★ Default bytes32(0) acceptable as valid root

Hyperliquid's assessment for RD-F-154 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not applicable — Bridge2 does not use a Merkle root inbox pattern. Validation uses EIP-712 typed-data signatures with validator quorum verification, not a Merkle accumulator. The bytes32(0)-valid-root vulnerability class (Nomad $190M pattern) does not apply to this signature-based architecture. Green by architectural non-applicability.

Sources #

URL
Bridge2.sol — hyperliquid-dex/contracts GitHubBridge2.sol — signature-based verification, no Merkle root inboxretrieved 2026-04-28

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-154 score green collected_at 2026-04-28 13:58:49