defirisk.co
rubric v1.7.0

LayerZero OFT DVN config (count, threshold, diversity)

Curve Finance's assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two LayerZero OFT surfaces: (1) FastBridge crvUSD (L2MessengerLZ/VaultMessengerLZ): 2-of-2 DVN (LayerZero Labs + SwissStake) — independently operated, different organizations, adequate diversity. Not a 1-of-N pathway. (2) CRV OFT (curve-xdao bridges to BNB/Sonic/Avalanche/Fantom/Etherlink/Kava): DVN configuration not documented in public sources. Strong contextual evidence of single/default DVN: (a) Curve suspended entirely due to rsETH Kelp DAO exploit — a protocol that had a 1-of-1 DVN configuration compromised via a forged message; (b) Blockaid post-incident audit identified ~47% of LZ OFT apps using 1-of-N (catastrophic) pathway pre-incident; (c) curve-xdao repository contains no DVN configuration documentation. Current status: both surfaces SUSPENDED as of April 19, 2026. No re-enable confirmation as of 2026-04-28. Net: YELLOW — FastBridge adequate, CRV OFT likely-single-DVN pre-suspension with the suspension itself being the realized-risk indicator.

Sources #

Methodology #

For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-179 score yellow collected_at 2026-04-28 19:48:40