Boundless DVN
Book a call
Apr 18 · $292M drained · 20+ OFT bridges frozen

A ZK DVN for LayerZero. Different trust assumptions for cross-chain delivery.

Boundless is a DVN that verifies messages with ZK-backed consensus proofs. It layers on top of today's trust-based DVNs, so an attacker has to break two different security assumptions, not one.

See the live demoReach out to explore
Security model
Independent
trust assumptions
Typical amortized cost
< $0.01
per message
Integration
1 config
change to your DVN setup
Apr 18 · Defense in depth

Why add a ZK DVN? It fails differently.

What happened

On Apr 18 an attacker poisoned the RPC nodes the LayerZero Labs DVN trusted for source-chain data. The 1/1 DVN config attested to forged messages. $292M drained in one tx, every OFT bridge using the default config froze within hours.

Apr 18 · the toll from a single 1/1 DVN config
$292M
drained from KelpDAO
$196M
bad debt on Aave
20+
OFT bridges frozen
$13B
TVL wiped in 48h

Most current DVNs reduce to operator honesty and RPC integrity. Boundless reduces to validator signatures, proof verification, and circuit soundness. That does not make it magic. It makes it a different security layer.

That only matters if it is practical to deploy. For routine cross-chain flows, it already is: proof cost can amortize below a cent per message at normal volume.

01
Trust-based DVN
Signed attestation
  • A multisig signs that it saw the message.
  • Truth comes from an RPC node.
  • Failure: RPC spoofing, operator compromise, key theft.
  • The attack surface Apr 18 exploited.
02
Boundless DVN
ZK proof
  • A ZK circuit verifies the source chain's state directly.
  • Truth comes from validator BLS signatures.
  • Failure: circuit bug or cryptographic break — different surface, audited.
  • Decentralized proving — no single prover can forge.

Boundless does not replace your current DVNs. It adds an independent verification layer whose failure modes do not overlap with a trust-based DVN. The result is stronger defense in depth without asking you to rip out the stack you already run.

How it works

Same LayerZero packet. Four steps. The only new part is the proof.

01
OApp.send() fires normally.
SendLib calls assignJob() on Boundless as an optional DVN. No OApp code changes.
02
Marketplace fulfills a consensus proof.
Signal-Ethereum or Helios for Ethereum; blobstream0 for Cosmos. Auctioned competitively — no designated operator.
03
Destination verifies on-chain.
ReceiveUln302.verify() runs the RISC Zero check against the published image ID. ~35K gas on L2. Seal fails, verify reverts.
04
Thresholds met. Message delivers.
Your current DVNs stay in place. Boundless is additive. One setConfig() line, no governance, no migration.
Live end-to-end example · Sepolia ↔ Base Sepolia

A Boundless DVN example is live today.

This example shows the full LayerZero integration shape on a live Sepolia ↔ Base Sepolia corridor. The same pattern can be extended to additional chains and hardened for partner-specific production routes.

Ethereum Sepolia
source · eid 40161
OApp.send()
PacketSent
SendLib.assignJob
Boundless
ZK proving · marketplace
ProofRequest · signal-eth
Prover fulfills seal
Seal ready · R0 Groth16
Base Sepolia
destination · eid 40245
BoundlessDVN.attest()
ReceiveUln302.verify()
OApp.lzReceive()
Current step
Ready
Click Send to run the Boundless DVN example flow.
adapter.log
connected
Waiting for job…
Live end-to-end example. This is not a mock. It demonstrates the integration shape, message flow, and verification path on a real Sepolia ↔ Base Sepolia corridor today. From here, the same design can be extended to additional chains and hardened for production use based on partner demand.
Support today

Live example today, with a stack built to cover the routes most EVM teams care about first.

The live corridor proves the design on a real route today. From there, the same verification pattern can be carried into the inbound and outbound routes partners care about first.

Live end-to-end example
Sepolia <-> Base Sepolia
A full Boundless DVN example is live today on this corridor.
Inbound support today
Any EVM chain
Examples exist today for Ethereum L1 and OP Stack sources. Using existing patterns, the same design can support inbound verification from EVM chains more broadly.
Outbound support today
Any EVM chain
The Boundless DVN pattern can be deployed to EVM destinations using the same integration shape shown in the live example.
Route expansion
Additional chains by demand
Support expands from the live corridor into partner routes based on demand, route economics, and security requirements.

