An Omnichain Interoperability Protocol
LayerZero is an omnichain interoperability protocol designed for lightweight message passing across chains. LayerZero provides authentic and guaranteed message delivery with configurable trustlessness.
For cross-chain bridging and messaging, almost every existing approach falls into one of two broad categories. The first is having a consensus forming middle chain validate and forward messages between chains. The second is running a light node on-chain.
Middle chains receive, validate, and forward messages between chains. In this model, the middle chain is granted full signing power to all messages, making it a single point of failure. In the event of consensus corruption, all liquidity can immediately be stolen on all chains. With today’s middle chains bonding only hundreds of millions of dollars while securing tens of billions, as these chains become increasingly decentralized, it is not a matter of if but when this massive honeypot will be exploited.
On-chain light nodes receive and validate every block header for each pairwise chain on the opposing chain. Transaction proofs containing messages are forwarded and validated on chain against the block headers. This is the most secure way to transmit messages between chains. Unfortunately, it’s also the most expensive costing tens of millions of dollars per day per pairwise chain to run an on-chain light node on Ethereum.
On-chain light nodes are extremely secure but also extremely expensive. Middle chains are inexpensive but less secure. Introducing the Ultra Light Node (ULN), the security of a light node with the cost-effectiveness of middle chains. This is achieved by performing the same validation as an on-chain light node; but instead of keeping all block headers sequentially, block headers are streamed on demand by decentralized oracles.
LayerZero is a User Application (UA) configurable on-chain endpoint that runs a ULN. LayerZero relies on two parties to transfer messages between on-chain endpoints: the Oracle and the Relayer. When a UA sends a message from chain A to chain B, the message is routed through the endpoint on chain A. The endpoint then notifies the UA specified Oracle and Relayer of the message and it’s destination chain. The Oracle forwards the block header to the endpoint on chain B and the Relayer then submits the transaction proof. The proof is validated on the destination chain and the message is forwarded to the destination address.
In breaking up responsibilities between the Oracle and Relayer, LayerZero leverages the security properties of the established oracles (Chainlink and Band) with an additional layer of security via the open relayer system. While this may seem only a small difference at first glance, its implications are quite profound. First, it means that the worst-case security of this new network still reduces to being as secure as the oracle. If you use Chainlink as your oracle any malicious action in the system is still predicated on first being able to defeat the Chainlink DON (no easy task). Even if the Oracle’s consensus is corrupted, it also requires that the Relayer is actively colluding. For example, in the most extreme case where the Oracle A’s consensus is corrupted and the Relayer A is colluding, all of this risk is only borne by those User Applications accepting messages from Oracle A and Relayer A. All User Applications using Relayer B-Z, running their own Relayer, or using Oracle B-Z remain completely unaffected. This is a massive transformation in terms of risk model from the previously described middle chain systems.