Skip to main content
Version: Endpoint V2

Security Stack (DVNs)

Every OApp can Configure a Security Stack comprised of a number of required and optional Decentralized Verifier Networks (DVNs) to check the payloadHash emitted for message integrity, specifying an optional threshold for when a message nonce can be committed as Verified.

DVN Light DVN Dark

Each individual DVN checks messages using its own verification schema to determine the integrity of the payloadHash before verifying it in the destination chain's MessageLib.

When both the required DVNs and a threshold of optional DVNs agree on the payloadHash, the message nonce can then be committed to the destination Endpoint's messaging channel for execution by any caller (e.g., Executor).

Message NonceDescription
1The OApp's Security Stack has verified the payloadHash, and the nonce has been committed to the Endpoint's messaging channel.
2All DVNs in the Security Stack have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.
3Two required and one optional DVN have verified the payloadHash, meeting the security threshold, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.
4Even though the optional DVN security threshold has been met, the Security Stack enforces all required DVNs (i.e., DVN1) to verify the payloadHash before the nonce can be committed to the Endpoint's messaging channel.
5Only the required DVNs (i.e., DVN(A), DVN(B)) have verified the payloadHash, but neither optional DVN have verified.
6Both the required DVNs and the optional threshold have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.

Verification Model

Each DVN offers a unique verification model for how to confirm the payloadHash of a message, meaning OApp owners can determine which security and cost-efficiency models best fit an application's needs.

See DVN Addresses for an extensive list of all DVNs you could include in your OApp's Security Stack.

DVN Adapters

DVN Adapters enable applications to integrate the security of third-party networks such as native asset bridges, middle-chains, and other verification methods into the OApp's Security Stack, exponentially increasing the number of security configurations possible for an OApp to choose.

DVN Hook Light DVN Hook Dark

Since DVNs refer broadly to any verification model, OApp owners can integrate with any infrastructure that can securely deliver a message's payloadHash to the destination MessageLib.

Configuring Security Stack

When developers deploy omnichain applications (OApps) using the provided Contract Standards, these contracts come pre-packaged with the necessary interfaces for managing the Security Stack, as well as the ability to opt-in to a configured default. This means there's no immediate need for complex setups or configurations post-deployment, nor are you forced at any point to accept defaults.

The OApp owner can freely configure and reconfigure the Security Stack, tailoring the protocol to required security and efficiency needs.


See Configure Security Stack to change your application's configuration.

Below is a list of the DVNs available for applications to use:

LayerZero Labs (Default)A default DVN maintained by LayerZero Labs.
Google Cloud (Default)Another default DVN powered by Google Cloud.
Polyhedra zkLightClient (Default)Another default DVN currently on 7 chains. Polyhedra Network is building a trustless, efficient, and secure validation layer for Web3 interoperability using zero-knowledge proofs. Polyhedra’s zkBridge proves the complete state of the sender chain without relying on third party validators.
NethermindA resilient DVN across multiple GCP Availability Zones, hosted by Nethermind.
DelegateA DVN maintained by Delegate, the developer team behind the most trusted onchain security tooling used by projects including Azuki, BAYC, Squiggles, and RTFKT.
MIMA DVN powered by the Omnistable protocol Abracadabra, leveraging years of cross-chain experience and innovation.
PearlnetPearlnet is a DVN built for the TapiocaDAO ecosystem, enabling OApps to control their own modular verification network.
Animoca-BlockdaemonThe first DVN combining two signers, Blockdaemon's institutional grade security and Animoca's history of running infrastructure in crypto's gaming vertical into a single security module.
GitcoinA DVN run by Gitcoin, the Ethereum native public goods development team.
P2PA DVN powered by, one of the leading Proof of Stake validator and RPC Node providers operating since 2018.
Nodes.GuruA DVN powered by Nodes.Guru, a leading crypto holding, providing the top quality staking services since 2019.
StableLabA DVN run by StableLab, the leader in professional delegation, governance framework design, and product development for DAOs.
Planetarium LabsA DVN powered by Planetarium Labs, a community-driven Web3 gaming company building immersive and innovative gaming experiences for users around the world.
BlockhuntersA DVN maintained by BlockHunters, a top infrastructure service provider supporting the most promising projects in the cryptocurrency ecosystem with active nodes and different model infrastructure key components.
Bware LabsA DVN maintained by Bware Labs, the creator of Blast, the most performant decentralized RPC platform in the Web3 industry and well know staking team with more half a billion assets in TVS.
Nocturnal LabsA DVN Powered by Nocturnal Labs, where the prowess of a leading Proof of Stake validator meets our institutional-grade security, for unmatched verification strength and reliability.
Horizen LabsA DVN with a mission of supporting as many networks as possible, hosted by Horizen Labs, the web3 team behind Horizen, Horizen EON, ApeCoin and Otherdeeds!
SwitchboardA DVN run by Switchboard, one of the most widely adopted price oracles and data feeds products.
PortalA DVN powered by the team behind Portal, the Universal Gaming Ecosystem.
LagrangeA DVN run by the Lagrange State Committees (LSC), a ZK light client protocol for optimistic rollups (ORUs) designed through combining Lagrange’s ZK MapReduce Coprocessor and EigenLayer restaking.
01nodeA DVN run by 01node, which sets a new standard in the blockchain realm, underpinned by our unique in-house operational model and unrivaled infrastructure resilience.
BCW GroupA DVN run by BCW, the trusted omni-protocol Web3 data & infrastructure specialists powering bridges, RPCs, data indexing tools & validation for Network Foundations & F500s.
RepublicA DVN run by Republic.
RestakeA DVN run by Restake.
MercuryA DVN operated by Mercury, the platform powering the most anticipated AAA FPS Shrapnel and the next generation of Gaming.
GelatoA DVN run by Gelato, which removes single points of failure with three out of five Gelato validators executing the transactions in parallel at a time.
Axelar DVN AdapterA DVN Adapter that uses Axelar's generic message passing to verify the message's payloadHash to the destination MessageLib.
CCIP DVN AdapterA DVN Adapter which employs CCIP's arbitrary message passing to verify the message's payloadHash to the destination MessageLib.
LuganodesA DVN run by Luganodes.
StakingCabinA DVN powered by StakingCabin, offering leading infrastructure services for blockchain protocols. With extensive expertise, we ensure network security and growth.
P-OPSA DVN maintained by P-OPS Team, an experienced infrastructure provider with years of experience in running validators, nodes, indexers and bridges. P-OPS Team is a verified provider on StakingRewards with the highest score for their services:, using only the best hardware and software for maximum performance and security.
Omni XA DVN deployed and maintained by Omni X, the first omnichain NFT launchpad.
ZenrockA DVN powered by Zenrock Labs, the first permissionless & decentralized MPC-as-a-Service solution.
OmnicatA DVN powered by Omnicat