Production routes expand from the same design, starting with the corridors partners care about most.

Cost — measured, not estimated

Security you can price today: practical for routine flows, stronger proofs for higher-stakes transfers.

You do not need to choose between stronger verification and workable margins. Pick the proof tier that matches the value at risk and the latency you can tolerate. Every cycle count below is from an R0 executor run against live or realistic data.

Light tier · up to $20M per proof
Helios
Sync committee + finalized Ethereum header (~512-validator quorum)
1.19Bcycles
Measured against live mainnet · 2026-04-21 · slot 14,164,555
~$0.05
Per proof · marketplace pass-through + on-chain verify gas
Use for flows where the value covered by a single proof stays under ~$20M: standard USDe, crvUSD, earnETH, pufETH, BTC-LST transfers.
Full tier · transfer billions
Signal-Ethereum
Casper FFG finality over the full validator set (~1M validators, slashable)
~38Bcycles
Per-epoch proof · measured against mainnet validator set
Cost of verification only
Public good · Boundless-sponsored. Proofs currently take tens of minutes — slower than Helios, but backed by the full validator set today. Upgrades coming.
Use when a single proof needs to cover more than $20M of value, or when your counterparties require full-validator slashable economic security.

Helios is the practical default for routine flows. When the value settled by a single proof crosses ~$20M, or when counterparties want full-validator slashable security, move to Signal. Boundless currently sponsors Signal proof generation, so the incremental cost is dominated by on-chain verify gas. The tradeoff is latency: tens of minutes per proof today. Same DVN contract, same integration surface — you choose the proof tier per flow.

What this works out to per message
Flow
Primitive
Cycles
Per proof
Amortized / msg
L1 → L2 OFT · typical volume (100+/day)
Helios
1.19B
~$0.05
< $0.01
L1 → L2 OFT · low volume (< 10/day)
Helios
1.19B
~$0.05
< $0.06
L2 → L1 message (Base, Optimism origin)
Steel · OP dispute game
~80–150M
$0.002–$0.01
< $0.01
High-value L1 flow · full validator attestation
Signal-Ethereum
~38B
Sponsored · slower, more secure
verify gas only
Cosmos SDK → EVM · USDT, Celestia, dYdX, Noble
blobstream0 · CometBFT
~40M
$0.001–$0.002
< $0.01

Destination-side on-chain verify() is ~35K gas on any L2 (~$0.01) and ~50K gas on Ethereum L1 (varies with L1 gas price). That cost is the same for every tier.

The batching multiplier

One proof covers every message in its window. Batch your outbound flow and per-message cost collapses toward the verify gas.

A Helios proof covers a ~27-hour sync-committee window. A Signal proof covers a ~12.8-minute epoch. A blobstream0 proof can cover 1,000+ Cosmos headers at the same cycle cost as one. You don't pay per-message — you pay per proof, and the proof is shared across every message the DVN attests in that window.

1 msg / window
$0.05
/ msg
10 msgs / window
$0.005
/ msg
100 msgs / window
$0.0005
/ msg
1,000 msgs / window
< $0.0001
/ msg
Illustrative, using the Helios baseline ($0.05/proof) + ~$0.01 L2 verify gas per message. L2 → L1 Steel and blobstream0 batching scale the same way.
Why the floor is this low.
Every proof request runs a reverse auction on Boundless. Provers undercut each other for the work — 3,000+ have competed, the most efficient operators stay. Since launch, the marketplace rate has fallen 98%.
$1.00 → $0.025 per 1B cycles
Marketplace rate · 2024 → 2026
And it gets cheaper.
Faster proving systems are integrating now, so these economics should improve from here rather than deteriorate. We quote the current measured ranges, then size the actual profile against your message load.
Volume & SLA terms
Quoted by conversation

The numbers above are marketplace pass-through as of April 2026 at the spot floor. Dedicated proving capacity, SLA-backed uptime, and volume discounts aren't published — if this matches a flow you care about, reach out and we'll size the actual profile against your message load.

