defirisk.co
rubric v1.7.0

Bridge tracks nonce-consumed mapping

A cross-chain & bridge factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether the bridge inbox maintains a nonce-consumed mapping that permanently records processed message nonces and rejects any attempt to process the same nonce twice. Static analysis of the bridge inbox contract is the assessment method. This factor applies only to bridge-touching protocols; non-bridge protocols show this factor as N/A.

**Why it matters** Without replay protection, a valid bridge message — once processed — can be submitted again to trigger a second, unbacked release of tokens on the destination chain. This is distinct from the cross-chain replay addressed by RD-F-152: same-chain replay exploits the fact that the bridge contract does not remember which messages it has already executed. The T-01 evidence base links same-chain replay to approximately 2 protocols in the hack database. A consumed-nonce mapping (or equivalent commitment scheme such as a Merkle leaf membership proof with leaf-burn) is the standard mitigation and is considered table-stakes for any bridge operating at material TVL.

**Green / Yellow / Red** Green is scored when the bridge implements a nonce-consumed mapping (or equivalent one-use commitment scheme) that is enforced before processing any message. Yellow is scored when replay protection exists for some message types but not others, or when the nonce space is insufficiently large. Red is scored when no replay protection mechanism is present and previously processed messages can be re-submitted.

**Common gray cases** Gray is applied when the bridge uses an off-chain sequencer or relayer that maintains replay protection externally and the on-chain component cannot be independently assessed.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

Measurement what to look for #

Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.

Data & output #

Data source
Source inspection of inbox contract for replay-prevention mapping on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Source excerpt of nonce mapping + replay-rejection logic
Confidence signal
green = nonce mapping present and replay rejected; red = no nonce tracking; gray = bridge source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-153
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base not_applicable Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum not_applicable Beefy Finance ethereum green BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum red Chainlink CCIP ethereum green Circle USYC binance yellow Compound V3 (Comet) ethereum green Concrete ethereum yellow Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum not_applicable Ethena ethereum green ether.fi ethereum green Euler V2 ethereum not_applicable Falcon Finance ethereum not_applicable Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum not_applicable Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum not_applicable Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum not_applicable StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum not_applicable Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum not_applicable Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum yellow Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum not_applicable
1 red · 4 yellow · 33 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-153 category 10 carried 80 critical no