On the 30th of January 2023, James Prestwich called public attention to two critical blindspots in LayerZero smart contracts.
Hello, today we are disclosing two critical trusted-party vulnerabilities in the LayerZero smart contracts. These issues allow the LayerZero team to completely bypass the Oracle and Relayer for most applications (including stargate).https://t.co/C7Gh6ns56S
— James Prestwich (@_prestwich) January 30, 2023
James Prestwich, founder, and CTO of Nomad, a cross-chain bridging service disclosed in his tweet, two major trusted-party vulnerabilities in LayerZero smart contracts which he mentioned to exist in the endpoint contract and another in the UltraLightNodeV2 contract.
- LayerZero is an omnichain interoperable User application, designed to convey lightweight messages across chains. Its core concept is demonstrated by its reliance on two parties including oracle and the relayer of applications like Stargate, in order to convey messages across on-chain endpoints.
He alleges that these two vulnerabilities confer the LayerZero team the ability to exploit user applications. Allowing it to bypass the Oracle and relayer when passing arbitrary information to an application.
Outlining his findings, Prestwich proceeded to explain that a trusted-party vulnerability has access to a back door. This undisclosed capability allows a trusted party to compromise the functionality of a system. Insinuating that LayerZero has the ability to exclusively steal or transfer secured funds without permission from platforms that utilize bridging services.
He claimed that a driving force toward this full disclosure is the fact that the LayerZero team seems to be aware of these vulnerabilities and yet they let it remain undisclosed in order to actively exploit them instead. He believes that they are also deliberately hiding the extent of their control over the applications so prompt mitigation from every application integrating LayerZero might be the best solution.
He further explained that the LayerZero upgradability pattern allows vulnerabilities by exploiting a drag-along mechanism to bypass all security checks without compromising any protocol actor.
He outlined two criteria. Criteria 1, involves default-configured apps. The layerZero has the ability to randomly submit messages through Endpoint by changing the default Receiving library which is an easily exploitative venture that allows fraudulent messages across local applications bypassing the oracle and relayer’s 2-of-2 multisig completely.
In Criteria 2, the LayerZero Multisig could also randomly modify message payloads while being processed by UltraLightNode even after the oracle and relayer sign off, which is also a critical vulnerability that can be exploited in the same way.
Prestwich proceeds to mention that a form of mitigation would be to design a new version of the UltraLightNode contract which doesn’t involve an automatic upgrade but this would ultimately address only criteria 2 and not criteria 1.