defirisk.co
rubric v1.7.0

Default bytes32(0) acceptable as valid root

Ethena's assessment for RD-F-154 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

NOT APPLICABLE. LayerZero OFT V2 does not use Merkle root verification for message validation. The Nomad bytes32(0) vulnerability class (default Merkle root accepted as valid) requires an architecture that validates messages against a stored root. LayerZero's DVN attestation model does not use Merkle roots. F154 does not apply to the LayerZero OFT stack.

Sources #

  • Docs
    https://docs.layerzero.network/v2/deployments/evm-chains/ethereum-mainnet-oft-quickstartretrieved 2026-04-28

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-154 score green collected_at 2026-04-28 13:58:51