defirisk.co
rubric v1.7.0

Across Protocol

Intents-based cross-chain bridge using optimistic verification via UMA's Optimistic Oracle V3 (OOV3). Hub-and-spoke architecture: HubPool on Ethereum L1 holds LP liquidity; SpokePools on each supported chain handle deposits and fills. Relayers front funds; OOV3 settles bundle disputes. v4 adds ZK-proof settlement via Succinct SP1. Supports 24+ chains.

Sector bridge
TVL $300.0M
Reviewed May 12, 2026
Factors 184
Categories 13
Risk score 23.2
DeploymentsEthereum · $26.3M
01

Risk profile at a glance

1 red · 3 yellow · 6 green
25 24 17 13 15 22 16 10 13 12 8 5 4
02

Categories & evidence

184 factors · 13 categories
Code & audits Green 16 25 of 25
RD-F-009 red Formal verification coverage No evidence of Certora Prover, Halmos, Kani, or equivalent formal verification specifications for Across Protocol contracts found in any public audit report or GitHub repository search. No FV report URLs identified. The protocol relies on incremental OZ auditing and fuzzing (Foundry test suite present in repo). RD-F-001 yellow Audit scope mismatch The Ethereum SpokePool proxy (`0x5c7BCd6E7De5423a257D81B442095A1a6ced35C5`) was last upgraded 2026-02-02 per the profile. The most temporally proximate OZ audit (ERC-3009 and Deterministic DepositIds, 2026-02-02 to 2026-02-03) was narrowly scoped to PR #1275 at base commit 041fcbf, covering only SpokePoolPeriphery-class changes. The comprehensive coverage audit for core SpokePool variants was the Oct 2024 OZ audit (commits 5a0c67c through d4416cd). Whether the 2026-02-02 implementation upgrad... RD-F-003 yellow Resolved-without-proof findings OZ audit series shows all high/critical findings across 18 engagements are marked resolved with documented PRs. Aug 2024 critical (decimal scaling in Arbitrum_CustomGasToken_Adapter): resolved in PR #589 before deployment. Oct 2024: 1 critical, 2 high — all resolved. Periphery May 2025: 1 high (nonce mismatch) resolved in PR #1013. SVM (Solana) Nov 2024: 2 high — one partially resolved (PR #847), one acknowledged/unresolved (cost asymmetry spam). ERC-3009 Feb 2026: critical resolved in PR #12... RD-F-004 yellow Audit count All 18 (confirmed, OZ customer story) audits are from a single firm: OpenZeppelin. No audits found from Trail of Bits, ChainSecurity, Certora, Spearbit, Halborn, Quantstamp, or any other major firm. This is yellow per the factor rubric (1 firm = yellow; ≥2 distinct firms = green). The OZ partnership is deep and continuous (since 2022), which reduces single-firm risk, but the factor requires distinct firm count. RD-F-010 yellow Static-analyzer high-severity count No published Slither/Mythril/Semgrep run against current deployed source found. T-10 dry run cannot run tools locally. The OZ audit series functions as a proxy: no unmitigated high/critical findings exist across the 18 audits for currently deployed contracts. The two SVM "unresolved" findings are on the Solana/Rust side (outside Slither scope). The OFT H-01 (acknowledged) is a design acceptance. Based on audit-proxy assessment: 0 confirmed unmitigated EVM high-severity findings in deployed co... RD-F-012 yellow delegatecall with user-controlled target HubPool uses `delegatecall` to chain adapters (Arbitrum_Adapter, Ovm_SpokePool adapters, etc.) for relaying tokens and messages cross-chain. The delegatecall target is the adapter address stored in the HubPool's internal chain adapter mapping — not directly user-supplied at call time. The adapter address is set by the HubPool owner (Across Council multisig). The Oct 2024 OZ audit found "malformed delegatecall in SpokePool's fill function" as a finding that was resolved. Design-level: HubPool'... RD-F-013 yellow Arbitrary call with user-controlled target The SwapAndBridge/SwapProxy periphery uses low-level `.call` to exchange contracts where calldata is user-supplied. OZ audit identified this in context ("calldata parameters are arbitrarily given by the user; only restriction is selector ≠ ERC-20 transferFrom"). Periphery audits (May 2025) resolved medium "DoS Attack on Swapping via Permit2" by validating the exchange parameter. The `SwapProxy.performSwap` pattern uses user-supplied calldata to a designated exchange address — this is a user-c... RD-F-016 yellow Divide-before-multiply pattern No Slither `divide-before-multiply` tool output available (T-10 dry run). The Aug 2024 critical finding was a decimal scaling issue (off-by-factor of 10^12 in the Arbitrum CustomGasToken adapter) which is semantically adjacent — but it was in a fee calculation, not a price/accounting path for user funds, and was resolved pre-deployment. No ongoing divide-before-multiply in price paths identified in audit summaries. RD-F-017 yellow Mixed-decimals math without explicit scaling The HubPool manages LP tokens denominated in underlying asset decimals; the Arbitrum CustomGasToken critical finding showed that cross-decimal arithmetic without explicit scaling did occur in one adapter before it was fixed. The fix in PR #589 confirms the team corrected this. Core SpokePool/HubPool deposit/fill flows deal with token amounts where explicit scaling is required; the OZ audit pattern for this protocol involves recurring decimal/scaling scrutiny. Assessed yellow: one confirmed hi... RD-F-023 yellow Constructor calls _disableInitializers() SpokePool base constructor explicitly calls `_disableInitializers()` as its last statement (confirmed at commit 401e24c, with `@custom:oz-upgrades-unsafe-allow constructor` annotation). Ethereum_SpokePool's constructor passes through to the SpokePool constructor which calls `_disableInitializers()`. All chain-specific SpokePool variants inherit from SpokePool and therefore inherit this protection. Note: An earlier Etherscan-based WebFetch suggested the constructor does NOT call `_disableIniti...
RD-F-002 green Audit recency Most recent OZ audit covering SpokePool-adjacent code: Deposit Flow (2026-02-23 to 2026-03-02, scope: CounterfactualDepositSpokePool, TransferProxy, CCTP/OFT periphery). That is approximately 49 days before assessment date (2026-04-21). Covers periphery; core SpokePool last covered comprehensively Oct 2024 (~182 days ago). Using the most recent audit covering any in-scope bytecode, the recency is 49 days = green. Using last full core SpokePool audit, 182 days = approaching yellow boundary. As...
RD-F-005 green Audit firm tier OpenZeppelin is a Tier-1 firm (listed explicitly in taxonomy: OpenZeppelin).
RD-F-006 green Audit-to-deploy gap The Aug 2024 diff audit (sign-off 2024-08-30) covered the Arbitrum CustomGasToken adapter critical finding which was resolved in PR #589 before deployment — the fix was deployed following the audit, so the gap was ≤60 days. The Oct 2024 audit (sign-off 2024-10-30) covered L3/ZkStack/ERC-7683 changes; deployment of these changes is less precisely dateable from public sources, but aligns with Q4 2024 deployments. OFT Integration audit (May 2025, sign-off 2025-05-23) is a differential audit — ch...
RD-F-007 green Bug bounty presence & max payout Across runs a self-hosted bug bounty program at https://docs.across.to/resources/bug-bounty with max critical payout $1,000,000. Contact: bugs@across.to. Tier structure: Low $250, Medium $1,000, High $10,000, Critical $1,000,000. Immunefi slug `across` returns 404 suggesting the program is self-hosted rather than on Immunefi. No evidence found that this is an active Immunefi-listed program as of 2026-04-21. Self-hosted program with $1M critical = green (≥$500K active program).
RD-F-008 green Ignored bounty disclosure No confirmed pre-exploit ignored disclosures identified. The protocol has zero smart-contract exploits to date. The unresolved OFT OFT high (H-01, "Failed Messenger Can Render the Canonical Methods Useless") was a design acceptance documented in the audit, not an ignored disclosure. The Feb 2026 EIP-712 medium was similarly acknowledged and accepted. Neither constitutes an "ignored disclosure before exploit."
RD-F-011 green SELFDESTRUCT reachable from non-admin path No Slither output available. OZ audits have not flagged a SELFDESTRUCT reachable from non-admin path in 18 engagements. HubPool does not use SELFDESTRUCT. SpokePool UUPS pattern does not use SELFDESTRUCT for upgrades (uses EIP-1967). No evidence of SELFDESTRUCT in non-admin paths.
RD-F-014 green Reentrancy guard on external-calling functions SpokePool inherits from `ReentrancyGuardUpgradeable` (OZ). All deposit/fill functions use `nonReentrant` modifier pattern inherited from the base. HubPool uses `nonReentrant` on state-mutating external-calling functions. OZ audits have not flagged reentrancy as a live issue in 18 engagements.
RD-F-015 green ERC-777/1155/721 hook without reentrancy guard Across handles ERC-20 tokens (WETH, USDC, etc.) via standard cross-chain bridge flows. No ERC-777 or ERC-1155 hook integration identified in core HubPool/SpokePool contracts. SwapAndBridge could in principle route through ERC-777 tokens but the nonReentrant guard on the SpokePool base would protect state. No OZ finding in this area.
RD-F-018 green Signed/unsigned arithmetic confusion No confirmed signed/unsigned confusion finding in any OZ audit across 18 engagements for deployed EVM contracts. SpokePool uses `uint32` for depositId, `uint256` for amounts — standard unsigned types. The SVM audit found cost asymmetry issues but those are in Rust/Solana.
