Bridge binds message to srcChainId

Concrete's assessment for RD-F-152 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

LayerZero v2 binds messages to source endpoint ID (srcEid) via the peer-validation mechanism. OAppReceiver._getPeerOrRevert(origin.srcEid) looks up the registered peer for that specific srcEid and compares against origin.sender. The Origin struct carries {srcEid, sender, nonce}. A message replay from a different source chain (different srcEid) would fail unless a peer for that srcEid was also registered. ShareDistributor.sol receives the Origin struct from the LZ endpoint which has already performed srcEid-binding validation. The srcChainId binding is enforced at the infrastructure level before _lzReceive() is invoked.

Sources #

GitHub
LayerZero v2 OAppReceiver.sol — srcEid binding confirmedLayerZero-Labs/LayerZero-v2 OAppReceiver.sol — _getPeerOrRevert(origin.srcEid) enforces per-source-chain peer binding before _lzReceive() is called; Origin struct: {srcEid, sender, nonce}retrieved 2026-05-17

Methodology #

Determine whether the bridge message struct includes `srcChainId` and the verifier enforces per-chain separation.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-152 score green collected_at 2026-05-17 14:36:59