DeFiPunk'd

LayerZero

2 deployments · $7.5B aggregate TVL · Bridge

Deployments

Each deployment is rated independently. Pick one to see its rating, risk analysis, and stage.
TVL $7.5B
Type Bridge
Chains Ethereum, Arbitrum, Base, Avalanche, Polygon +55
View on DeFiLlama ↗
Control — tentative orange (3/3 models submitted) Ability to exit — tentative unknown (3/3 models submitted) Autonomy — tentative red Open Access — tentative green (3/3 models submitted) Verifiability — tentative green Control Exit Autonomy Open Access Verifiable
Control criteria
Upgradeability Immutable Bug bounty immunefi.com Governance forum Docs docs.layerzero.network
About

LayerZero V2 is an omnichain messaging protocol. Applications send cross-chain messages through EndpointV2, with send and receive message libraries, DVNs, and executors used for verification and delivery. The distinctive mechanism is configurable cross-chain messaging rather than a single canonical liquidity bridge.

Risk analysis

One card per dimension, sorted by severity. Only Verifiability and Autonomy carry automated signals in Phase 0. See methodology for scope.

Audit a dimension yourself · DEFI@home Contribute an LLM-run assessment — any model, any dimension. Three agreeing runs merge automatically into the public record.

DEFI@home is a distributed audit network modeled on SETI@home: instead of CPU cycles, it crowdsources LLM reasoning. Paste a slice prompt into Claude, ChatGPT, Gemini, or any browsing-capable model, and submit the JSON output as a pull request. The quorum bot merges it once ≥3 independent runs (from different models) reach the same grade — no single model, and no single contributor, can move the needle alone. How it works →

  • Address discovery 102 addresses on file · 1 run Submit run ↗
  • Verifiability Unverified Submit run ↗
  • Control 3/3 submitted Submit run ↗
  • Ability to exit 3/3 submitted Submit run ↗
  • Autonomy Unverified Submit run ↗
  • Open Access 3/3 submitted Submit run ↗
  • Audit all 5 dimensions · one prompt Submit run ↗
  1. Verifiability tentative
    Open source + 8 audits

    Protocol publishes a GitHub repository and has at least one audit on record. This is a coarse Phase-0 signal only: auditor reputation, scope, and post-audit review coverage are not yet weighted.

    Run your own prompt Submit run ↗
  2. Control 3/3 models submitted
    LayerZero V2 Endpoint defaults are controlled by 3-of-5 OneSig owner contracts with no on-chain timelock observed.
    Tentative grades
    • gpt-5.5-thinking orange
    • claude-sonnet-4-6 orange
    • grok-xai orange