Why this is deployable now

Audited primitives, live proving volume, and a verifier stack you can carry into partner routes.

Sigma Prime
Signal-Ethereum audit
ZK Casper FFG finality for Ethereum L1.
Live today on Base at 0x734d…3198. Covers any OApp whose canonical supply lives on L1 — USDe, crvUSD, earnETH, pufETH.
a16z
Helios audit
ZK beacon-chain light client.
Measured: 1.19B cycles per L1 update. Anchors any EVM destination to Ethereum consensus — Base, Optimism, Arbitrum, Unichain.
74.1T
Signal cycles / week
Proving at production scale.
Not a testnet benchmark — the live Signal deployment runs this load every week on the Boundless marketplace.
3,000+
Provers competed to date
No single operator can fail you.
Every job is a reverse auction. Same decentralized proving stack already serving Steel on-chain state reads at ~$0.01 / L2 update.
What integration would look like

One setConfig() tx. No governance. No migration.

Boundless layers onto your current DVN stack without replacing it. LayerZero calls this an optional DVN in config. With optionalDVNThreshold = 1, Boundless becomes part of the enforced verification path for every message. Snippet below is illustrative — exact values depend on your OApp's DVN set and destination chains.

Book a call →See the full walkthrough
Testnet
Ethereum Sepolia → Base Sepolia
Target mainnets
Ethereum, Base, Optimism, Arbitrum
Launch pricing
Marketplace pass-through
SLAs / volume terms
By conversation
// 1. Deploy Boundless DVN is already done for you on your destination chain.
//    Addresses live in https://boundless.network/dvn/addresses.
 
address constant BOUNDLESS_DVN = 0x0000_...9AF2; // Base mainnet
address constant LZ_LABS_DVN  = 0x589D...5BE8; // keep your existing required DVN
 
UlnConfig memory cfg = UlnConfig({
    confirmations: 15,
    requiredDVNCount: 1,
    optionalDVNCount: 1,
    optionalDVNThreshold: 1,       // message cannot commit without ZK proof
    requiredDVNs:  toArray(LZ_LABS_DVN),
    optionalDVNs:  toArray(BOUNDLESS_DVN)
});
 
SetConfigParam[] memory params = new SetConfigParam[](1);
params[0] = SetConfigParam({
    eid: BASE_EID,
    configType: 2,                 // ULN config
    config: abi.encode(cfg)
});
 
// 2. One tx, OApp-owner signed.
ILayerZeroEndpointV2(ENDPOINT_V2).setConfig(oapp, receiveLib, params);
 
FAQ

Questions security, bridge, and integration teams will ask first.

The short answers below are meant to make the design, the live example, and the current support surface legible without a separate architecture review.

Why add Boundless if we already use LayerZero DVNs?
Because Boundless adds a different verification model, not just another operator with similar trust assumptions. It is meant to layer onto an existing DVN setup, not force a rewrite.
What changes in our integration?
At the LayerZero level, this is a setConfig() change to include Boundless in the verification path for the routes you care about. You do not need to redesign your OApp architecture to evaluate it.
What is live today?
A live end-to-end example is already running on a Sepolia <-> Base Sepolia corridor. It shows the message flow, verification path, and LayerZero integration shape on a real route.
Which inbound routes can you support today?
Examples exist today for Ethereum L1 and OP Stack sources. Using existing patterns, the same design can support inbound verification from EVM chains more broadly.
Which outbound routes can you support today?
The Boundless DVN pattern can be deployed to EVM destination chains using the same integration shape shown in the live example, with the exact route rollout prioritized by partner demand.
What trust assumptions does Boundless add?
Most current DVNs ultimately rely on operator honesty and RPC integrity. Boundless adds a ZK-backed verification path with different assumptions, so the combined system is harder to break in the same way.
What should we expect on cost?
The point is stronger verification with practical unit economics for real cross-chain flows. Cost depends on proof tier, message volume, and destination-chain gas.
Can this expand beyond the example corridor?
Yes. The live example proves the pattern today. From there, the same design can be extended to additional routes and hardened for production deployments.