Analyzing LayerZero’s Cross-Chain Architecture: What Happens When DVNs and Executors Replace Guardian Networks

A technical deep dive into LayerZero’s decentralized verification model, and what I discovered bridging ETH from Base to Ethereum.

// TL;DR

LayerZero separates message verification (DVNs) from execution (Executors) for security. Instead of Wormhole’s unified 19-Guardian network, LayerZero lets developers choose which verification services to trust and how many signatures they need.

I bridged 0.01 ETH from Base to Ethereum using Stargate (built on LayerZero) to test this architecture in practice. Here’s what I found:

Key Findings:

• Time: LayerZero Scan claimed 58 seconds, my actual experience was 12 minutes
• Cost: $2.16 total (mostly Ethereum gas, not LayerZero protocol fees)
• Verification: Watched two DVNs (Stargate + Nethermind) verify my transaction in real-time
• Tracking: Nearly impossible without going through Etherscan first
• Architecture: More flexible than Wormhole, but significantly more complex

The Trade-off: Customizable security models and developer flexibility vs. Wormhole’s simpler, proven approach.

Bottom line: LayerZero’s architecture works as advertised. The decentralized verification is real and visible. But the added complexity makes it harder to use and audit compared to Wormhole’s straightforward 13-of-19 Guardian model.

// The Transaction That Started This

On October 29, 2025, I clicked “Transfer” on Stargate Finance and watched 0.01053 ETH disappear from my Base wallet.

Twelve minutes later, 0.00998 ETH appeared on Ethereum.

During those 12 minutes, I had questions:

• How is this different from Wormhole’s Guardian network?
• What are DVNs and why are there two of them?
• Why does LayerZero Scan say “58 seconds” when I waited 12 minutes?
• Can I actually see the “decentralized verification” happening?

I’d just finished analyzing Wormhole’s 19-Guardian architecture in my previous post. Now I wanted to understand LayerZero’s alternative approach: separating verification from execution.

What I discovered was both impressive and frustrating. The architecture is elegant and truly decentralized—I could watch multiple independent verifiers confirm my transaction. But the user experience had serious problems that made me question whether added flexibility is worth the added complexity.

Here’s what actually happens when you bridge tokens using LayerZero.

// What I Saw as a User (The Stargate Experience)

Before diving into LayerZero’s architecture, I need to explain what I experienced as a user. Because LayerZero is a protocol (like Wormhole), not an app, I used Stargate Finance—the most popular bridge built on LayerZero.

Important distinction: LayerZero is the messaging protocol. Stargate is an application built on top of it. Like how Wormhole is the protocol and Portal Bridge is the app.

The interface looked simple:

• Go to stargate.finance
• Connect wallet (MetaMask)
• Select Base → Ethereum
• Enter amount: 0.01 ETH
• Choose route

This is where it got interesting.

The Route That Almost Cost Me 35%

Stargate’s interface showed a “Recommended” option: Aori

• Fee: “Free” 
• Speed: 14 seconds 
• Output: 0.006542 ETH

Wait. I’m sending 0.01 ETH and getting back 0.006542 ETH?

That’s a 34.6% loss on a “free” bridge.

I clicked “More Routes” to investigate. Hidden behind that button were three other options:

Route Comparison:

• Aori (Recommended): Output: 0.006542 ETH — Loss: 34.6% 
• Stargate V1: Output: 0.009968 ETH — Loss: 0.32%
• Stargate V2 Fast: Output: 0.009984 ETH — Loss: 0.16% ($8.88 fee, 20s)
• Stargate V2 Economy: Output: 0.009984 ETH — Loss: 0.16% ($2.09 gas + $0.06 fee, 10 min) 

The “recommended” route was 22x worse than the best option hidden in “More Routes.”

I chose Stargate V2 Economy: slower (10 minutes vs 20 seconds), but dramatically cheaper ($2.15 vs $8.88).

Note: These UX problems—hiding the best route, recommending expensive options—are Stargate’s implementation issues, not LayerZero protocol flaws. But they affected my experience significantly.

I clicked “Transfer” and confirmed in MetaMask.

Now the real test began: Could I track what LayerZero was actually doing?

