defirisk.co
rubric v1.7.0

Cross-chain bridge unverified mint pattern

Hyperlane's assessment for RD-F-106 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Hyperlane's permissionless ISM architecture allows Warp Route operators to configure 1-of-1 or self-controlled ISMs — structurally enabling a mint-without-adequate-proof scenario for improperly configured routes. The open unpatched critical GitHub issue #8589 (ERC4626 vault insolvency in HypERC20Collateral/HypNative, filed 2026-04-14, still OPEN as of 2026-05-17) elevates this posture: the vulnerability causes collateral insolvency during normal protocol operation — analogous to a mint-without-adequate-backing scenario. No confirmed exploit of this pattern has occurred. Yellow: applicable, elevated posture due to open unpatched critical, no active fire confirmed.

Sources #

  • GitHub
    Hyperlane Critical Warp Route Vulnerability DisclosureGitHub issue #8589 — critical ERC4626 vault insolvency bug in HypERC20Collateral and HypNative Warp Routes; filed 2026-04-14; still OPEN as of 2026-05-17; 4 Foundry PoC tests; no patch confirmedretrieved 2026-05-17
  • Docs
    Hyperlane ISM OverviewHyperlane ISM permissionless architecture — Warp Route operators choose own ISM; 1-of-1 ISM configurations possibleretrieved 2026-05-17

Methodology #

Detect cross-chain activity consistent with an unverified mint on the destination chain (deposit on source without corresponding verified proof on dest).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-106 score yellow collected_at 2026-05-16 23:03:56