Skip to content

docs: add layer zero bridge upgrade documentation#236

Open
zeroxnoodle wants to merge 5 commits into
mainfrom
lz-bridge-upgrade
Open

docs: add layer zero bridge upgrade documentation#236
zeroxnoodle wants to merge 5 commits into
mainfrom
lz-bridge-upgrade

Conversation

@zeroxnoodle

@zeroxnoodle zeroxnoodle commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Documentation
    • Updated cross-chain bridge overview with the current native OHM bridge architecture across EVM (LayerZero V2) and Solana (Chainlink CCIP), including supported network and lane guidance
    • Added a new bridge technical-details page covering lane-specific security guardrails, rate limits, and supply safety mechanisms
    • Updated the audits page with the latest LayerZero Bridge security upgrade audit entry
    • Removed outdated bridge status notices and contract/mechanism descriptions now centralized in the technical-details page

@zeroxnoodle zeroxnoodle requested a review from 0xJem June 16, 2026 14:59
@vercel

vercel Bot commented Jun 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
olympus-docs Ready Ready Preview, Comment Jun 23, 2026 2:01pm

Request Review

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown

⚠️ Security Vulnerabilities Found ⚠️

The following security vulnerabilities with a warning level of moderate or above were found in your dependencies:

Module Name Version Severity URL
http-proxy-middleware 2.0.9 moderate GHSA-64mm-vxmg-q3vj

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 03b51650-5d03-433b-bb7b-182e599a902e

📥 Commits

Reviewing files that changed from the base of the PR and between a02fd64 and 4499df1.

📒 Files selected for processing (4)
  • docs/overview/07_cross-chain/index.md
  • docs/overview/09_range-bound.md
  • docs/overview/10_convertible-deposits.md
  • docs/security/02_audits.md
✅ Files skipped from review due to trivial changes (1)
  • docs/security/02_audits.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • docs/overview/07_cross-chain/index.md

Walkthrough

The PR restructures docs/overview/07_cross-chain.md into a directory (07_cross-chain/) containing index.md, bridge-technical-details.md, and _category_.json. The overview is rewritten for the current two-lane model (LayerZero V2 EVM, Chainlink CCIP Solana), and a new technical-details page documents per-lane architecture, security guardrails, accounting flows, and audits. One new audit row (Guardian, June 2026) is appended to docs/security/02_audits.md.

Changes

Cross-Chain Bridge Documentation Overhaul

Layer / File(s) Summary
Directory structure and legacy overview rewrite
docs/overview/07_cross-chain/_category_.json, docs/overview/07_cross-chain.md
Adds _category_.json configuring the section as a collapsible sidebar item; rewrites legacy 07_cross-chain.md to describe the LayerZero V2 EVM and Chainlink CCIP Solana lane model, expands the bridge-lanes table with non-canonical EVM↔EVM routes, replaces inline mechanism/security/pros-cons sections with a lane-by-lane guardrail comparison table and updated audit attributions (Guardian June 2026, Electisec), and defers architecture details to the new technical-details page.
Index page: bridge overview, lanes, and user guidance
docs/overview/07_cross-chain/index.md
Populates the landing page with native OHM bridging concept, two-lane descriptions, step-by-step UI instructions, supported networks list, a bridge lanes table mapping source/destination combos to messaging provider and accounting model, a native-vs-wrapped security comparison with lane guardrail table, audit attributions, and a contracts section.
Technical details: OHM supply model and LayerZero V2 lane architecture
docs/overview/07_cross-chain/bridge-technical-details.md
Creates the technical-details page: establishes canonical-chain OHM supply model, explains the LayerZero V2 rebuild rationale (mutable defaults, missing rate limits, weaker retry validation), details the four-contract architecture and layered guardrails (four DVNs per route, bidirectional 24h rolling rate limits with per-lane caps, OHM-return hard cap, timelock-gated config with emergency-cancel role, hardened message handling), documents burn-and-mint accounting pseudocode, and adds a before/after migration comparison table.
Technical details: Chainlink CCIP lane, audit references, and audit table entry
docs/overview/07_cross-chain/bridge-technical-details.md, docs/security/02_audits.md
Adds the Chainlink CCIP Solana lane section (CCIPCrossChainBridge, lock/release vs burn/mint token pools, capacity-based rate limiting, DAO ownership, emergency shutdown controls, bounded-supply argument), security/audits cross-reference section, concluding navigation links, and appends the 2026-06 Guardian LayerZero Bridge audit row to the audits table.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • OlympusDAO/olympus-docs#224: Adds CCIPCrossChainBridge and CCIPLockReleaseTokenPool contract address entries that the new bridge-technical-details.md page directly references in its Chainlink CCIP lane documentation.
  • OlympusDAO/olympus-docs#233: Both PRs modify docs/security/02_audits.md by adding/updating audit table rows and anchors.
  • OlympusDAO/olympus-docs#234: Both PRs rework docs/overview/07_cross-chain.md bridge-lane descriptions and security/audit references for the CCIP and LayerZero bridging design.

