LayerZero OFT DVN config (count, threshold, diversity)

Cap (cUSD / stcUSD)'s assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

LayerZero v2 OFT confirmed. CheckOFTConfig.s.sol defines expected DVNs for Ethereum EID 30101: LayerZero Labs (0x589dEDbD617e0CBcB916A9223F4d1300c294236b), Nethermind (0xa59BA433ac34D2927232918Ef5B2eaAfcF130BA5), Canary (0xa4fE5A5B9A846458a70Cd0748228aED3bF65c2cd). This is 3-DVN architecture. HOWEVER: actual on-chain requiredDVNCount (k-of-3 threshold) not confirmed via direct ep.getConfig() call on EndpointV2. Script reads dynamically without asserting minimum. Post-Kelp DAO $292M (April 2026 — 1-of-1 DVN), LayerZero mandated multi-DVN configs. Whether Cap was swept into compliance is unconfirmed. Curator MUST verify: ep.getConfig(sendLib, 0xA62571EbdFfAbC3051a2e5B9e1f57b23D830c8Fd, 30398, CONFIG_TYPE_ULN) on Ethereum. If requiredDVNCount == 1 → upgrade to red.

Sources #

GitHub
CheckOFTConfig.s.sol — 3 expected DVNs, threshold unconfirmedCheckOFTConfig.s.sol: trusted DVN set for EID 30101 — LZ Labs, Nethermind, Canary addresses; reads requiredDVNCount dynamically from ep.getConfig()retrieved 2026-05-17
URL
Kelp DAO DVN exploit context for F179 threshold riskKelp DAO $292M exploit April 2026: 1-of-1 DVN threshold sufficient to forge lzReceive; LayerZero banned single-validator setups post-exploitretrieved 2026-05-17
GitHub
OFT deployment config — lockbox and endpoint addressesconfig/oft-deployments.json: cUSD lockbox 0xA62571...Fd; config/layerzero-v2-deployments.json: EndpointV2 0x1a44076... on Ethereum — correct v2 infrastructure identifiedretrieved 2026-05-17
URL
Blockaid LayerZero OFT/OApp DVN configuration audit toolBlockaid DVN audit tool: methodology for checking OFT DVN configuration on-chainretrieved 2026-05-17

Methodology #

For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-179 score yellow collected_at 2026-05-17 10:56:24