defirisk.co
rubric v1.7.0

Cross-chain bridge unverified mint pattern

Midas's assessment for RD-F-106 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cross-chain bridge unverified mint pattern. Not in T-09 v1 shortlist; T-09 §3.3 defers this to v2 pending bridge-coverage becoming first-class. Applicable: Midas has confirmed LayerZero OFT surface; unverified mint on a destination chain is the exact attack vector used in the KelpDAO rsETH exploit ($292M, 2026-04-18), which uses the same bridge infrastructure class. Midas paused OFT service on 2026-04-19, confirming active usage. DVN configuration for Midas's specific OFT adapters is unassessed — adapter addresses not located in pipeline config (layerzero_oapp_address: null). Post-resume DVN configuration not publicly confirmed; 47% of LayerZero OApps used 1/1 DVN at time of Dune Analytics analysis (post-KelpDAO, Apr 2026). Yellow because: signal architecture is directly exposed to this attack class with material uncertainty about current DVN config; OFT surface confirmed active; monitoring not wired; adapter addresses unknown.

Sources #

Methodology #

Detect cross-chain activity consistent with an unverified mint on the destination chain (deposit on source without corresponding verified proof on dest).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-106 score yellow collected_at 2026-05-16 09:34:55