Market Prices

BTC Bitcoin
$64,878.6 -0.14%
ETH Ethereum
$1,921.94 +2.15%
SOL Solana
$77.62 +0.05%
BNB BNB Chain
$581.2 -0.02%
XRP XRP Ledger
$1.12 +0.52%
DOGE Dogecoin
$0.0741 -0.42%
ADA Cardano
$0.1652 +0.43%
AVAX Avalanche
$6.69 +0.39%
DOT Polkadot
$0.8475 -0.35%
LINK Chainlink
$8.55 +3.22%

Event Calendar

{{年份}}
22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

12
05
halving BCH Halving

Block reward halving event

10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

28
03
unlock Arbitrum Token Unlock

92 million ARB released

18
03
unlock Sui Token Unlock

Team and early investor shares released

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

💡 Smart Money

0x0c66...f641
Arbitrage Bot
+$4.6M
64%
0x9f06...9476
Arbitrage Bot
+$4.2M
88%
0xfaf0...9b9b
Arbitrage Bot
+$4.7M
87%

🧮 Tools

All →
Research

LayerZero’s Silent Compromise: Oracles, Relayers, and the Myth of Decentralized Interoperability

Samtoshi

The code whispered what the pitch deck screamed: LayerZero’s verification mechanism is a two-party trust sandwich, not a trustless bridge.

I spent last Tuesday night decompiling the latest LayerZero endpoint contract on Ethereum mainnet. The bytecode revealed something the whitepaper glosses over: the security model relies on two independent external actors—an oracle and a relayer—to verify and relay messages. If both collude, or if one is compromised and the other fails to act, the entire cross-chain message is malleable. This isn’t a theoretical risk. It’s the architectural equivalent of a house with two locks, where the keys are held by the same landlord.

Context: The Interoperability Hype Cycle

Every bull market resurrects the cross-chain narrative. 2021 was the year of bridges—Wormhole, Multichain, Ronin—all spectacularly exploited. 2024’s cycle prefers the term “omnichain” and LayerZero has become the poster child. Its design elegantly abstracts away chain differences: developers send a message, pay a fee, and trust that the payload arrives on the destination chain. But elegance in UI often masks complexity in trust assumptions.

LayerZero’s messaging flow: a user calls send() on the source chain. The message is forwarded to an oracle (e.g., Chainlink) and a relayer (run by LayerZero or a third party). The oracle submits a block header to the destination chain; the relayer submits the transaction proof. Both must agree. If the oracle and relayer are distinct and honest, the system works. But “distinct” does not mean “uncorrelated.”

Core: Systematic Teardown of Trust Assumptions

Let’s dissect the critical path. The oracle’s job is to propose a valid block header. The relayer’s job is to provide a Merkle proof that the transaction exists within that block. The destination endpoint checks that the proof matches the header. This is a two-of-two multisig in cryptographic clothing.

Vulnerability 1: Single Point of Oracle Failure. If the oracle is compromised (or blackmailed), it can feed a malicious block header. The relayer, if honest, would normally reject it. But what if the oracle is Chainlink and the relayer is a LayerZero-operated node? Chainlink’s decentralization reputation is high, but its oracles are still permissioned nodes with known operators. A subpoena or a 51% attack on the oracle network could force a false header.

Vulnerability 2: The Relayer’s Censorship Power. The relayer decides which transactions to prove. LayerZero’s current default relayer is operated by LayerZero Labs. If that single node goes down or is coerced, all cross-chain messages stall. “Permissionless relayers” exist in theory, but in practice, the ecosystem relies on the default. I audited a LayerZero-integrated DeFi protocol whose team admitted they never tested with alternative relayers. The code accepted only the configured relayer address.

Vulnerability 3: The Message Delivery “Fail-Open” Design. In the event the oracle and relayer disagree, what happens? The message is simply not delivered. This creates a liveness risk. But worse: The default configuration allows the _endpoint owner to update the oracle and relayer addresses without delay_. A governance attack could swap both addresses in one transaction, instantly enabling message manipulation. No time lock, no checkpointing.

Based on my audit experience across five cross-chain protocols, LayerZero’s security model is equivalent to a “secure custody” where two custodians hold keys. But unlike a bank vault, the vault door can be reprogrammed by either custodian after the fact.

Contrarian: What the Bulls Got Right

LayerZero’s design is not without merit. Its generic message passing abstraction has enabled genuinely novel use cases: omnichain NFTs that exist on multiple chains simultaneously, cross-chain governance for DAOs, and yield optimization across ecosystems. The team’s execution speed is remarkable—they’ve deployed across 50+ chains with consistent interfaces.

LayerZero’s Silent Compromise: Oracles, Relayers, and the Myth of Decentralized Interoperability

Moreover, the “honest majority” of oracle and relayer operators is a reasonable heuristic for today’s industry. The probability of a simultaneous compromise of Chainlink and LayerZero Labs is very low. But low probability × high impact = eventual loss. The 2022 Wormhole exploit ($325M) and the 2023 Multichain incident ($126M) both stemmed from trust assumptions that were considered sufficiently decentralized at the time.

Bulls also argue that LayerZero is actively designing a future with trust-minimized verification, including zk-proofs for cross-chain state. This is plausible. But as of today (January 2025), the live production code relies on the two-party system. Innovation without integrity is just theft.

Takeaway: Accountability Requires Auditability

LayerZero’s value proposition is undeniable. But calling it a “trustless” omnichain protocol is dangerous marketing. True interoperability demands either a verifying light client on the destination chain (like IBC) or a zero-knowledge proof that any node can verify. Until then, consider LayerZero’s messages as cryptographically signed promises, not guarantees. The silence between the oracle and relayer is not consensus—it’s patience.

Fear & Greed

25

Extreme Fear

Market Sentiment

Altseason Index

44

Bitcoin Season

BTC Dominance Altseason

Market Cap

All →
# Coin Price
1
Bitcoin BTC
$64,878.6
1
Ethereum ETH
$1,921.94
1
Solana SOL
$77.62
1
BNB Chain BNB
$581.2
1
XRP Ledger XRP
$1.12
1
Dogecoin DOGE
$0.0741
1
Cardano ADA
$0.1652
1
Avalanche AVAX
$6.69
1
Polkadot DOT
$0.8475
1
Chainlink LINK
$8.55

🐋 Whale Tracker

🔴
0xe442...6a42
30m ago
Out
42,699 BNB
🟢
0x1972...b750
1d ago
In
43,677 SOL
🔴
0x12ee...1452
6h ago
Out
2,230,702 USDT