First-depositor / share-inflation guard
JustLend DAO's assessment for RD-F-075 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No first-depositor guard found. CToken.sol has no: (a) seed deposit on deploy/initialize, (b) virtual-share offset, (c) minimum totalSupply floor in mintFresh(). The only zero-supply handling is exchangeRateStoredInternal() returning initialExchangeRateMantissa — this is not a protection; it is the mechanism that enables exchange-rate manipulation. A malicious first depositor can mint 1 wei of jTokens, then donate underlying assets directly to inflate the exchange rate, causing the next depositor's minted shares to be 0 (or near-0) due to integer truncation. The 2022 CertiK audit acknowledged but did not resolve this. No post-2022 fix found in source code.
Sources #
- AuditCertiK Skynet — JustLend Security Assessment 2022CertiK 2022 audit: team stated intent to 'lock up a little bit of the underlying assets in each market' as mitigation; no code-level fix confirmed in source inspectionretrieved 2026-05-17
- JustLend Protocol — CToken.solCToken.sol: initialize() does not mint seed tokens; mintFresh() has no totalSupply floor; exchangeRateStoredInternal() returns initialExchangeRateMantissa when totalSupply==0 (enables donation manipulation)retrieved 2026-05-17
- HackMD — Generalized Compound v2 ExploitGeneralized Compound v2 share-inflation exploit mechanics — prerequisite: cToken with zero supply and collateral factor > 0retrieved 2026-05-17
Methodology #
Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).
See the full factor methodology and distribution across all protocols →