Wu said that he learned that Bryan Pellegrino, CEO of LayerZero Labs, tweeted in response to the "suspected serious vulnerability in LayerZero" that this was completely unfounded. First of all, all the codes mentioned were pushed in 2022. Secondly, all of these are application configurations, not protocol configurations. The payload size limit is part of the application's security configuration and is used to set up DVNs. Even in the latest version, the application can override this limit. If the application cannot override the configuration, LayerZero can prevent application messaging by configuring the "payload limit" to 0, but this is contrary to the protocol design principles. As stated in the initial response, it is not feasible to verify this vulnerability by forking and testing. If it can be achieved, it is just a special setting of a certain application, similar to the incorrect contract configuration of some applications on Ethereum. This is not a vulnerability, but part of the protocol design.
Explore the latest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number