LayerZero Clarifies: Alleged Bug is a Design Feature
Bryan Pellegrino, CEO of LayerZero, has dismissed claims by anonymous crypto sleuth 0x52 about a critical vulnerability in the protocol.
On this page
Bryan Pellegrino, CEO of LayerZero, has dismissed claims by anonymous crypto sleuth 0x52 about a critical vulnerability in the protocol.
0x52 conducted an audit of UXDProtocol and found that the contract managing inter-protocol messages does not limit their length or receiving address token count. The auditor warned that this could enable attackers to specify overly long destination addresses, causing system errors and substantial financial losses.
Pellegrino clarified that the ability to configure message and address lengths is an intentional feature. He argued that a fixed limit could introduce censorship, which contradicts LayerZero's goals. He also pointed out that this code has been part of the application configuration since 2022 and does not affect the Core protocol.
Not only is this not a bug, this is by design in the protocol. Any messaging protocol that enshrines this configuration can now censor any application. You cannot have one without the other. We believe in censorship-resistant technology rails,
explained the CEO.
Pellegrino’s reasoning swayed 0x52. The researcher removed the post discussing the supposed protocol flaw and issued an apology to the LayerZero team.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
