Lombard Finance · DeFi Risk

DeploymentsBase · —

Risk profile at a glance

0 red · 5 yellow · 8 green

Categories & evidence

184 factors · 13 categories

Code & audits Green 13 25 of 25

RD-F-009 red Formal verification coverage No formal verification (Certora Prover, Kani, Halmos, or equivalent) has been performed on any Lombard EVM contracts. None of the 12+ audit reports in the GitHub directory reference formal verification. Veridise audits use static analysis and manual code review, not FV. OZ audits use Slither-family tooling and manual review. No Certora specification files found in the evm-smart-contracts repository. Per methodology: red = 0% formal verification coverage. No critical invariants formally specified or proved. RD-F-001 yellow Audit scope mismatch Most recent Ethereum LBTC upgrade was 2026-04-24 (block 24950539). Latest audit with EVM scope: OZ multipauser (sign-off 2026-04-09) and Sherlock multipauser (sign-off 2026-04-01). The feature PR #393 (multipauser) was merged 2026-04-17 via commit 6784d65 — after both audit close dates — and deployed 2026-04-24, creating a 15-day gap between last audit sign-off and on-chain upgrade. Earlier audits match stated commits (Veridise V2 audited commits 109a3f2 and ebfda9f; OZ V2 audited commits 282b484/5622904). The delta between audit close and deploy includes commits c1f0f19, 3308690, cb510bb, f066bfb (all April 15-17). Audit commit SHA for the OZ multipauser engagement was not published on the OZ news page preventing exact bytecode-level match. Scored yellow (not red) because the April 17 changes are logically within the multipauser feature scope covered by both audit firms, but the deployed bytecode post-dates both audit sign-off dates. RD-F-003 yellow Resolved-without-proof findings OZ V2 audit (Nov-Dec 2024): 39 total findings, 32 resolved, 3 partially resolved. Two high-severity findings remain partially resolved: (1) Sanctioned Address Checks — bridge and unstake strategies lacked sanction checks, team deferred full implementation pending future economic incentive mechanisms; (2) Unstake Payment Reuse — single BTC tx could satisfy multiple unstake payloads, team deferred fix. Both partially-resolved highs relate to the Golang Lombard Ledger layer (not EVM smart contracts directly). All OZ V2 EVM-layer findings appear resolved. Veridise V1 and V2: 0 findings each, so no unverifiable resolutions there. Halborn V1/V1.5/V2 reports not individually reviewed for resolution status but no post-audit finding regression reported in subsequent audits. RD-F-007 yellow Bug bounty presence & max payout Active Immunefi bug bounty program, live since 2024-09-04, last updated 2026-04-15. Maximum payout $250,000 (10% of funds affected, minimum $50K). Vault holds ~$39,990 USDC on Ethereum. 40 contracts reported in scope. Max payout of $250K falls in the yellow band ($50K-$499K). The $500K green threshold is not met. Protocol also ran an Immunefi audit competition (Dec 2024-Jan 2025, $100K pool). RD-F-010 yellow Static-analyzer high-severity count No published Slither/Mythril/Semgrep run output exists for Lombard EVM contracts. Using published audit findings as proxy. Veridise V1 (0 findings), Veridise V2 (0 findings), OZ V2 (8 high across both Golang and EVM layers, 6 fully resolved, 2 partially resolved — but partially-resolved items are Golang/Ledger layer, not EVM). The Ackee Solana audit found 1 high ('Possible unauthorized LBTC minting') — acknowledged/fixed per audit summary. No active unresolved high-severity EVM finding identified from published audits. Cannot definitively count Slither findings without a tool run — scored yellow because audit evidence is secondary proxy. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Immunefi program reports 40 contracts in scope. Core EVM contracts (LBTC proxy/impl, Consortium, BridgeV2, Bascule) appear covered based on Immunefi scope page. However: (1) 97.28% of $1.07B TVL ($1.041B) is native BTC held off-chain in CubeSigner HSM / Lombard Ledger Cosmos appchain — entirely outside any smart contract bug bounty scope, as this is not an EVM contract surface; (2) Cantina is listed as an audit partner in Lombard docs with no completed report found — possible audit competition scope gap; (3) Maximum payout is $250K — low relative to $1.07B TVL and below the $500K threshold. The Kelp DAO precedent (OFT adapter holding $1B+ excluded from bounty) is the motivating pattern for F183; Lombard's LayerZero OFT adapter is currently paused and its bounty scope inclusion during active periods is unclear. Green requires highest-TVL contracts explicitly in scope — the 97% off-chain BTC custody layer fundamentally cannot be in an EVM bounty scope. RD-F-011 gray SELFDESTRUCT reachable from non-admin path No published Slither suicidal detector output available. Local tool run not performed per dry-run methodology. Factory directory exists in repo (CREATE3-based deployment) but factory source was not retrieved. Post-Cancun EIP-6780 limits SELFDESTRUCT to same-transaction deployments, reducing risk, but deployed contracts target Paris EVM version (pre-Cancun behavior applies to legacy deployments). No audit finding flags SELFDESTRUCT in non-admin paths. Marked gray — needs tool run. RD-F-016 gray Divide-before-multiply pattern No published Slither divide-before-multiply detector output available. Tool run not performed. LBTC uses 8 decimals (BTC-matched) creating potential mixed-decimal arithmetic with 18-decimal EVM ecosystem tokens. Veridise V2 found 0 findings (suggests no divide-before-multiply in scope), but the exact Slither output is not published. Marked gray — needs tool run. RD-F-017 gray Mixed-decimals math without explicit scaling LBTC uses 8 decimals; most EVM DeFi integrations use 18 decimals. Cross-decimal arithmetic risk exists in StakeAndBake, iDepositor, and PMM contracts where LBTC interacts with 18-decimal tokens. No published audit flags this as unresolved in the EVM layer. Cannot confirm safe normalization without source inspection of all arithmetic paths. Marked gray — needs curator review of cross-decimal math paths. RD-F-018 gray Signed/unsigned arithmetic confusion No published Slither/Manticore/Echidna output available. No published audit finding flags signed/unsigned confusion. Solidity 0.8.x prevents overflows but not signed/unsigned confusion. Marked gray — needs tool run. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Lombard uses TransparentUpgradeableProxy pattern (not UUPS) for all proxy contracts: LBTC, Consortium, BridgeV2. With Transparent proxy, the upgrade path is via the ProxyAdmin calling upgradeToAndCall() — there is no _authorizeUpgrade() function to protect. The UUPS authorization check factor is N/A for Transparent proxy pattern.

RD-F-002 green Audit recency Most recent EVM audit: OZ multipauser sign-off 2026-04-09 — 26 days before assessment date 2026-05-05. Well within the ≤365-day green threshold. Multiple other audits in 2025-2026 provide layered recent coverage: Sherlock multipauser 2026-04-01, OZ BTC.b BridgeV2 2025-10-24, Sherlock Yield Bearing 2025-07-25, OZ Yield Bearing 2025-07-25, ABDK StakeAndBake 2025-09-22.

RD-F-004 green Audit count 7 distinct firms across all contract surfaces: Veridise (V1 + V2), Halborn (V1 + V1.5 + V2), OpenZeppelin (V2 + Sui/Blacklist + Yield Bearing + BTC.b BridgeV2 + Multipauser = 5 engagements), Ackee Blockchain (Solana SVM), Sherlock (Yield Bearing + Multipauser), ABDK (StakeAndBake/iDepositor), Cantina (listed as partner in docs but no completed report found). For EVM contracts specifically: 5 distinct firms (Veridise, Halborn, OZ, Sherlock, ABDK) with 13+ completed reports. Well above ≥2 threshold.

RD-F-005 green Audit firm tier OpenZeppelin is a confirmed Tier-1 audit firm (on the enumerated Tier-1 list per methodology). Lombard has 5 OZ engagements spanning 2024-2026 covering EVM contracts including the most recent multipauser audit (April 2026). Veridise, Halborn, Sherlock, and ABDK are established Tier-2 firms with public track records and indexed audit histories. Green threshold: at least one Tier-1 audit of deployed code — confirmed via OZ.

RD-F-006 green Audit-to-deploy gap Most recent audit-to-deploy gap: Sherlock multipauser sign-off 2026-04-01, OZ multipauser sign-off 2026-04-09, on-chain upgrade 2026-04-24. Gaps of 23 days (Sherlock) and 15 days (OZ) — both well within the ≤60-day green threshold. All other audits in the history also appear to have been deployed within the green window given the active development cadence and close audit follow-up timing.

RD-F-008 green Ignored bounty disclosure No prior smart contract exploits identified for Lombard as of 2026-05-05. Data cache rekt.incidents is empty. Lombard security blog states no depeg events since launch. No post-mortem documents an ignored disclosure. DefiLlama hacks feed shows no Lombard incidents. The factor asks about prior disclosed-then-ignored vulnerabilities before an exploit — no such pattern exists because there have been no exploits.

RD-F-012 green delegatecall with user-controlled target No delegatecall with user-controlled target found in examined contracts. TransparentUpgradeableProxy uses delegatecall internally but target is admin-controlled (ProxyAdmin / TimelockController). Consortium.sol: no delegatecall. BridgeV2.sol: no delegatecall found. NativeLBTC.sol: standard ERC-20 operations, no delegatecall. Full repository scan was not performed — confidence medium because peripheral contracts (PMM, StakeAndBake, GMP) were not exhaustively reviewed.

RD-F-013 green Arbitrary call with user-controlled target No arbitrary call with user-controlled target found in examined contracts. BridgeV2.sol routes calls through defined interfaces (Hyperlane Mailbox, CCIP Router) which are admin-configured trusted addresses, not user-supplied. The GMP/AssetRouter integration uses a defined Mailbox address (0x964677F337d6528d659b1892D0045B8B27183fc0). No evidence of fully user-controlled call target. Confidence medium — peripheral contracts not fully inspected.

RD-F-014 green Reentrancy guard on external-calling functions BridgeV2.sol imports ReentrancyGuardUpgradeable and applies the nonReentrant modifier to deposit() (multiple overloads) and handlePayload() — the most external-call-heavy functions. BaseLBTC.sol also inherits ReentrancyGuardUpgradeable. Core bridge and minting functions are guarded. No reentrancy finding in any published audit (Veridise 0 findings; OZ findings were governance/logic, not reentrancy). Peripheral contracts (PMM, StakeAndBake, iDepositor) not fully inspected.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard LBTC is an ERC-20 token (8 decimals). No ERC-777, ERC-1155, or ERC-721 integration detected in core token contracts. StakeAndBake/iDepositor may interact with NFT staking position tokens for Babylon integration but no evidence of unguarded callback paths in EVM contracts. No audit finding flags this pattern.

