defirisk.co
rubric v1.7.0

Bridge validator threshold (k-of-M)

A cross-chain & bridge factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor records the signature threshold required to approve a cross-chain message — expressed as k-of-M where k is the required approvals and M is the total signer set. For LayerZero OFT deployments, this is the DVN approval threshold. The value is read from the bridge contract or OApp configuration. This factor applies only to bridge-touching protocols; non-bridge protocols show this factor as N/A.

**Why it matters** The approval threshold determines the actual quorum required to authorise a message. A 3-of-11 multisig sounds more secure than a 2-of-5, but if the 11-signer set uses hardware wallets with documented independent custody while the 2-of-5 uses hot wallets, the absolute threshold is a misleading comparator — context from RD-F-150 (co-hosting) and RD-F-156 (shared custodian) is required. The Kelp DAO incident ($292M, 2026) used a threshold of 1 on a single-DVN LayerZero OFT, reducing the attack surface to a single point of failure. Radiant Capital II ($53M, 2024) used a 3-of-11 threshold that was defeated by nation-state-level key compromise of just three signers.

**Green / Yellow / Red** Green is scored when the threshold is at least 5-of-N with N >= 7 and independent signer custody. Yellow is scored when threshold is 3-of-N or higher but with documented custody concerns, or 2-of-N where N >= 5. Red is scored when threshold is 1 (single approver), 2-of-3, or when a LayerZero OFT uses a DVN threshold of 1.

**Common gray cases** Gray is applied when threshold configuration is managed off-chain or through an opaque governance layer that cannot be confirmed from on-chain inspection.

**Notable historical examples** - **Kelp DAO** ($292M, 2026): LayerZero DVN threshold of 1; single operator controlled rsETH bridge message approval.

Measurement what to look for #

Read the signature threshold required to approve a cross-chain message (for non-LZ bridges).

Data & output #

Data source
Bridge contract threshold getter via RPC
Output format
Green / Yellow / Red
Evidence artifact
Threshold k + validator count M + contract address
Confidence signal
green = threshold ≥ ⌈M/2⌉ + 1 (majority); yellow = threshold ≥ ⌈M/3⌉; red = threshold = 1 (any single validator can approve); gray = LayerZero OFT (use F179) or bridge not identifiable

Scored protocols 80 carry this factor #

Protocol RD-F-149
Aave v3 ethereum yellow Across Protocol ethereum green Aerodrome Finance base not_applicable Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum not_applicable Beefy Finance ethereum yellow BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum yellow Chainlink CCIP ethereum yellow Circle USYC binance not_applicable Compound V3 (Comet) ethereum yellow Concrete ethereum gray Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum yellow deBridge ethereum yellow Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum not_applicable Ethena ethereum green ether.fi ethereum green Euler V2 ethereum not_applicable Falcon Finance ethereum not_applicable Fluid ethereum green Frax Finance ethereum red GMX v2 (GMX Synthetics) arbitrum not_applicable Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana green Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc gray Lombard Finance ethereum green M^0 ethereum yellow Maple Finance ethereum yellow Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum not_applicable Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum yellow Spiko stellar gray Stake DAO ethereum not_applicable StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum not_applicable Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum not_applicable Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum gray Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum not_applicable
1 red · 23 yellow · 8 green

Linked hacks 1 historical incident #

relatedKelp DAO (rsETH liquid restaking) — Forged cross-chain message via LayerZero EndpointV2 lzReceive — exploitation of 1/1 DVN (single-validator) configuration2026-04-18 · $292M · Forged cross-chain message via LayerZero EndpointV2 lzReceive — exploitation of 1/1 DVN (single-validator) configuration · Bridge validator threshold (k-of-M) [via cross-hack: Factor 80: DVN / Multi-Validator Configuration on Cross-Chain Messages]
rubric_version v1.7.0 factor RD-F-149 category 10 carried 80 critical no