Bridge signer-set change proposed/executed
Midas's assessment for RD-F-103 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Bridge signer-set change signal. T-09 v1 launch / Tier A (instant grade flip). Applicable: Midas has confirmed LayerZero OFT and Axelar vault bridge surface per bug bounty scope (2026-03-24) which explicitly lists 'Layer Zero OFT, Axelar vault' as in-scope contracts. Confirmed active usage: Midas paused and resumed its LayerZero OFT service on 2026-04-19 in response to the KelpDAO rsETH exploit ($292M, Lazarus Group attack on LayerZero 1/1 DVN). Current posture: pipeline config has layerzero_oapp_address: null — specific OFT adapter addresses not registered; signal cannot fire. For Axelar: uses DPoS validator set (top-75 by AXL stake), not a static k-of-N signer multisig; validator elections use different event structure requiring separate monitoring logic. No bridge contract events monitored. Yellow because: this is a T-09 v1 Tier-A grade-flipping signal for a confirmed active bridge surface, but the pipeline is not wired due to missing contract address registration. The monitoring ga
Sources #
- URLChainalysis — Inside the KelpDAO Bridge Exploit (Apr 2026)Chainalysis blog 2026-04-19: KelpDAO rsETH exploit — Lazarus Group attributed; LayerZero 1/1 DVN compromised; same bridge class as Midas OFTretrieved 2026-05-16
- Midas Resumes mToken Minting and Redemption ServicesPhemex News 2026-04-19: Midas resumes mToken minting/redemption after pausing LayerZero OFT service during KelpDAO rsETH exploitretrieved 2026-05-16
- Midas Bug Bounty Programme — LayerZero OFT and Axelar vault in scopeMidas bug bounty announcement LinkedIn 2026-03-24: scope explicitly lists 'Layer Zero OFT, Axelar vault' as in-scope contractsretrieved 2026-05-16
Methodology #
Detect whether a bridge validator or signer-set change has been proposed or executed.
See the full factor methodology and distribution across all protocols →