RD-F-019 green ecrecover zero-address return unchecked GitHub search for 'ecrecover' in evm-smart-contracts returns 0 results — no direct ecrecover calls in the codebase. Consortium.sol uses OpenZeppelin ECDSA.tryRecover() which handles zero-address returns internally and is a safe wrapper. BridgeV2.sol uses no ecrecover. No raw ecrecover call exists to create a zero-address bypass risk.

RD-F-020 green EIP-712 domain separator missing chainId NativeLBTC and StakedLBTC inherit from BaseLBTC which uses OZ's ERC20PermitUpgradeable (EIP-2612). OZ's EIP-712 implementation includes chainId in the domain separator by default. No cross-chain replay risk from missing chainId in domain separator as OZ 5.0.2 always includes chainId. Cross-chain message replay for bridge operations is handled at the BridgeV2/Consortium layer via separate message binding (not EIP-712). Confidence medium — domain separator not directly inspected but OZ standard implementation is well-established.

RD-F-022 green Public initialize() without initializer modifier All examined implementation contracts properly protect initialize(): (1) Consortium.sol — constructor() { _disableInitializers(); } AND function initialize(address _owner) external initializer; (2) BridgeV2.sol — constructor() { _disableInitializers(); } AND function initialize(address owner_, IMailbox mailbox_) external initializer; (3) NativeLBTC.sol — constructor() { _disableInitializers(); } AND function initialize(...) external initializer; (4) StakedLBTC.sol — constructor() { _disableInitializers(); } AND function initialize(address treasury, address initialOwner, uint48 initialOwnerDelay) external initializer. BasculeV2.sol uses a standard constructor (non-proxied) — no initialize() function, N/A for that contract. No unprotected initialize() found across reviewed contracts.

RD-F-023 green Constructor calls _disableInitializers() _disableInitializers() confirmed present in constructors of all proxied implementation contracts: Consortium.sol, BridgeV2.sol, NativeLBTC.sol, StakedLBTC.sol. BasculeV2.sol uses standard constructor (not proxied) — N/A for that contract. Not confirmed for all peripheral contracts (PMM, factory, StakeAndBake) but core proxied contracts all comply. Confidence high for core contracts.

RD-F-024 green Code complexity vs audit coverage 14+ audit engagements across 7 firms covering every major contract module: V1 core (Halborn 13-day, Veridise 9-day), V2 full stack (OZ 32-day Golang+EVM, Veridise 65-day EVM only, Halborn V2), Yield Bearing (OZ + Sherlock), StakeAndBake (ABDK), BridgeV2/BTC.b (OZ), Multipauser (OZ + Sherlock). Each successive audit targeted a specific feature set rather than the entire codebase, keeping scope focused and audit depth appropriate. OZ V2 at 32 days covering the most complex release (39 findings identified) demonstrates adequate depth. No indication of audit-complexity ratio exceeding reasonable bounds.

Governance & admin Yellow 27 24 of 24

RD-F-032 red Timelock duration on upgrades LombardTimeLock 0x055E84e7FE8955E2781010B866f10Ef6E1E77e59 getMinDelay() = 3600 seconds (1 hour). At $1.07B TVL, industry standard is 24-72 hours minimum. 1-hour delay is insufficient for users to exit before a malicious upgrade executes. Base LombardTimeLock 0xf1fc1bE000Db6fa2193aB75E461a5603400d031F also deployed with presumably same 1-hour delay. RD-F-038 red Proposal execution delay < 24h LombardTimeLock minDelay = 3600 seconds = 1 hour. All proxy upgrades are executable 1 hour after scheduling. This is well below the 24-hour threshold. The most recent upgrade (2026-04-24) was executed after only 1-hour delay per TimeLock. RD-F-025 yellow Admin key custody type Effective upgrade custody type is multisig+timelock at execution layer (3-of-5 GnosisSafe executes after 1h TimeLock), but Deployer EOA also holds PROPOSER_ROLE and is Proxy Admin for LBTC/Consortium/BridgeV2. Classified yellow because execution requires both EOA proposal and Safe execution; full DAO governance absent. RD-F-026 yellow Upgrade multisig signer configuration (M/N) GnosisSafe 0x251a604E8E8f6906d60f8dedC5aAeb8CD38F4892: threshold=3, total_owners=5, display='3/5'. All 5 signer addresses are pseudonymous with no publicly attested identities. At $1.07B TVL, 3/5 is below the 5/8+ peer norm for $1B+ TVL protocols. RD-F-027 yellow Single admin EOA Deployer EOA 0x3F6BF1C36CcBb59eAF8415301a0ceC73c344a079 holds PROPOSER_ROLE in LombardTimeLock and is Proxy Admin for LBTC, Consortium, and BridgeV2 proxies. EOA is still active (last tx 2026-04-24). However, EOA cannot execute alone — EXECUTOR_ROLE is exclusively the 3-of-5 Safe, which executes after the 1-hour TimeLock delay. No single-tx drain path exists for the deployer EOA alone. Assessed yellow rather than red. RD-F-028 yellow Low-threshold multisig vs TVL 3-of-5 GnosisSafe at $1.07B TVL. Peer norm at $1B+ TVL is 5/8 or better. Signer identities are unattested pseudonymous addresses; no ENS, no Etherscan labels for any of the 5 signers. Effective threshold confidence reduced by signer opacity. Not red because 3/5 is not as low as the 2/3 or 1/1 thresholds that are clearly red. RD-F-033 yellow Timelock on sensitive actions Upgrade path routes through TimeLock (1h delay). Pause functions (pauseTransfers, pauseMintBurn) and role-management functions appear to be direct AccessControl calls without TimeLock gating. The TimeLock duration itself (1h) is critically short. Not all sensitive actions are timelocked — partial timelock coverage. RD-F-035 yellow Role separation: upgrade ≠ fee ≠ oracle ABI exposes changeRedeemFee() (fee), changeAssetRouter() (router/oracle config), and upgrade path as structurally distinct. However, actual address assignments for fee/oracle-config roles vs. upgrade role could not be confirmed as pointing to distinct addresses from public reads. May all route to the same multisig. RD-F-040 yellow Emergency-veto multisig present No dedicated emergency-veto multisig confirmed separate from the Proposer/Executor GnosisSafe. CANCELLER_ROLE on the TimeLock is not confirmed as assigned to a distinct address from public sources. The 3-of-5 operational executor also appears to serve as the effective veto holder. RD-F-041 yellow Rescue/emergencyWithdraw without timelock BridgeV2 exposes rescueERC20(IERC20 tokenContract, address to, uint256 amount) callable by owner. Whether this function is timelocked (i.e., owner is the LombardTimeLock, not the deployer EOA or Safe directly) is unconfirmed. LBTC core contract has no rescue function. Overall drain risk bounded by Consortium co-sign requirement for LBTC minting. RD-F-042 yellow Admin has mint() with unlimited max MINTER_ROLE on StakedLBTC/NativeLBTC has no contract-enforced supply cap (no maxSupply variable). Minting requires MINTER_ROLE + valid cryptographic proof from Consortium (10-of-15) + Bascule co-signature. A compromised MINTER_ROLE alone cannot mint without corresponding Consortium+Bascule proof, providing operational but not contract-level cap. RD-F-043 yellow Admin = deployer EOA after 7 days Deployer EOA 0x3F6BF1C36CcBb59eAF8415301a0ceC73c344a079 has permanently retained Proxy Admin for LBTC/Consortium/BridgeV2 and PROPOSER_ROLE in LombardTimeLock — well beyond 7 days post-launch (protocol launched August 2024; assessed May 2026 = ~20 months). However, deployer cannot execute without 3-of-5 Safe executing after 1-hour delay, so sole-actor drain is not possible. Assessed yellow for structural concentration, not red. RD-F-047 yellow Governance token concentration (Gini) Consortium is 10-of-15 institutional members (14 named publicly: Galaxy, OKX, Kraken, Amber, Wintermute, Antpool, F2Pool, Chorus.one, Figment, Kiln, P2P, Cubist, Informal Systems, Nansen). On-chain signer key identities not individually published. BARD token ERC20Votes but no active governor — Gini not measurable on-chain. Operational governance concentration in 15 institutional entities. RD-F-029 gray Multisig signers co-hosted 5 GnosisSafe signer addresses are pseudonymous with no public identity attestation. Cannot determine co-hosting or shared ASN/datacenter from on-chain data alone. RD-F-030 gray Hot-wallet signer flag Cannot assess hot-wallet signing patterns for 5 pseudonymous signer addresses without publicly attested identities or signing behavior analysis. RD-F-031 gray Signer rotation recency Safe created approximately 2 years ago by liangnan.eth. Signer rotation history not determinable from Safe API response alone. No threshold reduction events identified. Cannot confirm last signer-set change date.

RD-F-034 green Guardian/pause-keeper distinct from upgrader PAUSER_ROLE and MINT_BURN_PAUSER_ROLE are distinct AccessControl roles from the upgrade path. Bascule Drawbridge also has a distinct PAUSER_ROLE. Structural role separation between pause and upgrade functions confirmed in ABI.

RD-F-036 green Flash-loanable voting weight No on-chain Governor contract deployed. Operational governance is the Consortium (10-of-15 institutional signature scheme, not token-flash-loanable). BARD token uses ERC20Votes with checkpoints but no Governor contract identified on Ethereum mainnet. Flash-loan manipulation of voting weight is structurally inapplicable.

RD-F-037 green Quorum achievable via single-entity flash loan N/A — no token-based governance quorum exists. Consortium uses weighted institutional signatures. Flash-loan quorum manipulation structurally impossible under current governance model.

RD-F-039 green delegatecall/call in proposal execution without allowlist LombardTimeLock is an OpenZeppelin TimelockController that executes pre-scheduled calls with specific targets and calldata set at scheduling time. No arbitrary delegatecall to proposal-supplied targets. No on-chain Governor contract executing arbitrary proposal payloads exists.

RD-F-044 green Admin wallet interacts with flagged addresses No evidence of deployer EOA 0x3F6BF1... interacting with mixer addresses or flagged clusters. Funded by 0x683c9821...8Eb2fEbf2 approximately 2 years ago. No Tornado/Railgun or OFAC-labeled addresses in recent on-chain activity.