RD-F-019 green ecrecover zero-address return unchecked This factor is also Cat 10 F-151 (bridge-specific). For Cat 1 scope: SpokePool periphery contracts use EIP-712 signatures (OZ standard ECDSA.recover). OZ standard ECDSA.recover reverts on zero-address result rather than returning address(0). The SpokePool's relayer signature verification uses OZ ECDSA library (per audit trail). No unguarded ecrecover call identified in OZ 18-audit series for EVM contracts.
RD-F-020 green EIP-712 domain separator missing chainId The Feb 2026 Deposit Flow audit identified an EIP-712 replay vulnerability in CounterfactualDepositSpokePool where the signed struct (`EXECUTE_DEPOSIT_TYPEHASH`) excludes route-specific fields but the domain separator is not the issue — the issue is in the struct payload binding, not the domain separator itself. The domain separator in standard OZ EIP-712 does include chainId. The unresolved medium is about struct-level replay (same signature reusable across routes), not missing chainId in do...
RD-F-021 green UUPS _authorizeUpgrade correctly permissioned SpokePool contracts use UUPS upgradeable pattern. `_authorizeUpgrade(address newImplementation)` is defined in SpokePool.sol as `internal override onlyAdmin {}` where `onlyAdmin` resolves to `_requireAdminSender()` — which requires the caller to be the crossDomainAdmin (the HubPool for all SpokePools). This is confirmed at commit 401e24c. The HubPool itself uses standard Ownable with constructor — not UUPS. SpokePool's upgrade authorization is admin-controlled, not open.
RD-F-022 green Public initialize() without initializer modifier Ethereum_SpokePool's `initialize()` is declared `public initializer` (OZ standard modifier) — confirmed from the GitHub master branch (`contracts/spoke-pools/Ethereum_SpokePool.sol`, function signature: `function initialize(uint32 _initialDepositId, address _withdrawalRecipient) public initializer`). SpokePool base constructor calls `_disableInitializers()` (confirmed commit 401e24c), preventing direct impl initialization. HubPool has no initialize function (uses constructor).
RD-F-024 green Code complexity vs audit coverage Across has 18 OZ audits totaling 232 identified issues across a multi-chain bridge codebase spanning 24+ chains with chain-specific SpokePool variants, HubPool, ConfigStore, periphery contracts, Solana SVM program, and OFT adapters. LOC count is not precisely available, but the codebase is large and complex. Audit cadence is high (multiple per year) with targeted diff audits for each new feature. The Oct 2024 audit alone covered 29 issues across multiple new chain integrations — indicating ad...
RD-F-183 green Bug bounty scope gap on highest-TVL contracts Across's self-hosted bug bounty explicitly states "All smart contracts and off-chain code (i.e. most of the code within the across-protocol repository) are within scope." The HubPool and all SpokePool contracts are the highest-TVL contracts and appear to be in scope per this blanket statement. The OFT TransportAdapter (LayerZero surface) is within the across-protocol/contracts repository and therefore in scope. No explicit exclusion of any high-TVL contract class identified. However: (1) the ...
Governance & admin Yellow 33 24 of 24
RD-F-167 yellow Deprecated contract paused but pause reversible by live admin Deprecated SpokePool V2 proxies exist on Ethereum (0x4D9079Bb4165aeb4084c526a32695dCfd2F77381), Arbitrum (0xb88690461ddbab6f04dfad7df66b7725942feb9c), Polygon (0x69b5c72837769ef1e7c164abc6515dcff217f920), and Optimism (0xa420b2d1c0841415a695b81e5b867bcd07dff8c9). Combined holdings are small (<$1M): Ethereum V2 ~$532 ETH, Arbitrum V2 ~$10,255 ETH. These deprecated proxies point to old HubPool 0x541F7536... (orphaned/inactive); current Council multisig admin path over them is unconfirmed. RD-F-025 gray Admin key custody type Admin key custody type | Multisig (3-of-5 Gnosis Safe) controls HubPool, ConfigStore, and all SpokePool upgrades via cross-chain relay. No standalone timelock contract. oSnap (UMA OO-based 3-day liveness) applies to Snapshot proposals but not to direct Council multisig execution. | Profile §6; Etherscan label "Hub Pool Owner MultiSig"; forum.across.to/t/across-governance-operating-manual/1447 | yellow RD-F-026 gray Upgrade multisig signer configuration (M/N) Admin address count | 1 privileged multisig (`0xB524735356985D2f267FA010D681f061DfF03715`) holds all on-chain admin powers across HubPool, ConfigStore, and controls SpokePool upgrades via relaySpokePoolAdminFunction(). 5 undisclosed signers behind that Safe. ACX token owner is also a Safe (confirmed multisig; address not separately confirmed but stated by OZ head of security). Deployer `0x9a8f92a830` no longer holds admin roles (transferred at deploy). | Etherscan labels; profile §3; governan... RD-F-027 gray Single admin EOA Single admin EOA | Not an EOA. HubPool owner is Gnosis Safe 1.3.0 `0xB524735356985D2f267FA010D681f061DfF03715`, 3-of-5 threshold. Deployer EOA `0x9a8f92a830` confirmed to have no current admin roles on core contracts. | Etherscan: 0xB524735356985D2f267FA010D681f061DfF03715 labeled "Across Protocol: Hub Pool Owner MultiSig"; profile §6 | green RD-F-028 gray Low-threshold multisig vs TVL Low-threshold multisig vs TVL | 3-of-5 threshold. Five signer addresses listed in profile but no public attestation of signer identities found. At ~$32–52M LP TVL pool (coverage-list peak $300M), 3-of-5 is the lower bound of peer norms for this TVL band. No signer address is labeled on Etherscan. The June 2025 governance controversy showed insider wallet coordination, raising questions about effective independence of signers. | Profile §6 signer addresses: 0x1d933Fd71FF07E69f066d50B39a7C34EB3... RD-F-029 gray Multisig signers co-hosted Multisig signers co-hosted / same custody | No OSINT evidence available to confirm or deny same ASN/data-center for the 5 Council signers. Signers are all Risk Labs representatives per governance manual ("currently staffed by Risk Labs representatives"). Common entity = likely common custody environment. | Governance manual (forum.across.to/t/across-governance-operating-manual/1447): "Risk Labs representatives" | yellow RD-F-030 gray Hot-wallet signer flag Hot-wallet signer flag | Cannot confirm — signer addresses not labeled on Etherscan; no hot-wallet heuristic available from public search. Not assessed. | Signer addresses not publicly labeled | gray RD-F-031 gray Signer rotation recency Signer rotation recency | No evidence of recent signer-set change in the Council multisig (deployed 2021-11-06, 358 total transactions as of April 2026). No threshold reduction event detected. The multisig has been stable for ~4.5 years. | Etherscan: 0xB524735…, 358 txns, latest April 9, 2026 | green RD-F-032 gray Timelock duration on upgrades Timelock duration on upgrades (hours) | **No on-chain timelock contract exists for HubPool or SpokePool upgrades.** The oSnap 3-day (originally; governance manual specifies 5-day liveness for Snapshot proposals) liveness applies only to Snapshot-originated proposals. The Across Council can execute upgrades directly via the multisig with zero delay. Effective upgrade timelock: 0 hours for Council direct-execution path. | Profile §6 ("No explicit timelock contract identified"); governance manua... RD-F-033 gray Timelock on sensitive actions Timelock on sensitive actions | Specific check per action: `mint()` (ACX token) — no timelock, immediate via ACX owner Safe. `setPaused()` (HubPool) — no timelock, immediate via Council Safe. `haircutReserves()` (HubPool) — no timelock, immediate. `upgradeTo()` (SpokePools via relaySpokePoolAdminFunction) — no timelock, immediate via Council Safe. `updateTokenConfig()`/`updateGlobalConfig()` (ConfigStore) — no timelock. Only Snapshot governance proposals have the 5-day oSnap liveness, and con... RD-F-034 gray Guardian/pause-keeper distinct from upgrader Guardian / pause-keeper role distinct from upgrader | No distinct guardian role identified. `setPaused()` is callable by HubPool owner (Council multisig), the same entity that controls upgrades. No secondary "emergency pause only" address distinct from the upgrader. | HubPool ABI on Etherscan: `setPaused(bool) onlyOwner`; no separate guardian address | yellow RD-F-035 gray Role separation: upgrade ≠ fee ≠ oracle Role separation: upgrade ≠ fee ≠ oracle | All roles (upgrade, fee via setProtocolFeeCapture, oracle config via setIdentifier, bond config via setBond) converge on the single Council multisig as HubPool owner. ConfigStore owner (presume also Council Safe) controls fee and parameter updates. No role separation. | HubPool ABI; ConfigStore ABI (Ownable, single owner); governance manual | yellow RD-F-036 gray Flash-loanable voting weight Flash-loanable voting weight | ACX token does NOT implement ERC20Votes checkpointing (source: GitHub AcrossToken.sol: `ERC20, Ownable` only). Flash-loan attack in the same block as proposal vote is mitigated by Snapshot's block-number snapshot mechanism (snapshot taken at proposal creation time, not at vote time). However: (1) pre-snapshot token accumulation (buying/borrowing before snapshot block) is possible; (2) actual governance attack surface is insider concentration: Risk Labs Treasury ... RD-F-037 gray Quorum achievable via single-entity flash loan Quorum achievable