ERC-4626 virtual-share offset (OZ ≥4.9)

Ethena's assessment for RD-F-074 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

sUSDe (StakedUSDeV2, 0x9D39A5DE30e57443BfF2A8307A4256c8797A3497) is an ERC-4626 vault. Etherscan contract code review shows Solidity 0.8.19 with no canonical OZ ≥ 4.9 _decimalsOffset() function (no virtual share offset in the OZ pattern). However, first-depositor inflation attack is mitigated via MinSharesViolation error gating in previewDeposit/previewMint, plus initial protocol-controlled seed deposit at vault deployment. Functional protection is present despite not using the canonical OZ offset approach. Green with caveat: implementation path differs from canonical OZ ≥ 4.9 — code-security-analyst should verify full equivalence.

Sources #

Etherscan
Etherscan — StakedUSDeV2 (sUSDe) contract source codehttps://etherscan.io/address/0x9D39A5DE30e57443BfF2A8307A4256c8797A3497#coderetrieved 2026-04-28
Audit
Code4rena Nov 2024 invitational — 0 high, 2 medium; no constructor arg discrepancyhttps://code4rena.com/reports/2024-11-ethena-labsretrieved 2026-04-28

Methodology #

Determine whether ERC-4626 vaults use OpenZeppelin ≥4.9 virtual-share offset pattern to prevent first-depositor share-inflation.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-074 score green collected_at 2026-04-28 13:58:51