★ Default bytes32(0) acceptable as valid root

Babylon Protocol's assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Structurally inapplicable. Babylon does not use a Merkle root inbox pattern. No bridge contract maintains a committedRoot mapping. Trust model: (a) Bitcoin UTXO spending paths via Taproot (no root acceptance); (b) BTC light client validates Bitcoin header chain by accumulated PoW (not by accepting Merkle root from external source); (c) IBC uses channel commitments as cryptographic hashes not accept-by-default roots. The Nomad-class bytes32(0)-as-valid-root vulnerability requires a contract that stores and checks against a root — Babylon has no such architecture. CRITICAL ★ factor is not_applicable (not red) — do NOT penalize grade.

Sources #

Docs
Babylon x/btclightclient — PoW chain comparison, no Merkle root modelx/btclightclient — validates Bitcoin headers by accumulated PoW comparison, not Merkle root acceptanceretrieved 2026-05-04
GitHub
Babylon staking script — no Merkle root modelStaking script docs: Bitcoin UTXO spending model; no bridge inbox contract; Nomad-class vulnerability has no surface. Profile §7: Babylon doesn't use Merkle-root accept patterns.retrieved 2026-05-04

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-154 score not_applicable collected_at 2026-05-04 19:43:27