The code whispered what the pitch deck screamed: LayerZero’s verification mechanism is a two-party trust sandwich, not a trustless bridge.
I spent last Tuesday night decompiling the latest LayerZero endpoint contract on Ethereum mainnet. The bytecode revealed something the whitepaper glosses over: the security model relies on two independent external actors—an oracle and a relayer—to verify and relay messages. If both collude, or if one is compromised and the other fails to act, the entire cross-chain message is malleable. This isn’t a theoretical risk. It’s the architectural equivalent of a house with two locks, where the keys are held by the same landlord.
Context: The Interoperability Hype Cycle
Every bull market resurrects the cross-chain narrative. 2021 was the year of bridges—Wormhole, Multichain, Ronin—all spectacularly exploited. 2024’s cycle prefers the term “omnichain” and LayerZero has become the poster child. Its design elegantly abstracts away chain differences: developers send a message, pay a fee, and trust that the payload arrives on the destination chain. But elegance in UI often masks complexity in trust assumptions.
LayerZero’s messaging flow: a user calls send() on the source chain. The message is forwarded to an oracle (e.g., Chainlink) and a relayer (run by LayerZero or a third party). The oracle submits a block header to the destination chain; the relayer submits the transaction proof. Both must agree. If the oracle and relayer are distinct and honest, the system works. But “distinct” does not mean “uncorrelated.”
Core: Systematic Teardown of Trust Assumptions
Let’s dissect the critical path. The oracle’s job is to propose a valid block header. The relayer’s job is to provide a Merkle proof that the transaction exists within that block. The destination endpoint checks that the proof matches the header. This is a two-of-two multisig in cryptographic clothing.
Vulnerability 1: Single Point of Oracle Failure. If the oracle is compromised (or blackmailed), it can feed a malicious block header. The relayer, if honest, would normally reject it. But what if the oracle is Chainlink and the relayer is a LayerZero-operated node? Chainlink’s decentralization reputation is high, but its oracles are still permissioned nodes with known operators. A subpoena or a 51% attack on the oracle network could force a false header.
Vulnerability 2: The Relayer’s Censorship Power. The relayer decides which transactions to prove. LayerZero’s current default relayer is operated by LayerZero Labs. If that single node goes down or is coerced, all cross-chain messages stall. “Permissionless relayers” exist in theory, but in practice, the ecosystem relies on the default. I audited a LayerZero-integrated DeFi protocol whose team admitted they never tested with alternative relayers. The code accepted only the configured relayer address.
Vulnerability 3: The Message Delivery “Fail-Open” Design. In the event the oracle and relayer disagree, what happens? The message is simply not delivered. This creates a liveness risk. But worse: The default configuration allows the _endpoint owner to update the oracle and relayer addresses without delay_. A governance attack could swap both addresses in one transaction, instantly enabling message manipulation. No time lock, no checkpointing.
Based on my audit experience across five cross-chain protocols, LayerZero’s security model is equivalent to a “secure custody” where two custodians hold keys. But unlike a bank vault, the vault door can be reprogrammed by either custodian after the fact.
Contrarian: What the Bulls Got Right
LayerZero’s design is not without merit. Its generic message passing abstraction has enabled genuinely novel use cases: omnichain NFTs that exist on multiple chains simultaneously, cross-chain governance for DAOs, and yield optimization across ecosystems. The team’s execution speed is remarkable—they’ve deployed across 50+ chains with consistent interfaces.

Moreover, the “honest majority” of oracle and relayer operators is a reasonable heuristic for today’s industry. The probability of a simultaneous compromise of Chainlink and LayerZero Labs is very low. But low probability × high impact = eventual loss. The 2022 Wormhole exploit ($325M) and the 2023 Multichain incident ($126M) both stemmed from trust assumptions that were considered sufficiently decentralized at the time.
Bulls also argue that LayerZero is actively designing a future with trust-minimized verification, including zk-proofs for cross-chain state. This is plausible. But as of today (January 2025), the live production code relies on the two-party system. Innovation without integrity is just theft.
Takeaway: Accountability Requires Auditability
LayerZero’s value proposition is undeniable. But calling it a “trustless” omnichain protocol is dangerous marketing. True interoperability demands either a verifying light client on the destination chain (like IBC) or a zero-knowledge proof that any node can verify. Until then, consider LayerZero’s messages as cryptographically signed promises, not guarantees. The silence between the oracle and relayer is not consensus—it’s patience.