via flash loan | Quorum = 12.5M ACX (per governance manual). ACX total supply 1B, circulating ~704M. A flash loan of 12.5M ACX (1.25% of supply) theoretically achieves quorum. However, Snapshot block-number snapshot prevents same-block execution — attacker would need to hold tokens before snapshot block. Risk is pre-planned purchase, not atomic flash loan. | Governance manual (12.5M quorum); governance forum; ACX token supply | yellow RD-F-038 gray Proposal execution delay < 24h Proposal execution delay < 24h | oSnap liveness = 5 days (per governance manual; original blog post mentioned 3 days as starting point, manual specifies 5). After vote passes Snapshot + oSnap proposal submitted, minimum 5 days before execution. For direct Council multisig execution: 0 delay. Two-track system. | Governance manual (5-day liveness); medium.com/across-protocol/welcome-optimistic-governance-838cc649c431 (original 3-day, since updated to 5-day in manual) | yellow RD-F-039 gray delegatecall/call in proposal execution without allowlist `delegatecall`/`call` in proposal execution, no allowlist | oSnap (via Gnosis Safe module) submits Safe transactions — these are CALL operations, not arbitrary DELEGATECALL to proposal-supplied targets. Safe's Module execution standard uses standard CALL. However: (a) there is no documented target allowlist for oSnap-executed transactions; (b) contract exclusions ("select contract exclusions to prevent protocol upgrades") were announced at launch but current status of those exclusions is undo... RD-F-040 gray Emergency-veto multisig present Emergency-veto multisig | No dedicated emergency-veto multisig separate from the Council. The oSnap dispute mechanism (anyone can dispute within 5 days by posting a bond) serves as a decentralized veto. For direct Council execution, no second-party veto exists. | Governance manual; oSnap documentation | yellow RD-F-041 gray Rescue/emergencyWithdraw without timelock Rescue / emergencyWithdraw without timelock | **RED CRITICAL.** `haircutReserves(address, int256)` on HubPool is callable by owner (Council multisig) with no timelock. This function directly reduces `utilizedReserves`, decreasing the protocol's liability to LPs — effectively haircut LP balances without their consent. `setPaused(bool)` allows immediate pause of all bridge operations. `emergencyDeleteProposal()` allows deletion of pending root bundles. All three are executable immediately by a ... RD-F-042 gray Admin has mint() with unlimited max Admin has `mint(…)` unlimited max | ACX token `mint(address _guy, uint256 _wad) onlyOwner` — no supply cap in contract code. October 2024 governance proposal to cap supply at 1B and renounce ownership (99.5% temp-check support) was announced; on-chain execution of ownership renunciation to address(0) was NOT confirmed via on-chain event search. Current ACX token max total supply shown as 1,000,000,000 on Etherscan (which may reflect the cap was implemented as a MaxSupply check or may be Ether... RD-F-043 gray Admin = deployer EOA after 7 days Admin = deployer EOA + no transfer in 7d | Protocol is 4.5 years old. HubPool deployed 2021-11-06 with Council multisig as deployer-linked admin. Risk Labs Deployer `0x9a8f92a830` has no current admin role on HubPool, ConfigStore, or SpokePools (labeled deployer by Etherscan, not owner). No evidence of deployer EOA retention. | Etherscan: HubPool contract creator vs current owner mismatch; profile §3 deployer address; governance manual | green RD-F-044 gray Admin wallet interacts with flagged addresses Admin wallet interacts with flagged addresses | No Chainalysis/watchlist feed available. Profile §6 notes governor controversy (insider wallet coordination) but no mixer or OFAC-flagged interactions confirmed. Not assessed. | No watchlist data available | gray RD-F-045 gray Constructor args match governance proposal Constructor args match governance-stated args | Not assessed — no specific governance proposal for the most recent SpokePool upgrade identified in public record for comparison. Would require matching Feb 2026 upgrade tx calldata against the OZ audit finding scope. | Not assessed in available evidence | gray RD-F-046 gray Contract unverified on Etherscan/Sourcify Unverified at launch | All core contracts verified: HubPool (GPLv3, Solidity 0.8.13, "Exact Match" on Etherscan), Ethereum SpokePool proxy and implementation both verified, AcrossConfigStore verified. No unverified contracts in scope. | Etherscan source verification labels for all core addresses in profile §3; OZ audit reports reference verified source | green RD-F-047 gray Governance token concentration (Gini) Governance power concentration (Gini) | Non-circulating supply breakdown (Dec 2024): Across DAO 250M, Risk Labs Treasury 195M, Seed Investors 110M, Other Investors 110.6M. Circulating 334.4M as of Dec 2024. Risk Labs Treasury alone ~19.5% of total supply. June 2025 controversy revealed additional undisclosed coordination (Hart Lambur wallet + Kevin Chan "maxodds.eth" wallet). Effective insider control over governance outcomes is high. Gini coefficient not computed but top-holder concentration...
Oracle & external dependencies Yellow 20 17 of 17
RD-F-051 yellow Fallback behavior on oracle failure No fallback oracle. If UMA OO unavailable: HubPool blocks new root bundle proposals (noActiveRequests modifier). Bridge fills continue via relayers but no reimbursements until OO restored. No secondary oracle source. No last-known-price fallback (not applicable to OO model). RD-F-052 yellow Breakage analysis per dependency Documented in external dependency graph above. Most severe: UMA Finder owner key compromise → malicious oracle swap → LP drain. Second: UMA DVM corruption → invalid root bundles accepted. CCTP pause → partial USDC routing disruption. Succinct SP1 bug → BNB v4 relayer reimbursement corruption (limited scope). RD-F-057 yellow Circuit breaker on price deviation Partially applicable in a bridge-specific interpretation: HubPool has `paused()` boolean; SpokePools have `pauseDeposits()` and `pauseFills()` admin functions callable by owner (3-of-5 multisig). No automated circuit breaker based on price deviation (not applicable to OO model). RD-F-059 yellow Oracle staleness check present Not applicable in price-oracle sense. UMA OO has `challengePeriodEndTimestamp` as a temporal gate (~2h liveness), not a staleness check. No `updatedAt > now - X` pattern exists because UMA OO is assertion-based, not price-feed-based. RD-F-062 yellow External keeper/relayer not redundant Relayer redundancy: protocol is permissionless for relayers (any party can run a relayer); bridge fills are permissionless. Dataworker (bundle proposer) is more centralized — Risk Labs runs the primary dataworker, though the permissive design allows anyone to propose. If the single dataworker is offline, no new bundles are proposed; relayers bear capital risk indefinitely until someone proposes. Dataworker is NOT redundant in practice. RD-F-180 yellow Immutable oracle address [★ CANDIDATE — held per PD-017] YELLOW-CANDIDATE: HubPool stores Finder as immutable FinderInterface finder. OO address IS resolved at runtime via finder.getImplementationAddress(OracleInterfaces.SkinnyOptimisticOracle), so address IS replaceable. However: Finder owner is UMA Deployer EOA (0x2baaa41d155ad8a4126184950b31f50a1513ce25) — a standard EOA (not multisig) with NO timelock on implementation changes. Across protocol has no control over Finder. If Finder EOA key compromised, oracle can be swapped instantly with no governance delay. RD-F-054 n/a TWAP window duration Not applicable — Across uses UMA OO (assertion-based), not a TWAP oracle. RD-F-055 n/a Oracle pool depth (USD) Not applicable — no DEX pool oracle in core path. RD-F-056 n/a Single-pool oracle (no medianization) Not applicable — oracle is UMA OO (assertion), not a DEX pool. RD-F-058 n/a Max-deviation threshold (bps) Not applicable — no price-based circuit breaker. RD-F-060 n/a Chainlink aggregator min/max bound misconfig Not applicable — no Chainlink feeds used. RD-F-061 n/a LP token balanceOf used for pricing Not applicable — no LP token pricing used in settlement or fee calculation paths. RD-F-181 n/a Permissionless-pool lending oracle NOT APPLICABLE to Across architecture. Across is a bridge, not a lending protocol. No permissionless-pool oracle acceptance for collateral pricing.
RD-F-048 green Oracle providers used UMA SkinnyOptimisticOracle via Finder for root bundle settlement. No Chainlink/Pyth/RedStone price feeds in core path. Uniswap v3 / DEX AMMs used in swap periphery only (not for pricing). Succinct SP1 ZK prover for v4 BNB.
RD-F-049 green Oracle role per asset Single oracle (UMA SkinnyOO) acts as cross-chain settlement validator for all assets/bundles. No per-asset price oracle roles. v4: SP1 acts as ZK-proof verifier (BNB only).
RD-F-050 green Dependency graph (protocols depended upon) Critical: UMA OO + UMA DVM (settlement); Circle CCTP (USDC bridging 4 chains); Succinct SP1 (v4 BNB); Uniswap v3 (swap periphery, non-critical). Full graph documented in dependency section above.
RD-F-053 green Oracle source = spot DEX pool (no TWAP) NOT APPLICABLE in conventional sense. Across uses UMA OO for settlement validity, not a spot price oracle. No DEX pool price feeds anywhere in the core settlement path.
