Cross-chain bridge unverified mint pattern
Veda (BoringVault)'s assessment for RD-F-106 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
LayerZeroTeller 0xe97365b41b340352d3d32ca2c7230330f19a1e73 is active on Ethereum mainnet enabling cross-chain share transfers. The oracle-deps analyst flagged F179 (LayerZero DVN config) as a documented HIGH-RISK monitoring gap for Veda's cross-chain teller — the exact DVN count, threshold, and operator diversity is unresolved per oracle-deps findings (data cache layerzero.present=false is advisory-only per U6). A misconfigured DVN (e.g., 1/1 analogous to KelpDAO $292M exploit in Apr 2026) would make unverified cross-chain mints possible, making this signal architecturally critical. Scored yellow reflecting the unresolved DVN uncertainty flagged by oracle-deps, not a confirmed exploit-in-progress.
Sources #
- EtherscanEtherscan: Veda LayerZeroTellerLayerZeroTeller 0xe97365b41b340352d3d32ca2c7230330f19a1e73 — active cross-chain bridge contract; DVN configuration not resolved in data cache (layerzero.dvn_configs=[])retrieved 2026-05-17
- Chainalysis: KelpDAO bridge exploit April 2026KelpDAO 1/1 DVN exploit ($292M, Apr 2026) establishes the risk class for single-DVN LayerZero configurationsretrieved 2026-05-17
Methodology #
Detect cross-chain activity consistent with an unverified mint on the destination chain (deposit on source without corresponding verified proof on dest).
See the full factor methodology and distribution across all protocols →