defirisk.co
rubric v1.7.0

Default bytes32(0) acceptable as valid root

Convex Finance's assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] Not applicable — Convex has no bridge; no Merkle root acceptance logic exists. The Nomad $190M bug class (default bytes32(0) valid root) is not applicable to a protocol with no cross-chain message verification.

Sources #

  • Internal
    Convex Finance Protocol Profile §7.research/protocols/convex-finance/00-profile.md §7: is_a_bridge: false, has_bridge_surface: falseretrieved 2026-05-16
  • GitHub
    Convex Finance Sidechain Platform Repogithub.com/convex-eth/sidechain-platform: no inbox contract, no Merkle root acceptance, no cross-chain message verification in any sidechain contractretrieved 2026-05-16

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-154 score not_applicable collected_at 2026-05-16 02:41:28