★ Default bytes32(0) acceptable as valid root

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-154 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — NOT APPLICABLE] Sushi has no Merkle root inbox. The Nomad bytes32(0) default-value root bug applies to protocols that implement their own bridge message inbox with Merkle root verification. Sushi delegates all message validation to Stargate/LayerZero and does not author any root-acceptance code.

Sources #

GitHub
SushiXSwap v2 GitHub — adapter-only, no bridge inboxsushiswap/sushixswap-v2 — no bridge inbox or Merkle root verification authored by Sushiretrieved 2026-05-17

Methodology #

Determine whether the bridge inbox accepts a default-value (bytes32(0)) Merkle root as a valid proof root (Nomad bug class).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-154 score not_applicable collected_at 2026-05-16 19:50:37