Bridge tracks nonce-consumed mapping

Veda (BoringVault)'s assessment for RD-F-153 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Nonce/replay protection is handled by the LayerZero v2 EndpointV2 at 0x1a44076050125825900e736c501f859c50fe728c. The LayerZeroTeller does not implement its own nonce-consumed mapping — delegation to LZ v2 endpoint is the standard pattern. LayerZero v2 endpoint-level nonce protection is widely deployed and audited, but cannot independently verify endpoint nonce logic.

Sources #

GitHub
LayerZeroTeller.sol sourceLayerZeroTeller.sol — no custom nonce mapping; delegates to OApp/LZ v2 endpointretrieved 2026-05-17
Etherscan
LayerZero EndpointV2 EthereumLayerZero EndpointV2 0x1a44076050125825900e736c501f859c50fe728c — widely deployed LZ v2 endpointretrieved 2026-05-17

Methodology #

Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-153 score yellow collected_at 2026-05-17 12:41:22