Chirag

El Clásico is back this weekend! Mark your calendars. This could be the title decider. 📅 May 10, 7:00 PM (UTC) Drop your prediction on the link below & win up to $6,200 USDT. 👉 partner.bitget.com/bg/bitgetlalig…

At @USDT0_to, we build with the specific intention of ensuring there is no single point of failure. Security is at the core of every single architectural and procedural decision we make along the way. For example: Since launching last year, we’ve run a proprietary DVN with veto capability over every message, custom invariant checks built specifically for our infra, and pinned code libraries so that no external party can ever modify the code the system runs on. Every chain deployment gets its own independent risk assessment. Every multisig transaction passes through internal and external review before a signer even sees it. We turn down chains, delay launches, and trade user experience for stronger security when instances require a trade-off. During the KelpDAO incident, USDT0 remained secure with no impact on system integrity and has processed over $4 billion in volume since. Our proprietary DVN performed exactly as it was built to. We used the moment to raise the bar further, adding Canary as a third independent verifier, moving our DVN setup from 2-of-2 to 3-of-3. Exit confirmation times were also extended to guarantee finality before cross-network settlement. In the coming months we are moving to 4-of-4 and then 5-of-5 as additional qualified candidates clear our validation process. More details in our recent overview of USDT0's security architecture: blog.usdt0.to/security-is-th…

At @USDT0_to, we build with the specific intention of ensuring there is no single point of failure. Security is at the core of every single architectural and procedural decision we make along the way. For example: Since launching last year, we’ve run a proprietary DVN with veto capability over every message, custom invariant checks built specifically for our infra, and pinned code libraries so that no external party can ever modify the code the system runs on. Every chain deployment gets its own independent risk assessment. Every multisig transaction passes through internal and external review before a signer even sees it. We turn down chains, delay launches, and trade user experience for stronger security when instances require a trade-off. During the KelpDAO incident, USDT0 remained secure with no impact on system integrity and has processed over $4 billion in volume since. Our proprietary DVN performed exactly as it was built to. We used the moment to raise the bar further, adding Canary as a third independent verifier, moving our DVN setup from 2-of-2 to 3-of-3. Exit confirmation times were also extended to guarantee finality before cross-network settlement. In the coming months we are moving to 4-of-4 and then 5-of-5 as additional qualified candidates clear our validation process. More details in our recent overview of USDT0's security architecture: blog.usdt0.to/security-is-th…

A ton of this is just completely untrue. 1) Kelp originally used the defaults which were MultiDVN or DeadDVN and manually migrated to a 1/1 config later 2) Almost 100% of the volume on a 1/1 config was rsETH 3) Not using a 1/1 for production applications is mentioned many times in the documentation. The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration. rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google: Here are the exact transactions where that happens Ethereum → Arbitrum: etherscan.io/tx/0xd7c864adb… at 2024-02-06 03:09:47 UTC Ethereum → Optimism: etherscan.io/tx/0x7075bfe9a… at 2024-02-06 03:09:59 UTC KelpDAO then manually changed these to 1/1 configs: For the original Feb 6 Ethereum routes to Arbitrum/Optimism, KelpDAO’s Ethereum contract switched from defaults to manual OApp-scoped config on 2024-04-01: Send-side manual config: etherscan.io/tx/0x7485c16c9… 2024-04-01 07:12:11 UTC Receive-side manual config: etherscan.io/tx/0x21e967c99… 2024-04-01 07:12:23 UTC From this point on, Kelp began deploying all of their configurations as 1/1 configs. Here is Kelp’s deployment on Unichain: Unichain → Ethereum was opened on 2025-04-01 18:55:41 UTC. Pathway-open / setPeer tx: uniscan.xyz/tx/0x31ea2b10a… The manual ULN config followed 6 seconds later in uniscan.xyz/tx/0xd8ef5416a…. During this time the Unichain -> Ethereum and Ethereum -> Unichain defaults were set to DeadDVN which is a contract which makes it impossible for any application to transact without manually configuring their DVNs, this was not possible on the defaults of this pathway. Here is the code in the DeadDVN (#code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x747C…) that specifically prohibits this. (Screenshot 1) This is called out many many times in the docs: 1. Integration Checklist — "Do" list - Last edited: 2025-11-26 (Nazreen) - Content: "Do: … Use more than one DVN for each production pathway instead of relying on a single DVN." - File: v2/tools/integration-checklist.mdx:244 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 2. Integration Checklist — "Don't" list - Last edited: 2025-11-26 (Nazreen) - Content: "Don't: … Configure only one DVN for a pathway and treat it as production‑ready." - File: v2/tools/integration-checklist.mdx:251 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 3. Integration Checklist — Defaults are not safe - Last edited: 2025-09-25 (Tino Martínez Molina) - Content: "Do not assume defaults are safe for production. Always check explicitly: getSendLibrary, getReceiveLibrary, and getConfig. If these resolve to defaults, confirm whether the defaults are valid for the intended pathway. Unintentional fallbacks to defaults are a common cause of blocked or failing pathways." - File: v2/tools/integration-checklist.mdx:126-128 - URL: #explicitly-set-message-libraries" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 4. Integration Checklist — Default fallback warning - Last edited: 2026-02-26 (migration; same wording predates it) - Content: "Warning: If no configuration is set, the OApp will fallback to the default settings set by LayerZero Labs." - File: v2/tools/integration-checklist.mdx:222-238 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 5. ONFT Quickstart — Production guidance - Last edited: 2025-02-20 (Radek Sienkiewicz) - Content: "DVN Settings: Use multiple DVNs in production to ensure message verification is robust." - File: v2/developers/evm/onft/quickstart.mdx:700 - URL: #security-considerations" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 6. ONFT Quickstart — Strong recommendation to configure - Last edited: 2025-03-10 (Radek Sienkiewicz) - Content: "We strongly recommend reviewing these settings carefully and configuring your security stack according to your needs and preferences." - File: v2/developers/evm/onft/quickstart.mdx:366 - URL: #configure-the-onft" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 7. Starknet FAQ — "Should I use multiple DVNs?" - Last edited: 2026-01-21 (Nazreen) - Content: ▎ Should I use multiple DVNs? ▎ Recommended for production. Multiple DVNs provide: ▎ - Increased security (multiple independent verifiers) ▎ - Resilience (no single point of failure) ▎ - Trust minimization - File: v2/developers/starknet/troubleshooting/faq.mdx:290-296 - URL: #should-i-use-multiple-dvns" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… Here are the exact recommendations we gave KelpDAO when asked about DVNs (typically 2/3) (Screenshot 2) Other LayerZero applications speaking on exactly what is advised by the team x.com/mitchellftracy… x.com/jasperflux/sta… For how much volume was actually configured on 1/1 here is the exact data. (Screenshot 3) We will publish a complete post-mortem as soon as the external security firms have completed it.