<aside> 💡 Assessment conclusion

After assessing the current version of the LayerZero protocol, the Committee has concluded that it does not currently satisfy the full breadth of the requirements of the Uniswap DAO's cross-chain governance use case as outlined in the assessment framework, but is on a path to do so. LayerZero employs a combination of two types of validators to secure the protocol: Oracles and Relayers. However, currently, the available options for Oracles and Relayers do not offer the level of decentralization and security required for Uniswap's use case. LayerZero has a planned upgrade to its oracle and relayer set that would likely address these concerns.

A cursory analysis of the planned updates is promising. The Committee acknowledges that LayerZero is being used for the Avalanche deployment. The Committee encourages swift action from the LayerZero team in implementing this upgrade, and recommends that the protocol be reassessed once the new configuration has been in operation for period of at least three months and as attained sufficient usage, given that the performance of the validator set is a key factor in the assurances the protocol can offer around safety and liveness.

NB: The assessment of LayerZero was conducted prior to its recent update which employs a ZK Client as an additional validation option. This update may address some of the key concerns identified by the Committee but has not yet been assessed.

</aside>

Security Analysis Summary

LayerZero is a general-purpose cross-chain messaging protocol that employs two types of validators: Oracles and Relayers. Oracles relay block header information from a source network to a destination network on-demand, while Relayers submit proofs that specific message are valid according to the block headers submitted by Oracles.

LayerZero allows applications to choose the specific Oracle and Relayer configuration that best fits their security requirements. In theory, an Oracle and Relayer can be a single node or a network of nodes with different coordination and incentivization mechanisms. Therefore, the safety, liveness, and censorship-resistance properties of the protocol depend on the specific configuration chosen by an application. Applications can choose between using one of two readily available configurations set-up by LayerZero, and setting up their own Oracle and Relayer configuration. Setting up its own configuration entails significant operational effort and overhead that do not fit within the constraints of our use case. The Committee evaluated LayerZero's security based on available configurations during the time of the assessment.

The most secure configuration for LayerZero at the time involves a Chainlink Decentralized Oracle Network (DON) consisting of four reputable legal entities and a Relayer operated by LayerZero. This configuration uses a Proof-of-Authority mechanism, which relies on the trustworthiness of the validator set (Oracles and Relayer) for security.

In this configuration, a message is considered valid if four entities sign a message (i.e., three Oracle nodes and a Relayer). If this quorum of nodes are compromised or decide to collude, the protocol’s safety would be violated. Similarly, liveness can be impacted by the failure of a single entity (i.e., LayerZero). The single LayerZero Relayer can also choose to censor all messages from a given application. The Committee believes these thresholds are low and do not currently meet the security requirements for Uniswap’s cross-chain governance use-case.

LayerZero is working on making a new configuration available that offers increased decentralization and security. This new configuration will involve 11 entities operating a decentralized network of Relayers and Oracles. The configuration will also use a Proof-of-Authority mechanism that relies on the caliber and reputation of the validator entities.

The team has confidentially disclosed the identities of 9 of the 11 validator entities to the bridge assessment Committee. These parties are established and reputable organizations, most of which operate blockchain infrastructure as part of their core business.

In the new configuration, a threshold of 7 out of 11 entities will be required to validate messages. This would provide a safety threshold of 7 entities and a liveness threshold of 5 for the protocol. Based on high-level discussions with the team regarding this new configuration, they appear to have put thought into ensuring the independence, resilience, security, and sustainability of the validator set.

Risks and Concerns

• LayerZero’s current available configurations do not meet the security requirements for Uniswap’s cross-chain governance use-case
• It is possible to attain more safety and liveness guarantees in LayerZero, but doing so would require that a party or a set of parties operate application-specific infrastructure on behalf of the Uniswap DAO. For example, on the Relayer side, the Uniswap Foundation could operate its own relayer or convene a set of entities that can operate a decentralized set of relayers. On the Oracle side, Uniswap could convene a larger, more decentralized set of entities that can offer Oracle services. However, these options do not meet the current constraints, as outlined above, and were not considered.
• The upcoming configuration for LayerZero appears promising. However, at the time of writing, critical technical and operational details are still being finalized. It will be necessary to evaluate this configuration once it is in production for a period of time to assess its suitability.
• LayerZero is also working on version 2 of its protocol, which appears to address a number of the Committee's concerns. However, similar considerations apply in terms of assessing its final design, implementation, and operational track record in production before it can be considered for adoption.
• LayerZero's off-chain components are currently not open source. The team has communicated its intention to open-source them once adequate testing and documentation have been completed.
• LayerZero's off-chain components, such as the Relayer and Oracle code, have not yet been audited. The Committee understands that this is currently being undertaken.

Next Steps

The Committee recommends that Uniswap monitor the development of LayerZero over the next few months, particularly with regard to its upcoming configuration involving a more decentralised validator set. The Committee suggests that Uniswap re-evaluates LayerZero once this configuration has been in production for a period of time and has garnered enough usage. Specifically, it is recommended that a re-evaluation once the following criteria are satisfied:

• At least three months of production operation of the new configuration, with a minimum of 15,000 transactions processed across networks relevant to Uniswap. This applies the same standard used when assessing the health of Wormhole's guardian set.