In response to 0x52, Pellegrino countered by saying that the flexibility to configure payload limits is a deliberate design selection.
In a sequence of heated exchanges on X (previously Twitter), LayerZero Labs’ co-founder and CEO Bryan Pellegrino dismissed claims of a vital vulnerability within the LayerZero protocol as “totally baseless”.
The controversy started when pseudonymous blockchain safety researcher 0x52 disclosed what he claimed to be a vital flaw in LayerZero’s messaging protocol. Since then, 0x52 has deleted his authentic tweet and apologized for the false alarm.
I’ve deleted my prior posts. I ought to have additional validated all features earlier than posting.
Apologies to @LayerZero_Labs. Many due to @PrimordialAA for doing what I didn’t do and for correcting my mistake.
— 0x52 (@IAm0x52) July 1, 2024
Particulars of the Alleged Vulnerability
0x52’s revelations stemmed from his audit of the UXDProtocol underneath the SherlockDefi audit program. He claimed that LayerZero’s endpoint contract, which handles messages between protocols, didn’t restrict the dimensions of messages or vacation spot addresses.
He warned {that a} hacker might ship a message with a really giant vacation spot handle, inflicting errors and doubtlessly stopping communication between totally different blockchain networks. This might result in vital monetary losses for affected protocols.
In response to 0x52, this vulnerability might have an effect on many protocols utilizing LayerZero, particularly these involving each EVM (Ethereum Digital Machine) chains and non-EVM chains like Solana, which use totally different handle sizes.
LayerZero CEO’s Response and Design Philosophy
In response to 0x52, Pellegrino countered by saying that the flexibility to configure payload limits is a deliberate design selection. He defined that imposing a set restrict might permit censorship, which matches towards LayerZero’s objective of making a censorship-resistant system.
Not solely is that this not a bug, that is by design within the protocol
Any messaging protocol that enshrines this configuration can now censor any software. You can not have one with out the opposite. We imagine in censorship-resistant know-how rails.
— Bryan Pellegrino (臭企鹅) (@PrimordialAA) July 1, 2024
Pellegrino additional clarified that the code referenced by 0x52 dates again to 2022 and pertains to software configuration, not the core protocol. He said that the payload dimension restrict is a part of the app’s safety settings and might be adjusted by the app itself. Pellegrino famous that if an app couldn’t override this configuration, LayerZero might doubtlessly block software messaging by setting the payload restrict to zero, which might contradict the protocol’s design ideas.
Pellegrino inspired skeptics to fork and check the system themselves, insisting that the problem might solely happen if an software particularly opted to configure it that means, much like how a person software on Ethereum may need unhealthy contract configurations.
As LayerZero continues to develop, this dialogue highlights the necessity for fixed scrutiny of their safety protocols.
ZRO Token Launch Faces Combined Reactions
LayerZero Labs stays assured within the energy and reliability of its cross-chain interoperability know-how, which permits good contracts on totally different blockchains to speak and switch worth throughout remoted decentralized networks.
Lately, LayerZero began distributing its native ZRO tokens by means of an airdrop. Main crypto exchanges like Binance and Upbit have listed ZRO, however the launch was met with blended reactions. Many individuals have been disillusioned with the airdrop rewards. As of now, ZRO is buying and selling at round $3.5, a 15% drop since its launch.