RD-F-045 green Constructor args match governance proposal No on-chain Governor-style proposal format used. Upgrades are scheduled via LombardTimeLock with specific call targets and calldata encoded at scheduling time. No Governor proposal → constructor-arg mismatch surface exists in this architecture.

RD-F-046 green Contract unverified on Etherscan/Sourcify LBTC proxy (0x8236a87...), Consortium proxy (0xed6D647..., 0xdad58df...), LombardTimeLock (0x055E84e...), BridgeV2 (0x451c549...), LBTC implementation (0x072072317469...), all Etherscan-verified with full source. No unverified production contract identified in scope.

RD-F-167 green Deprecated contract paused but pause reversible by live admin No deprecated contracts with material value under active admin control identified. Older LBTC proxy implementations (0x4CBD88..., 0x80A23c..., etc.) are inactive proxy slots — no value at those addresses. All Immunefi-scoped contracts are either active or not deprecated.

Oracle & external dependencies Yellow 21 17 of 17

RD-F-049 yellow Oracle role per asset BTC/USD: Chainlink is primary on Ethereum; RedStone is primary on BNB/Base/Solana. No on-chain fallback declared within Lombard's own source — downstream consumer protocols are responsible for their own fallbacks. StakedLBTCOracle: primary only for LBTC/BTC rate with no fallback; reverts on proof failure. PoR: multi-provider (Lombard + RedStone) provides cross-check redundancy. Yellow because Ethereum BTC/USD has Chainlink with no on-chain fallback in Lombard source; StakedLBTCOracle has no fallback oracle. RD-F-050 yellow Dependency graph (protocols depended upon) Critical external dependencies mapped: (1) Babylon Bitcoin Staking Protocol (Cosmos appchain) — sole yield source; 4 Finality Providers: Galaxy, Kiln, P2P, Figment; no redundant yield source. (2) Bascule Drawbridge 0xc750eCAC7250E0D18ecE2C7a5F130E3A765dc260 — minting gate, Cubist-operated single entity. (3) Chainlink CCIP — bridge path 1 (CCIP 1.6.0 compatibility gap). (4) LayerZero V2 OFT — bridge path 2 (paused April 2026). (5) Hyperlane Mailbox 0x964677F337d6528d659b1892D0045B8B27183fc0 — bridge path 3. (6) Symbiotic vaults — economic guarantee layer on bridge transfers. (7) RedStone — multi-chain push oracle. (8) CubeSigner HSMs (Cubist) — BTC key management for $1.04B BTC. Yellow: multiple non-redundant critical dependencies; Babylon single yield source is material; Bascule single-operator minting gate is material. RD-F-051 yellow Fallback behavior on oracle failure StakedLBTCOracle reverts on consortium proof failure with no fallback to alternative source (source inspection: no try/catch or secondary oracle path found). PoR oracle has no staleness fallback; cadence is 10-minute push per docs. Lombard's LBTC minting is Consortium-authorized (not price-oracle gated), so BTC/USD oracle failure does not directly block minting — it affects downstream lending consumers. No try/catch oracle fallback logic found in StakedLBTCOracle or PoR contract source. Yellow: reverts rather than graceful degrade on oracle failure; no declared fallback source. RD-F-052 yellow Breakage analysis per dependency Babylon failure: yield halts entirely; LBTC remains BTC-backed but earns no staking rewards; no fallback yield source documented. Bascule failure: large mints blocked (below-threshold mints still Consortium-gated). CCIP incompatibility (CCIP 1.6.0): bridge path 1 may fail silently per 'NOT TESTED AFTER UPGRADE' comment in TokenPool.sol. Chainlink staleness: downstream lending markets mis-price LBTC as collateral. CubeSigner/HSM compromise: catastrophic custody risk for $1.04B BTC. No documented mitigation for CubeSigner HSM failure. No documented graceful-degrade for CCIP 1.6.0 incompatibility. Yellow: major dependencies analyzed but mitigations incomplete for several critical dependencies. RD-F-057 yellow Circuit breaker on price deviation No general-purpose price-deviation circuit breaker found in Lombard's own oracle contracts for BTC/USD. StakedLBTCOracle has an implicit ratio-change threshold (0.1% per interval) that limits the magnitude of ratio updates — acting as a mild circuit breaker for the LBTC/BTC rate oracle. Consumer-side circuit breakers (e.g. Aave's maxRatio deviation) are downstream protocol responsibility. Yellow: partial protection via StakedLBTCOracle ratio-change threshold; no protocol-level circuit breaker for BTC/USD price deviation. RD-F-059 yellow Oracle staleness check present Chainlink BTC/USD heartbeat: 3600s (acceptable for volatile assets). Lombard's own oracle-consuming code paths do not appear to check updatedAt > block.timestamp - maxStaleness explicitly — LBTC minting is Consortium-authorized, not price-oracle gated, so minting does not directly call Chainlink. StakedLBTCOracle uses switchTime-based model without explicit block.timestamp staleness revert for stale ratio data. Downstream consumers (lending markets) are responsible for their own staleness checks. Yellow: Chainlink 3600s heartbeat is acceptable; no explicit staleness revert found in Lombard's own oracle-consuming code paths; StakedLBTCOracle uses time-switching model without staleness revert. RD-F-060 yellow Chainlink aggregator min/max bound misconfig Chainlink BTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c) is a mature Tier-1 Chainlink feed unlikely to have default type(int192).max bounds given its market maturity and Chainlink's established deployment practices. However, no direct on-chain RPC call to read minAnswer/maxAnswer was performed in this assessment. Yellow: established Tier-1 feed (low effective risk); min/maxAnswer values not directly verified via on-chain read in this assessment pass. RD-F-062 yellow External keeper/relayer not redundant Bascule DEPOSIT_REPORTER is a single Cubist-operated role with no documented failover keeper — if Cubist's infrastructure fails, large LBTC mints are blocked. Babylon Finality Providers are 4 entities (Galaxy, Kiln, P2P, Figment) providing some redundancy for yield continuity. CCIP relayers are Chainlink multi-node infrastructure (adequate redundancy). LayerZero routes are paused. Hyperlane relayers: not independently enumerated; Hyperlane uses multiple validators. Yellow: Bascule single-operator (Cubist) is the material keeper-redundancy gap. RD-F-180 yellow Immutable oracle address [★ CANDIDATE — F180, held per T-12 PD-017; not counted in 19★ critical total; flag for T-14 post-launch promotion review] StakedLBTCOracle's consortium address is admin-configurable via changeConsortium(owner-only). Not immutable — this is the correct design pattern (owner can replace compromised Consortium contract). However, the setter is timelocked behind LombardTimeLock with minDelay = 3600s (1 hour) only. At $1.07B TVL, a 1-hour oracle consortium-address change window is short. Chainlink BTC/USD and ETH/USD feed addresses are external consumer-side configs, not Lombard-owned immutables. No immutable oracle address variable with no setter found in Lombard source. Yellow: oracle setter exists (not a fixed immutable, which is positive); 1-hour timelock is below 24h best practice for a $1B+ protocol. RD-F-054 gray TWAP window duration N/A — Lombard Finance does not use DEX TWAP oracles. Source inspection of all oracle-related contracts found no OracleLibrary.consult() or equivalent TWAP call. All price feeds are Chainlink/RedStone push oracles. Factor does not apply to this protocol type. RD-F-055 gray Oracle pool depth (USD) N/A — Lombard Finance does not use DEX pool oracles. No pool TVL measurement required. Source inspection confirms Chainlink/RedStone push oracles only. Factor does not apply to this protocol type. RD-F-181 n/a Permissionless-pool lending oracle N/A — Lombard Finance is a Bitcoin LRT / restaking protocol, not a lending protocol with permissionless market listing. LBTC is a single token; Lombard does not operate a lending market where spot DEX prices from permissionlessly-created pools would be accepted as valid oracle sources. Pre-marked not_applicable per orchestrator scoping note and profile §1 protocol-type classification.

RD-F-048 green Oracle providers used BTC/USD: Chainlink 0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c (Ethereum, 3600s/0.5%). ETH/USD: Chainlink 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419 (Ethereum, 3600s/0.5%). RedStone BTC/USD and ETH/USD push oracle on BNB/Base/Solana. Internal StakedLBTCOracle 0x1De9fcfeDF3E51266c188ee422fbA1c7860DA0eF (Consortium-signed LBTC/BTC rate). PoR: Lombard + RedStone multi-chain attestation. No spot DEX price feed found in any oracle path. Chainlink and RedStone are established institutional push-oracle providers. Profile §7 confirms oracle_feeds (BTC/USD and ETH/USD Chainlink feeds) and docs.lombard.finance/learn/transparency/oracles confirm established providers.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL — GREEN] No DEX spot price oracle found in any Lombard source file. LBTC minting/burning is Consortium-authorized, not price-oracle gated. BTC/USD from Chainlink is a push oracle with no DEX component. StakedLBTCOracle derives LBTC/BTC exchange rate from Consortium-signed ratio, not DEX. No slot0(), getReserves(), or equivalent DEX price read found in contracts/LBTC/, contracts/PoR/, or contracts/bridge/ directories. Source inspection of all oracle-related contract directories confirms absence of any spot DEX oracle dependency.

RD-F-056 green Single-pool oracle (no medianization) Lombard does not use DEX pool oracle; single-pool oracle concern does not apply. For Chainlink BTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c): multi-source aggregation is inherent to Chainlink's AggregatorV3 design (multiple independent node operators; medianized). Not a single-pool oracle. No DEX oracle of any kind found in Lombard source. Green: Chainlink's multi-node aggregation design inherently meets the no-single-pool criterion.

RD-F-058 green Max-deviation threshold (bps) Chainlink BTC/USD native deviation threshold: 0.5% = 50 bps (configured by Chainlink, not Lombard). StakedLBTCOracle ratio-change limit: 0.1% per interval = 10 bps. Both are well below the 2000 bps (20%) green threshold. No Lombard-specific maxDeviationBps value read from source — both thresholds are either Chainlink-native or emergent from the StakedLBTCOracle update model. Green: thresholds are conservative and well within the acceptable range.

RD-F-061 green LP token balanceOf used for pricing Lombard does not use LP token balanceOf for pricing. LBTC/BTC exchange rate is derived from Consortium-published ratio via StakedLBTCOracle. No balanceOf call found in any price calculation path in the LBTC/ directory or oracle contracts. Donation-manipulation via LP token balanceOf is not applicable to this protocol's price mechanism.

