★ Empty cToken-style market (zero supply/borrow)
Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Liquity is not a Compound V2 fork. The empty-cToken donation-attack pattern requires a fungible cToken-style market with totalSupply()/totalBorrow() that can be zeroed. Liquity uses a Trove model: each borrower holds an individual CDP (not a fungible share in a common pool). v1 uses ETH collateral in individual troves with Stability Pool + redistribution liquidation. v2 uses per-collateral-branch StabilityPools and individual troves. Neither architecture has a shared cToken market that could be left at zero supply and exploited via donation. Profile confirms original design (not forked from Compound or any Compound-fork lineage).
Sources #
- URLDedaub — Liquity V2 Audit (August 2024)Dedaub v2 audit Aug 2024: original novel architecture confirmed, not a Compound forkretrieved 2026-05-16
- Liquity protocol profile — fork lineage sectionProfile §5 fork lineage: Not forked / original. Liquity v1 and v2 are original designs by Liquity AG (Robert Lauko, Rick Pardoe). Not derived from Aave, Compound, or MakerDAO code.retrieved 2026-05-16
- Liquity v1 FAQ — General (Trove architecture)Liquity v1 FAQ: Trove model — individual CDP per user, not shared cToken marketsretrieved 2026-05-16
Methodology #
Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.
See the full factor methodology and distribution across all protocols →