LayerZero OFT DVN config (count, threshold, diversity)

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-179 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

DVN configuration for USD0 OFT unconfirmed — HIGH RISK FLAG. Data cache returned dvn_configs: [] (pipeline gap). LayerZero's OFT Quickstart default shows a single required DVN (LayerZero Labs) with no optional DVNs — the 1/1 pattern. At the time of KelpDAO $292M incident (Apr 2026), 47% of active LZ OApps used 1/1 DVN (CoinDesk). Usual has not published its DVN configuration in docs or blog. Paladin Oct 2024 audit covered the OFT adapter but report is not publicly accessible for DVN config review. Scored YELLOW (not red) because 1/1 is unconfirmed — DVN config may have been hardened, but absence of disclosure prevents GREEN. Curator action required: on-chain cast call to ReceiveUln302.getConfig() for each remote EID (30110 Arbitrum, 30184 Base, 30102 BNB). If returned requiredDVNCount=1 and optionalDVNThreshold=0 for any pathway, upgrade to RED.

Sources #

Internal
Usual Data Cache00-data-cache.json layerzero: dvn_configs: [], dvn_addresses: [], dvn_threshold: null — pipeline did not retrieve DVN configurationretrieved 2026-05-17
Audit
Paladin Oct 2024 Audit — Usual Tech Docs Audit ListPaladin Oct 2024 audit — scope: L2 token contracts, OFT MintAndBurnAdapter, L1 OFT Adapter; report not publicly accessible for DVN config detailretrieved 2026-05-17
URL
Blockaid — How a Single LayerZero DVN Compromise Drained $292M from KelpDAOBlockaid KelpDAO analysis: 47% of active OApps at 1/1 DVN; requiredDVNCount=1+optionalDVNThreshold=0 = catastrophic single-point-of-failure; detection method via ReceiveUln302.getConfig()retrieved 2026-05-17
URL
LayerZero OFT/OApp DVN configuration audit script (Blockaid/IdoBn)Blockaid DVN audit script — documents on-chain methodology to verify DVN count: cast call ReceiveUln302 getConfig(address,address,uint32,uint32)(bytes)retrieved 2026-05-17

Methodology #

For any LayerZero OFT adapter, read the DVN configuration: count of DVNs, k-of-N threshold, and operator diversity (independent operators vs same-operator multi-DVN).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-179 score yellow collected_at 2026-05-16 20:39:44