★ Default bytes32(0) acceptable as valid root

Hyperlane's assessment for RD-F-154 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] YELLOW. AbstractMerkleRootMultisigIsm does not explicitly check for bytes32(0) as the merkle root — no require(root != bytes32(0)) guard found. However, this is NOT the Nomad pattern: Nomad's vulnerability was that bytes32(0) was pre-initialized as a proven root allowing any message to be processed without fresh signatures. Hyperlane requires: (1) fresh ECDSA signatures from threshold validators on each checkpoint, (2) the root is keccak256-incorporated into the digest, (3) a zero root produces a distinct non-zero digest requiring active validator signing. The structural Nomad flaw (pre-proven universal root) is absent. The hygiene gap is the missing explicit zero-root guard. ToB V3 audit finding on this point not extractable from binary PDF in this session.

Sources #

GitHub
AbstractMerkleRootMultisigIsm.sol — root validationAbstractMerkleRootMultisigIsm.sol — no bytes32(0) root guard found; root is validated via signature matching onlyretrieved 2026-05-17
GitHub
CheckpointLib.sol — root in digest computationCheckpointLib.sol digest() — root incorporated into keccak256 digest; zero root produces non-zero digestretrieved 2026-05-17

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-154 score yellow collected_at 2026-05-16 23:03:56