Bridge validator threshold (k-of-M)

Hyperlane's assessment for RD-F-149 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Default ISM thresholds: ETH 6-of-8 (75%), BSC 4-of-6 (67%), Arbitrum 3-of-5 (60%), Base 3-of-5 (60%). These are adequate thresholds for a permissioned set. However, AbstractMultisigIsm.sol only enforces threshold > 0 — a threshold of 1 is accepted. Permissionless ISM architecture allows Warp Route operators to deploy 1-of-1 ISMs with no protocol-enforced minimum. This is documented Hyperlane design but creates systemic risk at the app-ISM layer.

Sources #

GitHub
multisigIsm.ts — threshold configurationmultisigIsm.ts — ETH 6-of-8, BSC 4-of-6, Arbitrum 3-of-5, Base 3-of-5retrieved 2026-05-17
GitHub
AbstractMultisigIsm.sol — threshold lower bound checkAbstractMultisigIsm.sol verify() — require(_threshold > 0) only; threshold=1 is acceptedretrieved 2026-05-17

Methodology #

Read the signature threshold required to approve a cross-chain message (for non-LZ bridges).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-149 score yellow collected_at 2026-05-16 23:03:56