★ Default bytes32(0) acceptable as valid root

Maple Finance's assessment for RD-F-154 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CCIP does not use Merkle root validation — uses DON consensus. Nomad bytes32(0) bug class is architecturally inapplicable to CCIP design. No bytes32(0) root acceptance pattern in MapleCCIPReceiver or SyrupOftAdapter. [â˜… CRITICAL — NOT RED]

Detail #

MapleCCIPReceiver source inspected — no Merkle root validation present. CCIP uses DON consensus model where message integrity is guaranteed by the protocol, not by application-layer Merkle proofs. The Nomad bug class (bytes32(0) as valid root) requires an application-layer root acceptance check that is absent in CCIP architecture. SyrupOftAdapter (LayerZero OFT) does not use root-based validation at application layer. Green with medium confidence because CCIP architecture renders the bug class structurally inapplicable.

Sources #

Etherscan
Maple CCIP Receiver — no Merkle root validationMapleCCIPReceiver impl 0x23CEF2965Db19f67A996371F9Cb1A2F33D2b4821 — no Merkle root logicretrieved 2026-04-27

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol maple-finance factor RD-F-154 score green collected_at 2026-04-27 05:38:08