// What Actually Happened: The LayerZero Process

While I waited those 12 minutes, I tried to understand what was happening under the hood. Here’s the 5-step process:

### Step 1: My ETH Was Locked on Base

The moment I clicked “Confirm” in MetaMask, Stargate’s smart contract on Base locked my 0.01053 ETH.

The contract didn’t “send” my ETH anywhere. It locked it in Stargate’s Base pool and emitted a LayerZero message:

“Release 0.00998 ETH from Ethereum pool to address 0x267F2726DD20A1C58FCC94820662D95420C6C68D”

But here’s the fundamental problem: Base can’t talk to Ethereum.

They’re separate blockchains with no communication channel. Base has no way to tell Ethereum this lock happened. Ethereum has no way to know it should release tokens.

This is exactly what cross-chain protocols solve. But the how is where LayerZero and Wormhole differ dramatically.

Base transaction hash: 0x4851b313d196a5f9dbc5ce524eb8408adb62e277bdd38991e4db8fb4f1734d36

At this point, my ETH was locked on Base. Nothing had happened on Ethereum yet. The clock started ticking.

### Step 2: DVNs Verified the Message

DVNs = Decentralized Verifier Networks

Here’s where LayerZero’s architecture gets interesting.

Instead of Wormhole’s 19 Guardians who all watch and sign together, LayerZero uses independent verification services called DVNs. Each runs their own infrastructure, watches blockchains independently, and signs off on messages.

Who are DVNs? Companies like:

• Google Cloud
• Stargate (yes, the app itself runs a DVN)
• Nethermind
• Polyhedra
• Axelar
• And dozens of others

The key difference from Wormhole: Developers choose which DVNs to trust.

For my transaction, Stargate’s developers chose to require:

• Stargate’s DVN (their own verification service)
• Nethermind’s DVN (independent Ethereum infrastructure company)

Both DVNs had to independently:

1. Run a full node on Base
2. Watch for LayerZero message events
3. See my transaction lock 0.01053 ETH
4. Verify the transaction finalized on Base
5. Verify the message came from legitimate Stargate contract
6. Check it hasn’t been processed before (prevent replay attacks)
7. Sign the message with their private key

Each DVN verified independently. No communication between them. No coordination.

When both confirmed the message was legitimate, they approved their signatures.

This is the “decentralized” part: Multiple independent companies with different infrastructure, different motivations, and different security models all had to agree my transaction was real before anything happened on Ethereum.

### Step 3: Executor Delivered the Message

Once the DVNs signed, the next step was ready for the Executor.

What’s an Executor? A service that:

• Watches for verified LayerZero messages
• Pays destination chain gas fees
• Submits the message + DVN signatures to the destination chain
• Cannot modify the message (already signed by DVNs)

Why separate execution from verification?

This is LayerZero’s key security innovation.

Wormhole’s model: Guardians verify AND relay the message. If Guardians collude, they can lie about what happened and deliver the fake message themselves.

LayerZero’s model: DVNs verify, Executor delivers.

To attack LayerZero’s model, there would need:

1. DVNs to lie about what happened, AND
2. Executor to deliver that fake message

Two separate entities must collude, which is harder to compromise.

In my transaction:

• Executor: Succeeded
• Committer: Succeeded

The Executor paid Ethereum gas (~$1.92) to submit my verified message on-chain.

### Step 4: Ethereum Verified and Released Tokens

Ethereum’s LayerZero Endpoint contract received:

• The message (“Release 0.00998 ETH to 0x267F…”)
• Stargate DVN’s signature
• Nethermind DVN’s signature

The contract verified:

• Both signatures are from authorized DVNs
• Signatures are valid
• Message hasn’t been processed before
• Stargate pool has sufficient ETH

Once all checks passed, Ethereum released 0.00998 ETH from Stargate’s pool to my wallet.

Transaction complete.

But wait—LayerZero Scan said this took 58 seconds. I waited 12 minutes. What happened?

