LayerZero
TEMPEREDCross-Chain Messaging · Multi-chain · N/A (infra) TVL · 15 contracts
Confidence 73%Z-Factor 0.78Updated 2026-05-17Cross-chain assessedPublic Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
742
BRI Score
3004756508251000
Security Profile
Access Control
70
70
Economic Soundness
65
65
Oracle Integrity
60
60
Compositional Risk
52
52
Governance
55
55
Maturity
82
82
Resilience
64
64
Supply Chain
72
72
Cross-Chain Messaging
55
55
Op Security
54
54
Cascade Exposure
84
84
Access Ctrl
70
70
Economic
65
65
Oracle
60
60
Compos.
52
52
Govern.
55
55
Maturity
82
82
Resilience
64
64
Supply Ch.
72
72
X-Chain
55
55
OpSec
54
54
Cascade
84
84
Min
52
Avg
65
Max
84
Audit History
Zellic
2023-05
Quantstamp
2022-11
Trail of Bits
2024-02
Bug Bounty Program
$15,000,000
Max payout on Immunefi
Assessment
Mature cross-chain messaging protocol with strong operational history but extreme compositional risk (D4=52, 100+ dependent protocols) and cross-chain trust assumptions (D10=55, DVN honesty model). Any LZ core bug cascades to entire ecosystem. Governance centralization (D5=55) and DVN trust model drag score down from DAMASCUS. Good maturity (D6=82) and adversarial resilience (all findings FP) prevent drop to FORGED.
Dimension Breakdown
How scores work →Access Control
Weight 20%76% conf
70
arrow_forwardGood
+1893 access control checks across 511 total checks (18.2% density)
+18Complex cross-chain authorization model with endpoint-library separation
+18onlyOwner (12 instances), onlyEndpoint, validVersion modifiers
+18Graph extraction missed custom patterns (onlyTreasury, nativeFees[msg.sender])
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 15%72% conf
65
arrow_forwardModerate
+13Cross-chain gas pricing model adds economic complexity
+13Fee model across chains creates arbitrage surface
+13Treasury fee accumulation (treasuryZROFees, nativeFees mappings)
+13137 state writes with fee-related writes prominent
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 10%74% conf
60
arrow_forwardModerate
+15DVN replaces oracle model from V1 but adds trust assumptions
+15DVN trust varies per pathway and configuration
+15hashLookup mapping is the verification state -- 4-deep nested mapping
+15FPValidator adds proof verification layer
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%78% conf
55
arrow_forwardModerate
+18LayerZero Labs retains significant control over core infrastructure
+18ZRO token governance immature
+18Security council provides some decentralization
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 10%80% conf
82
arrow_forwardStrong
+20V1 live since 2022, V2 since 2024 (~4+ years org maturity)
-18No major exploits on core messaging infrastructure
+20V1->V2 migration demonstrates architectural iteration
+20Extensive audit coverage (Trail of Bits, Zellic, Code4rena)
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
64
Moderate
- Score derived from continuous adversarial security research
Cross-Chain Messaging
Weight 10%72% conf
55
arrow_forwardModerate
+11DVN trust model: message verification depends on DVN set honesty
-45Message ordering: no guaranteed ordering across channels
+11Replay protection implemented but cross-chain state sync inherently fragile
+11Liveness: DVN failure can halt message delivery per pathway
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
52
arrow_forwardConcerning
+10100+ protocols depend on LayerZero for cross-chain messaging
+10Any core vulnerability cascades to entire ecosystem
+10103 external calls across 9 contracts
+10OApp integration bugs are outside LayerZero control
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 5%76% conf
72
arrow_forwardGood
+14Custom messaging libraries (non-standard patterns)
+14Complex dependency graph across chain deployments
+14OFT standard adds integration complexity
+144 trust_dependency edges in core graph
receipt_longView provenance chainarrow_forward
Operational Security
Weight 5%60% conf
54
arrow_forwardConcerning
-9No branch protection detected
+18Active CI/CD (80% success rate)
+18Commit signing: 54% verified
+18Dependabot enabled
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%55% conf
84
arrow_forwardStrong
+21Appears in 1 cross-protocol cascade chain(s)
+21Failure cascades to 4 downstream protocol(s)
+21Member of 1 dependency cluster(s)
-16Score: 84/100 (higher = more isolated from systemic risk)
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Compositional Risk52
Operational Security54
Governance & Upgradeability55
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "layerzero"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("layerzero")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.