Summary
Following the rsETH/KelpDAO LayerZero exploit on 18 April 2026, Venus paused or zeroed collateral factors on several BNB Core cross-chain assets while AllezLabs completed a bridge-risk review. We have applied a Cross-Chain Asset Listing Requirements scorecard - Verifier diversity (V), Rate limits (R), Transparency (T) - to all impacted assets. All are either fully compliant or have paused their LayerZero routes pending compliance. Although not directly part of the LayerZero OFT ecosystem with LZ bridging paused, XAUm’s CF was also reduced in an abundance of caution - associated admin-control concerns have been resolved.
We recommend Venus restore the original collateral factors for sUSDe, USDe, SolvBTC, xSolvBTC, and XAUM on BNB Core.
Context
Recent exploits like the rsETH breach on KelpDAO’s LayerZero bridge have highlighted a systemic risk in cross‑chain collateral. Attackers poisoned LayerZero’s decentralized verifier network (DVN) nodes, causing a single verifier to approve a fake message; this resulted in ~$292 million in stolen funds and led to instant collateral devaluation and bad debt across several large lending protocols. The requirements list below is intended to protect Venus from bridge‑associated risks.
Requirements
For listing LayerZero bridged assets as collateral:
| Category | Key requirements & rationale |
|---|---|
| Verifier diversity & thresholds | 3+ independent verifiers with at least three required (i.e., 3 of 3 not 1 of 3) for DVN setups ; 3+ distinct DVN operators & with independent infrastructure |
| Rate limits & circuit breakers | Configure per‑chain send/receive caps on ALL chains which are enabled |
| Transparency, audits & bug bounties (For the bridge protocol) | Multiple independent third‑party audits for bridge protocols Bridge contracts & infrastructure open source; Bridge maintains active bug bounty programs |
Exception: Native mint/burn bridges (e.g., CCTP, Binance bridge) may be exempt from these multi‑verifier rules. They are evaluated on issuer trust instead.
Scorecard
Direct LZ assets (Venus BNB) deployed as OFTs
| Asset | V - Verifier diversity | R - Rate limits | T - Transparency | Overall | Recommendation |
|---|---|---|---|---|---|
| sUSDe ($70K) | PASS: 4-of-4 required DVNs on BSC: Horizen, Nethermind, Canary, LZ Labs. All 4 must sign. | PASS: 10M/1h caps set on each path | PASS: Ethena: SpearBit, Zellic, MixBytes, Trail of Bits. LZ V2: OpenZeppelin, Trail of Bits, ABDK. Both open source. Immunefi bounty active. | PASS | Re-enable as collateral |
| USDe ($64K) | PASS: 4-of-4 required DVNs on BSC: Horizen, Nethermind, Canary, LZ Labs. All 4 must sign. | PASS: 10M/1h caps set on each path | PASS: Ethena: SpearBit, Zellic, MixBytes, Trail of Bits. LZ V2: OpenZeppelin, Trail of Bits, ABDK. Both open source. Immunefi bounty active. | PASS | Re-enable as collateral |
Both assets pass DVN and transparency checks.
Indirect LZ assets (LZ exposure on other chains adapter)
SolvBTC and xSolvBTC on BNB are not LZ-bridged to BNB. The LZ exposure is indirect: the ETH OFT adapter governs global SolvBTC supply backing. An exploit inflates total supply and degrades the BTC-per-token ratio globally, reducing collateral value on BNB without any on-chain BNB mint event. Scoring applies to the ETH LZ adapter.
| Asset | V - Verifier diversity | R - Rate limits | T - Transparency | Overall | Recommendation |
|---|---|---|---|---|---|
| SolvBTC ($175.8M) | CONDITIONAL: All routes are paused. Commitment by solv team to migrate to 3-3 or 4-4 configurations for DVNs | CONDITIONAL: All routes are paused. Commitment by core team to enable rate limits before enabling routes | PASS: Quantstamp, Salus, OpenZeppelin, and CertiK audited. ****Open source. Immunefi bounty. | CONDITIONAL and TEMPORARY pass | Re-enable as collateral: Disable if Solv team does not adhere to their commitment to moving LZ powered bridges to 3-3+ configurations with caps |
| xSolvBTC ($61.5M) | CONDITIONAL: All routes are paused. Commitment by solv team to migrate to 3-3 or 4-4 configurations for DVNs | CONDITIONAL; All routes are paused. Commitment by core team to enable rate limits before enabling routes | PASS: Quantstamp, Salus, OpenZeppelin, and CertiK audited. Open source. Immunefi bounty. | CONDITIONAL and TEMPORARY pass | Re-enable as collateral |
Disable if Solv team does not adhere to their commitment to moving LZ powered bridges to 3-3+ configurations with caps |
Re-enable SolvBTC and xSolvBTC while monitoring their progress towards compliance IF they choose to re-enable.