Economic risk Red 67 13 of 13
RD-F-070 red Empty cToken-style market (zero supply/borrow) [★ CRITICAL] RED: HubPool uses lpTokensToMint=(l1TokenAmount×1e18)/_exchangeRateCurrent(l1Token). When pool totalSupply=0, _exchangeRateCurrent returns 1e18 (1:1 rate). No virtual share offset, no seed deposit on pool enablement. A first depositor into a newly-enabled empty pool can execute a donation attack. Existing pools (WETH, WBTC, USDC, DAI) have non-zero supply — not immediately vulnerable. Any new pool added via governance is vulnerable at initialization. RD-F-071 red Seed-deposit requirement for new market listing No seed-deposit requirement found. The enableL1TokenForLiquidityProvision function (governance-gated) enables a pool without seeding it. No enforced minimum deposit when enabling a new pool. No equivalent to Compound's mint(0) initial seed mechanism or Aave's virtual share offset protection. RD-F-075 red First-depositor / share-inflation guard No first-depositor/share-inflation guard confirmed. Confirmed: (1) no seed deposit on pool enable, (2) no virtual share offset, (3) no minimum deposit floor, (4) custom _exchangeRateCurrent returning 1:1 at zero supply. The LP share calculation is vulnerable to the standard donation inflation attack. Consistent with RD-F-070 finding for non-ERC-4626 custom vaults. RD-F-072 yellow Market-listing governance threshold Market-listing governance threshold: Low-to-medium. New LP pools are enabled by the 3-of-5 Across Council multisig or via ACX DAO Snapshot+oSnap. 3-of-5 multisig requires only 3 signatures to enable a new pool. A compromised or colluding subset of 3 signers could enable an empty pool and then execute a donation attack before legitimate LPs deposit. RD-F-063 n/a TVL (current + 30d trend) RD-F-063 (collateral risk per asset) not directly assessed in 04-economic.md for Across — not applicable to bridge architecture. No collateral assets or lending pools exist in HubPool design. RD-F-064 gray TVL concentration (top-10 wallet share) TVL concentration (top-10 wallet share): BRIDGE REFRAME. No public data source enumerates top-10 LP addresses by balance in the HubPool. Asset-type concentration observable: WBTC+WETH=76% of LP pool, but depositor address concentration unknown. RD-F-065 gray Liquidity depth per major asset DEX AMM slippage depth | Bridge has no AMM curve — N/A RD-F-066 gray Utilization rate (lending protocols) Lending borrow/supply ratio | No single metric available; analogue exists (relayer fill / LP balance) RD-F-068 gray Collateralization under stress Lending protocol stress | N/A — no CDP or lending collateral RD-F-069 gray Algorithmic / under-collateralized stablecoin Algorithmic stablecoin design | N/A — no stablecoin issued RD-F-073 gray Oracle-manipulation-proof borrow cap Oracle manipulation + borrow cap | Bridge analogue: proposer bond vs. bundle value — assessed RD-F-074 gray ERC-4626 virtual-share offset (OZ ≥4.9) ERC-4626 vaults | N/A for custom LP accounting — but equivalent risk captured in F070
RD-F-067 green Historical bad-debt events Historical bad debt events: No bad debt events confirmed. No smart-contract exploits across ~$35B+ lifetime volume and ~54 months of operation. No socialized LP losses documented.
Operational history Gray 0 15 of 15
RD-F-076 gray Protocol age (days) v1 deployed ~2021-11-03 (Arbitrum deposit box). Age at 2026-04-21 = ~1,631 days (~54 months). v3 production architecture (HubPool/SpokePool) deployed February 21 2024 = ~425 days. Both exceed the 365-day green threshold. RD-F-077 gray Prior exploit count 0 confirmed smart-contract exploits. 1 governance-class incident (June 2025 DAO fund-diversion allegation, ~$23M ACX — not a code exploit). Hack database search: no Across entry found. rekt.news leaderboard: not listed. Green applies to smart-contract exploit count = 0. RD-F-078 gray Chronic-exploit flag (≥3 incidents) 0 smart-contract incidents. Chronic flag does not apply. RD-F-079 gray Same-root-cause repeat exploit No repeat root-cause cluster possible with 0 smart-contract exploits. RD-F-080 gray Days since last exploit No smart-contract exploit ever recorded. Governance incident surfaced June 27 2025 = ~297 days ago. Classification: methodology defines exploit for F080 as incidents from hack database; governance controversy does not appear in hack DB and is not a code exploit. Treating as green (no qualifying exploit in hack-DB sense). F080 methodology gap flagged for review. RD-F-081 n/a Post-exploit response score No smart-contract exploit on record; factor is N/A. If the governance incident is scored: (a) Compensation completeness = 0/5; (b) Transparency = 2/5 (Lambur gave same-day public denial, no independent investigation); (c) Root-cause depth = 1/5 (no root-cause analysis published); (d) Recovery speed = N/A. Methodology says gray when no prior exploits. Marking gray with note. RD-F-082 n/a Post-mortem published within 30 days No smart-contract exploit = N/A by methodology. No post-mortem exists for the governance controversy (team denied the framing, no independent investigation found). Marking gray. RD-F-083 n/a Auditor re-engaged after last exploit No exploit = N/A. Note: continuous OZ audit engagement is documented (18 audits since 2022, most recent February-March 2026). If/when an exploit occurs, re-audit infrastructure clearly exists. RD-F-084 gray TVL stability (CoV over 90d) yellow RD-F-085 n/a Incident response time (minutes) No smart-contract exploit on record. N/A by methodology. RD-F-086 gray Pause activations (trailing 12 months) yellow RD-F-087 gray Pause > 7 consecutive days No evidence of any consecutive 7-day pause found in trailing 12 months. No outage reports, no pause announcements in public record. Marking green with caveat that RPC event log was not directly queried. RD-F-088 gray Re-deployed to new addresses in last year yellow RD-F-089 gray Insurance coverage active No active third-party insurance coverage (Nexus Mutual, Sherlock, Unslashed, or equivalent) found for Across Protocol as of 2026-04-21. The UMA OptimisticOracle bond system functions as economic integrity mechanism but is NOT insurance coverage — it is the settlement verification layer, not a cover provider. Current TVL ~$32–52M with no coverage = red by methodology. RD-F-166 gray Deprecated contracts still holding value yellow
Real-time signals Green 0 22 of 22
RD-F-093 gray Abnormal gas-price willingness from attacker wallet Abnormal gas-price willingness from attacker wallet | Yes | No high-gas-premium transactions (≥5× EMA priority fee) interacting with Across contracts detected in the assessment window from unknown wallets. Normal user bridge transactions show standard gas pricing. | Wallet pays ≥5× median gas priority fee AND interacts with this protocol | No RD-F-094 gray New contract with similar bytecode to exploit template New contract with similar bytecode to exploit template | Partially | Across is not a Compound fork (no common exploit templates like the donation attack template). The optimistic relay architecture has unique attack surfaces (root bundle spoofing, UMA OO manipulation). No contract with bytecode similar to a known Across-class exploit template is known to have been deployed in the assessment window. | New contract deployed with high bytecode similarity to known exploit template | No RD-F-095 gray Known-exploit function-selector replay Known-exploit function-selector replay | Partially | No prior Across exploits exist from which a replay template could be constructed. The August 2024 OZ audit critical finding (Arbitrum CustomGasToken adapter) was patched before deployment. The unresolved EIP-712 replay vulnerability flagged in February 2026 Deposit Flow audit is a potential future replay template if left unpatched. Current state: no known active replay selector pattern. | Specific selector sequence and calldata shape matchi... RD-F-096 gray New ERC-20 approval to unverified contract from whale New ERC-20 approval to unverified contract from whale | Yes | No new approvals from top-TVL Across depositors to unverified contracts detected in the assessment window. Across's whale pool is composed of professional relayers who typically use hardware wallets; the approval risk is primarily at the user/LP level, not the smart-contract level. | Top-TVL depositor grants new token approval to unverified contract that interacts with this protocol | No RD-F-099 gray Oracle price deviation >X% from secondary Oracle price deviation >X% from secondary | Partial — bridge-specific re-mapping required | UMA OO is a dispute mechanism, not a price oracle. F099 as specified does not apply. Re-mapped signal: UMA `DisputedRootBundle` event on HubPool (`0xc186fA914353c44b2E33eBE05f21846F1048bEda`). No disputed root bundles detected in assessment window. UMA OO operational. | Primary oracle deviates >X% from secondary (re-mapped: UMA disputed bundle) | No (signal re-mapping needed) RD-F-101 gray Large governance proposal queued Large governance proposal queued | Yes | Significant governance event: DAO-to-C-corp transition vote ran March 31 – April 7, 2026. As of April 21, the vote window has closed. If oSnap execution calldata has been queued for the dissolution, it would fire this signal at advisory tier. No malicious-pattern calldata (admin key change from new wallet, delegatecall to non-allowlisted target) identified in the governance history. | Governance proposal queued with privileged payload or threshold-redu... RD-F-103 gray Bridge signer-set change proposed/executed Bridge signer-set change proposed/executed | Directly applicable | Current state: threshold 3-of-5, signers unchanged as of assessment date. Most recent Safe ExecTransaction on Ethereum Council Safe: April 9, 2026 (not a signer change). The DAO-to-C-corp governance transition is the primary forward-looking trigger — if completed, signer set will likely change as C-corp officers replace DAO Council members. No `AddedOwner`, `RemovedOwner`, or `ChangedThreshold` events detected in assessment wi... RD-F-105 gray DNS/CDN/frontend hash drift DNS/CDN/frontend hash drift | Yes | across.to appears live and properly configured. TLS certificate: HTTPS active. No public reports of frontend compromise. No baseline hash has been established for this assessment. The protocol blog warns users about fake sites, suggesting Risk Labs is aware of the impersonation risk. | Hash change in frontend JS vs prior baseline OR DNS change AND no change-management entry | Unknown (no baseline established) RD-F-107 gray Admin EOA signing from new geography/device Admin EOA signing from new geography/device | Partial | Requires off-chain telemetry via protocol team opt-in. Not applicable in this static assessment. The Across Council uses Gnosis Safe with hardware signing expected; no geographic anomaly reported publicly. | Off-chain signing telemetry anomaly | Always gray (requires team opt-in monitoring) RD-F-109 gray Social-media impersonation scam spike Social-media impersonation scam spike | Yes | No coordinated phishing campaign targeting Across Protocol detected in public sources in the assessment window. No ScamSniffer or Chainabuse reports involving Across found. The across.to domain has a .to TLD (Tonga) which is a potential typosquat surface (e.g., acrossprotocol.io, acrossprotocol.xyz, acr0ss.to). No confirmed active typosquat scam site identified. | Coordinated impersonation campaign ≥5 accounts or verified drain reports | No RD-F-110 gray Unusual pending/executed proposal ratio Unusual pending/executed proposal ratio | Partial — Snapshot-specific | Across uses off-chain Snapshot, not on-chain governance. On-chain proposal ratio from a Governor contract is not applicable. The oSnap execution is on-chain and monitorable; however, the proposal/execution ratio for oSnap is low (infrequent large governance actions). The C-corp transition vote is the primary recent event. No unusual ratio vs baseline detected. | Pending/executed proposal ratio anomaly >3σ vs 30d baseline ... RD-F-182 gray Security-Council threshold reduction (RT) Security-Council threshold reduction event (RT) | Directly applicable — highest priority signal for Across | Current threshold: 3-of-5 on all 4 chain Council Safes. No `ChangedThreshold` events detected in the assessment window. Key forward-looking risk: the DAO-to-C-corp governance transition (if passed) is the most likely scenario for signer-set changes and potentially threshold adjustments. The Drift Protocol analog (3/5 → 2/5 threshold reduction 6 days before $285M DPRK exploit) is direct...
