defirisk.co
rubric v1.7.0

Default bytes32(0) acceptable as valid root

Superstate's assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — N/A for this protocol] Native-per-chain issuance, no protocol-operated bridge; differs from spiko CCIP / circle-usyc CCTP. No Merkle-root-based bridge inbox exists — the Nomad-class vulnerability pattern ($190M) does not apply.

Sources #

  • Internal
    00-profile.md §7Profile §7: has_bridge_surface = false; is_a_bridge = false; no Merkle bridge contract in repo or docsretrieved 2026-05-16

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-154 score not_applicable collected_at 2026-05-16 00:06:37