★ Default bytes32(0) acceptable as valid root

Uniswap (v2 + v3)'s assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[CRITICAL — not_applicable] No Merkle root acceptance in any V2 or V3 contract. No bridge inbox. bytes32(0) default root acceptance is structurally impossible with no bridge. Nomad-class vulnerability surface does not exist.

Detail #

Profile §7: has_bridge_surface: false. No bridge inbox or Merkle root verification logic in any V2 or V3 contract. The bytes32(0) default-root bug class (Nomad $190M) requires a bridge inbox contract that accepts roots — structurally absent.

Sources #

Curator note
Profile §7 and §11 — no bridge surface; no Merkle root acceptanceProfile §7: has_bridge_surface: false, is_a_bridge: false. No Merkle root, no bridge inbox contract in V2 or V3 system. Nomad-class vulnerability surface is structurally impossible.retrieved 2026-05-12

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-154 score not_applicable collected_at 2026-05-12 10:36:11