First-depositor / share-inflation guard

Maple Finance's assessment for RD-F-075 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Explicit guard present via bootstrapMint (governor-set at pool creation), confirmed as remediation of Spearbit Dec 2022 high-severity finding. Active pools have non-zero supply. Guard is governance-configurable, not a code-level constant — future pools with bootstrapMint=0 would lack protection.

Detail #

Spearbit December 2022 audit identified first-depositor share inflation as a high-severity issue. Remediation: bootstrapMint amount set by Governor per ERC-20 asset before pool listing. Active pools have non-zero supply ($1.70B TVL). Protocol docs reference the mechanism via audit confirmation. Score is yellow (not green) because the protection is governance-parameterized rather than code-enforced: protocol docs claim guard but independent on-chain verification of the bootstrapMint value for each active pool was not performed.

Sources #

Audit
Spearbit Maple V2 Security Assessment December 2022Spearbit Dec 2022 V2 audit - first-depositor high-severity finding and bootstrapMint remediationretrieved 2026-04-27
GitHub
RevenueDistributionToken.sol - convertToSharesmaple-labs/revenue-distribution-token - share math confirming ERC-4626 vulnerability absent bootstrapMintretrieved 2026-04-27

Methodology #

Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol maple-finance factor RD-F-075 score yellow collected_at 2026-04-27 05:38:08