### Step 5: The Mystery 11 Minutes

LayerZero Scan claimed: 58 seconds
My actual experience: 12 minutes

Here’s what I think happened:

The 58 seconds: DVN verification + Executor delivery (LayerZero’s internal process)

• Stargate DVN watches Base, sees transaction: ~10 seconds
• Nethermind DVN watches Base, sees transaction: ~10 seconds
• Both verify and sign: ~10 seconds
• Executor submits to Ethereum: ~28 seconds
• Total: 58 seconds 

The missing 11 minutes: Stargate’s batching delay

• Stargate V2 Economy doesn’t execute immediately after verification
• It waits for multiple transactions (“waiting for the bus to be full”)
• Batches multiple bridges into one Ethereum transaction
• Saves gas costs but adds user delay

LayerZero measured protocol speed (58s). I experienced application speed (12 min).

Compare to Wormhole:

• Wormhole Scan claimed: 47 seconds
• My actual experience: 47 seconds
• User experience matched protocol measurement 

Insight: When protocols don’t control the full user experience (apps built on top make independent choices), claimed speeds can differ dramatically from reality.

// The Architecture: (DVNs + Executors) vs Guardians

Let me break down how LayerZero’s model fundamentally differs from Wormhole’s.

LayerZero’s Model

1. User locks tokens on Source Chain
2. LayerZero emits message
3. DVNs watch Source Chain independently
4. Multiple DVNs verify and sign (Stargate + Nethermind)
5. Executor collects signatures
6. Executor delivers to Destination Chain
7. Destination Chain verifies DVN signatures
8. Tokens released

Key characteristics:

• Modular: Verification separated from delivery
• Flexible: Developers choose which DVNs and how many
• Customizable: X-of-Y configuration
• No single point of control: Multiple independent companies involved

Wormhole’s Model

1. User locks tokens on Source Chain
2. 19 Guardians all watch Source Chain
3. 13 of 19 Guardians sign VAA
4. Relayer delivers VAA to Destination Chain
5. Destination Chain verifies 13/19 signatures
6. Tokens released

Key characteristics:

• Unified: Same 19 Guardians for everything
• Simple: One security model, everyone uses it
• Proven: Battle-tested with billions in volume
• Transparent: 19 known companies, clear threshold

Security Comparison

Wormhole’s security:

• Requires 13 of 19 specific companies to collude
• All Guardians are major validators (Jump Crypto, Figment, etc.)
• Each has $100M+/year businesses at stake
• Attack requires compromising 68% of known entities

LayerZero’s security:

• Requires DVNs + Executor to collude
• In my case: Stargate + Nethermind + Executor all must fail
• Each app chooses different DVN combinations
• More flexible, but harder to audit (many configurations)

Which is “safer”?

Neither is objectively better. Different trade-offs:

Wormhole:

• ✅ Simpler to audit (one model)
• ✅ Proven track record
• ✅ Known entities
• ❌ Less flexible
• ❌ Can’t customize security

LayerZero:

• ✅ Customizable security per app
• ✅ More decentralized (many DVN options)
• ✅ Separation of concerns (verify vs execute)
• ❌ Complex (harder to audit)
• ❌ Trust model varies by app
• ❌ Newer, less battle-tested

My take: For users, both are reasonably secure. For developers who need custom security models, LayerZero offers more control.

// The Tracking Challenge

My Tracking Journey

Attempt 1: Search Base transaction hash on LayerZero Scan

• Pasted: 0x4851b313d196a5f9dbc5ce524eb8408adb62e277bdd38991e4db8fb4f1734d36
• Result: “Transaction not found” ❌

Attempt 2: Search my wallet address

• Pasted: 0x267F2726DD20A1C58FCC94820662D95420C6C68D
• Result: No recent transactions shown ❌

Attempt 3: Wait and try again

• Waited 15 minutes after completion
• Tried Base tx hash again
• Result: Still not found ❌

Attempt 4: Go through Etherscan

• Searched my address on Etherscan
• Found recent ETH transfer
• Clicked “Internal Transactions” tab
• Found the LayerZero message execution
• Copied Ethereum tx hash: 0x763e5a0e8a8001c3ae5d7e6925aba888171338dc6e486d58b609d15ec6e99f0c
• Searched THIS on LayerZero Scan
• Finally found it! ✅

Compare to Wormhole

Wormhole tracking:

1. Copy source transaction hash
2. Paste into Wormhole Scan
3. See full journey immediately

Question: Would a non-technical user figure out step 3-6?

