LayerZero OFT DVN config (count, threshold, diversity)
ether.fi's assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
LayerZero OFT DVN config post-SecurityUpgrade: 4-of-4 required DVNs (LayerZero 0x589d, Nethermind 0xa59B, Horizen 0x3802, Canary 0xa4fE) across 20 chains. No optional DVNs. Rate-limiters implemented: 20 weETH/4h (restricted, 11 chains: zkSync, Scroll, Blast, etc.), 2,000 weETH/4h (standard, 6 chains: Linea, Monad), 3,000–10,000 weETH/4h (high-throughput: Base, OP). PAUSER_ROLE emergency stop present. YELLOW rationale: (1) SecurityUpgrade.s.sol lives in archive/OFTSecurityUpgrade/ directory, meaning this was a historical upgrade — pre-upgrade DVN config (possibly weaker) was in production for an unknown period; (2) LayerZero Labs is one of the 4 required DVNs, meaning LayerZero Labs itself must validate messages — partial operator self-custody of validation. The F185 positive mitigant (rate limiter) is present.
Sources #
- GitHubSecurityUpgrade.s.solSecurityUpgrade.s.sol — _encode4DVNUlnConfig, requiredDVNCount: 4, rate limit tiers per chainretrieved 2026-04-28
- PairwiseRateLimiter.solPairwiseRateLimiter.sol — per-chain rate limit implementationretrieved 2026-04-28
- L2Constants.sol — DVN addressesL2Constants.sol — L1_DVN array: LZ 0x589d, Nethermind 0xa59B, Horizen 0x3802, Canary 0xa4fEretrieved 2026-04-28
Methodology #
For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).
See the full factor methodology and distribution across all protocols →