Scores/LayerZero

LayerZero

TEMPERED

Cross-Chain Messaging · Multi-chain · N/A (infra) TVL · 15 contracts

Official site: layerzero.network ↗

742

3004756508251000

Confidence73%

Z-Factor0.78

Updated 2026-05-27Public score

Security Profile

Access Control
70

Economic Soundness
65

Oracle Integrity
60

Compositional Risk
52

Governance
55

Maturity
82

Resilience
64

Supply Chain
72

Cross-Chain Messaging
55

Op Security
54

Cascade Exposure
84

Access Ctrl
70

Economic
65

Oracle
60

Compos.
52

Govern.
55

Maturity
82

Resilience
64

Supply Ch.
72

X-Chain
55

OpSec
54

Cascade
84

Min

Avg

Max

Audit History

Zellic

2023-05

Quantstamp

2022-11

Trail of Bits

2024-02

Bug Bounty Program

$15,000,000

Max payout on Immunefi

View Program

Assessment

Mature cross-chain messaging protocol with strong operational history but extreme compositional risk (D4=52, 100+ dependent protocols) and cross-chain trust assumptions (D10=55, DVN honesty model). Any LZ core bug cascades to entire ecosystem. Governance centralization (D5=55) and DVN trust model drag score down from DAMASCUS. Good maturity (D6=82) and adversarial resilience (all findings FP) prevent drop to FORGED.

Dimension Breakdown

Methodology

Access Control

Weight 20% · 76% confidence

+1893 access control checks across 511 total checks (18.2% density)

+18Complex cross-chain authorization model with endpoint-library separation

+18onlyOwner (12 instances), onlyEndpoint, validVersion modifiers

+18Graph extraction missed custom patterns (onlyTreasury, nativeFees[msg.sender])

Provenance

Economic Soundness

Weight 15% · 72% confidence

+13Cross-chain gas pricing model adds economic complexity

+13Fee model across chains creates arbitrage surface

+13Treasury fee accumulation (treasuryZROFees, nativeFees mappings)

+13137 state writes with fee-related writes prominent

Provenance

Oracle Integrity

Weight 10% · 74% confidence

+15DVN replaces oracle model from V1 but adds trust assumptions

+15DVN trust varies per pathway and configuration

+15hashLookup mapping is the verification state -- 4-deep nested mapping

+15FPValidator adds proof verification layer

Provenance

Governance & Upgradeability

Weight 10% · 78% confidence

+28LayerZero Labs retains significant control over core infrastructure

-45ZRO token governance immature

+28Security council provides some decentralization

Provenance

Battle-Tested Maturity

Weight 10% · 80% confidence

+16V1 live since 2022, V2 since 2024 (~4+ years org maturity)

+16No major exploits on core messaging infrastructure

+16V1->V2 migration demonstrates architectural iteration

+16Extensive audit coverage (Trail of Bits, Zellic, Code4rena)

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Cross-Chain Messaging

Weight 10% · 72% confidence

+9DVN trust model: message verification depends on DVN set honesty

+9Message ordering: no guaranteed ordering across channels

+9Replay protection implemented but cross-chain state sync inherently fragile

+9Liveness: DVN failure can halt message delivery per pathway

Provenance

Compositional Risk

Weight 5% · 72% confidence

+10100+ protocols depend on LayerZero for cross-chain messaging

+10Any core vulnerability cascades to entire ecosystem

+10103 external calls across 9 contracts

+10OApp integration bugs are outside LayerZero control

Provenance

Supply Chain

Weight 5% · 76% confidence

+18Custom messaging libraries (non-standard patterns)

-28Complex dependency graph across chain deployments

+18OFT standard adds integration complexity

+184 trust_dependency edges in core graph

Provenance

Operational Security

Weight 5% · 60% confidence

-46No branch protection detected

+11Active CI/CD (80% success rate)

+11Commit signing: 54% verified

+11Dependabot enabled

Provenance

Cascade Exposure

Weight 5% · 55% confidence

+28Appears in 1 cross-protocol cascade chain(s)

-16Failure cascades to 4 downstream protocol(s)

+28Member of 1 dependency cluster(s)

+28Source: cross_protocol_composition.json dependency analysis

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Access Control

70+32.7 potential

93 access control checks across 511 total checks (18.2% density)

Economic Soundness

65+29.5 potential

Cross-chain gas pricing model adds economic complexity

Governance & Upgradeability

55+27.2 potential

ZRO token governance immature

Cross-Chain Messaging

55+27.2 potential

DVN trust model: message verification depends on DVN set honesty

Oracle Integrity

60+23.2 potential

DVN replaces oracle model from V1 but adds trust assumptions

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-03-0111 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:a...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "layerzero"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("layerzero")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/layerzero?variant=card&theme=dark"
  title="BlackHart Risk Index: LayerZero"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review