RD-F-090 green Mixer withdrawal → protocol interaction Mixer withdrawal → protocol interaction | Yes | No mixer-funded wallets interacting with Across core contracts identified in public sources. Governance controversy wallets (Kevin Chan cluster) are not mixer-funded. | Wallet withdrew from Tornado Cash/Railgun within 30 days AND interacts with protocol core contracts >$100K AND ≥2 attribution sources confirm | No
RD-F-091 green Partial-drain test transactions Partial-drain test transactions | Yes | No small-value pre-drain probe transactions detected on HubPool or SpokePool contracts in the assessment window. The governance controversy (June 2025) produced anomalous ACX treasury movements but those were through legitimate governance vote execution, not contract-level test transactions. Pre-drain probing applicable to bridge if an attacker probes HubPool root bundle submission acceptance. No such pattern detected. | One or more small-value outflows...
RD-F-092 green Unusual mempool pattern from deployer wallet Unusual mempool pattern from deployer wallet | Yes | Risk Labs deployer (`0x9a8f92a830a5cb89a3816e3d267cb7791c16b04d`) has not published unusual contract deployment or mass-approval sequences in public view. Deployer wallet expected to be largely inactive post-Council handoff; this signal applies primarily to unexpected reactivation. No anomaly detected. | Deployer wallet submits unusual sequence (new deploys, mass approvals) vs historical baseline | No
RD-F-097 green Sybil surge of identical-pattern transactions Sybil surge of identical-pattern transactions | Partially | Across's intent-based architecture means many transactions with similar structure are normal (relayers filling identical-looking bridge requests). The Rhea Finance $18.4M sybil-pool attack (April 2026) is not directly applicable to Across (no lending market accepting arbitrary new oracle pools). No sybil surge on Across contracts detected. | Multiple new EOAs submitting identical transaction patterns within a short window | No
RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly — % drop in <1h | Yes — with methodology caveat | Pool TVL: ~$32-52M (DefiLlama pool-only). No acute TVL drop in assessment window. Sector-wide DeFi TVL declined following Kelp DAO/Drift exploits but Across's LP pool TVL did not show a protocol-specific drain. Note: TVL methodology gap means the correct baseline for signal threshold requires clarification (pool-only vs relayer inventory). Signal should be configured on pool TVL only. | TVL drops >30% within 1h vs 30d baseline | No
RD-F-100 green Flash loan >$10M targeting protocol tokens Flash loan >$10M targeting protocol tokens | Partial — limited applicability | Across's bridge mechanism is not directly flash-loan exploitable via governance manipulation (off-chain Snapshot voting). Flash loans could interact with periphery contracts (SwapAndBridge). No flash loan >$10M targeting Across contracts detected in assessment window. | Flash loan >$10M originating to interact with Across oracle or governor | No
RD-F-102 green Admin/upgrade transaction in mempool Admin/upgrade tx in mempool | Yes | Most recent upgrade: SpokePool Ethereum impl upgrade 2026-02-02 (corresponding to ERC-3009/DepositIds OZ audit). No pending upgrade transactions in the assessment window mempool. The DAO-to-C-corp transition, if passed, would produce oSnap execution transactions observable in mempool. | Admin/upgrade tx from Council multisig in mempool without matching queued governance proposal | No
RD-F-104 green Stablecoin depeg >2% on shared-LP venue Stablecoin depeg >2% on shared-LP venue | Partial — limited exposure | Across core LP is ETH-denominated. CCTP-path bridges use USDC. No stablecoin depeg >2% as of 2026-04-21. USDC: ~$1.000. | Stablecoin depegs >2% on venue with shared LP AND protocol exposure ≥5% TVL | No
RD-F-106 green Cross-chain bridge unverified mint pattern Cross-chain bridge unverified mint pattern | Directly applicable | Across's settlement mechanism (UMA OO root bundle verification + HubPool reimbursement) provides a verification step before minting. No unverified mint patterns detected on any destination SpokePool in the assessment window. The v4 ZK settlement (Succinct SP1 on BNB Smart Chain) adds a ZK proof layer; no anomalous mints detected. | Deposit on source chain without corresponding verified proof on destination | No
RD-F-108 green GitHub force-push to sensitive branch GitHub force-push to sensitive branch | Yes | Across's primary contracts repo: https://github.com/across-protocol/contracts. No public reports of unauthorized force-push to main/production branches in the assessment window. The February 2026 audits correspond to recent main-branch changes, consistent with normal development cadence. | Force-push or unauthorized push to main/production branch | No
Dev identity & insider risk Gray 0 16 of 16
RD-F-111 gray Team doxx status Team doxx status | Real-name / consistent with track record. Hart Lambur (Columbia CS, Goldman Sachs 8 years, Openfolio founder, UMA co-founder since 2018); Allison Lu (MIT, Goldman Sachs VP, UMA co-founder); Nick Pai (Princeton, Barclays, UMA early engineer). All three verifiable with decade+ public professional histories. Council signers are "Risk Labs representatives" identified only by wallet address — no personal names disclosed for the 5 Council signer addresses. | Lambur LinkedIn https... RD-F-112 gray Team public accountability surface Team's public accountability surface | Very high for the three named principals. Lambur: LinkedIn (detailed), Crunchbase, conference speaker (Blockworks, Archetype), multiple YouTube interviews, IQ.wiki entry, active X/Twitter. Lu: LinkedIn, DeFiPrime interview, Founders Pledge. Pai: Princeton/Barclays background, blog interviews, GitHub (@nicholaspai), Archetype Research Partner. Council signers are unidentified beyond wallet addresses — partial gap on the signer layer. | See RD-F-111 source... RD-F-113 gray Team other-protocol involvement history Team members' other protocol involvement history | Lambur: co-founder of UMA (2018–present), Openfolio (acquired by Stone Ridge). Allison Lu: UMA co-founder. Nick Pai: early UMA engineer, Across lead dev since ~2020, Research Partner at Archetype. No prior rug or failed protocol association found for any of the three principals. Governance controversy (June 2025): allegations that Lambur-connected wallets collectively voted to pass two ACX treasury proposals (100M + 50M ACX, total ~$23M at th... RD-F-114 gray Deployer address prior on-chain history Deployer address prior on-chain history | The Risk Labs deployer (0x9a8f92a830a5cb89a3816e3d267cb7791c16b04d) has 13,122+ outgoing transactions (as of Etherscan page view). This is a high-activity deployer consistent with a production protocol operator. No prior rug association found. The deployer has the "Risk Labs: Deployer" Etherscan label (community-verified). No Chainalysis-class adverse label in any public source. | Etherscan: https://etherscan.io/address/0x9a8f92a830a5cb89a3816e3d267cb... RD-F-115 gray Prior rug/exit-scam affiliation Prior rug / exit-scam affiliations for team member | No prior rug or exit-scam affiliation found for Hart Lambur, Allison Lu, or Nick Pai. Risk Labs Foundation has been operational since 2018 across UMA (live since 2018) and Across (live since November 2021). No protocol abandonment pattern. The June 2025 governance controversy does not constitute a rug (funds were transferred via a governance process, not a unilateral theft; the transfers have not been characterized as an exploit by any secu... RD-F-116 gray Contributor tenure at admin-permissioned PR Contributor tenure at time of admin-permissioned PR | The GitHub commit history shows the most active contributors include nicholaspai (Nick Pai), fusmanii, tbwebb22, pxrl, bmzig, dohaki, mrice32, grasphoper. The February 2026 SpokePool upgrade was executed by the Council multisig (not a direct GitHub PR -> deploy without governance). The deployer address has been active since 2019. Nick Pai joined Risk Labs in 2020 — approximately 