defirisk.co
rubric v1.7.0

Empty cToken-style market (zero supply/borrow)

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-070 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Compound-fork-only factor (taxonomy PD-024). Sushi v2/v3 AMM is a Uniswap v2/v3 fork — constant-product AMM and tick-based CLMM respectively. No cToken-style markets exist. BentoBox/Kashi uses a custom rebase-based share model (Rebase struct with elastic/base), not cToken architecture. The empty-market donation-attack pattern requires cToken accounting; it does not apply here. Coverage flag: data-cache lending_protocol: false. Not applicable.

Sources #

  • Internal
    Data cache — lending_protocol flag.research/protocols/sushi/00-data-cache.json coverage_flags.lending_protocol: falseretrieved 2026-05-16
  • GitHub
    BentoBox.sol — share accounting sourcesushiswap/bentobox BentoBox.sol: Rebase struct (elastic/base), not cToken; MINIMUM_SHARE_BALANCE=1000; no cToken mint/exchange-rate patternretrieved 2026-05-17

Methodology #

Determine whether any listed Compound V2-fork market has `totalSupply == 0` and `totalBorrow == 0`, the precondition for a donation-exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-070 score not_applicable collected_at 2026-05-16 19:50:37