defirisk.co
rubric v1.7.0

Default bytes32(0) acceptable as valid root

Multipli's assessment for RD-F-154 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] Cannot assess — MultipliBridger source not available. If custom bridge with Merkle-root validation: bytes32(0) acceptance is a catastrophic Nomad-class bug ($190M). If LayerZero OFT (no Merkle roots in OFT design): factor would be not_applicable. Source opacity prevents assessment.

Sources #

  • Internal
    Protocol profile §7 — bytes32(0) root acceptance unverifiable.research/protocols/multipli/00-profile.md §7 — MultipliBridger source not publicly availableretrieved 2026-05-17

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol multipli factor RD-F-154 score gray collected_at 2026-05-17 11:48:35