Omnichain (LayerZero)
About
This page gathers Omnichain Tokens built on top of LayerZero AMB protocol that have a market cap over 100k USD.
About
This page gathers Omnichain Tokens built on top of LayerZero AMB protocol that have a market cap over 100k USD.
2024 May 09 — 2025 May 09
This page gathers Omnichain Tokens built on top of LayerZero AMB protocol that have a market cap over 100k USD.
Currently they are: STONE, STG, WAGMI, Wrapped EURA, Wrapped LINK, Wrapped USDC and Wrapped BOBA. Risk associated with using any of them varies, depending on the technological decisions made by the developers. LayerZero as a framework to build omnichain application does not provide any base security as applications can define their own security settings, however applications and tokens choosing the default security settings will leverage security provided by default Oracle, Relayer, Verification Library and Proof Library. Default settings are managed by LayerZero team.
Funds can be stolen if
- oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer,
- omnichain token owner changes Oracle/Relayer pair for their own,
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
- the source code of unverified contracts contains malicious code (CRITICAL).
Users can be censored if
Principle of operation
Omnichain tokens are tokenized Token Bridges. Usually, one chain is designated as main and acts as a token escrow. In this case, transfers from the main chain are done using typical lock-mint model. Transfers between other (non-main) chains are made using burn-mint model. The implementation details may vary between each individual omnichain token and must be individually assessed.
Oracles and Relayers
Omnichain tokens are built on top of LayerZero protocol. LayerZero relies on Oracles to periodically submit source chain block hashes to the destination chain. Once block hash is submitted, Relayers can provide the proof for the transfers. The Oracle and Relayer used can be either default LayerZero contracts, or custom built by the token developers.
Users can be censored if oracles or relayers fail to facilitate the transfer.
Funds can be stolen if oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer.
Funds can be stolen if omnichain token owner changes Oracle/Relayer pair for their own.
Ethereum
Actors:
Contract authorized to relay messages and - as a result - withdraw funds from the bridge.
Used in:
Contracts that submit source chain block hashes to the destination chain.
A Multisig with 3/5 threshold. Contract authorize to update default security parameters (Relayer, Oracle, Libraries). Owner of the Endpoint and UltraLightNodeV2 contract.
Used in:
Ethereum
Contract used to submit source chain block hashes. One of the default Oracles. The source code of this contract is not verified on Etherscan.
Proxy used in:
Contract used to submit source chain block hashes. One of the default Oracles.
Proxy used in:
Contract used to provide the merkle proof for the transfers on source chains. The source code of this contract is not verified on Etherscan.
Proxy used in:
Contracts used to validate messages coming from source chains.
Contracts used to validate messages coming from source chains.
Proxy used in:
Value Secured is calculated based on these smart contracts and tokens:
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).