In response to 0x52, Pellegrino countered by saying that the flexibility to configure payload limits is a deliberate design selection.
In a collection of heated exchanges on X (previously Twitter), LayerZero Labs’ co-founder and CEO Bryan Pellegrino dismissed claims of a important vulnerability within the LayerZero protocol as “totally baseless”.
The controversy started when pseudonymous blockchain safety researcher 0x52 disclosed what he claimed to be a important flaw in LayerZero’s messaging protocol. Since then, 0x52 has deleted his authentic tweet and apologized for the false alarm.
I’ve deleted my prior posts. I ought to have additional validated all elements earlier than posting.
Apologies to @LayerZero_Labs. Many because of @PrimordialAA for doing what I didn’t do and for correcting my mistake.
— 0x52 (@IAm0x52) July 1, 2024
Particulars of the Alleged Vulnerability
0x52’s revelations stemmed from his audit of the UXDProtocol beneath the SherlockDefi audit program. He claimed that LayerZero’s endpoint contract, which handles messages between protocols, didn’t restrict the scale of messages or vacation spot addresses.
He warned {that a} hacker may ship a message with a really giant vacation spot handle, inflicting errors and doubtlessly stopping communication between completely different blockchain networks. This might result in vital monetary losses for affected protocols.
In keeping with 0x52, this vulnerability may have an effect on many protocols utilizing LayerZero, particularly these involving each EVM (Ethereum Digital Machine) chains and non-EVM chains like Solana, which use completely different handle sizes.
LayerZero CEO’s Response and Design Philosophy
In response to 0x52, Pellegrino countered by saying that the flexibility to configure payload limits is a deliberate design selection. He defined that imposing a hard and fast restrict may permit censorship, which works towards LayerZero’s aim of making a censorship-resistant system.
Not solely is that this not a bug, that is by design within the protocol
Any messaging protocol that enshrines this configuration can now censor any utility. You can not have one with out the opposite. We consider in censorship-resistant know-how rails.
— Bryan Pellegrino (臭企鹅) (@PrimordialAA) July 1, 2024
Pellegrino additional clarified that the code referenced by 0x52 dates again to 2022 and pertains to utility configuration, not the core protocol. He said that the payload measurement restrict is a part of the app’s safety settings and might be adjusted by the app itself. Pellegrino famous that if an app couldn’t override this configuration, LayerZero may doubtlessly block utility messaging by setting the payload restrict to zero, which might contradict the protocol’s design rules.
Pellegrino inspired skeptics to fork and check the system themselves, insisting that the problem may solely happen if an utility particularly opted to configure it that approach, much like how a person utility on Ethereum may need unhealthy contract configurations.
As LayerZero continues to develop, this dialogue highlights the necessity for fixed scrutiny of their safety protocols.
ZRO Token Launch Faces Combined Reactions
LayerZero Labs stays assured within the energy and reliability of its cross-chain interoperability know-how, which permits sensible contracts on completely different blockchains to speak and switch worth throughout remoted decentralized networks.
Lately, LayerZero began distributing its native ZRO tokens by means of an airdrop. Main crypto exchanges like Binance and Upbit have listed ZRO, however the launch was met with blended reactions. Many individuals have been dissatisfied with the airdrop rewards. As of now, ZRO is buying and selling at round $3.5, a 15% drop since its launch.