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (21)
    C1
    The assessed Ethereum EndpointV2 owner is 0xBe010A7e3686FdF65E93344ab664D065A0B02478. Arbitrum and Unichain EndpointV2 surfacers show separate OneSig owners at 0x9A3cE220D17a92dd4DF9766ceE48fDd0c448bA4f and 0x32b323EFC09D5812510B6510b242647C603947Ab.
    C2
    The assessed EndpointV2 is not evidenced as a proxy in the fetched reads, but it has owner-controlled mutable configuration: MessageLibManager exposes onlyOwner functions to register libraries and set default send and receive libraries.
    C3
    The observed fast path is OneSig threshold signatures plus executor execution. The Ethereum OneSig threshold is 3 and totalSigners is 5; no on-chain timelock constant was observed in the fetched OneSig surface.
    C4
    The Ethereum, Arbitrum, and Unichain OneSig contracts expose the same threshold shape, 3-of-5 signers, and executorRequired=true. The signer real-world identities were not verified, so these multisigs do not meet the Security Council standard.
    C5
    No on-chain Governor or token-voting path was found in fetched evidence for the assessed EndpointV2 control path. The operative owner path is OneSig.
    C6
    No separate emergency guardian was verified. The relevant emergency-like surface is the owner-configurable message library path, including default library controls and the presence of BlockedMessageLib in registered libraries.
    C7
    The highest reachable tier is treated as T1/T2 for the assessed messaging core because the owner can register and set default message libraries, which can affect default cross-chain message verification and delivery for OApps using defaults. The path is controlled by a 3-of-5 OneSig with no observed on-chain delay.
    C1
    Ethereum EndpointV2 (0x1a44076050125825900e736c501f859c50fE728c) owner() returns 0xBe010A7e3686FdF65E93344ab664D065A0B02478, a contract named 'OneSig'. Arbitrum EndpointV2 (same address) owner() returns 0x9A3cE220D17a92dd4DF9766ceE48fDd0c448bA4f (also a OneSig). Optimism/Unichain endpoints share owner 0x32b323EFC09D5812510B6510b242647C603947Ab (also a OneSig). All OneSig contracts have identical signer sets: 0x0cb72C1F6a36c225A7E2B21712E8853A4A1acc47, 0x5bC6AA6ad117A8B50ABf9E1658971f5DA1968c5c, 0x73E9c017Ad37e2113e709D8070Cc9E1b28180e1e, 0x771dcAcB96024d1e55Fd21Fe8a8187AA7EC9e77e, 0xe67DB04d7eFF4e9ec282eD929632D4FF058112d7; threshold=3, executorRequired=true with 1 executor (0x39f86ECef62c5bcE23428d6b7c7050D9Ecb0e346). SendUln302 and ReceiveUln302 on Ethereum have the same owner.
    C2
    All core contracts are immutable (not proxied): defipunkd ABI endpoint returns proxy=null for EndpointV2 (0x1a44076050125825900e736c501f859c50fE728c, Ethereum) and SendUln302 (0xbB2Ea70C9E858123480642Cf96acbcCE1372dCe1, Ethereum). The LayerZero V2 docs and GitHub repo explicitly describe 'immutable core contracts' and 'append-only MessageLib registry'. Once registered, message libraries cannot be removed.
    C3
    No timelock contract was found. The execution path is: 3-of-5 OneSig signers sign a Merkle-tree transaction bundle, the single executor (0x39f8...) submits it, and it executes immediately. There is no queuing delay. Total uncontested-fast-path delay: 0 seconds.
    C4
    The OneSig on Ethereum (0xBe010A7e3686FdF65E93344ab664D065A0B02478) has 5 signers and threshold=3. The same 5 EOA signers appear on all chain-specific OneSig contracts across Ethereum, Arbitrum, Optimism, Unichain, and Linea. Signer identities are not publicly documented. The single executor is also unidentified. No separate emergency multisig or guardian role was found. The OneSig is NOT a standard Gnosis Safe — it is a custom contract with Merkle-tree-based batch transaction support.
