Cross-chain bridge unverified mint pattern

Hyperliquid's assessment for RD-F-106 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge2 uses validator-quorum signed attestations (>2/3 stake-weighted) for both deposits and withdrawals — this is a validator-threshold signature model, not a mint-without-proof architecture. The Bridge2.sol contract enforces hotValidatorSetHash validation before crediting withdrawals. No unverified mint pattern documented. Structural non-applicability: Bridge2 design does not expose the mint-without-proof attack surface.

Sources #

GitHub
https://github.com/hyperliquid-dex/contracts/blob/master/Bridge2.solretrieved 2026-04-28
Docs
https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/bridge2retrieved 2026-04-28

Methodology #

Detect cross-chain activity consistent with an unverified mint on the destination chain (deposit on source without corresponding verified proof on dest).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-106 score gray collected_at 2026-04-28 13:58:49