“A trusted-party vulnerability (also called a ’backdoor’) is an undisclosed capability of a trusted party, that can compromise the function of the system,” Prestwich explained in a tweet outlining his findings. According to Prestwich, LayerZero has the ability to unilaterally steal or move around funds locked up with platforms that use its bridging services with default settings.
Bridge Platform LayerZero Denies Allegations It Kept ‘Backdoor’ Secret
