LayerZero CEO responds to vulnerability rumors: Inference is baseless, protocol is secure

BlockBeats news, on July 1st, Bryan Pellegrino, co-founder and CEO of LayerZero Labs, responded to the rumors about "serious vulnerabilities in LayerZero" on social media. He stated that "this is completely unfounded. First of all, all the code you mentioned was pushed out in 2022. Secondly, these are application configurations rather than protocol configurations.

The payload size limit is part of the security configuration for applications and it sets up DVNs. Even in the latest version, an application can override this limit. In other words, if an application cannot override this setting then LayerZero could block message delivery by setting 'payload limit' to zero which would violate the entire design principle of the protocol.

As initially responded to your query: just fork and test it as I'm sure you've already confirmed at that time - it's not executable; if it were executable then that would be because a particular app chose to set it like so - similar to how some apps choose incorrect contract settings on Ethereum.

This isn't a vulnerability but part of protocol design instead. Any messaging protocols now engraving such configuration into their protocols can review any applications – they're inseparable from each other. We believe in censorship-resistant technology tracks."