Inactive Custom LayerZero OApp with native mint/burn
| Asset | V | R | T | Overall | Recommendation |
|---|---|---|---|---|---|
| XAUM ($1.6k) | N/A | N/A | N/A | N/A | Re-enable as collateral: The single EOA is secured by a 3-tier approval workflow on Cactus Custody, with each approver identity governed by RBAC and requiring hardware key signature to verify approval. This satisfies required security standards. |
LayerZero bridge is paused and moves with native mint/burn so it avoids LZ risk surface. |
Summary table
| Asset | Venus Supply | V | R | T | Overall | Recommendation |
|---|---|---|---|---|---|---|
| sUSDe | $70K | PASS | PASS | PASS | PASS | Re-enable as collateral |
| USDe | $64K | PASS | PASS | PASS | PASS | Re-enable as collateral |
| SolvBTC | $175.8M | CONDITIONAL | CONDITIONAL | PASS | CONDITIONAL | Re-enable as collateral |
| xSolvBTC | $61.5M | CONDITIONAL | CONDITIONAL | PASS | CONDITIONAL | Re-enable as collateral |
| XAUM | $1.6k | N/A | N/A | N/A | N/A | Re-enable as collateral |
V = Verifier diversity, R = Rate limits, T = Transparency
Ongoing monitoring
These summarized requirements form an initial due‑diligence framework for evaluating bridged assets as collateral. Rate limits and circuit breakers are not set-and-forget - boundaries should be actively managed and adjusted in response to changing market conditions and the bridge needs and expected behavior of the asset. AllezLabs will continue to monitor DVN configurations and per-route caps for all listed assets and will return to the forum if any asset drifts out of compliance.
Next steps
- Venus core team to restore original collateral factors for the five assets above.
- AllezLabs to monitor Solv’s bridge re-configuration and flag any deviation.
- Additionally, the USD1 market will be resumed.
Appendix
V - Verifier diversity & thresholds. A cross-chain bridge message is only accepted when enough verifiers sign off on it. The Kelp DAO exploit happened because rsETH used a single verifier - one compromised node, $292M gone. Requiring three or more means an attacker has to simultaneously compromise three independent organizations. “Independent” matters as much as the count: two nodes run by the same company under the same keys are one verifier in practice, not two. The threshold sets the minimum signatures required - a 1-of-5 setup is no safer than 1-of-1 because you only need to corrupt one. The requirement is both: enough verifiers and a high enough threshold that the majority must collude.
R - Rate limits & circuit breakers. Even a fully secure bridge can be exploited if the damage from a single bad message is unbounded. A rate cap is an on-chain speed bump: if someone mints $500M of bridged tokens in an hour, the cap stops the transaction before it executes. The “all enabled chains” part is critical - a cap on the ETH→BNB route is useless if the Arbitrum→BNB route is uncapped. Attackers will always route through the weakest path. Circuit breakers work the same way as they do in traditional finance: they don’t prevent a problem from starting, but they limit how bad it gets before humans can respond.
T - Transparency, audits & bug bounties. These three together form a credible security posture. One audit from one firm can miss things while independent auditors find different vulnerabilities. Open source means the community and researchers can verify the claims in those audit reports and find issues the auditors missed. A bug bounty converts potential adversaries into paid researchers: if a white-hat finds a critical flaw, the bounty makes it more rational to disclose it than to exploit it. Any one of the three alone is insufficient: closed-source code with a bug bounty is unverifiable, open-source code with no bounty creates free labor for attackers who find bugs and face no competition from disclosers.
Exception - native mint/burn bridges. Some bridges don’t use a verifier network at all - they work by burning on the source chain and minting on the destination, controlled by the issuer directly. Circle’s CCTP works this way: Circle itself attests to every USDC move. Binance’s Token Hub works similarly. These can’t satisfy a “3 independent DVNs” requirement by design, and holding them to that standard would exclude assets that are genuinely secure by different means. The exemption acknowledges that custodial bridges trade decentralization for simplicity - the risk is concentrated in the issuer, not distributed across verifiers. That’s a different risk profile, not necessarily a worse one, but it should be assessed on issuer trust rather than DVN count.