LayerZero Security Update — April 2022
If this past week has shown us anything, it’s that there is nothing more critical in this space than an absolute commitment to continuously evaluating and improving security. Not just once, but an ongoing process of continuous hardening.
This is why we’re extremely pleased to announce and demonstrate our commitment to this by introducing the largest ever security bug bounty, with a top award of $15,000,000.
We will be working with Immunefi and other groups in the coming weeks to hammer out the exact details and roll this out — if you’d like to get started immediately consider these fully in effect as of this moment.
So let’s talk about things we’ve done this week to harden security of both the LayerZero and the Stargate protocols
We’ve migrated all EOAs to multisigs for Stargate and LayerZero. You can find them here and here.
We’ve worked with some of the best security experts in the world to deploy improved and more secure validation libraries. We will verify those contracts and link to them here as soon as the migration is finished.
We’ve begun the process of moving Stargate to a separate multisig and will be working with the community on a process to elect who those multisig key holders are. The process of this transition will take some time, but finding the right people for this is incredibly important.
Pre-Crime
Imagine a world where crimes can be stopped before they ever happen (ok ok this isn’t as dystopian as that). We’re implementing a 2 phase mechanism in the LayerZero Labs Relayer for Stargate.
Phase 1: The Dome — In the weeks since launch we’ve seen an multiple sophisticated attacks launched at Stargate (all of which have been deflected) but to further security we will be implementing The Dome, a system which (at the relayer level) deflects all attacks from malicious external contracts rendering them useless.
Phase 2: Pre-Crime — Pre-Crime takes this a step further and evaluates all messages sent from Stargate (since we’ve already excluded malicious external parties), runs the result locally, and will stop any fraudulent message or attack that would ever result in the Stargate system and Delta algorithm books being off-balance or insolvent. Stopping the crime before it ever had a chance to occur.
You can read all about the Pre-Crime System here.
Security Controls
It’s also important to add clarity around exactly what each component does within the LayerZero ecosystem and what they can and cannot do.
What does the LayerZero multisig have the ability to do?
- Create new validation libraries. This could be anything from upgrading an existing library (by issuing a new version), creating a more gas-optimized version, or implementing something entirely new (zkp, oru, etc.)
- Change which library the ‘Default’ setting points to.
- Why would you want this? The point of the default setting is so that applications don’t need to think about when major migrations happen. An example of this would be the Ethereum proof migration from Merkel Patricia Trees to Verkel Trees on Ethereum.
What does the Stargate multisig have the ability to do?
- Change which validation library it uses. It can point to a specific library or it can point to ‘Default’
- Specify which oracle and relayer it uses
- Specify the block confirmation parameterization for each chain/pathway (i.e. set to 25 outbound confs when leaving Ethereum)
What do all dapps built on LayerZero have the ability to do?
- Change which validation library it uses. It can point to a specific library or it can point to ‘Default’
- Specify which oracle and relayer it uses
- Specify the block confirmation parameterization for each chain/pathway (i.e. set to 25 outbound confs when leaving Ethereum)
What does LayerZero multisig NOT have the ability to do?
- ever modify an existing library version
- ever change the config for any application — including their library settings, block confs, or oracle/relayer settings