5+ years tenure (Risk Labs Foundation, the entity behind UMA and Across, publicly lists Across team alignment). No evidence of a new or short-tenure contributor making admin-permissioned changes. Full per-contributor tenure histogram not constructed (requires GitHub commit-time analysis at depth). RD-F-117 gray ENS/NameStone identity bound to deployer ENS / NameStone identity bound to deployer | The deployer address (0x9a8f92a830a5cb89a3816e3d267cb7791c16b04d) does not have a publicly resolved ENS name. Hart Lambur's personal wallet uses "hal2001.eth" but this is not the deployer address. No NameStone binding found on the deployer. This is a mild gap (no ENS-to-identity binding), but the Etherscan label "Risk Labs: Deployer" effectively provides identity attribution. | Etherscan: https://etherscan.io/address/0x9a8f92a830a5cb89a3816e3d267cb... RD-F-118 gray Handle reuse across failed/rugged projects Handle reuse across failed/rugged projects | No evidence that Hart Lambur, Allison Lu, Nick Pai, or any other publicly identified Risk Labs contributor has reused a Twitter, Discord, or GitHub handle from a prior rugged/failed project. Hart Lambur's handle is @hal2001 (active and consistent since pre-UMA). Allison Lu's public profile is consistent. Nick Pai (@mountainwaterpi) is consistent. | LinkedIn, Twitter/X accounts referenced above | GREEN RD-F-119 gray Commit timezone consistent with stated geography Repo commit times consistent with stated geography | Risk Labs / Across is based in the US (Cayman Islands foundation, but engineering team publicly based in the US per conference presentations and LinkedIn locations). Commit history shows contributors including nicholaspai, tbwebb22, bmzig — US-consistent GitHub profiles. No anomalous commit-time distribution pattern (e.g., consistent 2–6 AM US timezone suggesting non-US actual location) identified from the public commit log. Note: full quan... RD-F-120 gray Video-off/voice-consistency flag Video-off / voice-consistency flag in public interviews | No flag. Hart Lambur appears on video at multiple conferences and recorded interviews (YouTube: https://www.youtube.com/watch?v=yBsb2dZ5mtk; Archetype podcast audio/video). Nick Pai appears on video at Archetype podcast. Allison Lu appeared on video in DeFiNation interview (YouTube: https://www.youtube.com/watch?v=1KRwB_gRDUM). No reports of systematic video-off or voice inconsistency in public discourse. | See YouTube links above | GREEN RD-F-121 gray Contributor OSINT depth score Contributor OSINT depth score | Hart Lambur: Score 5/5 — LinkedIn with detailed employment history (Goldman Sachs 8 years, Columbia CS), conference speaker profiles, Crunchbase, IQ.wiki, multiple long-form interviews, public wallet (hal2001.eth). Allison Lu: Score 5/5 — MIT background, Goldman VP, LinkedIn, DeFiPrime interview, Founders Pledge. Nick Pai: Score 4/5 — Princeton, Barclays background, GitHub (@nicholaspai), blog interviews, Archetype Research Partner; slightly less public profile... RD-F-122 gray Contributor paid to DPRK-cluster wallet Contributor paid to wallet routing to known DPRK cluster | No evidence of any Risk Labs payment routing to a DPRK-cluster wallet. The Hub Pool Owner MultiSig (0xB524735356985D2f267FA010D681f061DfF03715) holds 230.9M ACX and 2,778 UMA — this is a treasury custodian, not a payment output. No OFAC, Chainalysis, or TRM published report identifies any Across/Risk Labs payment wallet as proximate to the Lazarus cluster. The governance controversy (ACX transfers to Risk Labs) involves a Cayman nonpr... RD-F-123 gray Sudden admin-rescue/ACL change without discussion Sudden admin-rescue / ACL change absent issue/PR discussion | The February 2, 2026 Ethereum SpokePool V2 upgrade (tx 0xce91ef569315a356ecbf8133df44de6a7f0cbbcc8f50433eb3ab5116d71a111f, block 24370830, new impl 0x5E5B726C81f43b953a62ad87e2835c85c4d9dd3b) was executed by the Hub Pool Owner MultiSig via `execTransaction`. The calling address in the Etherscan trace is the Risk Labs deployer initiating the exec on the Safe — confirming that execution went through the 3-of-5 Council multisig, not u... RD-F-124 gray Deployer wallet mixer-funded within 30 days Deployer wallet mixer-funded within 30 days of deploy | Across v1 deployed approximately November 2021. The Risk Labs deployer's first transaction was approximately late 2019 (per Etherscan "first tx approximately 6 years and 128 days ago" from page date). The deployer was funded ~6 years ago — approximately late 2019 — well before the 2021 deployment window. The 30-day pre-deploy window (October–November 2021) requires checking whether the deployer received mixer-originated funds in that per... RD-F-125 gray Deployer linked within 3 hops to DPRK/Lazarus Deployer address linked within 3 hops to DPRK/Lazarus cluster | No proximity found. Risk Labs deployer traces to unlabeled wallets from 2019 (personal/early-crypto vintage). No OFAC SDN designation of any Across-related address. No Chainalysis, TRM Labs, or US Treasury press release identifies any Across, Risk Labs, or Hart Lambur wallet as Lazarus-proximate. The KelpDAO/LayerZero April 2026 DPRK attribution is unrelated to Across. The Drift Protocol April 2026 DPRK exploit is unrelated to Ac... RD-F-184 gray Real-capital social-engineering persona Real-capital social-engineering persona (≥$1M deposits) | Not applicable. RD-F-184 targets a "team contributor or external integrator persona" who builds credibility by making ≥$1M real-capital deposits ahead of a social-engineering attack (per Drift/UNC4736 pattern). Across / Risk Labs is a transparent founding team with decade-long verified public professional histories. No evidence of any unknown persona making large credibility deposits to Across in preparation for a social-engineering at...
Fork / dependency lineage Green 0 10 of 10
RD-F-126 n/a Is-a-fork-of Across Protocol is an original design, not a fork of any prior protocol. This is explicitly stated in the profile: "Not forked / original design. Across Protocol was conceived and built by Risk Labs." The HubPool/SpokePool architecture is a novel optimistic relay bridge design with no analogous codebase to compare against. RD-F-127 n/a Upstream patch not merged N/A — no upstream (fork lineage is absent per F126). RD-F-128 n/a Upstream vulnerability disclosure (last 90d) N/A — no upstream. RD-F-129 n/a Code divergence from upstream (%) N/A — no upstream fork. RD-F-130 n/a Fork depth (generations from original audit) N/A — original codebase, not a fork. RD-F-131 n/a Fork retains upstream audit coverage N/A — protocol is not a fork. All audit coverage is original (first-party). RD-F-132 n/a Fork has different economic parameters than upstream N/A — no upstream.
RD-F-133 green Dependency manifest uses unpinned versions All critical dependencies are pinned to exact versions: `@openzeppelin/contracts: "5.5.0"`, `@openzeppelin/contracts-upgradeable: "5.5.0"`, `@openzeppelin/contracts-v4: "npm:@openzeppelin/contracts@4.9.6"`, `@openzeppelin/contracts-upgradeable-v4: "npm:@openzeppelin/contracts-upgradeable@4.9.6"`. No caret (^) or tilde (~) operators on OpenZeppelin or major security-critical libraries. Exact pinning confirmed from package.json as of the assessment date.
RD-F-134 green Dependency had malicious-release incident (last 90d) No known malicious-release advisory affecting @openzeppelin/contracts 5.5.0 or 4.9.6, or other core dependencies (ethers 5.7.2, @coral-xyz/anchor 0.31.1) in the trailing 90 days (January–April 2026) identified in search results. GHSA-9rcw-c2f9-2j55 (OZ Bytes.lastIndexOf, July 2025, Low) affects 5.2.0–5.4.0 — NOT 5.5.0. No npm audit flags identified.
RD-F-135 green Shared-library version with known-vuln status OZ 5.5.0: latest stable as of assessment date; no active high/critical advisory. OZ 4.9.6 (aliased legacy): latest 4.x patch; the GHSA-699g-q6qh-q4v8 (Duplicated execution of subcalls) affected 4.9.4 — 4.9.6 is the patched version. No active high/critical GHSA against 5.5.0 or 4.9.6. ethers.js 5.7.2: not a Solidity library. OZ Foundry upgrades 0.4.0: no known critical advisory.
