★ Empty cToken-style market (zero supply/borrow)

Midas's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not applicable — Midas is an original RWA tokenized-asset issuer, not a Compound V2-style lending fork. No cToken architecture, no markets() call, no totalSupply/totalBorrow pairing in the Compound sense. The Issuance Vault (DepositVault impl 0xC8AF8477f3caa89f60fe9d1f48eee5433c55982b) is confirmed as a bespoke permissioned request-queue contract exposing depositInstant, depositRequest, approveRequest functions — not ERC-4626 and not a cToken. The Midas Capital incidents in the hacksdatabase (2023-01 ~$660K; 2023-06 ~$600K) involve a Compound V2 fork empty-market attack on a DIFFERENT protocol (Midas Capital), not Midas RWA. The donation/empty-market vector requires a share-based vault architecture that does not exist in the Midas RWA codebase. PD-024 + PD-042 non-lending/RWA factor-flip applies.

Sources #

Etherscan
Etherscan — Midas Issuance Vault implementationIssuance Vault impl 0xC8AF8477f3caa89f60fe9d1f48eee5433c55982b — bespoke DepositVault with depositInstant/depositRequest/approveRequest; no ERC-4626 interface; no cToken patternretrieved 2026-05-16
GitHub
Sherlock 2024-05 — Midas audit repo (original codebase)Sherlock 2024-05 audit repo — original issuer codebase (not a Compound fork); DepositVault and mTBILL.sol are bespoke contractsretrieved 2026-05-16

Methodology #

Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-070 score not_applicable collected_at 2026-05-16 09:34:55