Suggested reviewers

  • o0j4yj4y0o

Poem

🐇 Hop across the chains with ease,
LayerZero burns and mints as you please,
CCIP locks on Ethereum's shore,
Four DVN guardians watch the door,
Rate limits cap what flows each day —
The bridge docs hopped a better way! 🌉

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'docs: add layer zero bridge upgrade documentation' accurately describes the main change—adding comprehensive documentation for the LayerZero bridge upgrade across multiple docs files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch lz-bridge-upgrade

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (5)
docs/overview/10_layerzero-bridge-upgrade.md (4)

100-100: 💤 Low value

Simplify "for lack of" to reduce wordiness.

Line 100 states: "a transfer can't get stuck part-way through for lack of gas." Consider "due to insufficient gas" or simply "without sufficient gas" for conciseness.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/overview/10_layerzero-bridge-upgrade.md` at line 100, In the Guaranteed
gas section, simplify the phrase "for lack of gas" in the sentence about
transfers getting stuck. Replace "for lack of gas" with a more concise
alternative such as "due to insufficient gas" or "without sufficient gas" to
reduce wordiness while maintaining clarity and meaning.

Source: Linters/SAST tools


125-125: 💤 Low value

Simplify "in existence" to reduce wordiness.

Line 125 reads: "bridging never changes the total amount of OHM in existence." Shorten to "never changes the total OHM supply" or "total OHM amount" for clarity and conciseness.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/overview/10_layerzero-bridge-upgrade.md` at line 125, Simplify the
wording in the sentence to reduce verbosity. Replace the phrase "the total
amount of OHM in existence" with either "the total OHM supply" or "the total OHM
amount" in the context where it describes that bridging never changes this
value. This makes the documentation more concise and easier to read while
maintaining the same meaning.

Source: Linters/SAST tools


25-28: 💤 Low value

Reduce repetition of "It" at the start of successive sentences.

Lines 25–28 begin three consecutive sentences with "It", creating a repetitive rhythm. Consider restructuring to vary the sentence starters. For example:

  • Line 25: "It relied on..." → "The bridge relied on..."
  • Line 26: "It had no rate limits..." → "Rate limits were absent..." or "The bridge lacked rate limits..."
  • Line 27: "It had no hard cap..." → "A hard cap on OHM returning to Ethereum did not exist..."

This improves readability without changing the meaning.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/overview/10_layerzero-bridge-upgrade.md` around lines 25 - 28, The
section describing the bridge's vulnerabilities (lines 25-28) has repetitive
sentence starters where three consecutive bullet points begin with "It".
Restructure each sentence to use different openers while preserving the meaning:
Change "It relied on LayerZero's default messaging configuration..." to "The
bridge relied on..." or similar; Change "It had no rate limits..." to "Rate
limits were absent..." or "The bridge lacked rate limits..."; Change "It had no
hard cap..." to "A hard cap on OHM returning to Ethereum did not exist..." or
similar variation. This improves readability by breaking the repetitive pattern
without altering the technical content.

Source: Linters/SAST tools


98-98: 💤 Low value

Simplify "old custom" to reduce wordiness.

Line 98 uses "old custom message-retry path". Consider shortening to "custom message-retry path" since "old" is implied by the context (comparing "before" and "after"). Alternatively, "legacy message-retry path" is more concise.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/overview/10_layerzero-bridge-upgrade.md` at line 98, Simplify the phrase
"old custom message-retry path" in the document to reduce wordiness. Since the
context of comparing the before and after states already implies this is the
older approach, replace "old custom message-retry path" with simply "custom
message-retry path" or alternatively use "legacy message-retry path" if you
prefer a single descriptive term. This maintains clarity while improving the
conciseness of the sentence.

Source: Linters/SAST tools

docs/security/02_audits.md (1)

36-36: 💤 Low value

Use descriptive link text instead of generic "[Link]".

