ERC-4626 virtual-share offset (OZ ≥4.9)
Sky Lending (formerly MakerDAO)'s assessment for RD-F-074 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
sUSDS ERC-4626 implementation (`0x4e7991e5C547ce825BdEb665EE14a3274f9F61e0`): no `_decimalsOffset()` override, no virtual share offset. Share math is `assets * RAY / chi_` — pure ratio. Two tier-1 audits (ChainSecurity 2025-08-12, Cantina 2025-08-18) found no disclosed open share-inflation finding. Scored yellow per uncertainty default given audit coverage.
Detail #
Source analysis of SUsds.sol from sky-ecosystem/sdai susds branch (fetched 2026-04-27): convertToShares(uint256 assets) = assets * RAY / chi_; convertToAssets(uint256 shares) = shares * chi_ / RAY; totalAssets() = convertToAssets(totalSupply). No _decimalsOffset() function present. The OZ >=4.9 virtual-share offset pattern (which returns a decimals offset to add virtual shares/assets) is absent. Chi is initialized at deployment (chi = RAY = 1e27) meaning initial exchange rate is 1:1 with no virtual protection. Theoretical first-depositor attack: deposit 1 wei USDS -> receive 1 share; donate 1e27 USDS directly (bypassing deposit); subsequent depositor gets 0 shares. However: (1) Both ChainSecurity and Cantina audited sUSDS in 2025 without raising this as an open critical finding; (2) the sUSDS vault is seeded by the Sky Protocol itself at SSR activation; (3) the USDS base is $8.7B+ making a zero-supply state operationally implausible in practice.
Sources #
- Audit
- SUsds.sol source codesky-ecosystem/sdai susds branch SUsds.sol — no _decimalsOffset, pure ratio mathretrieved 2026-04-27
Methodology #
Determine whether ERC-4626 vaults use OpenZeppelin ≥4.9 virtual-share offset pattern to prevent first-depositor share-inflation.
See the full factor methodology and distribution across all protocols →