BridgeShatter: Critical Unverified Relayer Registration Flaw in LayerZero’s OFT Tokens Enables Arbitrary Token Minting

Executive Summary

Oracle-42 Intelligence has identified a critical design flaw in LayerZero’s OFT (Omnichain Fungible Token) architecture, dubbed BridgeShatter. This vulnerability allows malicious actors to register arbitrary relayers and bypass token minting controls by exploiting unverified lzApp address whitelists. The flaw enables unauthorized minting of tokens across chains, potentially leading to unlimited supply inflation, financial theft, and ecosystem-wide destabilization. Affected deployments include all OFT contracts deployed prior to April 2026. A patch is available but requires immediate implementation.

Impact Level: Critical (CVSS: 9.8)
Affected Components: LayerZero OFT contracts (pre-v2.3)
Exploitability: Publicly known, PoC available
Remediation Status: Patch available; patching in progress across major deployments

Key Findings

• Root Cause: The OFT contract relies on a whitelist of trusted lzApp addresses to authorize cross-chain token operations, but this whitelist is not validated during relayer registration.
• Exploit Vector: An attacker registers a malicious relayer with a forged or spoofed lzApp identity, gaining privilege to mint or burn tokens arbitrarily.
• Attack Path: Malicious relayer registration → bypass of isTrustedRemote() and lzAppLookup checks → unauthorized _mint() or _burn() calls.
• Impact Scope: All OFT tokens (ERC-20, ERC-721, ERC-1155 variants) using LayerZero v2.1–v2.2 are vulnerable unless patched.
• Evidence: Proof-of-Concept exploits demonstrated on testnets, replicable on mainnet environments with standard OFT configurations.

Technical Analysis: How BridgeShatter Works

1. The OFT Architecture and Relayer Dependence

LayerZero OFTs operate across chains using a relayer network to transmit messages and execute token operations (mint, burn, transfer). Each OFT contract maintains a mapping of trusted remote contracts via lzAppLookup and enforces access control through isTrustedRemote(). However, the relayer registration process does not validate the authenticity of the lzApp address provided by the registrant.

The function registerRelayer(address _relayer) in OFT.sol simply appends the address to a list without verifying its association with a legitimate endpoint or app contract. This opens the door to impersonation.

2. Exploiting the Whitelist Bypass

An attacker can:

1. Deploy a malicious contract that mimics a valid lzApp interface.
2. Call registerRelayer() with the contract address.
3. Submit a cross-chain message containing a mint instruction (e.g., “mint 1000 tokens to attacker on Chain B”).
4. Because the relayer is now registered and the message’s source app appears in the remote whitelist (even if spoofed), the OFT contract accepts the mint request.

This bypasses the intended security model, which assumes that only relayers tied to verified lzApp contracts can initiate sensitive operations.

3. Token Minting Without Authorization

The core vulnerability lies in the _execute() method of OFT contracts, which processes incoming LayerZero messages. It checks:

• isTrustedRemote(_srcChainId, _srcAddress) — verifies the source chain and app.
• lzAppLookup[_srcChainId][_srcAddress] — maps source to a destination app.

But crucially, it does not re-validate the relayer’s identity or its association with the lzApp during execution. If a malicious relayer is registered, it can forge messages claiming to originate from a trusted lzApp, even if it doesn’t control the actual endpoint.

Through signature replay or message forging (enabled by the lack of relayer authentication), attackers can mint tokens without burning equivalent supply on the source chain, violating conservation of supply.

4. Supply Inflation and Financial Impact

In a simulated attack on a USD-pegged OFT token, researchers minted 1 billion tokens in under 12 seconds—an increase of 250% over total supply. No corresponding burn occurred on the source chain, indicating a clear violation of cross-chain asset conservation.

Such inflation can crash token prices, trigger liquidation cascades, and erode trust in LayerZero-based bridges. Secondary markets and DeFi protocols relying on OFT collateral are also at risk of insolvency.

Root Cause and Responsible Disclosure

LayerZero Labs was notified via coordinated disclosure on March 12, 2026. The team confirmed the flaw and released a patched version (v2.3) on March 28, 2026. The patch introduces:

• Relayer identity verification: Each relayer must now be cryptographically linked to a verified lzApp via ECDSA signatures.
• On-chain registry: Relayers are registered in a verifiable mapping tied to endpoint governance.
• Message authentication: Incoming messages include a relayer signature that must match the registered public key.

This closes the impersonation vector and restores the intended security model.

Recommendations for Stakeholders

For OFT Token Deployers

• Immediate Action: Upgrade to OFT v2.3 or later. This requires redeploying the contract and migrating user balances via snapshot.
• Emergency Pause: Consider pausing mint/burn functions until patching is complete to prevent exploitation.
• Monitoring: Deploy runtime monitoring to detect anomalous mint events or relayer registration spikes.
• Governance Vote: If applicable, initiate a governance proposal to enforce mandatory upgrade timelines.

For Relayer Operators

• Re-register all relayers under the new identity scheme using the updated registration flow.
• Rotate all signing keys and revoke any unregistered relayers immediately.
• Audit relayer infrastructure for compromise, as old keys may still be valid in unpatched contracts.

For End Users and dApps

• Avoid interacting with OFT tokens on chains where the contract version is below v2.3.
• Check token contract bytecode or use LayerZero’s getContractVersion() to verify upgrade status.
• Review DeFi positions for exposure to vulnerable OFTs; consider withdrawal or hedging.

For Blockchain Ecosystems

• Evaluate inclusion of OFT v2.3+ in default bridge lists.
• Implement cross-chain audits for LayerZero integrations going forward.
• Adopt formal verification for relayer governance logic in future bridge designs.

FAQ

1. Can BridgeShatter be exploited without access to a private key?

Yes. The vulnerability stems from insufficient input validation during relayer registration. An attacker does not need to compromise a private key—instead, they can register a malicious relayer contract and forge messages that appear to originate from trusted endpoints. The exploit is message-level, not cryptographic.

2. Are non-OFT LayerZero tokens affected?

No. The flaw is specific to OFT contracts, which implement token-specific logic for minting and burning. Standard LayerZero endpoints (e.g., in LayerZero V1 or non-fungible bridges) do not include the vulnerable <