Probably not.

Why Is Tracking Harder?

LayerZero uses different identifiers than source chain transactions. The “message” has its own ID separate from the Base transaction hash.

Wormhole’s VAA (Verified Action Approval) is more directly tied to the source transaction, making it easier to track.

This is a real UX problem. Transparency only matters if users can actually access it.

// What I Learned About LayerZero

1. Decentralized Verification Is Real (and Visible)

Unlike Wormhole’s Guardian signatures which are somewhat abstract, I could see LayerZero’s verification in action:

• Executor: SUCCEEDED 
• Committer: SUCCEEDED 
• Required DVN (Stargate): SUCCEEDED 
• Required DVN (Nethermind): SUCCEEDED 

This is what “decentralized verification” looks like in practice. Two independent companies both confirmed my transaction was legitimate before execution.

No single entity controlled the process. Both had to agree.

This is genuinely impressive. The architecture works.

2. Flexibility Comes With Complexity

LayerZero’s strength is also its weakness.

Developers can choose:

• Which DVNs to trust
• How many signatures required (X-of-Y)
• Different security models per application
• Which Executor to use

This means:

• Every app on LayerZero has different security
• Users can’t easily compare safety
• Auditing is much harder (must audit each config)
• No “standard” LayerZero security—it varies

Wormhole’s approach: One model, everyone uses it. Simple. Auditable. Proven.

LayerZero’s approach: Infinite configurations. Powerful for developers. Potentiall confusing for users.

Trade-off: Power and flexibility vs. simplicity and clarity.

3. Protocol Speed ≠ User Experience

This was my biggest surprise.

LayerZero (protocol): Verified and delivered my message in 58 seconds.

Stargate (application): Waited 12 minutes for batching.

The protocol did its job fast. The app built on top added delays for its own reasons (gas optimization through batching).

Wormhole controls both: The protocol AND the main application (Portal Bridge). This creates a more consistent user experience—what’s claimed matches what you get.

LayerZero doesn’t control Stargate’s choices. Apps can add arbitrary delays, and users blame “LayerZero” even though the protocol was fast.

Lesson: Protocols that allow third-party apps sacrifice user experience consistency for ecosystem flexibility.

4. Architecture Doesn’t Determine Cost

My final cost: $2.16

Breakdown:

• Base gas: $0.009 (0.4%)
• Ethereum gas: $1.92 (88.9%)
• Stargate protocol fee: $0.24 (11.1%)

89% of my cost was Ethereum gas, not LayerZero or Stargate.

Compare to my Wormhole transaction (SUI → Ethereum, 1,020 USDC):

• SUI gas: $0.32
• Ethereum gas: $10.99 (97%)
• Wormhole fee: $0

The pattern: Destination chain gas dominates cost, regardless of bridge protocol.

Insight: The blockchain you’re bridging TO matters more than which protocol you use. Ethereum mainnet is expensive whether you use Wormhole, LayerZero, or anything else.

If cost matters, bridge to L2s (Arbitrum, Base, Optimism) where gas is $0.01-0.10, not $2-11.

5. Trust Models Are Different, Not Better / Worse

After analyzing both:

Wormhole asks you to trust:

• 19 specific companies not to collude (need 13)
• All are major validators with huge reputational stakes
• One consistent model across all bridges

LayerZero asks you to trust:

• Whichever DVNs the app developer chose
• Plus the Executor service
• Different combinations for different apps

Neither is objectively “more secure.”

Both rely on economic incentives (reputation worth more than theft). Both use threshold signatures (need multiple parties to collude). Both are pragmatically secure for reasonable amounts.

The difference: Wormhole is transparent about its trust model. LayerZero’s trust model varies by application and requires more research to understand.

// When to Use LayerZero vs Wormhole

After testing both, here’s my practical guidance:

Use Wormhole When:

1. Speed is critical

• Need tokens in under 1 minute
• Time-sensitive trades or transactions
• Can’t wait 10+ minutes

2. You want simplicity

• Clear security model (13 of 19 Guardians)
• Easy tracking (paste tx hash, see everything)
• Proven track record

3. Large amounts

• Wormhole has handled billions
• 19 Guardians provide strong security
• Battle-tested with major hacks already survived

4. Standard routes

• Popular chains (Ethereum, Solana, Polygon, etc.)
• Well-supported token pairs
• Mainstream use cases

Use LayerZero When:

1. You’re building an application

• Need custom security models
• Want to choose your own DVNs
• Require specific verification logic

2. Cost is priority over speed

• Can wait 10-15 minutes
• Apps might batch for gas savings
• Small amounts where $1-2 matters

3. You want flexibility

• Non-standard security requirements
• Specific DVN preferences
• Customized trust models

4. You’re technical enough

• Can navigate tracking challenges
• Can evaluate DVN security yourself
• Comfortable with complexity

For Regular Users:

Honest assessment: Both work fine.

Don’t overthink it. Check:

1. Which bridge supports your route
2. Current fees at the time
3. How fast you need it
4. Which interface you prefer

The security difference between Wormhole’s 13-of-19 Guardians and LayerZero’s DVN+Executor model is marginal for typical use cases ($100-$10,000 bridges).

Both are pragmatically secure. Both have economic incentives aligned. Both will probably work.

// What This Means for Cross-Chain’s Future

I see cross-chain bridges evolving through generations:

Gen 1: Centralized bridges (single point of failure)

• Example: Early Wrapped BTC bridges
• Problem: One company controls everything

Gen 2: Reputation-based multi-party security

• Example: Wormhole (19 Guardians), LayerZero (DVNs)
• Trade-off: Trust companies with reputations at stake
• We are here ←

Gen 3: Optimistic verification

• Example: Nomad, Connext
• Trade-off: Slow (30-60 min fraud proof window) but more trustless

Gen 4: Zero-knowledge proofs

• Example: Future upgrades to both Wormhole and LayerZero
• Goal: Pure cryptographic verification, no trust needed
• Challenge: Extremely expensive on-chain verification (today)

LayerZero and Wormhole represent Gen 2. Both acknowledge they’re not perfectly trustless. Both plan to upgrade to ZK proofs eventually.

The difference: Wormhole chose simplicity while waiting for Gen 4. LayerZero chose flexibility.

Neither is wrong. They’re solving today’s problem with different philosophies while planning the same long-term solution.

// Final Thoughts

After bridging with both Wormhole and LayerZero, here’s what I’ve learned:

The architecture difference matters less than I expected.

Yes, LayerZero’s DVN+Executor separation is more theoretically decentralized than Wormhole’s Guardian network. Yes, Wormhole’s 13-of-19 model is simpler to audit. But in practice? Both rely on companies with reputational stakes not to steal your money.

The real differences:

Wormhole:

• ✅ Simpler
• ✅ Faster (47 seconds actual)
• ✅ Easier to track
• ✅ More proven
• ❌ Less flexible
• ❌ Can’t customize security

LayerZero:

• ✅ More flexible
• ✅ Customizable security
• ✅ Visible decentralization
• ❌ More complex
• ❌ Slower in practice (12 minutes)
• ❌ Harder to track

For users: Pick based on the app (Stargate vs Portal), not the protocol.

For developers: LayerZero offers meaningful advantages if you need custom security models.

For the industry: We’re still waiting for true trustlessness. Zero-knowledge proofs will eventually make both models obsolete.

Until then, I’m comfortable using either bridge.

The 19 Guardians and the DVN+Executor model both have enough security to be safe for typical bridges. I’ve seen both work. I understand the trade-offs. Neither is perfect, but both are good enough for now.

My one-sentence verdict: LayerZero’s architecture is impressive and genuinely decentralized, but the added complexity makes it harder to use and audit compared to Wormhole’s straightforward approach—choose based on whether you value flexibility over simplicity.

Next up: I’m testing Axelar’s validator set model to see how their Cosmos-based approach compares to both Wormhole and LayerZero. Stay tuned.

// Resources

• LayerZero Documentation
• My transaction on LayerZero Scan
• Stargate Bridge