Security Stack (DVNs)
Every OApp can Configure a Security Stack comprised of a number of required and optional Decentralized Verifier Networks (DVNs) to check the payloadHash emitted for message integrity, specifying an optional threshold for when a message nonce can be committed as Verified.
Each individual DVN checks messages using its own verification schema to determine the integrity of the payloadHash before verifying it in the destination chain's MessageLib.
When both the required DVNs and a threshold of optional DVNs agree on the payloadHash, the message nonce can then be committed to the destination Endpoint's messaging channel for execution by any caller (e.g., Executor).
| Message Nonce | Description |
|---|---|
| 1 | The OApp's Security Stack has verified the payloadHash, and the nonce has been committed to the Endpoint's messaging channel. |
| 2 | All DVNs in the Security Stack have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
| 3 | Two required and one optional DVN have verified the payloadHash, meeting the security threshold, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
| 4 | Even though the optional DVN security threshold has been met, the Security Stack enforces all required DVNs (i.e., DVN1) to verify the payloadHash before the nonce can be committed to the Endpoint's messaging channel. |
| 5 | Only the required DVNs (i.e., DVN(A), DVN(B)) have verified the payloadHash, but neither optional DVN have verified. |
| 6 | Both the required DVNs and the optional threshold have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
Verification Model
Each DVN offers a unique verification model for how to confirm the payloadHash of a message, meaning OApp owners can determine which security and cost-efficiency models best fit an application's needs.
See DVN Addresses for an extensive list of all DVNs you could include in your OApp's Security Stack.
DVN Adapters
DVN Adapters enable applications to integrate the security of third-party networks such as native asset bridges, middle-chains, and other verification methods into the OApp's Security Stack, exponentially increasing the number of security configurations possible for an OApp to choose.
Since DVNs refer broadly to any verification model, OApp owners can integrate with any infrastructure that can securely deliver a message's payloadHash to the destination MessageLib.
Configuring Security Stack
When developers deploy omnichain applications (OApps) using the provided Contract Standards, these contracts come pre-packaged with the necessary interfaces for managing the Security Stack, as well as the ability to opt-in to a configured default. This means there's no immediate need for complex setups or configurations post-deployment, nor are you forced at any point to accept defaults.
The OApp owner can freely configure and reconfigure the Security Stack, tailoring the protocol to required security and efficiency needs.
See Configure Security Stack to change your application's configuration.
Below is a list of the DVNs available for applications to use:
| DVNs | Description |
|---|---|
| LayerZero Labs (Default) | A default DVN maintained by LayerZero Labs. |
| Google Cloud (Default) | Another default DVN powered by Google Cloud. |
| Polyhedra zkLightClient (Default) | Another default DVN currently on 7 chains. Polyhedra Network is building a trustless, efficient, and secure validation layer for Web3 interoperability using zero-knowledge proofs. Polyhedra’s zkBridge proves the complete state of the sender chain without relying on third party validators. |
| Nethermind | A resilient DVN across multiple GCP Availability Zones, hosted by Nethermind. |
| Delegate | A DVN maintained by Delegate, the developer team behind the most trusted onchain security tooling used by projects including Azuki, BAYC, Squiggles, and RTFKT. |
| MIM | A DVN powered by the Omnistable protocol Abracadabra, leveraging years of cross-chain experience and innovation. |
| Pearlnet | Pearlnet is a DVN built for the TapiocaDAO ecosystem, enabling OApps to control their own modular verification network. |
| Animoca-Blockdaemon | The first DVN combining two signers, Blockdaemon's institutional grade security and Animoca's history of running infrastructure in crypto's gaming vertical into a single security module. |
| Gitcoin | A DVN run by Gitcoin, the Ethereum native public goods development team. |
| P2P | A DVN powered by P2P.org, one of the leading Proof of Stake validator and RPC Node providers operating since 2018. |
| Nodes.Guru | A DVN powered by Nodes.Guru, a leading crypto holding, providing the top quality staking services since 2019. |
| StableLab | A DVN run by StableLab, the leader in professional delegation, governance framework design, and product development for DAOs. |
| Planetarium Labs | A DVN powered by Planetarium Labs, a community-driven Web3 gaming company building immersive and innovative gaming experiences for users around the world. |
| Blockhunters | A DVN maintained by BlockHunters, a top infrastructure service provider supporting the most promising projects in the cryptocurrency ecosystem with active nodes and different model infrastructure key components. |
| Bware Labs | A DVN maintained by Bware Labs, the creator of Blast, the most performant decentralized RPC platform in the Web3 industry and well know staking team with more half a billion assets in TVS. |
| Nocturnal Labs | A DVN Powered by Nocturnal Labs, where the prowess of a leading Proof of Stake validator meets our institutional-grade security, for unmatched verification strength and reliability. |
| Horizen Labs | A DVN with a mission of supporting as many networks as possible, hosted by Horizen Labs, the web3 team behind Horizen, Horizen EON, ApeCoin and Otherdeeds! |
| Switchboard | A DVN run by Switchboard, one of the most widely adopted price oracles and data feeds products. |
| Portal | A DVN powered by the team behind Portal, the Universal Gaming Ecosystem. |
| Lagrange | A DVN run by the Lagrange State Committees (LSC), a ZK light client protocol for optimistic rollups (ORUs) designed through combining Lagrange’s ZK MapReduce Coprocessor and EigenLayer restaking. |
| 01node | A DVN run by 01node, which sets a new standard in the blockchain realm, underpinned by our unique in-house operational model and unrivaled infrastructure resilience. |
| BCW Group | A DVN run by BCW, the trusted omni-protocol Web3 data & infrastructure specialists powering bridges, RPCs, data indexing tools & validation for Network Foundations & F500s. |
| Republic | A DVN run by Republic. |
| Restake | A DVN run by Restake. |
| Mercury | A DVN operated by Mercury, the platform powering the most anticipated AAA FPS Shrapnel and the next generation of Gaming. |
| Gelato | A DVN run by Gelato, which removes single points of failure with three out of five Gelato validators executing the transactions in parallel at a time. |
| Axelar DVN Adapter | A DVN Adapter that uses Axelar's generic message passing to verify the message's payloadHash to the destination MessageLib. |
| CCIP DVN Adapter | A DVN Adapter which employs CCIP's arbitrary message passing to verify the message's payloadHash to the destination MessageLib. |
| Luganodes | A DVN run by Luganodes. |
| StakingCabin | A DVN powered by StakingCabin, offering leading infrastructure services for blockchain protocols. With extensive expertise, we ensure network security and growth. |
| P-OPS | A DVN maintained by P-OPS Team, an experienced infrastructure provider with years of experience in running validators, nodes, indexers and bridges. P-OPS Team is a verified provider on StakingRewards with the highest score for their services: https://www.stakingrewards.com/provider/pops-team-validator, using only the best hardware and software for maximum performance and security. |
| Omni X | A DVN deployed and maintained by Omni X, the first omnichain NFT launchpad. |