Economic risk Green 13 13 of 13

RD-F-064 yellow TVL concentration (top-10 wallet share) Approximately 70% of circulating LBTC supply is deployed in ~2 DeFi protocols (Aave and Morpho) based on 2025 secondary source data. This concentration means a coordinated exit or liquidation cascade in either protocol could affect the majority of circulating LBTC. No live on-chain top-10 holder snapshot was run (no Dune/Graph query); top-10 share is estimated >60%. Concentration pattern is not atypical for a BTC LST but constitutes a structural single-exit risk. Score: yellow (top-10 share likely >60% per secondary sources — threshold for red is >60%). RD-F-065 yellow Liquidity depth per major asset LBTC secondary market DEX liquidity depth was not formally quantified (no 2%-slippage subgraph query run; data not in cache). Qualitative assessment: Lombard docs classify Liquidity Risk as MEDIUM, noting 'redemptions involve a Babylon unbonding period where BTC remains inaccessible.' The DeFi vault (LBTCv) holds $161M+ in deployed strategy TVL but this is not DEX exit liquidity. During BTC price stress events, leveraged LBTC positions would need secondary market depth to avoid forced selling at discount. The $1.07B TVL without commensurate DEX liquidity is the primary economic risk vector. Score: yellow pending quantification. RD-F-066 gray Utilization rate (lending protocols) N/A — Lombard is not a lending protocol. No markets, no borrow/supply ratios, no utilization rate. DefiLlama data cache confirms borrow.present: false. Coverage flag lending_protocol: false. RD-F-069 gray Algorithmic / under-collateralized stablecoin N/A — LBTC is not a stablecoin and does not have an algorithmic or under-collateralized design. It is a 1:1 BTC-backed liquid staking token. This factor's classification tree (over-collateralized / partially-collateralized / algorithmic / fiat-backed) does not apply to a BTC LST. Gray: stablecoin classification not applicable to this protocol type. RD-F-070 gray Empty cToken-style market (zero supply/borrow) CRITICAL FACTOR (star) — N/A by construction. Lombard is not a Compound V2 fork. No cToken markets exist. LBTC is a permissioned-mint ERC-20 requiring Consortium + Bascule dual authorization per real BTC deposit — no share accounting model, no totalSupply/totalBorrow pair that could be zero. Donation-attack surface does not exist in the core token. Data cache confirms lending_protocol: false. This star factor does not fire for this protocol type. RD-F-071 gray Seed-deposit requirement for new market listing N/A — Lombard does not list markets. LBTC is a single-token BTC LST; there is no market-listing code path or governance process for listing new collateral markets. Not a lending protocol. RD-F-072 gray Market-listing governance threshold N/A — No market-listing governance mechanism. Same basis as RD-F-071. RD-F-073 gray Oracle-manipulation-proof borrow cap N/A — No borrow caps; Lombard is not a lending protocol and does not manage per-asset borrow caps. This factor requires a DEX-TWAP oracle-secured lending market, which Lombard does not have. RD-F-074 gray ERC-4626 virtual-share offset (OZ ≥4.9) N/A — Core LBTC token is a standard ERC-20, not an ERC-4626 vault. Lombard architecture docs confirm: 'deployed as standard tokens on each supported blockchain: ERC-20 on Ethereum, BEP-20 on BSC.' The separate LBTCv DeFi vault product is ERC-4626 and uses OpenZeppelin 5.0.2 (which includes virtual-share offset protection), but LBTCv is a distinct product outside the core LBTC TVL scope. This factor is gray for the core protocol. Note: if LBTCv were assessed separately, it would be green (OZ 5.0.2 implements the virtual offset). RD-F-075 gray First-depositor / share-inflation guard N/A — LBTC is not a share-vault with first-depositor mechanics. Minting is permissioned: each LBTC requires dual authorization from Consortium (10-of-15) and Bascule, confirming a real BTC deposit with 6 confirmations on Bitcoin. There is no 'first depositor' who could inflate share price — each token is minted 1:1 against verified BTC. No donation-attack surface. This factor is not applicable to the core LBTC ERC-20 architecture.

RD-F-063 green TVL (current + 30d trend) Current TVL $1,070,556,829 (~$1.07B) as of 2026-05-05T11:18:57Z per DefiLlama. 30-day change +7.95%; 1-day change +0.03%. Stable-to-growing trend. Exceeds $100M green threshold by a factor of 10. TVL 12-month peak ~$1.5B (August 2025). Composition: 97.28% Bitcoin locked in Babylon staking, 2.32% Ethereum LBTC, 0.40% Base LBTC. Bitcoin dominance is structurally appropriate for a BTC LST.

RD-F-067 green Historical bad-debt events Zero historical bad-debt or socialized-loss events. Lombard security blog states explicitly: 'Since launch, Lombard has seen no depeg events.' No slashing events documented. Rekt DB shows no Lombard incidents (data cache rekt.incidents: []). Slashing risk is capped at 0.1% per slashing event per Lombard docs. Reframed for a BTC LST: 'bad-debt' equivalent would be socialized losses from Babylon slashing or LBTC backing shortfall — neither has occurred.

RD-F-068 green Collateralization under stress LBTC is 1:1 BTC-backed by construction. Each LBTC token is minted only after the Consortium and Bascule independently verify a BTC deposit with 6 confirmations. Proof of Reserves is verified continuously: RedStone PoR oracle updates every ~20 minutes tracking BTC locked vs LBTC circulating supply; Chainlink PoR also active on Ethereum. Slashing risk is capped at 0.1% per slashing event (Finality Providers use anti-slashing cryptographic policies via CubeSigner). Under stress scenario (BTC -50%): USD collateral value drops proportionally, but BTC backing ratio remains 100%. Cascading liquidations of leveraged LBTC positions in Aave/Morpho are managed by those protocols' own risk parameters, not by Lombard. No fractional reserve exposure identified.

Operational history Yellow 25 15 of 15

RD-F-089 red Insurance coverage active No active Nexus Mutual, Unslashed, or Sherlock protocol-level insurance coverage found for Lombard Finance or LBTC at $1.07B TVL. Immunefi vault ~$40K USDC is bug bounty escrow, not insurance. Symbiotic economic guarantee layer is bridge-level economic security, not protocol exploit insurance. Industry-structural gap: proportionate coverage at $1B+ BTC restaking TVL is not available from existing DeFi insurance providers. RD-F-084 yellow TVL stability (CoV over 90d) DeFiLlama historical TVL API returns 403 (structural gap). Estimate from available points: current TVL $1.07B (+7.95% over 30d, +0.03% over 1d per data cache); 12-month peak ~$1.5B; peak-to-current drawdown ~29% over ~9 months. BTC price exposure means USD TVL fluctuates with BTC price independent of protocol stress. CoV estimated in 0.15–0.35 range (yellow). Cannot compute precise CoV without daily series. RD-F-086 yellow Pause activations (trailing 12 months) 1 documented pause activation in trailing 12 months: LayerZero LBTC routes paused April 2026 following KelpDAO LayerZero exploit ($292M). Pause had documented reason (precautionary response). Core minting/redeeming and CCIP bridging remained live. Methodology: yellow = 1–2 pauses with documented reason. RD-F-087 yellow Pause > 7 consecutive days LayerZero routes paused in April 2026; still paused as of 2026-05-05 — approximately 16–17 consecutive days. Strictly, methodology fires red for any pause >7 consecutive days. Curator judgment applied yellow: pause is limited to LayerZero cross-chain routes only (non-core bridge path); core LBTC minting, burning, and CCIP bridging unaffected. Curator should adjudicate whether partial-protocol pauses (non-core bridge only) qualify as full-protocol pauses for this factor. RD-F-078 n/a Chronic-exploit flag (≥3 incidents) 0 incidents (F077 = 0). Threshold of 3 not met. RD-F-079 n/a Same-root-cause repeat exploit 0 incidents (F077 = 0). No root-cause clusters to compare. RD-F-080 n/a Days since last exploit No prior incidents; methodology maps 'no incidents' to green (same as >365 days). RD-F-081 gray Post-exploit response score N/A — no prior exploits to score. Methodology: gray = no prior incidents. RD-F-082 gray Post-mortem published within 30 days N/A — no prior exploits. Methodology: gray = no prior incidents. RD-F-083 gray Auditor re-engaged after last exploit N/A — no prior exploits. Methodology: gray = no prior exploits. Note: Lombard has 14+ audit engagements across 7 firms as proactive hygiene, not post-exploit re-audits. RD-F-085 gray Incident response time (minutes) N/A — no prior incidents. Methodology: gray = no prior incidents. Positive context: LayerZero routes proactively paused within days of KelpDAO exploit (April 2026), indicating response capability, but this does not trigger this factor.

RD-F-076 green Protocol age (days) Mainnet private beta launch 2024-08-21 (622 days to 2026-05-05). Earliest consortium contract deploy 2024-05-28. Green threshold is ≥365 days live; protocol comfortably exceeds at ~622 days from launch.

RD-F-077 green Prior exploit count 0 protocol-level exploits confirmed. Proprietary hacks DB grep (lombard|LBTC, batches 1–23) matched only ionic-money.md, which documents an impersonation of Lombard by attackers against Ionic Money — not an exploit of Lombard contracts. DefiLlama data cache hacks: []. Lombard security blog states no depeg events since launch.

RD-F-088 green Re-deployed to new addresses in last year No full protocol redeployment to a new address set in last 12 months. Proxy upgrades at existing addresses occurred (LBTC proxy 2026-04-24). BridgeV2 deployed 2025-10-16 and newer Consortium contract 2024-12-26 are additions, not full retirements. No deprecation announcement found.

RD-F-166 green Deprecated contracts still holding value No contracts officially announced as deprecated by Lombard Finance as of 2026-05-05. Bascule Drawbridge v1 (0xc750eCAC7250E0D18ecE2C7a5F130E3A765dc260) is still active (not deprecated), holds 0 ETH, last transaction 2026-05-05. Docs smart contracts page (last updated 2026-03-31) lists no deprecated contracts. No deprecation announcements found in GitHub or blog.

