Why is Everyone Quiet about the Cross-Chain Honeypots?
$10B+ at risk?
"Decentralised Verifier Network" aka DVNs by LayerZero
LayerZero Labs DVN: 2/3 multisig
Nethermind DVN: 1/1 multisig
Stargate DVN: 1/1
Google Cloud DVN: 2/3
Horizen DVN: 2/2
Source: You gotta go to Etherscan and call the signerSize and Quorum functions. Here are the contracts: link
Note: There is not guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. Later in the post, I will also discuss how much value is potentially at risk here.
The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or M out N DVNs to secure your setup.
Most protocols (clients using LZ) using LayerZero have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain.
For instance, Stargate has 2 DVNs. Stargate DVN + Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m.
Dune is doing a terrible job here, here's how the distribution looks like. Look at the numbers that start tapering off as we go down the list. Link to the dashboard.
So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security.
Let's look at Hyperlane, LayerZero's biggest competitor atm
First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period.
Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero.
Here's how their default setup looks like, (source link):
Arbitrum: 3/5 multisig
Base: 2/5
Blast: 2/3
BNB: 2/4
Ethereum: 3/7
Optimism: 2/5
It is not very far off from the LayerZero setups their clients are using. But atleast you can eb sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of m keys are compromised. In their Base setup, 2/5, if any of the 2 validators out of 5 are compromised, you are compromised.
If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know.
There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment.
You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right.
You can upgrade to a secure setup when they are available.
Choosing your own security
In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. So I had to build my own Dune dashboard.
Here are the most used DVNs across major EVM chains:
Again, Dune doesn't do any justice here:
Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their setups as it costs to run a DVN.
It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description.
In my experience, Hyperlane is more eager to engage protocols with education than LayerZero.
It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ/HL) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so.
The second main argument is that, protocols should use this trusted setup now, you can upgrade to a ZK bridge or a restaked security setup later down the line.
The Upgradability of Interoperability
First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Let's compare an ERC20 with an omnichain token.
An ERC20
Has a fixed supply that nobody can change (most of em)
Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s
An OFT or Warp Token
Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit.
Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?).
Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed.
Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right?
Ether.Fi is a protocol with $5B+ in TVL.
Here is the multisig securing their weETH OFT. 5 out of these 6 wallets have been active in the 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs.
Renzo is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It also secured by a 3/5 multisig. All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though.
Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5).
So, can we say a total of around $10B+ is at risk here?
I am not blaming these GMPs. They are simply selling a setup. I am blaming the community for not demanding enough of the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is rubbing his hands right now.
Native Bridges, Ignored, And Left for Dead
It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case.
There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today.
Closing Thoughts
I used to think very highly of LayerZero as a protocol. A protocol that is marketed as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups.
This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now.
Let's demand better standards from our industry. - A humble community member, Sand