Line 36 uses generic "[Link]" as the link text. For accessibility and clarity, replace with a descriptive label like "Guardian audit report". This helps screen readers and users understand what the link points to at a glance.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/security/02_audits.md` at line 36, Replace the generic "[Link]" text in
the LayerZero Bridge audit table row with a descriptive label that clearly
indicates what the link contains. Change "[Link]" to "[Guardian audit report]"
or similar descriptive text that explains the destination and purpose of the
link. This improves accessibility for screen readers and provides users with
immediate clarity about what they are clicking on without needing to follow the
link first.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/overview/10_layerzero-bridge-upgrade.md`:
- Around line 1-165: The Prettier formatter is failing on three documentation
files, blocking the build pipeline. Run prettier --write on each of the three
affected files to automatically format them according to project standards:
docs/overview/10_layerzero-bridge-upgrade.md (lines 1-165),
docs/overview/07_cross-chain.md (lines 1-121), and docs/security/02_audits.md
(lines 1-37). After formatting all three files, commit the changes and re-run
the GitHub Actions CI pipeline to confirm the build passes.

---

Nitpick comments:
In `@docs/overview/10_layerzero-bridge-upgrade.md`:
- Line 100: In the Guaranteed gas section, simplify the phrase "for lack of gas"
in the sentence about transfers getting stuck. Replace "for lack of gas" with a
more concise alternative such as "due to insufficient gas" or "without
sufficient gas" to reduce wordiness while maintaining clarity and meaning.
- Line 125: Simplify the wording in the sentence to reduce verbosity. Replace
the phrase "the total amount of OHM in existence" with either "the total OHM
supply" or "the total OHM amount" in the context where it describes that
bridging never changes this value. This makes the documentation more concise and
easier to read while maintaining the same meaning.
- Around line 25-28: The section describing the bridge's vulnerabilities (lines
25-28) has repetitive sentence starters where three consecutive bullet points
begin with "It". Restructure each sentence to use different openers while
preserving the meaning: Change "It relied on LayerZero's default messaging
configuration..." to "The bridge relied on..." or similar; Change "It had no
rate limits..." to "Rate limits were absent..." or "The bridge lacked rate
limits..."; Change "It had no hard cap..." to "A hard cap on OHM returning to
Ethereum did not exist..." or similar variation. This improves readability by
breaking the repetitive pattern without altering the technical content.
- Line 98: Simplify the phrase "old custom message-retry path" in the document
to reduce wordiness. Since the context of comparing the before and after states
already implies this is the older approach, replace "old custom message-retry
path" with simply "custom message-retry path" or alternatively use "legacy
message-retry path" if you prefer a single descriptive term. This maintains
clarity while improving the conciseness of the sentence.

In `@docs/security/02_audits.md`:
- Line 36: Replace the generic "[Link]" text in the LayerZero Bridge audit table
row with a descriptive label that clearly indicates what the link contains.
Change "[Link]" to "[Guardian audit report]" or similar descriptive text that
explains the destination and purpose of the link. This improves accessibility
for screen readers and provides users with immediate clarity about what they are
clicking on without needing to follow the link first.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f388f6bb-801a-46fb-93a9-fb4bca77e5eb

📥 Commits

Reviewing files that changed from the base of the PR and between 15e6b40 and 1307890.

📒 Files selected for processing (3)
  • docs/overview/07_cross-chain.md
  • docs/overview/10_layerzero-bridge-upgrade.md
  • docs/security/02_audits.md

Comment thread docs/overview/10_layerzero-bridge-upgrade.md Outdated
@0xJem

0xJem commented Jun 17, 2026

Copy link
Copy Markdown
Member

Dependency issues resolved in #235

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/security/02_audits.md`:
- Line 36: The link text "[Link]" in the LayerZero Bridge audit table entry is
too generic and violates markdownlint's descriptive-link-text rule, affecting
documentation build quality. Replace the generic "[Link]" text with a more
descriptive label such as "Guardian audit report" to provide better
accessibility and context about what the link contains. Make sure the new
descriptive text clearly indicates it is an audit report from Guardian.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 29fd80e0-f84c-4263-80c7-addb5b964a4a

📥 Commits

Reviewing files that changed from the base of the PR and between 1307890 and e23e5e7.

📒 Files selected for processing (3)
  • docs/overview/07_cross-chain.md
  • docs/overview/10_layerzero-bridge-upgrade.md
  • docs/security/02_audits.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • docs/overview/07_cross-chain.md

| 2025-09 | <span id="convertible-deposits"></span>Convertible Deposits | Guardian Audits | Convertible Deposits | [Link](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2025-09_Convertible_Deposits-Guardian.pdf) |
| 2025-10 | Convertible Deposits | Trust | Convertible Deposits | [Link](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2025-10_Convertible_Deposits-Trust.pdf) |
| 2026-02 | <span id="ohm-v1-migrator"></span>OHM v1 Migrator | Guardian | OHM v1 migration and TokenMigrator defunding | [Link](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-02_Migrator.pdf) |
| 2026-06 | <span id="layerzero-bridge"></span>LayerZero Bridge | Guardian | LayerZero Bridge Security Upgrade | [Link](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf) |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use descriptive text for the audit link.

