Back/compound-v3-ethereum
>

Compound V3 — Code4rena PUSD market contest

[PUBLISHED]
code4rena · compound-v3-ethereum
// code4renaprotocol: compound-v3-ethereumpublished: Apr 30, 2026source →

Code4rena's April 2026 contest on the new Compound V3 PUSD market surfaced one critical front-running finding on market initialization. Mitigation: the deployment script now uses commit-reveal. Existing PUSD positions are not affected.

// findings · 2
  • [CRITICAL]

    PUSD market initialization is front-runnable. An attacker can sandwich the deployer transaction to claim the initial supply rewards.

    Configurator.deployPUSD market
    PUSD market initialization can be front-run by an attacker, claiming the initial supply rewards before deployer.
    ref: H-01
    affects:PUSD
  • [MEDIUM]

    Borrow-rate kink at 80% utilization is steeper than equivalent USDC market, creating rate inconsistency.

    PUSD interest rate model
    80% utilization rate kink is 2x steeper than USDC market.
    ref: M-01
    affects:PUSD
// why this might be wrong
  • This brief was generated by a multi-pass LLM editorial pipeline. Findings reflect public source material at the time of synthesis.
  • Confirm against the original audit firm source before acting on any individual finding.
  • Severity classification has been normalized across firms — the source firm uses its own scale.