    C5
    No on-chain governor, GovernorBravo, or OZ Governor was found. No voting token or governance forum was identified this run. Ownership is held directly by the per-chain OneSig multisigs.
    C6
    No separate emergency-pause guardian or role distinct from the OneSig owner was found on the EndpointV2 or MessageLib contracts. The only special mechanism is the hardcoded 'blockedLibrary' (0x1ccBf0db9C192d969de57E25B3fF09A25bb1D862) which is a permanent sentinel in the registry — it cannot be reassigned by the owner.
    C7
    Highest tier: T1. The OneSig owner can call (a) registerLibrary(address) to add a new MessageLib to the append-only registry, then (b) setDefaultSendLibrary(uint32 dstEid, address lib) and setDefaultReceiveLibrary(uint32 srcEid, address lib, uint256 expiry) on EndpointV2 to redirect default message verification for all OApps that have not pinned their own library. A malicious library substituted as the default could forge verified messages and drain OFT escrows on destination chains. Additionally, the SendUln302 owner can call setDefaultUlnConfigs and setDefaultExecutorConfigs to change default DVN and executor assignments for all OApps using defaults. No on-chain bound limits these changes. Severity: T1 on the uncontested path with no timelock.
    C1
    EndpointV2 (0x1a44076050125825900e736c501f859c50fE728c, eid 30101) owner() returns 0xBe010A7e3686FdF65E93344ab664D065A0B02478 (custom OneSig 3/5 multisig) via https://defipunkd.com/api/contract/read?chainId=1&address=0x1a44076050125825900e736c501f859c50fE728c&method=owner at block 25381238 and surfacer page.
    C2
    No proxy pattern, no implementation()/admin() storage; immutable per incident report and contract read (no upgrade surface). Message libraries (SendUln302 0xbB2Ea70C9E858123480642Cf96acbcCE1372dCe1, ReceiveUln302) are append-only immutable once deployed; new libs registerable but existing ones unmodifiable.
    C3
    No timelock, no multi-stage execution path (voting/scheduler/execute), no MIN_DELAY or queue. Direct multisig execution on owner-controlled functions (registerLibrary, setDefaultUlnConfigs, setTreasury, withdrawFee).
    C4
    Primary control multisig is custom OneSig (5 signers, 3 threshold, executorRequired=true, 1 executor) at 0xBe010A7e3686FdF65E93344ab664D065A0B02478. DVN contracts use separate per-operator signer quorums (e.g. LZ DVN at 0x589dEDbD617e0CBcB916A9223F4d1300c294236b). No other reachable multisigs on T1/T2 paths enumerated.
    C5
    No on-chain Governor, OZ Governor, Aragon, or token-weighted voting. No proposalThreshold/votingPeriod/quorum/timelock constants readable.
    C6
    No pause(), whenNotPaused, PAUSE_ROLE, guardian, or emergency role on EndpointV2. Explicitly cannot be paused or modified per incident report.
    C7
    Highest reachable tier T2 on uncontested fast path: setDefaultUlnConfigs / setDefaultExecutorConfigs (affects default security posture for unset OApps), setTreasury / withdrawFee / withdrawLzTokenFee (fee redirection), registerLibrary (adds new verification paths). No T1 (immutable Endpoint/libs hold no user funds; no mint/pause-withdraw/upgrade-to-drain functions). 3/5 OneSig fails Security Council criteria (>=7 signers + >=50% non-insider public).
    Why is this slice uncertain?
    • only 3 of 3 model submissions on record — quorum requires ≥3 agreeing models

