- Topic1/3
4k Popularity
158k Popularity
13k Popularity
33k Popularity
97k Popularity
- Pin
- Hey Square fam! How many Alpha points have you racked up lately?
Did you get your airdrop? We’ve also got extra perks for you on Gate Square!
🎁 Show off your Alpha points gains, and you’ll get a shot at a $200U Mystery Box reward!
🥇 1 user with the highest points screenshot → $100U Mystery Box
✨ Top 5 sharers with quality posts → $20U Mystery Box each
📍【How to Join】
1️⃣ Make a post with the hashtag #ShowMyAlphaPoints#
2️⃣ Share a screenshot of your Alpha points, plus a one-liner: “I earned ____ with Gate Alpha. So worth it!”
👉 Bonus: Share your tips for earning points, redemption experienc
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Analysis of the security risks and limitations of the LayerZero cross-chain protocol
Challenges of Cross-Chain Protocols and Limitations of LayerZero
Cross-chain protocols play a crucial role in the blockchain ecosystem, but they also face severe security challenges. In recent years, the losses caused by security incidents related to cross-chain protocols have topped the charts, and their importance and urgency even exceed that of Ethereum's scaling solutions. The interoperability between cross-chain protocols is an inherent requirement for the networking of Web3, and such protocols often secure large amounts of funding. Their total locked value (TVL) and transaction volume are also continuously increasing. However, ordinary users often find it difficult to discern the security levels of these protocols.
Among the many cross-chain solutions, LayerZero adopts a simplified architectural design. It uses Relayer to execute inter-chain communication, supervised by Oracle. This design eliminates the complex processes of requiring a third chain for consensus and multi-node verification in traditional cross-chain solutions, thus providing users with a "fast cross-chain" experience. Due to its lightweight architecture, concise code, and the ability to leverage existing Chainlink as Oracle, projects of the LayerZero type can go live quickly, but they are also easily imitated.
However, this simplified architecture poses potential security risks. First, simplifying multi-node verification to a single Oracle verification significantly reduces the security coefficient. Second, in a single verification model, it must be assumed that the Relayer and Oracle are independent, and this trust assumption is difficult to maintain in the long term, which is inconsistent with the native de-trustification concept of cryptocurrencies.
LayerZero, as a "ultra-lightweight" cross-chain solution, is responsible only for message transmission and does not bear responsibility for the security of the applications. Even allowing multiple parties to run Relayers does not fundamentally solve the above problems. Increasing the number of Relayers does not equate to decentralization but merely makes the system permissionless. LayerZero's Relayer is essentially still a trusted third party, similar to an Oracle.
If a cross-chain token project using LayerZero allows modification of its node configurations, an attacker could replace them with nodes they control, thereby forging any message. This potential risk may be exacerbated in complex scenarios. LayerZero itself finds it difficult to address this issue, and when security incidents occur, responsibility may be shifted to external applications.
Essentially, LayerZero is more like a middleware (Middleware) rather than a true infrastructure (Infrastructure). It cannot provide shared security for ecosystem projects like Layer 1 or Layer 2. While application developers using LayerZero can customize their security policies, this also means they need to take on more security responsibilities.
Some research teams have pointed out the potential security vulnerabilities of LayerZero. For example, if malicious actors gain access to the LayerZero configuration, they may change the Oracle and Relayer to components they control, thereby manipulating cross-chain transactions. Additionally, there are key vulnerabilities in LayerZero's Relayer that could potentially be exploited by insiders.
Reviewing the concepts of decentralization and trustlessness proposed in the Bitcoin white paper, we can see that LayerZero deviates from these core principles. It relies on the assumption that Relayers and Oracles will not collude to act maliciously, while requiring users to trust the developers who build applications using LayerZero. Additionally, throughout the entire cross-chain process, LayerZero does not generate any fraud proofs or validity proofs, let alone put these proofs on-chain and conduct on-chain verification.
Therefore, although LayerZero uses terms like "decentralized" and "trustless" in its marketing materials, it does not fully meet these characteristics from a technical implementation perspective. A truly decentralized cross-chain protocol should be able to achieve secure and efficient cross-chain communication without relying on trusted third parties.
In the future, the development direction of cross-chain protocols may need to focus more on how to achieve true decentralization and trustlessness while ensuring performance. For example, exploring the application of advanced cryptographic techniques such as zero-knowledge proofs in cross-chain protocols could be a potential direction for enhancing the security and decentralization of the protocols.