Post-deploy hygiene & change mgmt Yellow 33 13 of 13
RD-F-168 yellow Stale-approval exposure on deprecated router Deprecated SpokePool V2 contracts on Ethereum, Arbitrum, Polygon, and Optimism may hold stale ERC-20 approvals from users. Ethereum V2 (0x4D9079Bb...) still received transactions as of April 2026 and is not confirmed paused. No official Across docs, blog posts, or migration guides instruct users to revoke approvals on deprecated V2 contracts. Mitigant: SpokePool deposit model requires a signed deposit + relayer fill — not a simple transferFrom, limiting direct drain risk. RD-F-136 gray Deployed bytecode matches signed release tag Deployed bytecode matches signed release-tag commit | Not directly confirmed — no public release-tag-to-bytecode mapping document located for the Feb 2026 SpokePool upgrade (impl 0x5E5B726C…). OZ audited the changes, but the exact commit-to-deployed-bytecode chain is not publicly documented in the GitHub release pipeline. Confidence gap — no evidence of mismatch, but also no positive attestation. | OZ audit ERC-3009/DepositIds (2026-02-02): audited commits; Etherscan upgrade event Feb 2, 2026... RD-F-137 gray Upgrade frequency (per 90 days) Upgrade frequency (upgrades per 90d) | Ethereum SpokePool: 2 upgrades in trailing 90d (Jan 29, 2025 and Feb 7, 2025; then Feb 2, 2026 which also falls within 90d from today [2026-04-21 minus 90d = Jan 21, 2026]). Feb 2, 2026 upgrade is within window. Additional SpokePool upgrades across 23 other chains also occur. Protocol upgrades very actively. | Etherscan SpokePool Ethereum upgrade events: Jan 29, Feb 7, 2025; Feb 2, 2026 | yellow RD-F-138 gray Hot-patch deploys without timelock (last 30 days) Hot-patch deploys without timelock in last 30d | All SpokePool upgrades appear to go through the Council multisig (relaySpokePoolAdminFunction on HubPool), which is not a timelock. Whether the Feb 2, 2026 upgrade (within 30d range) was preceded by a governance vote or was a direct Council action is unclear. The 2024 diff audit specifically noted that some upgrades were direct Council actions (OZ diff audit covers "diff" changes presumably authorized by Council). No evidence of bypass of even ... RD-F-139 gray Post-audit code changes without re-audit Post-audit code changes deployed without re-audit | The 2026-02-23 Deposit Flow audit explicitly documents: (1) EIP-712 replay in `CounterfactualDepositSpokePool` — "Acknowledged, not resolved" (design limitation accepted, not a deployed-but-unpatched fix per se); (2) post-audit PRs merged after the audit window (documentation, visibility, events). The Aug 2024 diff audit left 1 medium unresolved (outdated SafeERC20). Neither constitutes the Euler-lineage pattern (critical logic added post-au... RD-F-140 gray Fix-merged-but-not-deployed gap Fix-merged-but-not-deployed gap | EIP-712 replay vulnerability in `CounterfactualDepositSpokePool` is known but explicitly "Acknowledged, not resolved" by team as an accepted design limitation. This is a different risk class from a merged fix not yet deployed — the fix was not merged. However, the team stated they "would never deploy clones with multiple implementation-type leaves" — a behavioral constraint, not a code fix. Not a classic fix-merged-but-not-deployed situation. | OZ Deposit Flo... RD-F-141 gray Test-mode parameters in deploy Test-mode parameters left in deploy | No evidence of test-mode parameters in deployed contracts. OZ audit trail specifically reviews deployed parameters. Not flagged by any of 10+ OZ audits. | OZ audit catalog; no findings of test-mode params in any published report | green RD-F-142 gray Storage-layout collision risk across upgrades Storage-layout collision risk across upgrades | Not assessed directly. OZ UUPS upgrades plugin was presumably used (OpenZeppelin is the audit firm and author of the pattern). Profile §5 confirms "OZ Upgradeable Contracts pattern." OZ's incremental audits each cover "diff" changes, which typically include storage layout checks. No storage collision issue found in any published OZ audit. | OZ v3 incremental audit, diff audits; profile §5 "OpenZeppelin Upgradeable Contracts pattern confirmed" | ... RD-F-143 gray Reinitializable implementation (no _disableInitializers) Reinitializable implementation | `_disableInitializers()` is present in SpokePool constructor (confirmed at GitHub commit f56146a01ca9c62e6206a2c23c55dbe01a25a912). OZ's V2 audit (2023) and subsequent audits reviewed the upgradeable pattern and found no reinitializer issue. HubPool is NOT a proxy (not upgradeable) so this factor applies primarily to SpokePool implementations. | GitHub SpokePool.sol at f56146a: `_disableInitializers()` in constructor; OZ UMA Across V2 audit 2023 (0 crit/high/m... RD-F-144 gray CREATE2 factory permits same-address redeploy CREATE2 factory permits redeploy to same address | No evidence of CREATE2 redeployability risk. SpokePool contracts use EIP-1967 UUPS proxy pattern — the proxy address is stable; implementation swaps are via upgradeTo. No CREATE2 factory pattern in scope. | Profile §3 (EIP-1967 proxies); OZ audit scope documentation | green RD-F-145 gray Deployed bytecode reproducibility Deployed bytecode reproducibility | Not directly confirmed. No Across-published reproducible build documentation found. With Solidity 0.8.13 and no build reproducibility documentation, this cannot be confirmed. | No public build reproducibility documentation found; OZ audits reference specific commit SHAs | gray RD-F-146 gray New contract deploys in last 30 days New deploys in last 30 days (fresh attack surface) | Scroll deprecation announced effective 2026-04-30 implies no new Scroll deployment. Counterfactual deposit architecture (`CounterfactualDepositSpokePool`, factory) was introduced post the Feb 2026 audit window. Periphery changes (TransferProxy, Deposit Flow contracts) were freshly deployed in March 2026. This represents new attack surface. | OZ Deposit Flow audit 2026-02-23 covering CounterfactualDeposit architecture; profile §2 Scroll depr... RD-F-185 gray Bridge rate-limiter / chain-pause as positive mitigant Bridge rate-limiter / chain-pause | No per-chain or per-route outflow rate-limiter identified in publicly documented SpokePool or HubPool code. The bridge model uses relayer inventory (relayers front capital on destination); outflow on-chain is limited by pool liquidity in HubPool. Admin can `setPaused(bool)` on HubPool (immediate, no timelock) and `pauseDeposits(bool)` / `pauseFills(bool)` on SpokePool (onlyAdmin/crossDomainAdmin, no timelock). These are binary pause functions, not rate-limi...
Cross-chain & bridge Green 9 12 of 12
RD-F-154 yellow Default bytes32(0) acceptable as valid root [★ CRITICAL] YELLOW (structural gap, economic mitigation present): HubPool proposeRootBundle() does NOT validate that roots are non-zero; only gate is poolRebalanceLeafCount > 0. MerkleLib verifyRelayerRefund() and verifyV3SlowRelayFulfillment() do NOT check root ≠ bytes32(0) before calling MerkleProof.verify(). However, Across's architecture materially differs from Nomad: (1) proposer must post a WETH bond; (2) ~2h challenge window; (3) any address can dispute, initiating DVM vote that slashes proposer bond. Zero-root bundle would be disputeable and costly. Yellow, not red, because attack requires burning bond and winning DVM vote. RD-F-157 yellow Bridge TVL per validator ratio Partially applicable. HubPool TVL ~$32-52M (DefiLlama) or ~$300M (coverage list with relayer inventory). If 3-of-5 multisig controls HubPool upgrades: TVL/signer = $10-100M per signer equivalent at midpoint. Given UMA DVM has no fixed validator count, traditional ratio not calculable. For admin-key concentration: 3 signers (threshold) control HubPool upgrades on $32-300M TVL — non-trivial per-key risk. RD-F-179 yellow LayerZero OFT DVN config (count, threshold, diversity) YELLOW (unverified, partially applicable). OFT periphery adapters present (CounterfactualDepositOFT 0x4094ceE40173E85841E9E7FC19B7fDc97301aF12; SponsoredOFTSrcPeriphery 0xc80B267469D509ae45Df65845B291CBbe1945CB9) using LayerZero EndpointV2. DVN configuration for Across OFT periphery was NOT enumerated in OFT Integration audit. On-chain DVN config not independently verified. Given Kelp DAO April 2026 1/1 DVN exploit ($292M) and 40% of LZ protocols use 1/1 configs, DVN config cannot be assessed as safe without on-chain verification. Risk scoped to OFT periphery only (not core bridge). RD-F-156 gray Bridge uses same key custody for >30% validators Not applicable — no fixed validator set. UMA DVM voters use their own custody. 3-of-5 Across Council multisig: 5 signers' custody arrangements not publicly disclosed. Cannot assess > 30% co-custody threshold.
RD-F-147 green Protocol has bridge surface YES — Across is the bridge. HubPool (Ethereum) ↔ SpokePools (24 chains) via chain adapters. Settlement via UMA OO challenge window.
RD-F-148 green Bridge validator count (M) Across does not use a traditional validator set. The "validators" for settlement are: (1) UMA OO liveness model — any party can propose, any party can dispute during ~2h window; (2) If disputed, UMA DVM (UMA token holders) votes. UMA voter participation is a distributed set (UMA token circulating supply widely distributed) — not a fixed M-of-N signer set. For v4 BNB: Succinct SP1 prover network (not a fixed validator count).
RD-F-149 green Bridge validator threshold (k-of-M) Not a k-of-M threshold model. UMA OO uses economic bonding + time window: proposer posts bond (~WETH, ~2h challenge window); if undisputed, executes; if disputed, DVM votes. Effective "threshold" is economic, not signature-based. Bond is configurable by HubPool admin (3-of-5 multisig). No cryptographic k-of-N signing — this is the key architectural distinction from Wormhole/Axelar style bridges.
