defirisk.co
rubric v1.7.0

Bridge uses same key custody for >30% validators

A cross-chain & bridge factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether more than 30% of bridge validators share a single key custodian — defined as a single cloud key management service, hardware vendor, or institutional custody provider holding keys on behalf of multiple validators. OSINT and bridge documentation are the primary assessment methods. This factor applies only to bridge-touching protocols; non-bridge protocols show this factor as N/A.

**Why it matters** Custodian concentration means that a single compromise event — a cloud KMS breach, a hardware wallet vendor supply-chain attack, or an institutional custody failure — can simultaneously compromise multiple validator keys. This converts a k-of-M multisig into a 1-of-1 institutional-custodian attack surface in the worst case. The T-01 evidence base links shared-custodian patterns to approximately 2 protocols in the hack database. Harmony Bridge's signer-set compromise was facilitated in part by operational proximity among the five signers, reducing the effective independence of each key.

**Green / Yellow / Red** Green is scored when no single custodian holds keys for more than 20% of the validator set and custody diversity is documented. Yellow is scored when a single custodian controls 20–30% of the validator set or when custody information is partially undocumented. Red is scored when a single custodian controls more than 30% of the validator set, or when a quorum of validators share a single custodian.

**Common gray cases** Gray is applied when custody arrangements cannot be determined from public documentation and OSINT cannot confidently identify custodian relationships.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

Measurement what to look for #

Determine whether >30% of bridge validators share a single key custodian.

Data & output #

Data source
OSINT on validator operators + Chainalysis infrastructure intel
Output format
Green / Yellow / Red
Evidence artifact
Validator custodian inference list + concentration %
Confidence signal
green = no single custodian holds >30% of validators; red = single custodian holds >30%; gray = custodian information not determinable

Scored protocols 80 carry this factor #

Protocol RD-F-156
Aave v3 ethereum yellow Across Protocol ethereum gray Aerodrome Finance base not_applicable Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum not_applicable Beefy Finance ethereum yellow BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum yellow Chainlink CCIP ethereum not_assessed Circle USYC binance not_applicable Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum yellow deBridge ethereum gray Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum not_applicable Ethena ethereum gray ether.fi ethereum green Euler V2 ethereum not_applicable Falcon Finance ethereum not_applicable Fluid ethereum gray Frax Finance ethereum red GMX v2 (GMX Synthetics) arbitrum not_applicable Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana gray Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc gray Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum yellow Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum not_assessed Morpho V1 (Morpho Blue + MetaMorpho) ethereum not_applicable Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum yellow Spiko stellar gray Stake DAO ethereum not_applicable StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum not_applicable Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum not_applicable Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum not_applicable
1 red · 18 yellow · 3 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-156 category 10 carried 80 critical no