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5-thinking no url claude-sonnet-4-6 no url grok-xai no url View raw submissions ↗
  3. Ability to exit 3/3 models submitted
    No canonical user withdrawal surface was identified on EndpointV2; OApp-level exits were not assessed.
    Tentative grades
    • gpt-5.5-thinking unknown
    • claude-sonnet-4-6 green
    • grok-xai green

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (17)
    E1
    The assessed EndpointV2 write surface includes send, clear, burn, nilify, recoverToken, and message-library configuration functions, but no withdraw, redeem, claim, requestWithdrawal, or exit function was identified on the EndpointV2 surfacer.
    E2
    EndpointV2 source shows send is external payable, clear requires OApp authorization through _assertAuthorized(_oapp), and recoverToken plus setLzToken are onlyOwner.
    E7
    Direct contract interaction is visible through surfacer and Etherscan write-method listings, but that does not establish a user-facing exit path because the LayerZero core is a messaging endpoint rather than a custody vault.
    E1
    LayerZero V2 is a messaging protocol, not a fund vault. The EndpointV2 does not hold user tokens. The relevant exit functions are: (a) lzReceive((uint32,bytes32,uint64),address,bytes32,bytes,bytes) — deliver a verified message to the destination OApp; (b) clear(address,(uint32,bytes32,uint64),bytes32) — OApp owner or delegate can clear a verified payload; (c) nilify(address,uint32,bytes32,uint64,bytes32) — OApp owner or delegate can mark a nonce as nil (cancel a message); (d) skip(address,uint32,bytes32,uint64) — OApp owner or delegate can advance the lazy inbound nonce past a nonce. These functions are enumerated from the ABI returned by the defipunkd ABI endpoint for EndpointV2.
    E2
    The lzReceive function is callable by any address (permissionless). The only check is that the caller passes a valid (already-verified) packet — verified meaning the payload hash has been committed to the ReceiveUln302 by the configured DVNs. The clear/nilify/skip functions are restricted to the OApp address or its delegate via _assertAuthorized, which is enforced by EndpointV2. Neither lzReceive nor any other core execution path has a whenNotPaused guard or any admin-triggered gate.
    E3
    No pause role, PAUSE_ROLE, guardian, or isPaused state variable was found in the EndpointV2 ABI (verified via defipunkd ABI endpoint, proxy=null). The defipunkd surfacer for EndpointV2 (Ethereum) lists 10 zero-arg view methods (EMPTY_PAYLOAD_HASH, NIL_PAYLOAD_HASH, blockedLibrary, eid, getRegisteredLibraries, getSendContext, isSendingMessage, lzToken, nativeToken, owner) — none of which are a 'paused' state. No PAUSE_INFINITELY or time-capped pause was found.
    E4
    No emergency pause path was found. The same OneSig 3-of-5 that controls protocol configuration has no dedicated pause function on the EndpointV2. The blockedLibrary (0x1ccBf0db9C192d969de57E25B3fF09A25bb1D862) is a reserved sentinel — it is permanently registered as the first library and cannot be set as the effective library for active OApps without each OApp's own delegate calling setSendLibrary/setReceiveLibrary.
    E5
    There is no withdrawal queue in the core EndpointV2. Message delivery is event-driven: once a DVN commits a verified payload hash, any executor (or the user directly) can call lzReceive. There is no daily cap or max queue duration at the EndpointV2 level. Individual OApp contracts (e.g., OFT implementations) may have their own queuing or rate-limiting, but those are not in scope for this assessment of the core protocol.
    E6
    If a DVN fails to verify a message, the message is frozen (not delivered). The protocol's escape hatch for such cases is: (a) the OApp operator can switch to a different DVN by calling setReceiveLibrary or setConfig on the EndpointV2 delegate, reconfiguring the security stack; (b) the nilify function allows the OApp operator to cancel a pending nonce with a valid guardian signature; (c) execution of already-verified messages is permissionless. There is no forced-exit mechanism for end users at the EndpointV2 level when DVN liveness fails — this is acknowledged as a DVN-liveness risk in the Autonomy slice.
    E7
    All core functions (lzReceive, send, etc.) are directly callable via any standard Ethereum interaction tool (Etherscan write tab, Foundry, ethers.js). No LayerZero frontend or off-chain infrastructure is required to submit a transaction. The LayerZero Scan tool at layerzeroscan.com provides monitoring but is not required for execution.
    E1
    Core contracts (EndpointV2, SendUln302, ReceiveUln302) expose no user-fund custody/exit functions (withdraw/redeem/burn/claim); messaging is send() / lzReceive() / composeQueue() permissionless (pay fees). App-specific exits (OFT burn/redeem) live in downstream OApp contracts, not core.
    E2
    No access modifiers (onlyRole/onlyOwner/whenNotPaused) gate core receive/claim paths on EndpointV2; immutable and owner functions limited to config/library registration (not message delivery).
    E3
    No pause guards, paused(), isPaused(), PAUSE_ROLE, or GUARDIAN on EndpointV2 or registered libs. Explicitly cannot be paused per incident report. No max pause duration or uncapped pause callable.
    E4
    No emergency-pause path separate from governance; no pause mechanism exists at all on core Endpoint.
    E5
    No queued redemption, daily caps, or pausable queue on core messaging layer.
    E6
    No forced-exit/escape-hatch needed; messaging is permissionless and censorship-resistant by design (immutable Endpoint delivers verified messages without admin gate).
    E7
    All core functions (send, lzReceive, setPeer, setConfig per OApp) directly callable on-chain via Etherscan write tab, generic wallets, or SDKs with no frontend dependency.
    Why is this slice uncertain?
    • only 3 of 3 model submissions on record — quorum requires ≥3 agreeing models
    • submitted models do not yet agree on a single grade

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5-thinking no url claude-sonnet-4-6 no url grok-xai no url View raw submissions ↗
  4. Autonomy tentative
    External message validators reduce autonomy

    Bridges rely on an external validator set, guardian signatures, or light-client proofs — a category-level autonomy risk independent of any specific implementation.

