToken exchange-rate inflation attack (RD-F-070). Sources include source code inspection and governance proposal analysis. This factor is applicable only to Compound-fork lending protocols; it is N/A for non-lending and non-Compound-fork protocols.

**Why it matters** The seed-deposit requirement directly prevents the cToken inflation attack by ensuring that at least one legitimate supply-side deposit exists in every market before borrowing is enabled. When Sonne Finance's yAudit audit flagged the Compound V2 donation attack as a high-severity issue in their own report, the recommended fix was precisely a seed-deposit requirement. Onyx Protocol was exploited twice using the same empty-market vector because it did not implement a seed-deposit guard on governance-added markets. Hundred Finance's $7.4M loss was similarly preventable: an attacker donated 500 WBTC to an empty hWBTC market with no minimum deposit guard, inflating the exchange rate before the first legitimate depositor arrived.

**Green / Yellow / Red** Green: protocol enforces an on-chain minimum seed deposit for all markets before borrow enablement, with the seed amount set to a level that makes the inflation attack economically non-viable. Yellow: seed-deposit requirement exists in governance documentation but is not enforced on-chain at market activation, leaving a window between activation and first legitimate deposit. Red: no seed-deposit requirement exists in code or governance; markets can be activated with zero supply.

**Common gray cases** Protocols that require a governance vote to activate new markets but have no minimum seed deposit still score red on this factor, because the activation window (even if short) is the critical vulnerability window as demonstrated by the Sonne Finance 6-second front-running attack.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether market-listing governance or code requires a minimum seed deposit before borrow-enabling a new market.

Data & output #

Data source
Source inspection of market-listing code path + governance proposal template on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Source excerpt of listing logic + minimum-seed-deposit value
Confidence signal
green = seed deposit required (≥configured floor) before borrow-enable; yellow = seed deposit encouraged but not enforced; red = no seed deposit requirement; gray = protocol does not list new markets (N/A)

Scored protocols 80 carry this factor #

Protocol RD-F-071
Aave v3 ethereum green Across Protocol ethereum red Aerodrome Finance base not_applicable Axelar Network ethereum not_applicable Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum not_applicable BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum not_applicable Circle USYC binance not_applicable Compound V3 (Comet) ethereum yellow Concrete ethereum not_applicable Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum not_applicable deBridge ethereum gray Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum not_applicable Ethena ethereum not_applicable ether.fi ethereum not_applicable Euler V2 ethereum yellow Falcon Finance ethereum not_applicable Fluid ethereum yellow Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum not_applicable Hyperliquid arbitrum gray Jito solana not_applicable Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron red Kamino Lend solana yellow Kinetiq hyperliquid not_applicable Lido ethereum not_applicable Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc gray Lombard Finance ethereum gray M^0 ethereum not_applicable Maple Finance ethereum yellow Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum not_applicable Midas ethereum not_applicable Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum not_applicable Ondo Finance ethereum gray OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc not_applicable Pendle Finance ethereum not_applicable Polymarket polygon not_applicable QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum not_applicable Sanctum solana yellow Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum not_applicable Spark Protocol ethereum yellow Spiko stellar not_applicable Stake DAO ethereum not_applicable StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum not_applicable Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum not_applicable Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum not_applicable Veda (BoringVault) ethereum not_applicable Venus Protocol bsc yellow Wormhole ethereum not_applicable Yearn Finance ethereum not_applicable
2 red · 13 yellow · 7 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-071 category 4 carried 80 critical no