defirisk.co
rubric v1.7.0

LayerZero OFT DVN config (count, threshold, diversity)

Across Protocol's assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

YELLOW (unverified, partially applicable). OFT periphery adapters present (CounterfactualDepositOFT 0x4094ceE40173E85841E9E7FC19B7fDc97301aF12; SponsoredOFTSrcPeriphery 0xc80B267469D509ae45Df65845B291CBbe1945CB9) using LayerZero EndpointV2. DVN configuration for Across OFT periphery was NOT enumerated in OFT Integration audit. On-chain DVN config not independently verified. Given Kelp DAO April 2026 1/1 DVN exploit ($292M) and 40% of LZ protocols use 1/1 configs, DVN config cannot be assessed as safe without on-chain verification. Risk scoped to OFT periphery only (not core bridge).

Sources #

  • Docs
    Extracted from 03-oracle-deps.md — RD-F-179 finding; OFT Integration audit May 2025 (HIGH finding unresolved); Etherscan CounterfactualDepositOFT and SponsoredOFTSrcPeripheryretrieved 2026-04-28
  • URL
    https://www.openzeppelin.com/news/across-protocol-oft-integration-differential-auditretrieved 2026-04-28

Methodology #

For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-179 score yellow collected_at 2026-04-30 21:19:18