    Run your own prompt Submit run ↗
  5. Open Access 3/3 models submitted
    EndpointV2 send is externally callable, and the official materials describe the protocol as permissionless public-blockchain infrastructure.
    Tentative grades
    • gpt-5.5-thinking green
    • claude-sonnet-4-6 green
    • grok-xai green

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (21)
    A1
    EndpointV2 source shows send(...) is external payable. The fetched code did not show an owner whitelist on this send entry point.
    A2
    Executors and DVNs are dependencies for delivery and verification, but the fetched send entry point itself is not evidenced as operator-gated.
    A3
    The official website describes LayerZero as permissionless infrastructure, and the repository describes the protocol as immutable, censorship-resistant, and permissionless messaging infrastructure.
    A3b
    An independent contract path is available through public contracts: Etherscan and DeFiPunkd expose EndpointV2 read/write surfaces, and source shows direct send(...) access.
    A4
    No contract-level sanctions or address blocklist was identified in the fetched EndpointV2 send path. The official terms impose site/legal eligibility restrictions, including sanctions restrictions, but those are not evidenced as a smart-contract gate.
    A5
    The assessed EndpointV2 public write-method surface includes send, and the source marks send as external payable.
    A6
    LayerZero terms restrict use of the Site by sanctioned persons or jurisdictions, while separately describing the Protocol as source-available software running on public distributed blockchains.
    A1
    No onlyWhitelisted, onlyRole (for user-facing functions), allowlist, isAccredited, or isKYCed modifier was found in the EndpointV2 ABI (verified via defipunkd API). The send() function takes a Packet struct and fee payment — no caller whitelist. The lzReceive() function takes an Origin struct and executes the message — no caller whitelist. Owner-only functions (registerLibrary, setDefaultSendLibrary, etc.) are admin functions, not user-facing entry points.
    A2
    DVNs (verification committees) are required for message verification but not for message submission. A user's send() call does not require DVN approval to be admitted — the transaction is processed unconditionally on the source chain. DVN approval is required for the downstream verification step (permitting execution on the destination chain). This is a liveness dependency, not an admission gate. Separately, Executors deliver messages permissionlessly — any address can pay destination gas to call lzReceive. No single privileged operator controls admission to the messaging system.
    A3
    Frontend restrictions (context only): The official layerzero.network Terms of Use require users to self-certify they are not subject to OFAC sanctions or citizens/residents of comprehensively sanctioned jurisdictions. Verbatim from the terms: 'You further represent that you are not (a) the subject of economic or trade sanctions administered or enforced by any governmental authority or otherwise designated on any list of prohibited or restricted parties (including but not limited to the list maintained by the Office of Foreign Assets Control of the U.S. Department of the Treasury) or (b) a citizen, resident, or organized in a jurisdiction or territory that is the subject of comprehensive country-wide, territory-wide, or regional economic sanctions by the United States.' This is an A3-passive self-certification clause, not runtime enforcement. No evidence of IP-based geo-blocking or wallet-screening oracle on the official site was found this run.
    A3b
    Independent access paths confirmed: (a) Published SDK/devtools at https://github.com/LayerZero-Labs/LayerZero-v2 — OApp developers and end users can interact directly with EndpointV2 using standard Solidity tooling; (b) Direct contract interaction via Etherscan/block-explorer write tabs (EndpointV2 is verified on all supported chains); (c) Third-party DeFi integrations: Stargate Finance (stargate.finance), OFT-based token bridges across major chains, aggregators such as LayerZero Scan routing through the contracts; (d) The LayerZero Whitepaper documents the protocol as 'permissionless infrastructure' with open sender/receiver semantics. These paths are operated independently of LayerZero Labs' official interface.
    A4
    No on-chain blocklist or address screening was found in the EndpointV2 or MessageLib ABIs. OFAC compliance is a self-certification in the website ToS only. No Chainalysis, TRM, or Elliptic oracle integration was observed in the core contracts.
    A5
    Read access: The EndpointV2 exposes all state via public view methods (owner, eid, getRegisteredLibraries, getConfig, etc.) accessible to any caller without restriction. Write access: send(), lzReceive(), and setConfig() (when called by the OApp itself) are permissionless. Admin write methods (registerLibrary, setDefaultSendLibrary) are restricted to the OneSig owner — these are admin functions, not user entry/exit functions.
    A6
    ToS verbatim sanctions clause from https://layerzero.network/terms (fetched this run): 'you are not (a) the subject of economic or trade sanctions...or (b) a citizen, resident, or organized in a jurisdiction or territory that is the subject of comprehensive country-wide, territory-wide, or regional economic sanctions by the United States.' This is a self-certification attestation; no runtime enforcement in the LayerZero V2 contracts.
    A1
    No onlyWhitelisted/onlyRole/allowlist/isKYCed modifiers on user entry points (send, lzReceive, setPeer, setConfig per OApp, registerLibrary is owner-only but not user admission). Anyone can deploy OApp and configure.
    A2
    No off-chain operator approval required to admit send/receive/claim actions. DVN/executor liveness affects delivery but not admission (permissionless placement).
    A3
    Official frontend/website ToS contains standard sanctions/jurisdictional boilerplate (A3-passive); no runtime IP geo-blocking or wallet screening enforcement detected on core contracts. Context only, does not affect grade.
    A3b
    Independent access paths exist: official Solidity SDK + examples in docs.layerzero.network and GitHub LayerZero-Labs/LayerZero-v2; third-party frontends/bridges (Stargate, many OFT deployments, aggregators) route through contracts; wallet integrations (MetaMask, Safe apps) and direct Etherscan write calls all work without official publisher cooperation.
    A4
    No on-chain sanctions blocklist or OFAC oracle check in EndpointV2 or ULN libs; admission is unconditional.
    A5
    Read access fully permissionless (anyone can call view functions/getConfig/getRegisteredLibraries). Write access (send, setPeer per OApp, lzReceive) also permissionless (gas + fees).
    A6
    ToS on layerzero.network contains standard eligibility/sanctions language; verbatim extraction not performed in this run but does not gate contract admission.
    Why is this slice uncertain?
    • only 3 of 3 model submissions on record — quorum requires ≥3 agreeing models

