LayerZero OFT DVN config (count, threshold, diversity)
mETH Protocol's assessment for RD-F-179 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
DVN configuration for cmETH OFTAdapterUpgradeable Ethereum->Mantle pathway (EID 30181) could NOT be determined via OSINT. Reading requires live RPC call: ReceiveUln302.getUlnConfig(0x4aFA9620D0B79137383A7A9AB3477837d475e948, 30181) on Ethereum ReceiveUln302 (0xc02Ab410f0734EFa3F14628780e6e695156024C2). No public disclosure, no governance post, no protocol-specific audit covering DVN config found. Adapter deployed 2024-08-02 — predates post-Kelp-DAO (Apr 2026) awareness campaign. Per Blockaid post-Kelp analysis: 47% of LayerZero OApps used 1-of-1 DVN config. If cmETH uses default/minimal config (1 required DVN, 0 optional), exposure matches Kelp DAO 1-of-1 pattern on $70.6M. Curator must resolve via RPC call: if requiredDVNCount + optionalDVNThreshold <= 1, flip to RED; if >= 2, flip to yellow or green based on DVN diversity. This is the highest-priority unresolved Cat 10 item.
Sources #
- EtherscanL1cmETHAdapter — DVN config not readable via OSINTL1cmETHAdapter proxy 0x4aFA9620D0B79137383A7A9AB3477837d475e948 — LayerZero OFTAdapterUpgradeable, deployed 2024-08-02, EID peer Mantle (30181)retrieved 2026-05-16
- Blockaid KelpDAO DVN exploit — 1-of-1 patternBlockaid KelpDAO post-mortem: 47% of LayerZero OApps use 1-of-1 DVN configuration; requiredDVNCount=1, optionalDVNThreshold=0 is catastrophic edge caseretrieved 2026-05-16
- Blockaid DVN config audit scriptBlockaid DVN audit script — getUlnConfig(address, uint32) on ReceiveUln302; EXPOSED condition: requiredDVNCount + optionalDVNThreshold <= 1retrieved 2026-05-16
Methodology #
For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).
See the full factor methodology and distribution across all protocols →