Real-time signals Green 5 22 of 22

RD-F-102 yellow Admin/upgrade transaction in mempool Admin/upgrade tx in mempool | Applicable: Yes (CRITICAL CONCERN) | Deployer EOA 0x3F6BF1C36CcBb59eAF8415301a0ceC73c344a079 is LombardTimeLock Proposer; 3-of-5 GnosisSafe 0x251a604E8E8f6906d60f8dedC5aAeb8CD38F4892 is Proposer+Executor. LombardTimeLock minDelay = 3600 seconds (1 hour). Most recent Ethereum upgrade: 2026-04-24. The 1-hour timelock means admin-tx-in-mempool detection would give users at most 60 minutes to act after a Timelock scheduling event -- dangerously short at $1.07B TVL. This signal is highly applicable but its utility is structurally impaired by the 1h delay. v1 phase-2 signal requiring mempool listener. Not currently firing (no pending upgrade tx as of 2026-05-05). Hexagate provides some coverage for upgrade/admin patterns. Yellow because structural risk is high even when signal is not currently firing. RD-F-109 yellow Social-media impersonation scam spike Social-media impersonation scam spike | Applicable: Yes (active X/@Lombard_Finance, Discord, Telegram) | At least 3 distinct wallet-drainer impersonation sites confirmed active: staking.lombard-fin[.]com (BARD staking drainer), lombardfinance[.]dev (claim BARD drainer), aiiocations-lombardfinance[.]com (rewards drainer). Sources: pcrisk.com removal guides. This is an active coordinated impersonation campaign (3+ sites, all confirmed wallet drainers). Meets elevated threshold but social media account count (distinct from domains) not independently verified from 2 sources for definitive red. v2-deferred signal. Would fire at advisory level today. RD-F-093 gray Abnormal gas-price willingness from attacker wallet Abnormal gas-price willingness | Applicable: Yes in principle | Mempool monitoring not configured for this assessment. No anomalous gas-price patterns from attacker-labeled wallets identified from public sources. v2-deferred signal. Not assessable from static public data. Signal requires mempool stream with per-block gas analysis. RD-F-094 gray New contract with similar bytecode to exploit template New contract with similar bytecode to exploit template | Applicable: Partial (multi-bridge architecture) | No exploit-template similarity index maintained for LRT/BTC-restaking class. No known exploit template exists for this protocol class (zero incidents). v2-deferred signal. Not assessable. RD-F-095 gray Known-exploit function-selector replay Known-exploit function-selector replay | Applicable: Partial (bridge contracts) | No prior Lombard exploit exists to seed replay template. Selector-pattern index for LRT/BTC-restaking class not maintained. v2-deferred signal. Not assessable. RD-F-096 gray New ERC-20 approval to unverified contract from whale New ERC-20 approval to unverified contract from whale | Applicable: User-level signal | User-level signal moved to consumer app scope per T-09. Not assessable at protocol level in T-10 static assessment. v2-deferred. RD-F-097 gray Sybil surge of identical-pattern transactions Sybil surge of identical-pattern transactions | Applicable: Partial | No sybil surge pattern identified on Lombard EVM contracts from public data. Clustering algorithm not deployed for this assessment. v2-deferred signal. Not assessable. RD-F-101 gray Large governance proposal queued Large governance proposal queued | Applicable: No | No on-chain Governor contract exists. Lombard uses Consortium + LombardTimeLock (0x055E84e7FE8955E2781010B866f10Ef6E1E77e59) directly. No ProposalCreated/ProposalQueued events possible. Signal cannot attach to this governance model. Monitoring would need to be adapted to TimelockController CallScheduled events instead. v1 launch signal but N/A for consortium-governed protocol. RD-F-107 gray Admin EOA signing from new geography/device Admin EOA signing from new geography/device | Applicable: Yes in principle | Off-chain signing telemetry not available (requires team opt-in; practically always gray). Consortium uses CubeSigner HSMs (positive architectural mitigant -- signing physically constrained to hardware). Deployer EOA and 3-of-5 Safe use standard EOA signing. v2-deferred. Not assessable without telemetry. RD-F-110 gray Unusual pending/executed proposal ratio Unusual pending/executed proposal ratio | Applicable: No | No on-chain Governor contract. No proposal queue. BARD token governance is off-chain/Liquid Bitcoin Foundation with no on-chain proposal history. Signal cannot attach to this governance model. N/A.

RD-F-090 green Mixer withdrawal → protocol interaction Mixer withdrawal -> protocol interaction | Applicable: Yes | TRM Labs deployed as production-grade sanctions and mixer screening for all Lombard user interactions (BTC deposits, LBTC minting, bridge requests). Every wallet address scanned via TRM per security blog. No mixer-funded wallet interactions with Lombard contracts reported in public sources. Signal not firing. v1 phase-2 advisory signal (tier-C). Would not fire today.

RD-F-091 green Partial-drain test transactions Partial-drain test transactions | Applicable: Yes (drainable bridge and LBTC minting contracts) | No small-value pre-strike probe transactions detected on Lombard contracts in public block explorer data. Hexagate monitors invariant checks continuously. v2-deferred signal (folded into RD-F-098 precursor rule). Signal not firing. Would not fire today.

RD-F-092 green Unusual mempool pattern from deployer wallet Unusual mempool pattern from deployer wallet | Applicable: Yes (deployer EOA 0x3F6BF1C36CcBb59eAF8415301a0ceC73c344a079 has Timelock Proposer role) | Deployer shows 179 transactions with recent cross-chain infrastructure deployment activity (AssetRouter, BridgeV2, NativeLBTC, StakedLBTC). Pattern consistent with active development cadence. No mass-approval or anomalous clustering pattern identified. v2-deferred signal. Would not fire today.

RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly (severe drop) | Applicable: Yes ($1.07B TVL) | TVL trend: +7.95% over 30 days, +0.03% over 1 day as of 2026-05-05. Well above 30% drop threshold. Hexagate partnership provides automated pause and anomaly detection for EVM-side TVL. Structural gap: 97.28% of TVL ($1.04B) is Bitcoin-layer BTC not captured by standard EVM subgraph monitor -- a BTC custody compromise would not fire EVM TVL signal until LBTC redemptions became anomalous. Signal not firing today. Note monitoring gap for non-EVM TVL.

RD-F-099 green Oracle price deviation >X% from secondary Oracle price deviation | Applicable: Yes (Chainlink BTC/USD 0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c, 1h heartbeat, 0.5% deviation threshold; Redstone+Chainlink PoR for reserves) | No oracle deviation reported at assessment date. Hexagate monitors oracle deviations explicitly. v1 phase-2 signal. Signal not firing.

RD-F-100 green Flash loan >$10M targeting protocol tokens Flash loan targeting protocol | Applicable: Limited (no lending market, no flash-loanable governance) | Consortium governance not flash-loan-attackable (no on-chain governor contract). No flash-loan targeting pattern detected. v1 phase-2 signal. Signal not applicable in standard configuration.

RD-F-103 green Bridge signer-set change proposed/executed Bridge signer-set change | Applicable: Yes (CCIP TokenPool, LayerZero OFT paused, Hyperlane GMP; Consortium 0xed6D647E2F81E5262101aFf72c4A7bcDcfd780e0 is effective bridge signer set) | LayerZero OFT routes preemptively paused April 2026 post-KelpDAO exploit. CCIP and Hyperlane remain active. Consortium threshold remains 10-of-15 per March 2026 docs. No unscheduled signer-set change detected on active bridge paths. 3-of-5 GnosisSafe most recent tx 2026-04-27 (routine Exec Transaction). Any re-enablement of LZ routes or Consortium threshold change would be tier-A. Signal not firing.

RD-F-104 green Stablecoin depeg >2% on shared-LP venue Stablecoin depeg | Applicable: No | LBTC is 1:1 backed by native BTC, not any stablecoin. No stablecoin constitutes >5% of TVL. Bitcoin TVL is 97.28% of total. LBTC/BTC peg depends on Babylon staking redemption mechanics, not stablecoin stability. Signal N/A for this protocol design. Would not fire.

RD-F-105 green DNS/CDN/frontend hash drift DNS/frontend hash drift | Applicable: Yes (lombard.finance active frontend) | Official lombard.finance domain appears stable at assessment date. No DNS drift or hash change alerts from legitimate sources. Active impersonation domains (staking.lombard-fin[.]com, lombardfinance[.]dev, aiiocations-lombardfinance[.]com) are separate domains -- they do not constitute drift on the official domain (those are F161 scope). v1 phase-2 signal. Signal not firing on official domain.

RD-F-106 green Cross-chain bridge unverified mint pattern Cross-chain bridge unverified mint pattern | Applicable: Yes | Bascule Drawbridge v1 (0xc750eCAC7250E0D18ecE2C7a5F130E3A765dc260) requires dual attestation: both Consortium signature AND Bascule independent attestation before any LBTC mint. This directly addresses the unverified-mint signal class. No mint-without-proof events reported. v2-deferred signal. Signal not firing.

RD-F-108 green GitHub force-push to sensitive branch GitHub force-push to sensitive branch | Applicable: Yes (public repo github.com/lombard-finance/evm-smart-contracts, last commit 2026-04-20) | No force-push or unauthorized branch push events identified in public repo activity around assessment date. Last commit consistent with April 2026 Sherlock/OZ audit completion and development cadence. v2-deferred signal. Signal not firing.

RD-F-182 green Security-Council threshold reduction (RT) Security-Council threshold reduction (RT signal, batch-24) | Applicable: Yes (HIGHLY RELEVANT) | Lombard Security Consortium (10-of-15 threshold via 0xed6D647E2F81E5262101aFf72c4A7bcDcfd780e0) IS the effective Security Council. 3-of-5 GnosisSafe (0x251a604E8E8f6906d60f8dedC5aAeb8CD38F4892) is Timelock proposer/executor. Context: KelpDAO April 2026 exploit (attributed to Lazarus) used DVN threshold reduction before $292M drain -- exact pattern this signal monitors. Current posture: Consortium threshold unchanged at 10-of-15 per March 2026 docs; GnosisSafe most recent tx 2026-04-27 was routine Exec Transaction with no threshold change. No threshold reduction event detected. Signal not firing. v1.1 candidate (not yet production-live). Priority monitoring target given Drift/KelpDAO precedents.

