★ Default bytes32(0) acceptable as valid root

Dolomite's assessment for RD-F-154 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] CCIP v1.5 OffRamp.sol commit function: 'bytes32 merkleRoot = root.merkleRoot; if (merkleRoot == bytes32(0)) revert InvalidRoot();' — zero-value merkle root is explicitly rejected before acceptance. Nomad-class bug ($190M) is not present in CCIP. Confirmed from Code4rena 2024-11 codebase and prior chainlink-ccip protocol fill.

Sources #

Internal
Process learnings chainlink-ccip fill — F154 baselineprocess-learnings.md §chainlink-ccip 2026-05-16 — F154 green: bytes32(0) root guard confirmed in CCIP v1.5retrieved 2026-05-16
GitHub
CCIP OffRamp.sol — Code4rena 2024-11code-423n4/2024-11-chainlink/blob/main/contracts/src/ccip/offRamp/OffRamp.sol — bytes32(0) check 'if (merkleRoot == bytes32(0)) revert InvalidRoot()' confirmed in commit()retrieved 2026-05-16

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-154 score green collected_at 2026-05-16 11:12:56