Bridge tracks nonce-consumed mapping

Lombard Finance's assessment for RD-F-153 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

BridgeV2: payloadSpent[payload.id] mapping prevents double-spend; reverts with BridgeV2_PayloadSpent() on replay attempt. Mailbox: deliveredPayload[payloadHash] mapping prevents re-delivery of the same payload. CCIP: Chainlink's own sequence number infrastructure handles replay prevention at the protocol layer independently of Lombard's source. All active bridge paths implement replay protection through payload-hash or sequence tracking.

Sources #

GitHub
Lombard BridgeV2.sol sourceBridgeV2.sol — payloadSpent mapping replay protectionretrieved 2026-05-05
GitHub
Lombard GMP Mailbox.sol sourceMailbox.sol — deliveredPayload mapping replay protectionretrieved 2026-05-05

Methodology #

Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-153 score green collected_at 2026-05-05 12:03:08