First-depositor / share-inflation guard

Midas's assessment for RD-F-075 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not applicable — same architectural reason as F074. DepositVault is not a share-based vault; mTokens are issuer-minted ERC-20 tokens with no totalAssets/totalSupply ratio subject to first-depositor share-inflation. The MINTER_ROLE (granted to the issuer's operational key) directly mints mTokens; there is no share-calculation path that an attacker could manipulate via a first-deposit donation. Bespoke DepositVault confirmed by Etherscan read and Sherlock 2024-08 audit scope (minter/redeemer role architecture).

Sources #

GitHub
Sherlock 2024-08 — Midas minter/redeemer audit repoSherlock 2024-08 minter/redeemer audit — MINTER_ROLE-based issuance; no share-inflation attack surfaceretrieved 2026-05-16
Etherscan
Etherscan — Midas Issuance Vault implementationIssuance Vault impl 0xC8AF8477f3caa89f60fe9d1f48eee5433c55982b — bespoke DepositVault, no ERC-4626 share mathretrieved 2026-05-16

Methodology #

Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-075 score not_applicable collected_at 2026-05-16 09:34:55