[Link] is too generic and triggers the markdownlint descriptive-link-text warning. Rename it to something like Guardian audit report for accessibility and to keep the docs build clean.

🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 36-36: Link text should be descriptive

(MD059, descriptive-link-text)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/security/02_audits.md` at line 36, The link text "[Link]" in the
LayerZero Bridge audit table entry is too generic and violates markdownlint's
descriptive-link-text rule, affecting documentation build quality. Replace the
generic "[Link]" text with a more descriptive label such as "Guardian audit
report" to provide better accessibility and context about what the link
contains. Make sure the new descriptive text clearly indicates it is an audit
report from Guardian.

Source: Linters/SAST tools


![Bridge Exploits](/gitbook/assets/bridgeExploits.png)
| Property | EVM lane — LayerZero V2 | Solana lane — Chainlink CCIP |

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "LayerZero V2" and "Chainlink CCIP" are redundant, given that they are mentioned in the first row

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to nest this under the cross-chain page? Otherwise I'd put it under the security section.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/overview/07_cross-chain/bridge-technical-details.md`:
- Line 216: In the bridge-technical-details.md file at the location describing
the LayerZero Bridge audit, replace the generic link text `[here]` with a
descriptive label that clearly indicates what the link refers to. The link
points to the LayerZero Bridge Audit Report PDF from June 2026, so use a
descriptive label like `[LayerZero Bridge Audit Report]` or similar text that
explicitly describes the document being linked instead of the non-descriptive
`[here]` text.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3df44456-7cc6-414b-afa4-10d33dfb6d8e

📥 Commits

Reviewing files that changed from the base of the PR and between 87956c7 and a02fd64.

📒 Files selected for processing (3)
  • docs/overview/07_cross-chain/_category_.json
  • docs/overview/07_cross-chain/bridge-technical-details.md
  • docs/overview/07_cross-chain/index.md
✅ Files skipped from review due to trivial changes (2)
  • docs/overview/07_cross-chain/category.json
  • docs/overview/07_cross-chain/index.md


## Security and audits

- The upgraded LayerZero (EVM) bridge was independently audited by **Guardian (June 2026)**. The report is available in the [Audits](../../security/02_audits.md#layerzero-bridge) section, or directly [here](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf).

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Replace non-descriptive link text.

Line 216 uses the generic link text [here], which is flagged by markdownlint (MD059). Replace it with a descriptive label that clarifies what the link refers to.

🔗 Proposed fix for descriptive link text
- The report is available in the [Audits](../../security/02_audits.md#layerzero-bridge) section, or directly [here](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf).
+ The report is available in the [Audits](../../security/02_audits.md#layerzero-bridge) section, or directly [as a PDF](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf).

or

- The report is available in the [Audits](../../security/02_audits.md#layerzero-bridge) section, or directly [here](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf).
+ The report is available in the [Audits](../../security/02_audits.md#layerzero-bridge) section, or [download the full audit report](https://storage.googleapis.com/olympusdao-landing-page-reports/audits/2026-06-Bridge.pdf).
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 216-216: Link text should be descriptive

(MD059, descriptive-link-text)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/overview/07_cross-chain/bridge-technical-details.md` at line 216, In the
bridge-technical-details.md file at the location describing the LayerZero Bridge
audit, replace the generic link text `[here]` with a descriptive label that
clearly indicates what the link refers to. The link points to the LayerZero
Bridge Audit Report PDF from June 2026, so use a descriptive label like
`[LayerZero Bridge Audit Report]` or similar text that explicitly describes the
document being linked instead of the non-descriptive `[here]` text.

Source: Linters/SAST tools

Resolved modify/delete conflict on docs/overview/07_cross-chain.md:
this branch restructured the page into the docs/overview/07_cross-chain/
directory, while #235 added SEO frontmatter to the old single-file page.
Kept the directory restructure and ported #235's SEO frontmatter (title,
description, sidebar_label) into the new index.md, adapting the
description to cover both bridge lanes (LayerZero V2 for EVM, CCIP for
Solana). All other #235 changes (SEO frontmatter, the new audit row,
renamed range-bound/convertible-deposits files) merged automatically.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants