“A trusted-party vulnerability (also called a ’backdoor’) is an undisclosed capability of a trusted party, that can compromise the function of the system,” Prestwich explained in a tweet outlining his findings. According to Prestwich, LayerZero has the ability to unilaterally steal or move around funds locked up with platforms that use its bridging services with default settings.
