First-depositor / share-inflation guard
Sky Lending (formerly MakerDAO)'s assessment for RD-F-075 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
sUSDS has no seed deposit on deploy, no virtual-share offset, and no floor-check in source. Same evidence base as RD-F-074. Scored yellow by identical reasoning: two 2025 tier-1 audits did not raise this as an open finding; USDS base $8.7B+ makes zero-supply edge case operationally implausible.
Detail #
SUsds.sol source: no explicit first-depositor protection mechanism (seed deposit on deploy, virtual offset, floor check). chi initializes at RAY = 1e27 meaning 1:1 initial exchange rate with no virtual protection buffer. totalAssets() = convertToAssets(totalSupply) creates circular dependency — if totalSupply reaches 0, totalAssets() = 0 and any subsequent deposit can set the exchange rate to any value via single-wei deposit + donation. In practice: sUSDS is deployed and maintained by the Sky Protocol; zero-supply state requires complete draining of all $X billion in deposited USDS, which is not a realistic attack vector given the continuous SSR accrual and deep USDS integration. Two 2025 tier-1 audits found no open critical finding here.
Sources #
- GitHubSUsds.sol source codesky-ecosystem/sdai susds branch SUsds.sol — no seed deposit, no floor checkretrieved 2026-04-27
- sUSDS implementation — EtherscansUSDS impl contract 0x4e7991e5C547ce825BdEb665EE14a3274f9F61e0retrieved 2026-04-27
Methodology #
Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).
See the full factor methodology and distribution across all protocols →