★ Default bytes32(0) acceptable as valid root

Across Protocol's assessment for RD-F-154 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] YELLOW (structural gap, economic mitigation present): HubPool proposeRootBundle() does NOT validate that roots are non-zero; only gate is poolRebalanceLeafCount > 0. MerkleLib verifyRelayerRefund() and verifyV3SlowRelayFulfillment() do NOT check root ≠ bytes32(0) before calling MerkleProof.verify(). However, Across's architecture materially differs from Nomad: (1) proposer must post a WETH bond; (2) ~2h challenge window; (3) any address can dispute, initiating DVM vote that slashes proposer bond. Zero-root bundle would be disputeable and costly. Yellow, not red, because attack requires burning bond and winning DVM vote.

Sources #

URL
https://blog.uma.xyz/articles/case-study-how-uma-secures-across-protocolretrieved 2026-04-28
GitHub
https://github.com/across-protocol/contractsretrieved 2026-04-28

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-154 score yellow collected_at 2026-04-30 21:19:18