Security Stack (DVNs)
Every OApp can Configure a Security Stack comprised of a number of required and optional Decentralized Verifier Networks (DVNs) to check the payloadHash emitted for message integrity, specifying an optional threshold for when a message nonce can be committed as Verified.
Each individual DVN checks messages using its own verification schema to determine the integrity of the payloadHash before verifying it in the destination chain's MessageLib.
When both the required DVNs and a threshold of optional DVNs agree on the payloadHash, the message nonce can then be committed to the destination Endpoint's messaging channel for execution by any caller (e.g., Executor).
| Message Nonce | Description |
|---|---|
| 1 | The OApp's Security Stack has verified the payloadHash, and the nonce has been committed to the Endpoint's messaging channel. |
| 2 | All DVNs in the Security Stack have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
| 3 | Two required and one optional DVN have verified the payloadHash, meeting the security threshold, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
| 4 | Even though the optional DVN security threshold has been met, the Security Stack enforces all required DVNs (i.e., DVN1) to verify the payloadHash before the nonce can be committed to the Endpoint's messaging channel. |
| 5 | Only the required DVNs (i.e., DVN(A), DVN(B)) have verified the payloadHash, but neither optional DVN have verified. |
| 6 | Both the required DVNs and the optional threshold have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel. |
Verification Model
Each DVN offers a unique verification model for how to confirm the payloadHash of a message, meaning OApp owners can determine which security and cost-efficiency models best fit an application's needs.
See DVN Addresses for an extensive list of all DVNs you could include in your OApp's Security Stack.
DVN Adapters
DVN Adapters enable applications to integrate the security of third-party networks such as native asset bridges, middle-chains, and other verification methods into the OApp's Security Stack, exponentially increasing the number of security configurations possible for an OApp to choose.
Since DVNs refer broadly to any verification model, OApp owners can integrate with any infrastructure that can securely deliver a message's payloadHash to the destination MessageLib.
Configuring Security Stack
When developers deploy omnichain applications (OApps) using the provided Contract Standards, these contracts come pre-packaged with the necessary interfaces for managing the Security Stack, as well as the ability to opt-in to a configured default. This means there's no immediate need for complex setups or configurations post-deployment, nor are you forced at any point to accept defaults.
The OApp owner can freely configure and reconfigure the Security Stack, tailoring the protocol to required security and efficiency needs.
See Configure Security Stack to change your application's configuration.
You can find all available DVNs for applications to use under Supported DVNs.