First-depositor / share-inflation guard

Evidence summary #

Two-layer: (1) Core Morpho Blue markets: VIRTUAL_SHARES=1e6 and VIRTUAL_ASSETS=1 in SharesMathLib provide structural protection — first depositor cannot inflate shares via donation. Effective protection. (2) MetaMorpho ERC-4626 vaults: rely on curator dead deposit (1e9 shares to 0xdead); not protocol-enforced. Docs warn of vulnerability if dead deposit omitted. Yellow for composite protocol (vault layer is exposed without curator action).

Detail #

Core Morpho Blue markets: SharesMathLib confirmed to use VIRTUAL_SHARES=1e6 and VIRTUAL_ASSETS=1 constants in toSharesDown and toSharesUp functions (source: DeFiHackLabs analysis of morpho-blue source). When totalSupplyShares=0, conversion rate = (assets * 1e6) / (totalAssets + 1) — prevents the classic first-depositor inflation attack by establishing meaningful initial exchange rate. This is structural protection equivalent to OZ >=4.9 virtual shares. MetaMorpho ERC-4626 vaults: the dead deposit mechanism (1e9 shares to 0xdead) is recommended and documented in multiple tutorial pages, but is not automatically applied at vault deployment. The vault factory does not call supply() to make the dead deposit on behalf of curator. Security considerations doc explicitly warns of the inflation front-running vulnerability. Template: green = structural protection exists (virtual offset or seed deposit on deploy); yellow = protection depends on curator action post-deploy. The composite protocol scores yellow because the MetaMorpho vault layer (which holds the majority of user-facing TVL) has curator-dependent protection rather than structural protection.

Sources #

Methodology #

Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).

See the full factor methodology and distribution across all protocols →