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5-thinking no url claude-sonnet-4-6 no url grok-xai no url View raw submissions ↗

Stage

Preview of the Phase-3 maturity framework. DeFiPunk'd will adopt DeFiScan v2's stages verbatim; the section is rendered below in its intended shape so the structure is visible today.

LayerZero V2 has not yet been assessed under the DeFiScan v2 stage framework.
The walkaway test is the central criterion. Once stages land, protocols reach Stage 1 only if users can exit in the presence of malicious operators even when the emergency council disappears.
Scope of assessment
Stages are assessed per-protocol against DeFiScan v2's criteria: governance structure, upgradeability path, timelock durations, emergency-council scope, and the walkaway test. The analysis depends on onchain discovery (roles, owners, timelocks) and deeper review of deployed contracts — neither of which DeFiPunk'd automates at Phase 0.
Stage 0 requirements pending
Governance is largely off-chain, contracts are upgradeable with short or no timelock, and the protocol depends on a multisig or team with full discretion. At Phase 0 DeFiPunk'd does not automatically evaluate these; the assessment lands with crawler-based onchain discovery.
Stage 1 requirements pending
Users can exit or opt out on their own terms even if the team disappears. Upgrades run through a meaningful timelock with an emergency security council clearly scoped. The walkaway test is the headline criterion.
Stage 2 requirements pending
Protocol is fully permissionless and immutable, or upgrades require a supermajority of token holders with a long timelock and no emergency override. This is the terminal stage of the DeFiScan v2 framework.
Learn more about DeFiScan v2 stages →
Stages are an opinionated assessment of maturity, not a rating of security or safety. A protocol can sit at Stage 2 and still carry substantial technical or economic risk; the framework exists to incentivize decentralization, not to rank protocols.

Contract surface

Every contract in scope for this protocol — pooled from DeFiLlama's TVL adapter (mechanical) and DEFI@home discovery submissions (LLM-curated). Verified-source flags come from Etherscan + Sourcify; owner / multisig metadata is read on-chain when available. Reviewer audit context, not a slice score. A lending protocol's adapter set will list third-party collateral tokens alongside its own contracts; attribution is the grader's job.