RD-F-150 green Bridge validator co-hosting Not applicable in the traditional signer-set sense. UMA DVM voters are UMA token holders globally distributed; Succinct provers are a distributed network. No single datacenter controls the settlement path.
RD-F-151 green Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] GREEN: HubPool has no ecrecover calls — verified via Etherscan source analysis. SpokePool delegates to OpenZeppelin SignatureChecker.isValidSignatureNow() which correctly handles address(0) returns. The Feb 2026 Deposit Flow audit found a medium EIP-712 replay in CounterfactualDepositSpokePool (periphery only, not core settlement path). Raw ecrecover without address(0) validation is NOT present in the core HubPool or standard SpokePool contracts.
RD-F-152 green Bridge binds message to srcChainId YES — SpokePool EIP-712 domain includes chain ID via `__EIP712_init("ACROSS-V2", "1.0.0")` which binds signatures to the origin chain. SpokePool's `depositV3` includes `originChainId` in deposit data. Root bundle proposals include chain-specific leaf indices. Cross-chain replay prevented by chain binding in signature domain. OZ V2 audit found "inconsistent signature checking across chains" (medium, fixed in PR #79).
RD-F-153 green Bridge tracks nonce-consumed mapping YES — Core deposits use sequential `numberOfDeposits` counter (uint32). ERC-3009/Permit2 flow uses `permitNonces` mapping (added in response to Periphery Changes audit finding, resolved PR #1015). CounterfactualDepositOFT uses `usedNonces` mapping. Replay protection is present in all identified deposit paths. SpokePool claimed-leaf bitmap prevents double-execution of Merkle leaves (`MerkleLib.isClaimed()` / `MerkleLib.setClaimed()`).
RD-F-155 green Bridge validator-set rotation recency Not applicable in traditional validator-set sense. UMA token holder set changes continuously via market. The 3-of-5 HubPool Council multisig (bridge admin) has had stable signer composition since at least 2022 (no public evidence of recent changes). No evidence of recent DVM validator-set structural changes.
Threat intelligence & recon Green 5 8 of 8
RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Avg attacker reconnaissance time for peer-class protocols | Bridge-class reconnaissance average: based on in-sample hack DB data (T-01 §3), bridge exploits show highly variable recon windows. Ronin: minimal pre-strike recon (hours). Wormhole (Solana guardian bug): zero-day, minimal. Nomad: days. Kelp DAO (April 2026): Lazarus attributed, unclear recon window. USPD analysis suggests 78-day average for well-resourced actors. Bridge class with governance social engineering (Drift Protocol): 6-mo... RD-F-161 gray Protocol-impersonator domain registered (typosquat) Protocol-impersonator domain registered (typosquat) | GAP: No domain monitoring feed is configured for this assessment. across.to is the official domain (Tonga ccTLD). Common typosquat variants: acrossprotocol.io, acrossprotocol.xyz, acr0ss.to, across-protocol.io, acrossbridge.xyz. No active typosquat scam site was identified in the specific assessment window via OSINT, but the absence of a CertStream / PhishFort / DomainTools query means this cannot be confirmed as clean. The .to TLD makes t...
RD-F-158 green Known-threat-actor cluster has touched protocol Known-threat-actor cluster has touched protocol | No confirmed Lazarus/DPRK cluster interaction with Across-specific contracts in the 30-day window. Ecosystem-level context: Lazarus/TraderTraitor executed the Drift Protocol ($285M, April 1) and Kelp DAO ($292M, April 18) exploits within this window. Neither targeted Across's contracts. Across's OFT transport adapter (LayerZero surface) is a potential future vector — however, the OFT adapter is transport-only and not the core settlement path. ...
RD-F-159 green Attacker wallet pre-strike probe (low-gas failing txs) Attacker wallet pre-strike probe (low-gas failing txs) | No low-gas failing transactions from CTI-flagged addresses on Across HubPool or SpokePool contracts identified in public-source review. No anomalous failed transaction spike on contract addresses in the assessment window per public Etherscan data. Requires CTI feed and mempool analysis for full coverage.
RD-F-160 green GitHub malicious-dependency incident touching protocol deps GitHub malicious-dependency incident touching protocol deps | No GHSA advisory flagging a malicious release in a dependency consumed by Across in the trailing 90 days identified. Across uses OpenZeppelin contracts (pinned version per OZ audit reports). The 2026-02-02 and 2026-02-23 audits both post-date any known OZ library malicious-release window. No npm/PyPI/crates.io advisory found for Across dependencies.
RD-F-162 green Known-exploit-template selector deployed by any address Known-exploit-template selector deployed by any address | No contract with function-selector patterns matching a known Across-class exploit template identified in the assessment window. Across's attack surface (optimistic relay, UMA OO) has no widely-known exploit template due to zero historical exploits. The closest analog is the EIP-712 signature replay vulnerability (open as of February 2026 Deposit Flow audit) — if unpatched and an exploit template is published for this, F162 would fire. ...
RD-F-164 green Leaked credential on paste/sentry site Leaked credential on paste/sentry site | No paste-site or GitHub secret scanner reports referencing Across Protocol infrastructure endpoints, API keys, or admin credentials identified in public-source OSINT review. The Across GitHub org (https://github.com/across-protocol) is public; no credentials visible in the public repos. No Sentry.io exposure reports found. Requires PasteHunter / HIBP API for full coverage.
RD-F-165 green Protocol social channel has scam-coordinator flag Protocol social channel has scam-coordinator flag | No flagged scam-coordinator identified as admin in Across's Discord or Telegram channels in public-source review. No ScamSniffer or Chainabuse entries naming Across Protocol channel admins identified. The governance controversy (Kevin Chan / maxodds.eth) is a **governance insider threat**, not a Discord scam-coordinator pattern — distinct risk class. Discord: https://discord.gg/across (standard link; not verified live at assessment time).
Tooling / compiler / AI Green 0 5 of 5
RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Across is not a fork; there is no audited upstream against which to measure behavioral deviation. The factor is moot for an original codebase. No AI-generated copy risk pattern applicable.
RD-F-170 green Solc version used (known-bug versions flagged) foundry.toml specifies `solc = "0.8.30"` (confirmed) with EVM version Prague. Solc 0.8.30 was released 2025-05-07 as a maintenance release for the Pectra upgrade. Known bugs listed in the Solidity 0.8.30 docs: SOL-2023-3 (VerbatimInvalidDeduplication — affects Yul verbatim, not Solidity compilation), SOL-2023-2 (FullInlinerNonExpressionSplitArgumentEvaluationOrder — only triggered by non-default optimization sequence), SOL-2023-1 (MissingSideEffectsOnSelectorAccess — `.selector` side-effects ...
RD-F-172 green Repo shows AI-tool co-authorship in critical files GitHub commit history inspection (master branch, recent 10-15 commits) shows no commits with `Co-authored-by: GitHub Copilot` or `Co-authored-by: ChatGPT` in security-critical files. One `github-actions[bot]` co-authorship found in "chore: Organize contracts folder" commit (March 24, 2026) — this is an automated folder reorganization, not code generation in security-critical paths. No AI-tool co-authorship metadata in SpokePool.sol, HubPool.sol, or chain adapter commits visible in recent hist...
RD-F-173 green Team self-disclosure of AI-generated Solidity No public statement from the Across/Risk Labs team disclosing use of AI-generated Solidity in production security-critical contracts was found in searches of blog posts, Twitter/X, or docs. The Risk Labs team (Hart Lambur, Matt Rice, Nick Pai) have not made such disclosures in any identified public source.
RD-F-174 green Dependency tree uses EOL Solidity version Current contracts use solc 0.8.30 (foundry.toml). HubPool was compiled with solc 0.8.13 per Etherscan metadata. Both 0.8.13 and 0.8.30 are within the supported Solidity 0.8.x series (EOL has not been declared for any 0.8.x sub-version as of assessment date; Solidity maintains the latest 0.8.x as active). OZ 5.5.0 / 4.9.6 dependencies are on supported versions. Solana/Rust programs use @coral-xyz/anchor 0.31.1 (supported). No EOL version identified in the core dependency tree.
Response & disclosure hygiene Gray 0 4 of 4
RD-F-175 gray Disclosure channel exists Self-hosted bug bounty program exists at https://docs.across.to/introduction/bug-bounty with submission email bugs@across.to. Scope is broad (all smart contracts + off-chain code in across-protocol repository, bots, front-end). The Immunefi slug 'across' returns 404 — program is self-hosted rather than Immunefi-managed. Green: public disclosure channel exists. RD-F-176 gray Disclosure SLA public yellow RD-F-177 gray Prior known-ignored disclosure No smart-contract exploits have occurred, so no post-mortem exists that could document a prior ignored disclosure. No OSINT evidence of a researcher publicly disclosing a vulnerability that was then ignored and later exploited. Marking gray: no prior incidents to assess. RD-F-178 gray CVE/GHSA advisory issued against protocol No CVE or GHSA advisory issued against Across Protocol or its codebase was identified in search. The unresolved EIP-712 medium from the February 2026 OZ audit is not a CVE/GHSA — it is an audit finding in a private report. Marking green: no advisory found.
rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol across-protocol