Dev identity & insider risk Green 9 16 of 16

RD-F-116 yellow Contributor tenure at admin-permissioned PR GitHub org `lombard-finance` has no public members (confirmed via GitHub API call, 2026-05-05). Primary committers on recent April 2026 ACL-related commits are `hashxtree` and `le0n229` — pseudonymous GitHub handles that cannot be individually mapped to named team members without authenticated API access. Protocol age ~20 months, suggesting core committers likely have ≥12 months tenure, but this cannot be verified. Yellow per default scoring discipline on insufficient identity evidence. RD-F-117 yellow ENS/NameStone identity bound to deployer No ENS or NameStone name bound to deployer address `0x3F6Bf1c36Ccbb59eAf8415301a0Cec73C344A079`. Etherscan shows the protocol-level label 'Lombard: Deployer' which provides functional identification equivalence but does not satisfy the ENS/NameStone-specific criterion. Yellow reflects absence of the specific mechanism, not an adverse signal. RD-F-119 yellow Commit timezone consistent with stated geography Jacob Phillips is New York, NY-based (LinkedIn). Team backgrounds from US-based organizations (Coinbase, Polychain Capital, Ripple) and UK/global DeFi firms (Argent, Maple Finance). April 2026 GitHub commit activity is business-day concentrated, consistent with Western work hours. No anomalous DPRK timezone burst pattern identified. Full commit-timestamp histogram not computed via GitHub API. Yellow per scoring discipline (P2 factor, medium confidence from partial evidence). RD-F-123 yellow Sudden admin-rescue/ACL change without discussion Deployer EOA `0x3F6Bf1c36Ccbb59eAf8415301a0Cec73C344A079` retains Proposer role in LombardTimeLock `0x055E84e7FE8955E2781010B866f10Ef6E1E77e59` alongside the 3-of-5 GnosisSafe — creating a single-actor upgrade path with only 1-hour timelock delay. No public governance forum (Snapshot, Discourse, Tally) identified for Lombard. April 2026 GitHub commits include ACL role revocations ('Revoke CALLER_ROLE,' 'Remove deprecated OPERATOR_ROLE references') consistent with OpenZeppelin and Sherlock April 2026 audit findings, but no pre-execution public discussion venue exists to verify. No hostile admin-rescue event documented. Yellow: structural concentration + no public ACL-change discussion forum; not a confirmed malicious event. RD-F-184 gray Real-capital social-engineering persona No curator flag or OSINT evidence of any 'contributor' or 'external integrator' persona with >=1M USD attributed deposits to Lombard or peer protocols used to build social-engineering credibility. The April 2026 DPRK class attack (UNC4736/TraderTraitor) targeted Drift Protocol specifically via a 6-month conference/in-person build-up — Lombard is not mentioned in any DPRK attack report. Third-party LBTC/BARD phishing drainers (pcrisk.com) are user-targeting scams, not insider-implantation patterns. P1 M-only factor. Gray per scoring discipline: no positive curator attestation exists; no adverse signal found. Comparator: Drift Protocol (Kamino cited as clean comparator in hacksdatabase). Lean green.

RD-F-111 green Team doxx status CEO Jacob Phillips is fully doxxed: real name, LinkedIn profile (New York, NY; 500+ connections), Case Western Reserve University BA Economics/CS 2015–2019, Polychain Capital partner 2019–2022, Perennial Labs Head of Product 2022–2024. Named Director of Engineering Olivia Thet confirmed via secondary sources. Team backgrounds from Coinbase, Argent, Ripple, Maple Finance publicly cited. Multiple on-camera podcast and conference appearances confirmed for Jacob Phillips.

RD-F-112 green Team public accountability surface Jacob Phillips has ≥4 verifiable public trails: LinkedIn employment history (Polychain Capital, Perennial Labs, Lombard), IQ.wiki biography, Blockworks speaker profile, Consensus HK 2025 speaker listing, Fintech.tv keynote interview, multiple podcast appearances (Blockcast, Stonks Go Moon, Blockspace Media, Kiln RDV, Index Podcast, DOX RADIO). Institutional investor Polychain Capital conducted VC due diligence before leading $17M seed round. Tracxn confirms 16 employees as of March 2026.

RD-F-113 green Team other-protocol involvement history Jacob Phillips prior roles: Polychain Capital (institutional VC, not a protocol), Perennial Labs (active perpetual DEX, not rugged). No adverse prior protocol history for any named team member. Protocol raised $17M seed from Polychain Capital with Franklin Templeton, Binance Labs, OKX Ventures, dao5 participation — institutional due diligence implied. Data cache rekt.incidents = [] confirms zero protocol incidents.

RD-F-114 green Deployer address prior on-chain history Deployer `0x3F6Bf1c36Ccbb59eAf8415301a0Cec73C344A079` carries Etherscan label 'Lombard: Deployer' — a protocol-attributed deployer. Transaction history shows contract creations (AssetRouter, BridgeV2, StakedLBTC), token approvals, ETH transfers, and bridge operations to Optimism. Activity pattern is consistent with a legitimate protocol deployer. No rug-deployer cluster label, no exit-scam-pattern deployments, no test contracts with suspicious patterns found.

RD-F-115 green Prior rug/exit-scam affiliation Web search 'Lombard Finance rug OR exit scam' returns no results against the legitimate protocol. Results surface third-party phishing/impersonation scam sites (Lombard BARD staking drainers documented by pcrisk.com) that are unrelated to the protocol team. No team member linked to a prior rugged protocol via OSINT. Data cache rekt.incidents = [] confirms zero protocol incidents.

RD-F-118 green Handle reuse across failed/rugged projects Jacob Phillips (@JacobPPhillips on X) has a consistent Lombard/Perennial Labs/Polychain identity. No OSINT results linking any Lombard team social handle to a prior rugged or failed project. Multiple independent news sources (The Block, CoinDesk, Blockworks) corroborate consistent team identity since April 2024 launch.

RD-F-120 green Video-off/voice-consistency flag Jacob Phillips has on-camera and on-audio public appearances confirmed: DOX RADIO Episode 050 (YouTube, Nov 2024), Blockcast 56 (Apple Podcasts, March 2025), Stonks Go Moon podcast, Blockspace Media podcast, Kiln Rendez-Vous podcast, Index Podcast video (YouTube Jan 2025), Fintech.tv Bitcoin Evolution keynote, Consensus Hong Kong 2025 in-person speaker. No video-declined or voice-inconsistency concern raised across any indexed appearance.

RD-F-121 green Contributor OSINT depth score Jacob Phillips OSINT depth score 5/5: Case Western Reserve University degree (verifiable), Polychain Capital partner (verifiable institutional VC with public team disclosures), Perennial Labs Head of Product (prior public product), IQ.wiki biography, Blockworks profile, Consensus HK speaker, multi-platform podcast/video catalog, consistent X account. Supporting team (Olivia Thet, Matthew Donovan, Charlotte Dodds) named across secondary sources at score ~3/5. Average for identifiable team members approximately 3.5–4.

RD-F-122 green Contributor paid to DPRK-cluster wallet No contributor payment wallet traced to DPRK/Lazarus cluster within 3 hops. Consortium member organizations (Galaxy, OKX, Kraken, Amber, Wintermute, Antpool, F2Pool, Chorus.one, Figment, Kiln, P2P, Cubist, Informal Systems, Nansen) are all established institutional entities with no OFAC designation. OFAC SDN search returns no Lombard Finance match. Web search for Lombard Finance + DPRK/Lazarus: zero adverse results. Individual contributor wallets are not publicly disclosed; adverse CTI signal absent across all accessible sources.

RD-F-124 green Deployer wallet mixer-funded within 30 days Deployer `0x3F6Bf1c36Ccbb59eAf8415301a0Cec73C344A079` was funded approximately May 2024 from address `0x683c9821302a34e4f0418fd6d4dcb698eb2febf2`. Etherscan shows that intermediate address was itself funded from 'Ankr: MATIC pool' — an established DeFi infrastructure protocol, not a privacy mixer. No Tornado Cash, Railgun, or equivalent mixer interactions found in deployer transaction history at any point. 30-day pre-deploy window is clean. Institutional funding chain (Polychain Capital $17M seed) is separately corroborated.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No DPRK/Lazarus linkage found for Lombard Finance, the deployer EOA, the GnosisSafe signers, or any named team member. Web search 'Lombard Finance DPRK OR Lazarus OR North Korea' returns zero adverse results — only generic Lazarus Group background articles with no Lombard mention. Third-party phishing sites impersonating LBTC/BARD branding are external fraud operations unrelated to team identity. No OFAC SDN, Chainalysis published report, US Treasury press release, or TRM alert links Lombard to DPRK actors. ESCALATION NOT REQUIRED.

Fork / dependency lineage Green 11 10 of 10

RD-F-133 yellow Dependency manifest uses unpinned versions OpenZeppelin contracts and contracts-upgradeable both pinned at exact version 5.0.2 in package.json with a resolutions override. Chainlink contracts-ccip pinned at exact version 1.6.1. These are the most security-critical dependencies. LayerZero packages use caret (^) range specifiers: @layerzerolabs/lz-evm-protocol-v2: ^3.0.7, @layerzerolabs/oft-evm: ^0.1.0, @layerzerolabs/lz-evm-messagelib-v2: ^3.0.9 — minor/patch versions may float. Per methodology: yellow = minor libs unpinned but OZ and Solady pinned. LayerZero is a significant protocol dependency (though routes are currently paused) but not the core cryptographic primitive that OZ is. RD-F-126 n/a Is-a-fork-of Lombard Finance is an original implementation — not a fork of any upstream protocol. GitHub repository (lombard-finance/evm-smart-contracts) carries no upstream fork relationship. Profile §5 explicitly states: 'Not forked / original implementation.' Protocol architecture (Cosmos SDK appchain Lombard Ledger, CubeSigner HSM key management, Bascule Drawbridge, Consortium multi-signature notary) is unique with no known upstream equivalent. The repository has 37 forks made by others but is not itself a fork. OpenZeppelin 5.0.2 is used as a library dependency, not as an upstream fork. RD-F-127 n/a Upstream patch not merged Protocol is not a fork. No upstream to track for unmerged patches. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) Protocol is not a fork. No upstream vulnerability disclosures to track. RD-F-129 n/a Code divergence from upstream (%) Protocol is not a fork. Code divergence from upstream is not a meaningful metric for original implementations. RD-F-130 n/a Fork depth (generations from original audit) Protocol is not a fork. Fork depth = 0 by definition (original implementation). RD-F-131 n/a Fork retains upstream audit coverage Protocol is not a fork. It has its own independent comprehensive audit history across 7 firms. The question of whether a fork retains upstream audit coverage is N/A. RD-F-132 n/a Fork has different economic parameters than upstream Protocol is not a fork. Different economic parameters vs upstream is N/A.

