Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and access control. Security regarding asset solvency is improvable, see Broken integration with special ERC20 tokens. Security regarding the other aforementioned subjects is high.
The general subjects covered are documentation and specifications, code complexity, and gas efficiency. The security regarding all aforementioned subjects is high.
Developers deploying new OFTs or OFTAdapters should consult the documentation and specifications to ensure that omnichain fungible tokens are implemented correctly. Developers should also be aware of special behaviors that are noted in this report.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About LayerZero OFT/OAPP
LayerZero offers a set of smart contracts that implement Omnichain Applications and Omnichain Fungible Tokens, which are built on top of the LayerZero’s protocol. Omnichain Fungible Tokens extend the standard ERC20 tokens by providing bridging functionalities to other chains natively. This review is focused only on the execution layer, while the underlying infrastructure for message passing is assumed to be correct.
—
“LayerZero is an interoperability protocol that connects blockchains (50+ and counting), allowing developers to build seamless omnichain applications, tokens, and experiences. The protocol relies on immutable on-chain endpoints, a configurable Security Stack, and a permissionless set of Executors to transfer censorship-resistant messages between chains.”