defirisk.co
rubric v1.7.0

Default bytes32(0) acceptable as valid root

StakeWise v3's assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — bridge-only] Not applicable. StakeWise has no bridge inbox or Merkle root acceptance path. No bytes32(0) default-value root vulnerability can exist without a bridge. See RD-F-147.

Sources #

  • Internal
    00-profile.md §7Profile §7: has_bridge_surface: false; is_a_bridge: false — RD-F-154 bridge-only critical does not applyretrieved 2026-05-16

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-154 score not_applicable collected_at 2026-05-16 01:03:28