Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
James Prestwich Profile picture
James Prestwich
@_prestwich
Founder/CTO @nomadxyz_ | prev. founder at Storj, Summa | UTXO connoisseur | 🦀 | BETH Core Dev | Non-functional curries | too old to apply to Paradigm
Token valuation Profile picture kiddphunk Profile picture Shaoping Profile picture 3 subscribed
Jan 30, 2023 6 tweets 3 min read
Think that the LayerZero backdoors were documented? Let's check their docs!

Here's the only mention of auto-upgrade. It does not say that the LayerZero team can use auto-upgrade to backdoor your application

layerzero.gitbook.io/docs/faq/layer… Here's the documentation on UA configuration. It does not say that an unconfigured UA can be backdoored by the LayerZero team

layerzero.gitbook.io/docs/faq/futur…

layerzero.gitbook.io/docs/evm-guide…
Jan 30, 2023 5 tweets 2 min read
The current party line is that everyone already knew that LayerZero had a backdoor to applications by default

This is not true. LayerZero consistently said that fraud CAN'T happen without relayer and oracle compromise

If you don't believe me, maybe take their word for it! They also do not mention VL and PL configuration when talking about application security
Jan 30, 2023 7 tweets 3 min read
Hello, today we are disclosing two critical trusted-party vulnerabilities in the LayerZero smart contracts. These issues allow the LayerZero team to completely bypass the Oracle and Relayer for most applications (including stargate).

prestwich.substack.com/p/zero-validat… A trusted-party vulnerability (also called a "backdoor") is an undisclosed capability of a trusted party, that can compromise the function of the system. We discuss two of these in the LayerZero contracts.

prestwich.substack.com/p/zero-validat…