First-depositor / share-inflation guard
Sanctum's assessment for RD-F-075 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
SPL stake pool does not use ERC-4626-style share minting where first-depositor can inflate share price via donation. Pool accounting is total_stake / token_supply = exchange_rate managed by SPL program stake authority. The donation attack vector (sending tokens directly to vault to inflate exchange rate) does not exist in SPL stake pool design. OtterSec audited the SPL Stake Pool program on 2023-01-20 specifically for this vulnerability class.
Sources #
- AuditOtterSec SPL Stake Pool Audit 2023-01-20OtterSec SPL Stake Pool audit 2023-01-20: confirms no share-inflation attack vector in SPL stake pool designretrieved 2026-05-04
- 00-data-cache.json + 00-profile.md sanctumData cache non_evm_substrate: true; profile §5 SPL stake pool architectureretrieved 2026-05-04
Methodology #
Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).
See the full factor methodology and distribution across all protocols →