RD-F-134 green Dependency had malicious-release incident (last 90d) No GitHub Security Advisory (GHSA) or npm audit advisory flagging a malicious release in the last 90 days for: OpenZeppelin contracts 5.0.2, OpenZeppelin contracts-upgradeable 5.0.2, @chainlink/contracts-ccip 1.6.1, or the LayerZero packages used. No active malicious-release incident affecting Lombard's dependency tree identified as of 2026-05-05.

RD-F-135 green Shared-library version with known-vuln status OpenZeppelin 5.0.2 (released February 2024): no known high/critical CVE or GHSA advisory as of 2026-05-05. This version introduced EIP-7201 namespaced storage (preventing storage collisions), virtual shares for ERC-4626, and other security improvements over 4.x. No regression vulnerability reported in the 5.0.x series. Chainlink CCIP 1.6.1: no known high/critical advisory. LayerZero ^3.0.x packages: no known malicious-release advisory.

Post-deploy hygiene & change mgmt Green 18 13 of 13

RD-F-136 yellow Deployed bytecode matches signed release tag GitHub repo has 2,179 commits on main; last commit 2026-04-20. No confirmed signed release-tag convention. Audit PDFs reference specific commit hashes (e.g., Veridise V2 commit b42ac63) but full deployed-bytecode-to-signed-tag correspondence is unconfirmed. RD-F-139 yellow Post-audit code changes without re-audit Most recent Ethereum upgrade: 2026-04-24. Most recent audit end: OZ multipauser 2026-04-09 (15-day gap). Sherlock multipauser+bridge: 2026-04-01 (23-day gap). The April 2026 audits listed BaseLBTC/NativeLBTC/StakedLBTC/BridgeV2 in scope, suggesting the upgrade is plausibly within scope, but explicit commit SHA correspondence is unconfirmed. GitHub audit README warns: 'Some of the contracts were modified after they were audited.' RD-F-141 yellow Test-mode parameters in deploy Deployer EOA retained as Proxy Admin and TimeLock Proposer permanently post-launch — this is a structural anomaly at $1B+ TVL that may reflect an intentional design choice rather than an accidental test-mode parameter. No other test-mode parameters (test oracle, infinite allowance, test addresses) identified. RD-F-142 yellow Storage-layout collision risk across upgrades 7 total LBTC implementation upgrades since 2024. OZ V2 audit (Nov-Dec 2024) and OZ multipauser audit (Apr 2026) included LBTC in scope, suggesting OZ would have flagged storage-layout issues. No public storage collision report. However, full OZ upgrades-plugin validation across all 7 upgrade pairs was not confirmed from public sources. RD-F-143 yellow Reinitializable implementation (no _disableInitializers) Current LBTC proxy implementation 0x072072317469ebb6c340a47e41561c9c3b782bd9 (StakedLBTC, deployed 2026-04-24): Etherscan ABI shows empty constructor {inputs:[], stateMutability:nonpayable} with no confirmed _disableInitializers() call. BridgeV2 and older LBTC impl both confirmed to include _disableInitializers(). Inconsistency warrants yellow pending code-security-analyst static analysis. If _disableInitializers() confirmed absent in current impl -> [CRITICAL] red. RD-F-145 yellow Deployed bytecode reproducibility No public bytecode reproducibility instructions found. Data cache: hardhat_config_present=true, foundry_toml_present=false, changelog_present=false. Pinned solc version not confirmed in public repo. No lockfile available from public GitHub inspection. RD-F-146 yellow New contract deploys in last 30 days Deployer EOA deployed multiple new contracts between 2026-04-21 and 2026-04-24: AssetRouter, BridgeV2 (new impl), NativeLBTC, StakedLBTC. This is significant new attack surface deployed within 30 days of assessment date.

RD-F-137 green Upgrade frequency (per 90 days) 1 upgrade on LBTC Ethereum proxy in last 90 days (2026-04-24). Prior upgrade was 2025-11-20. BridgeV2 also upgraded 2026-04-24. 1 upgrade per 90 days is normal operational cadence.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) The 2026-04-24 upgrade was routed through LombardTimeLock (schedule tx 2026-04-21, execution 2026-04-24 — 3-day gap exceeds 1h minimum). TimeLock shows 3 total transactions with most recent being the April 2026 upgrade. No evidence of hot-patch bypassing the TimeLock in last 30 days.

RD-F-140 green Fix-merged-but-not-deployed gap No specific vulnerability with a merged fix but undeployed patch identified from public audit records or GitHub commit history. OZ V2 audit findings (6H resolved, 4M resolved) appear to have been deployed in subsequent upgrades.

RD-F-144 green CREATE2 factory permits same-address redeploy No CREATE2 factory-based redeployment pattern identified. All contracts use standard deployer-from-EOA or TransparentUpgradeableProxy pattern. No redeployment-to-same-address mechanism found.

RD-F-168 green Stale-approval exposure on deprecated router No deprecated router/pool contracts with active user approvals identified. Older LBTC proxy implementations are inactive proxy slots at the proxy-level; users approve the proxy address, which remains the same. No deprecated router contract found in protocol address set.

RD-F-185 green Bridge rate-limiter / chain-pause as positive mitigant BridgeV2 implements per-token/per-chain rate limiting via rateLimit mapping and setTokenRateLimits() function. Hexagate-based automated monitoring provides 24/7 emergency pause capability. LayerZero routes proactively paused in April 2026 following KelpDAO exploit, demonstrating active use of route-level pause as a protective measure.

Cross-chain & bridge Green 14 12 of 12

RD-F-150 yellow Bridge validator co-hosting 15 institutionally diverse members across multiple sectors: trading firms (Galaxy, Amber, Wintermute), exchanges (OKX, Kraken), mining pools (Antpool, F2Pool), validator infrastructure (Chorus.one, Figment, Kiln, P2P), software/key-management (Cubist, Informal Systems), analytics (Nansen), plus 1 unnamed. Geographic and operational diversity across multiple jurisdictions makes co-hosting of majority unlikely. No formal ASN-level co-hosting verification performed. Yellow: qualitative diversity is strong; no formal independent verification of infrastructure separation. RD-F-155 yellow Bridge validator-set rotation recency Consortium membership last documented as 14 named + 1 unnamed per docs updated 2026-03-31. Protocol is ~20 months old (August 2024 launch). Specific on-chain validator-set rotation event log (e.g., ValidatorSetUpdated events) not enumerated in this assessment. Ongoing membership management inferred from public docs but specific rotation timestamps not confirmed via on-chain reads. Yellow: membership appears active and current; specific rotation recency not directly verified via on-chain event log; low confidence from evidence. RD-F-156 yellow Bridge uses same key custody for >30% validators 15 diverse institutional members. Cubist is both a Consortium member (1/15 = 6.7% vote weight) and the operator of Bascule infrastructure and CubeSigner key management system. CubeSigner is Cubist's HSM product used for BTC key management. If CubeSigner manages the Consortium signing keys for multiple Consortium members beyond Cubist's own member key, the effective single-custodian share could exceed 30% of the validator set. Cannot confirm or deny from public sources whether other Consortium members use CubeSigner for their own signing keys. Yellow: Cubist dual-role (Consortium member + key infrastructure provider) is a structural concentration concern; >30% single-custodian threshold cannot be ruled out without explicit disclosure. RD-F-157 yellow Bridge TVL per validator ratio Total TVL: $1.07B (data cache: Bitcoin $1.041B / 97.28% + Ethereum $24.8M + Base $4.3M + BNB $28K). Consortium validator count: 15. TVL per validator (total basis): $1,070,556,829 / 15 = ~$71.4M per validator. This exceeds the $50M/validator green threshold and falls in the $50M–$200M yellow range. EVM-chain-only TVL per validator: ~$1.9M (green), but total BTC custody exposure is the meaningful metric for Consortium compromise risk since all BTC is under Consortium-managed CubeSigner HSMs. Yellow: ~$71M/validator on total TVL basis exceeds green threshold. RD-F-179 yellow LayerZero OFT DVN config (count, threshold, diversity) LayerZero OFT routes preemptively paused in April 2026 following KelpDAO exploit ($292M extracted from 1/1 DVN configuration compromise). LBTCOFTAdapter inherits EfficientRateLimitedOFTAdapter providing outflow rate limiting as an additional protection layer. Exact DVN count, threshold, and operator identities used before the pause are not publicly disclosed by Lombard. No active LayerZero cross-chain risk while routes are paused. Post-KelpDAO industry standard is minimum 2-of-N independent DVNs. Lombard has not publicly committed to a minimum DVN threshold for re-enablement. Proactive defensive posture (pausing before any incident) is a strong positive signal. Yellow: routes paused (positive); DVN configuration cannot be confirmed as non-1/1 from public sources; re-enablement commitment absent.

RD-F-147 green Protocol has bridge surface Bridge surface confirmed: (1) BridgeV2 0x451c54981C7DA5d95901b770C540547cF5FE0A2D + Chainlink CCIP TokenPool; (2) LBTCOFTAdapter (LayerZero V2, paused April 2026); (3) Hyperlane Mailbox 0x964677F337d6528d659b1892D0045B8B27183fc0 + AssetRouter. Three independent bridge paths confirmed from profile §7, GitHub source, and Immunefi scope. Cat 10 is fully applicable. Green: bridge surface is confirmed; this factor gates the rest of Cat 10.

RD-F-148 green Bridge validator count (M) Lombard Security Consortium: 15 institutional members (Galaxy, OKX, Kraken, Amber, Wintermute, Antpool, F2Pool, Chorus.one, Figment, Kiln, P2P, Cubist, Informal Systems, Nansen + 1 unnamed). Threshold: 10-of-15. CCIP adds a second independent validation layer via Chainlink RMN. Hyperlane Mailbox uses same Consortium checkProof(). Effective validator count for all Lombard-native bridge paths: 15. 15 >= 7 (green criterion for >=7 validators). Consortium.sol _checkProof() enforces weight-based threshold.

RD-F-149 green Bridge validator threshold (k-of-M) Consortium threshold: 10-of-15 (weight-based). Consortium.sol _checkProof() requires cumulative weight >= weightThreshold. 10/15 exceeds majority (ceil(15/2)+1 = 9). CCIP provides a second independent validation layer via Chainlink's RMN. All Lombard-native bridge paths require Consortium co-authorization. Green: 10-of-15 exceeds the majority-plus-one criterion; strong threshold resistant to single-entity compromise.

