Skip to main content
Version: Endpoint V2 Docs

Security Stack (DVNs)

Every OApp can Configure a Security Stack comprised of a number of required and optional Decentralized Verifier Networks (DVNs) to check the payloadHash emitted for message integrity, specifying an optional threshold for when a message nonce can be committed as Verified.

DVN Light DVN Dark

Each individual DVN checks messages using its own verification schema to determine the integrity of the payloadHash before verifying it in the destination chain's MessageLib.

When both the required DVNs and a threshold of optional DVNs agree on the payloadHash, the message nonce can then be committed to the destination Endpoint's messaging channel for execution by any caller (e.g., Executor).

Message NonceDescription
1The OApp's Security Stack has verified the payloadHash, and the nonce has been committed to the Endpoint's messaging channel.
2All DVNs in the Security Stack have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.
3Two required and one optional DVN have verified the payloadHash, meeting the security threshold, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.
4Even though the optional DVN security threshold has been met, the Security Stack enforces all required DVNs (i.e., DVN1) to verify the payloadHash before the nonce can be committed to the Endpoint's messaging channel.
5Only the required DVNs (i.e., DVN(A), DVN(B)) have verified the payloadHash, but neither optional DVN have verified.
6Both the required DVNs and the optional threshold have verified the payloadHash, but no caller (e.g., Executor) has committed the nonce to the Endpoint's messaging channel.

Verification Model

Each DVN offers a unique verification model for how to confirm the payloadHash of a message, meaning OApp owners can determine which security and cost-efficiency models best fit an application's needs.

See DVN Addresses for an extensive list of all DVNs you could include in your OApp's Security Stack.

DVN Adapters

DVN Adapters enable applications to integrate the security of third-party networks such as native asset bridges, middle-chains, and other verification methods into the OApp's Security Stack, exponentially increasing the number of security configurations possible for an OApp to choose.

DVN Hook Light DVN Hook Dark

Since DVNs refer broadly to any verification model, OApp owners can integrate with any infrastructure that can securely deliver a message's payloadHash to the destination MessageLib.

Configuring Security Stack

When developers deploy omnichain applications (OApps) using the provided Contract Standards, these contracts come pre-packaged with the necessary interfaces for managing the Security Stack, as well as the ability to opt-in to a configured default. This means there's no immediate need for complex setups or configurations post-deployment, nor are you forced at any point to accept defaults.

The OApp owner can freely configure and reconfigure the Security Stack, tailoring the protocol to required security and efficiency needs.

info

See Configure Security Stack to change your application's configuration.


You can find all available DVNs for applications to use under Supported DVNs.