Circuit breaker on price deviation

Hyperlane's assessment for RD-F-057 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No price-derived oracle in the security-critical path. The Mailbox has no circuit breaker on message volume or value. TokenRouter source confirms no RateLimited or pause modifier. The IGP does not have a circuit breaker on gas price deviation. Absence of a rate-limiter is a meaningful gap for a $132M bridge — this is a positive-mitigant gap (F185 relevant).

Sources #

GitHub
Mailbox.sol — no circuit breakerMailbox.sol — no circuit breaker or rate-limit on process() confirmedretrieved 2026-05-17
GitHub
TokenRouter.sol — no circuit breakerTokenRouter.sol — no RateLimited modifier, no pause functionality confirmedretrieved 2026-05-17

Methodology #

Determine whether the protocol halts or reverts if the oracle-reported price deviates by more than X% from a reference within Y blocks.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-057 score yellow collected_at 2026-05-16 23:03:56