LayerZero OFT DVN config (count, threshold, diversity)

A cross-chain & bridge factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures**

This factor assesses the LayerZero OFT (Omnichain Fungible Token) adapter's DVN (Decentralized Verifier Network) configuration: how many DVNs are required to attest a cross-chain message, what threshold of those DVNs must agree (k-of-N), and whether the listed DVN operators are independent entities or the same operator running multiple endpoints. Cat 10 applies only to bridge-touching protocols; non-bridge protocols show this factor as N/A. The 1-of-1 DVN configuration is the catastrophic edge — a single DVN can unilaterally attest to a forged inbound message and trigger an unbacked mint on the destination chain.

**Why it matters**

LayerZero OFT is now the dominant cross-chain token-bridging primitive on EVM L2s, but its security guarantees are a function of how the OFT adapter is configured by the deploying protocol — not an intrinsic property of LayerZero itself. A 1/1 DVN configuration means there is no honest-majority assumption: a single compromised, captured, or buggy DVN can forge an `lzReceive` payload and the destination chain will accept the mint as legitimate. Threshold without operator diversity is similarly weak: 2-of-3 DVNs all run by the same operator collapses to single-operator trust at validator level, even though the on-chain config looks redundant.

**Green / Yellow / Red**

Green is ≥3 independent DVN operators with threshold ≥2 — a meaningful k-of-N attestation set. Yellow is 2 DVNs with threshold 2, or any threshold-2 configuration where operators are not fully independent. Red is the 1/1 configuration: a single DVN with threshold 1, where any single attestation suffices to mint on the destination chain.

**Common gray cases**

The protocol does not deploy a LayerZero OFT adapter at all (factor is N/A). On-chain DVN registry reads are inconclusive when the adapter uses a custom DVN list that is not standard-registered, requiring source inspection.

**Notable historical examples**

No cross-hacked incidents currently linked in database for this factor. The most-cited industry incident is **Kelp DAO** (Apr 2026, $292M loss), where a 1-of-1 DVN configuration on the rsETH OFT adapter allowed a single forged message to mint unbacked rsETH on a destination chain. Aave governance forum publicly flagged the 1/1 DVN risk approximately 15 months prior to the exploit, making this a structural risk that was visible on-chain and publicly debated long before failure.

Measurement what to look for #

For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).

Data & output #

Data source

LayerZero endpoint contract `getConfig()` for the OFT adapter address + LayerZero DVN registry on-chain reads

Output format

Green / Yellow / Red

Evidence artifact

OFT adapter address + DVN addresses list + threshold k + operator-diversity assessment

Confidence signal

green = ≥3 independent DVN operators with threshold ≥2; yellow = 2 DVNs or threshold=2 but operators not fully independent; red = 1/1 DVN configuration (any single DVN can approve); gray = protocol does not use LayerZero OFT (N/A)

Scored protocols 80 carry this factor #

Protocol RD-F-179

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-179 category 10 carried 80 critical no