  • 97addresses
  • 0verified source
  • 0proxies

Abstractother (EndpointV2, eid 30324)0x5c6c…4ae7discovery
Arbitrumother (EndpointV2, eid 30110)0x1a44…728cdiscovery
Arbitrumother (LZ Dead DVN, eid 30110)0x758c…8ec1discovery
Arbitrumother (LZ Executor, eid 30110)0x31ca…660ddiscovery
Arbitrumother (ReadLib1002, eid 30110)0xbcd4…beffdiscovery
Arbitrumother (ReceiveUln302, eid 30110)0x7b9e…05e6discovery
Arbitrumother (SendUln302, eid 30110)0x975b…493adiscovery
Astarother (EndpointV2, eid 30210)0x1a44…728cdiscovery
Avalancheother (EndpointV2, eid 30106)0x1a44…728cdiscovery
Avalancheother (LZ Executor, eid 30106)0x90e5…bd9cdiscovery
Avalancheother (ReceiveUln302, eid 30106)0xbf35…2c61discovery
Avalancheother (SendUln302, eid 30106)0x197d…558adiscovery
Baseother (EndpointV2, eid 30184)0x1a44…728cdiscovery
Baseother (LZ Dead DVN, eid 30184)0x6498…9703discovery
Baseother (LZ Executor, eid 30184)0x2cca…bae4discovery
Baseother (ReceiveUln302, eid 30184)0xc70a…4bafdiscovery
Baseother (SendUln302, eid 30184)0xb532…dda2discovery
Berachainother (EndpointV2, eid 30362)0x6f47…dd5bdiscovery
Binanceother (EndpointV2, eid 30102)0x1a44…728cdiscovery
Binanceother (LZ Executor, eid 30102)0x3ebd…4859discovery
Binanceother (ReceiveUln302, eid 30102)0xb217…cec1discovery
Binanceother (SendUln302, eid 30102)0x9f8c…23dediscovery
Blastother (EndpointV2, eid 30243)0x1a44…728cdiscovery
Blastother (LZ Executor, eid 30243)0x4208…0a0bdiscovery
Blastother (ReceiveUln302, eid 30243)0x3775…b5b6discovery
Blastother (SendUln302, eid 30243)0xc1b6…9821discovery
BOBother (EndpointV2, eid 30279)0x1a44…728cdiscovery
Cantoother (EndpointV2, eid 30159)0x1a44…728cdiscovery
Celoother (EndpointV2, eid 30125)0x1a44…728cdiscovery
Citreaother (EndpointV2, eid 30403)0x6f47…dd5bdiscovery
Confluxother (EndpointV2, eid 30212)0x1a44…728cdiscovery
Ethereumother (BlockedMessageLib, eid 30101)0x1ccb…d862discovery
Ethereumother (EndpointV2, eid 30101)0x1a44…728cdiscovery
Ethereumother (LZ Dead DVN, eid 30101)0x747c…f6acdiscovery
Ethereumother (LZ Executor, eid 30101)0x1732…3059discovery
Ethereumother (ReadLib1002, eid 30101)0x74f5…db9ddiscovery
Ethereumother (ReceiveUln302, eid 30101)0xc02a…24c2discovery
Ethereumother (SendUln302, eid 30101)0xbb2e…dce1discovery
Fantomother (EndpointV2, eid 30112)0x1a44…728cdiscovery
Flareother (EndpointV2, eid 30295)0x1a44…728cdiscovery
Flowother (EndpointV2, eid 30336)0xcb56…aaaadiscovery
Fraxtalother (EndpointV2, eid 30255)0x1a44…728cdiscovery
Goatother (EndpointV2, eid 30361)0x6f47…dd5bdiscovery
Harmonyother (EndpointV2, eid 30116)0x1a44…728cdiscovery
Hederaother (EndpointV2, eid 30316)0x3a73…9aa9discovery
Hemiother (EndpointV2, eid 30329)0x6f47…dd5bdiscovery
Hyperliquid L1other (EndpointV2, eid 30367)0x3a73…9aa9discovery
Inkother (EndpointV2, eid 30339)0xca29…e958discovery
Katanaother (EndpointV2, eid 30375)0x6f47…dd5bdiscovery
Kavaother (EndpointV2, eid 30177)0x1a44…728cdiscovery
Klaytnother (EndpointV2, eid 30150)0x1a44…728cdiscovery
Lineaother (EndpointV2, eid 30183)0x1a44…728cdiscovery
Lineaother (LZ Executor, eid 30183)0x0408…a7c7discovery
Lineaother (ReceiveUln302, eid 30183)0xe22e…b205discovery
