★ Default bytes32(0) acceptable as valid root

Venus Protocol's assessment for RD-F-154 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] Not applicable. Venus XVS bridge uses LayerZero OFT V2 message passing, not a Merkle root-based inbox. No acceptRoot(), prove(), or Merkle tree acceptance logic exists in XVSProxyOFTSrc or BaseXVSProxyOFT source code. The Nomad $190M bug class (default bytes32(0) accepted as valid root) is structurally inapplicable to LayerZero OFT V2 architecture.

Sources #

GitHub
BaseXVSProxyOFT.sol sourceBaseXVSProxyOFT.sol and XVSProxyOFTSrc.sol — no Merkle root logicretrieved 2026-04-28

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-154 score green collected_at 2026-04-28 18:30:49