Key Takeaways
Dune Analytics found 47% of 2,665 Layerzero apps use 1-of-1 DVN, raising security risks.KelpDAO rsETH exploit highlights how minimal setups can expose cross-chain vulnerabilities.Only ~5% use 3+ DVNs, suggesting stronger configs may rise as scrutiny increases.
Most Layerzero OApps Rely on Basic DVN Security Configurations
Nearly half of applications built on Layerzero are operating with the lowest level of security configuration, according to new data from Dune Analytics, highlighting potential vulnerabilities in cross-chain infrastructure.
The analysis, conducted over the past 90 days, reviewed roughly 2,665 unique omnichain application (OApp) contracts and their use of Layerzero’s Decentralized Verifier Network (DVN). It found that 47% of these applications rely on a 1-of-1 DVN setup, the minimum threshold required to validate cross-chain messages.
Another 45% use a 2-of-2 configuration, while only about 5% employ more robust setups requiring three or more independent verifiers. The findings come in the wake of the KelpDAO exploit, which has drawn renewed scrutiny to how cross-chain protocols manage security.
KelpDAO’s rsETH product, which was affected in the incident, falls within the lowest 1-of-1 category, according to the data.
Layerzero’s DVN model allows developers to choose how many independent verifiers are required to confirm transactions across chains. While this flexibility enables customization based on cost and performance, it also introduces trade-offs between efficiency and security.
A 1-of-1 configuration, for example, relies on a single verifier, creating a potential single point of failure. Higher configurations distribute trust across multiple parties but can increase operational complexity and cost.
Dune’s dashboard provides a detailed breakdown of how applications configure these parameters across different chains, assets, and projects. The data presented didn’t rank or assign security scores, as the firm noted that DVN count alone does not fully define a protocol’s risk profile.
Other factors, such as the independence of verifier operators, optional security thresholds, and the value of assets being transferred, also play a role. Still, the prevalence of minimal configurations suggests that many developers prioritize simplicity and cost over redundancy.
The findings underscore a broader challenge in decentralized finance, where infrastructure flexibility often shifts responsibility for security decisions to developers. In practice, this can lead to uneven standards across the ecosystem. For now, the data point to a system in which baseline security remains widely adopted, even as the risks associated with it become more visible.
