LayerZero OFT DVN config (count, threshold, diversity)
Aave v3's assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Two distinct LayerZero surfaces: (1) a.DI's LZ V2 adapter — DVN configuration not confirmed from public sources; data cache layerzero.present=false (no single OApp address identified); profile confirms LZ V2 is among a.DI's bridge adapters; multi-bridge architecture (CCIP + LZ + Hyperlane + native) means LZ is not sole transport, mitigating sole-LZ-DVN failure for governance delivery. (2) Accepted collateral tokens as LayerZero OFTs — rsETH was a LayerZero OFT with 1/1 DVN (single DVN, single required verifier), exploited April 2026 ($123-230M bad debt). This is not Aave's own bridge but a collateral dependency. The 1/1 DVN configuration was flagged in Aave governance forum 15 months before the exploit. For a.DI itself: on-chain read of LZ endpoint DVN config for a.DI's adapter required for full verification.
Sources #
- URLrsETH Incident Report — LayerZero 1/1 DVN contextrsETH Incident Report — rsETH LayerZero 1/1 DVN exploited April 2026retrieved 2026-04-27
- How a Single LayerZero DVN Compromise Drained $292M from KelpDAOBlockaid analysis — Kelp DAO 1/1 DVN configuration and exploitationretrieved 2026-04-27
- aave-delivery-infrastructure GitHub — LZ adaptera.DI source — LayerZero V2 adapter present among bridge adaptersretrieved 2026-04-27
Methodology #
For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).
See the full factor methodology and distribution across all protocols →