Bridge tracks nonce-consumed mapping

Pendle Finance's assessment for RD-F-153 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

LayerZero V1 handles nonce tracking at the endpoint layer. Pendle's lzReceive accepts _nonce parameter but does not maintain its own nonce-consumed mapping — relies on LayerZero endpoint for replay protection. This is an inherited dependency risk: if LayerZero endpoint has a nonce bug, Pendle's governance messages could be replayed. Yellow because relay protection exists (at LZ endpoint layer) but Pendle's own code does not independently enforce it.

Sources #

GitHub
PendleMsgReceiveEndpointUpg.sol — nonce handlingPendleMsgReceiveEndpointUpg.sol — nonce parameter not validated in Pendleretrieved 2026-04-29

Methodology #

Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-153 score yellow collected_at 2026-04-28 21:09:40