Lineaother (SendUln302, eid 30183)0x3204…ea06discovery
Liskother (EndpointV2, eid 30321)0x6f47…dd5bdiscovery
Mantaother (EndpointV2, eid 30217)0x1a44…728cdiscovery
Mantleother (EndpointV2, eid 30181)0x1a44…728cdiscovery
MegaETHother (EndpointV2, eid 30398)0x6f47…dd5bdiscovery
Metisother (EndpointV2, eid 30151)0x1a44…728cdiscovery
Modeother (EndpointV2, eid 30260)0x1a44…728cdiscovery
Monadother (EndpointV2, eid 30390)0x6f47…dd5bdiscovery
Moonriverother (EndpointV2, eid 30167)0x1a44…728cdiscovery
Morphother (EndpointV2, eid 30322)0x6f47…dd5bdiscovery
Nibiruother (EndpointV2, eid 30369)0x2a5e…aefddiscovery
Op_Bnbother (EndpointV2, eid 30202)0x1a44…728cdiscovery
Optimismother (EndpointV2, eid 30111)0x1a44…728cdiscovery
Optimismother (LZ Executor, eid 30111)0x2d2e…666ediscovery
Optimismother (ReceiveUln302, eid 30111)0x3c49…2063discovery
Optimismother (SendUln302, eid 30111)0x1322…6e95discovery
Peaqother (EndpointV2, eid 30302)0x6f47…dd5bdiscovery
Plasmaother (EndpointV2, eid 30383)0x6f47…dd5bdiscovery
Plume Mainnetother (EndpointV2, eid 30370 plumephoenix)0xc1b1…cb36discovery
Polygonother (EndpointV2, eid 30109)0x1a44…728cdiscovery
Polygonother (LZ Executor, eid 30109)0xcd3f…885bdiscovery
Polygonother (ReceiveUln302, eid 30109)0x1322…6e95discovery
Polygonother (SendUln302, eid 30109)0x6c26…9da3discovery
RSKother (EndpointV2, eid 30333)0xcb56…aaaadiscovery
Scrollother (EndpointV2, eid 30214)0x1a44…728cdiscovery
Scrollother (ReceiveUln302, eid 30214)0x8363…9808discovery
Scrollother (SendUln302, eid 30214)0x9bbe…a03bdiscovery
Seiother (EndpointV2, eid 30280)0x1a44…728cdiscovery
Soneiumother (EndpointV2, eid 30340)0x4bcb…3a19discovery
Sonicother (EndpointV2, eid 30332)0x6f47…dd5bdiscovery
Stableother (EndpointV2, eid 30396)0x6f47…dd5bdiscovery
Swellchainother (EndpointV2, eid 30335)0xcb56…aaaadiscovery
TACother (EndpointV2, eid 30377)0x6f47…dd5bdiscovery
Taikoother (EndpointV2, eid 30290)0x1a44…728cdiscovery
Tempoother (EndpointV2, eid 30410)0x20bb…cc9cdiscovery
Unichainother (EndpointV2, eid 30320)0x6f47…dd5bdiscovery
World Chainother (EndpointV2, eid 30319)0x6f47…dd5bdiscovery
X Layerother (EndpointV2, eid 30274)0x1a44…728cdiscovery
XDCother (EndpointV2, eid 30365)0xcb56…aaaadiscovery
zkSync Eraother (EndpointV2, eid 30165)0xd07c…ddbfdiscovery
zkSync Eraother (LZ Executor, eid 30165)0x664e…d8a6discovery
zkSync Eraother (ReceiveUln302, eid 30165)0x0483…59e1discovery
zkSync Eraother (SendUln302, eid 30165)0x07fd…e12cdiscovery

Protocol Info

Links

[defillama] Source: DeFiLlama [:] Source: DEFI@home quorum
Website
https://layerzero.network
Twitter
@LayerZero_Core
GitHub
3 repositories
Docs
https://docs.layerzero.network/v2/deployments/deployed-contracts

Security

[:] Source: DEFI@home quorum
Audits
9 audits
Bug bounty
https://immunefi.com/bug-bounty/layerzero/information/
Security contact
https://docs.layerzero.network/community/bug-bounty-support

Technical

[:] Source: DEFI@home quorum
Deployed contracts
https://docs.layerzero.network/v2/deployments/deployed-contracts
Upgradeability
Immutable

Provenance

[defillama] Source: DeFiLlama
Review status
listed
Updated
2026-06-22 11:48 UTC