RD-F-151 green Bridge ecrecover checks result ≠ address(0) [★ CRITICAL — GREEN] BridgeV2/Mailbox path: Consortium.checkProof() calls ECDSA.tryRecover() (OpenZeppelin library). Error handling: 'if (err != ECDSA.RecoverError.NoError) continue'. OZ ECDSA.tryRecover internally handles address(0) via the RecoverError enum — returns RecoverError.InvalidSignature for zero-address recovery cases (not NoError), so the guard catches it. No raw ecrecover call found in Consortium.sol or Mailbox.sol. CCIP path: LombardTokenPool.sol delegates to Chainlink's CCIP infrastructure; no ecrecover in Lombard's own source. LayerZero path: paused — not in active use. No unguarded raw ecrecover found in any active bridge path. Wormhole-class vulnerability not present.

RD-F-152 green Bridge binds message to srcChainId Mailbox/GMP path: inbound messages validated against $.inboundMessagePath[payload.msgPath] which encodes remote mailbox + chain; srcChainId is implicitly bound via path ID (path-based srcChainId binding). BridgeV2: chainId extracted via $.mailbox.getInboundMessagePath(payload.msgPath); rate limits keyed by (sourceChain, token) pair. CCIP path: sourceChainSelector is native to Chainlink's Any2EVMMessage struct; received by Lombard's TokenPool via CCIP's structured message format. All three active bridge paths bind messages to their source chain identifier.

RD-F-153 green Bridge tracks nonce-consumed mapping BridgeV2: payloadSpent[payload.id] mapping prevents double-spend; reverts with BridgeV2_PayloadSpent() on replay attempt. Mailbox: deliveredPayload[payloadHash] mapping prevents re-delivery of the same payload. CCIP: Chainlink's own sequence number infrastructure handles replay prevention at the protocol layer independently of Lombard's source. All active bridge paths implement replay protection through payload-hash or sequence tracking.

RD-F-154 green Default bytes32(0) acceptable as valid root [★ CRITICAL — GREEN] BridgeV2 explicitly rejects bytes32(0): 'if (destinationChain == bytes32(0)) revert BridgeV2_ZeroChainId()' and 'if (destinationToken == bytes32(0)) revert BridgeV2_ZeroToken()'. Mailbox rejects bytes32(0) for recipient, destinationChain, and destinationMailbox with explicit revert statements. Consortium proof must validate against registered signers (empty/zero proof cannot produce valid cumulative weight). CCIP: Chainlink RMN rejects default-value messages at the protocol layer. The 'NOT TESTED AFTER UPGRADE OF CCIP TO 1.6.0' comment in TokenPool.sol relates to upgrade compatibility, not zero-root acceptance — the bytes32(0) rejection logic in BridgeV2 and Mailbox is unaffected by the CCIP version. Nomad-class ($190M) zero-root vulnerability not present.

Threat intelligence & recon Yellow 20 8 of 8

RD-F-161 red Protocol-impersonator domain registered (typosquat) Protocol-impersonator domain registered (typosquat) | Applicable: Yes | At least 3 active wallet-drainer impersonation domains confirmed: (1) staking.lombard-fin[.]com -- BARD staking drainer; (2) lombardfinance[.]dev -- fake BARD claim portal drainer; (3) aiiocations-lombardfinance[.]com -- fake rewards event drainer. All 3 documented as crypto wallet drainer sites impersonating Lombard Finance. Sources: pcrisk.com removal guides. Exact registration dates within 90-day window not confirmed (pcrisk guides are indexed but dates ambiguous). Active wallet drainers confirmed: red threshold met. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Attacker wallet pre-strike probe | Applicable: Yes | Requires CTI feed and mempool monitoring. No pre-strike probe transactions from CTI-flagged addresses on Lombard contracts identified from public data. Hexagate provides real-time mempool monitoring as part of threat prevention platform but specific pre-strike probe pattern detection not independently confirmed for this signal. Not assessable without licensed CTI feed confirmation. RD-F-162 gray Known-exploit-template selector deployed by any address Known-exploit-template selector deployed | Applicable: Partial (bridge contracts) | No known-exploit-template selector deployment targeting LRT/BTC-restaking class identified. KelpDAO exploit (LZ OFT forged lzReceive) is a template, but Lombard's LZ routes are paused and CCIP/Hyperlane use different verification paths. Selector-pattern index not maintained for this protocol class. v2-deferred. Not assessable. RD-F-164 gray Leaked credential on paste/sentry site Leaked credential on paste/sentry site | Applicable: Yes (protocol infra, CubeSigner, Consortium API) | No public paste-site or credential dump referencing Lombard infrastructure identified in accessible public sources. GitHub has no SECURITY.md (security_md_present: false per data cache) -- a disclosure process gap but not evidence of leakage. Paste monitoring not configured for this static assessment. Not assessable.

RD-F-158 green Known-threat-actor cluster has touched protocol Known-threat-actor wallet cluster has touched protocol | Applicable: Yes ($1.07B TVL high-value target) | No confirmed known-threat-actor wallet interaction with Lombard-specific contracts (LBTC 0x8236a87..., Consortium 0xed6D647..., BridgeV2 0x451c549...) identified in public intelligence reports. KelpDAO exploit (April 2026) attributed to Lazarus Group used LayerZero OFT -- same bridge technology Lombard paused. Indirect sector-level proximity but no direct contract touch confirmed. TRM Labs deployed for all user wallet screening. Signal not firing. Elevated sector-level risk noted.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps GitHub malicious-dependency incident | Applicable: Yes (npm dependencies, OZ 5.0.2) | No GitHub Security Advisory (GHSA) for OpenZeppelin 5.0.2 or other Lombard dependencies confirmed at assessment date. OZ 5.x is current with no known critical advisories. No malicious-release incident affecting Lombard dependency stack identified. Signal not firing.

RD-F-163 green Avg attacker reconnaissance time for peer-class protocols Avg attacker reconnaissance time for peer-class protocols | Applicable: Yes | LRT/bridge-class protocols show 30-180 day reconnaissance windows based on Drift DPRK attack (USPD 78-day pattern) and KelpDAO (months of advance preparation). This provides a meaningful defender window if CTI monitoring is live. Green: reconnaissance time for this class is sufficient for early detection with active monitoring.

RD-F-165 green Protocol social channel has scam-coordinator flag Protocol social channel has scam-coordinator flag | Applicable: Yes (Discord discord.com/invite/2HG7G69twc, Telegram t.me/+yKL57AkmSg84YTgx) | No official Discord/Telegram admin flagged on curator scam-coordinator watchlist from public sources. Active impersonation campaign operates via external fake domains (F161 scope), not by compromising official channels. No community reports of official channel admin compromise. Signal not firing.

Tooling / compiler / AI Green 0 5 of 5

RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Lombard Finance is an original implementation with no audited upstream to compare against for behavioral deviation analysis. The bytecode similarity to audited upstream factor presupposes a fork relationship. Since Lombard is not a fork (RD-F-126 N/A), this factor is N/A by the same determination.

RD-F-170 green Solc version used (known-bug versions flagged) Primary EVM contracts compiled with Solidity v0.8.24+commit.e11b9ed9 (BridgeV2 implementation, BasculeV2, StakedLBTC). LBTC proxy implementation 0x072072317469ebb6c340a47e41561c9c3b782bd9 compiled with v0.8.20+commit.a1b79de6. Hardhat.config.ts specifies solidity: '0.8.24' as the project-wide compiler. Both 0.8.20 and 0.8.24 are not on the official Solidity known-bug list for high/critical issues relevant to upgradeable token contracts. No Vyper detected (data cache vyper_detected: false). EVM version target: Paris (pre-Cancun) per Etherscan bytecode metadata.

RD-F-172 green Repo shows AI-tool co-authorship in critical files The 10 most recent commits to evm-smart-contracts (2026-04-15 to 2026-04-20) were reviewed: commit messages show standard development work (format pauseMintBurn function, enforce mint/burn allowance check, add MintBurnExpectedPaused error, refactor validation logic, audit report uploads). No 'Co-authored-by: github-actions[bot]' or Copilot/ChatGPT co-authorship trailers found in commit messages. No AI co-authorship metadata detected in security-critical files. Confidence medium — only top 10 commits reviewed; exhaustive historical scan not performed.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure of AI-generated Solidity in security-critical paths found on Lombard blog, docs, or X/Twitter. Security blog post (https://www.lombard.finance/blog/lbtc-security-and-transparency/) discusses audit firms, Bascule Drawbridge, and PoR oracle with no mention of AI code generation. Docs security section mentions 6 audit firms but no AI disclosure. Confidence medium — absence of disclosure is not the same as confirmed absence of AI tools.

RD-F-174 green Dependency tree uses EOL Solidity version Deployed contracts use Solidity 0.8.20 and 0.8.24. Both versions are within the actively maintained Solidity 0.8.x series. The latest Solidity 0.8.x release is 0.8.28 (as of early 2026); 0.8.20 and 0.8.24 are older but not EOL — Solidity maintains backward compatibility within the 0.8.x series and has not announced an EOL policy for 0.8.20. No EOL Solidity version in use for any core contract. No Vyper usage detected.

Response & disclosure hygiene Yellow 33 4 of 4

RD-F-176 red Disclosure SLA public No explicit acknowledgment-time SLA published on Lombard docs or Immunefi program page. Docs state 'responsible disclosure through Immunefi only' and 'public disclosure before remediation disqualifies the submission.' Immunefi program page states Category 3 (Approval Required) for publication but specifies no acknowledgment timeline (e.g., 72h ack). Per methodology: red = no SLA published. RD-F-175 yellow Disclosure channel exists Immunefi bug bounty program live since 2024-09-04, last updated 2026-04-15 — constitutes an active disclosure channel. No security@ email, SIRT page, or SECURITY.md (data cache security_md_present: false). Yellow: channel exists but no independent evidence of monitored response SLA or publicly confirmed paid bounties.

RD-F-177 green Prior known-ignored disclosure No evidence of prior ignored disclosure. No post-mortem exists (0 exploits). The Ionic Money incident involved impersonation of Lombard by external attackers against a third party — no disclosure to Lombard was involved. Lombard correctly identified the fake LBTC as unauthorized. No rekt.news, OSINT, or security-researcher disclosure citing a Lombard ignored report.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory found against lombard-finance/evm-smart-contracts or lombard-finance/sol-svm-contracts. GitHub security advisories page confirms 'There aren't any published security advisories.' NVD CVE search returned no Lombard Finance entries.

rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol lombard