Bridge tracks nonce-consumed mapping

Centrifuge's assessment for RD-F-153 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The WormholeAdapter.sol does NOT implement a deliveries mapping or nonce-consumed check. The deliveryHash parameter in receiveWormholeMessages() is commented out and unused: bytes32 /* deliveryHash */. Wormhole's documentation states replay protection must be enforced by the receiving contract. Redeliveries can be requested by anyone. If a message is replayed, WormholeAdapter would process it twice unless the underlying message handler has its own deduplication. Gateway.sol failedMessages mapping is retry logic, not deduplication.

Sources #

GitHub
https://github.com/centrifuge/protocol/blob/main/src/adapters/WormholeAdapter.solretrieved 2026-04-27
URL
https://wormhole.com/docs/products/messaging/reference/relayer-contract/retrieved 2026-04-27
GitHub
https://github.com/centrifuge/protocol/blob/main/src/core/messaging/Gateway.solretrieved 2026-04-27

Methodology #

Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol centrifuge factor RD-F-153 score red collected_at 2026-04-30 21:19:10