★ Empty cToken-style market (zero supply/borrow)
Aave v3's assessment for RD-F-070 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Aave v3.1 virtual accounting eliminates the Compound V2 empty-market donation attack at the architectural level. The liquidityIndex-based share accounting maintains a virtual supply offset, preventing share inflation regardless of user deposit state. New market listings additionally require a governance payload that seeds the market before borrow-enable. Aave v3 originated this mitigation pattern, which is now the industry standard fix. This is a hard green — the attack surface for the cToken-style empty-market exploit does not exist in this codebase.
Sources #
- InternalT-10 Aave v3 Dry Run — Cat 4 rollupT-10 §2.3.2 Cat 4: 'RD-F-070 ★ GREEN (v3.1 virtual accounting = definitive mitigation for cToken empty-market attack; seed deposits code-enforced for new markets. HARD green — Aave's virtual accounting is the industry standard fix for this class.)'retrieved 2026-04-27
- Aave Governance Proposal 132: Virtual Accounting ActivationAave Governance Proposal 132 — virtual accounting activation on-chain voteretrieved 2026-04-27
- Aave V3 Origin — v3.1 Virtual Accountingaave-dao/aave-v3-origin — v3.1 tag introduces virtual accounting / liquidityIndex virtual supply offsetretrieved 2026-04-27
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →