Security Stack (DVNs)
As mentioned in previous sections, every application built on top of the LayerZero protocol can configure a unique messaging channel.
This stack of multiple DVNs allows each application to configure a unique security threshold for each source and destination, known as X-of-Y-of-N.
In this stack, each DVN independently verifies the payloadHash
of each message to ensure integrity. Once the designated DVN threshold has been reached, the message nonce can be marked as verified and inserted into the destination Endpoint for execution.
Each DVN applies its own verification method to check that the payloadHash
is correct. Once the required DVNs and optionally a sufficient number of optional DVNs have confirmed the payloadHash
, any authorized caller (for example, an Executor) can commit the message nonce into the destination Endpoint’s messaging channel for execution.
The following image and table describe how messages can be inserted into the Endpoint's messaging channel post-verification:
Message Nonce | Description |
---|---|
1 | The Security Stack has verified the payloadHash and the nonce has been committed to the Endpoint’s messaging channel. |
2 | All configured DVNs have verified the payloadHash , but no caller has yet committed the nonce to the Endpoint’s messaging channel. |
3 | Two required and one optional DVN have verified the payloadHash , meeting the security threshold, but the nonce has not yet been committed. |
4 | Even though the optional DVN threshold is met, the Security Stack requires that every required DVN (e.g. DVNᴬ ) must verify the payloadHash before the nonce can be committed. |
5 | Only the required DVNs (e.g. DVNᴬ , DVNᴮ ) have verified the payloadHash ; none of the optional verifiers have submitted their proof. |
6 | Both the required DVNs and the optional threshold have verified the payloadHash , but no caller has committed the nonce to the Endpoint’s messaging channel yet. |