Program Overview
9
Critical Impacts
6
High Impacts
13
Assets
30+
Chains
19
Guardians
13/19
VAA Threshold
Wormhole is a cross-chain messaging protocol connecting 30+ chains via a Guardian network of 19 nodes. A VAA (Verified Action Approval) requires 13/19 guardian signatures to be valid. The protocol bridges tokens, governance messages, and arbitrary data across EVM, Solana, CosmWasm, Move, and more.
ME-COLI Layer Architecture
L1
Boundary · Guardian Network
5 CRITICAL impacts
L2
Genome · Bridge Contracts
1 CRITICAL · 4 HIGH
L3
Expression · publishMessage / parseVAA
0 CRITICAL
L4
Metabolism · Token Flow · NTT Rate Limits
3 CRITICAL · 1 HIGH
L5
Regulation · Guardian Governance · multigov
1 CRITICAL
L6
Behavior · Race Conditions · Stress Edge Cases
2 CRITICAL · 1 HIGH
L7
Population · 30+ Chains · Guardian DoS
0 CRITICAL · 2 HIGH
L8
Evolution · Guardian Set Upgrades · Future Bugs
0 CRITICAL · 1 HIGH
13 Assets
| ID | Asset / Repo | Type | ME-COLI Layer | Value |
|---|---|---|---|---|
| WH-A01 | wormhole/tree/main/node | Blockchain/DLT | L1L5 | CRITICAL |
| WH-A02 | wormhole/tree/main/wormchain | Blockchain/DLT | L5 | HIGH |
| WH-A03 | contract-addresses (all chains) | Smart Contract | L1L2 | CRITICAL |
| WH-A04 | wormhole/tree/main/ethereum | Smart Contract | L2L3 | CRITICAL |
| WH-A05 | wormhole/tree/main/solana | Smart Contract | L2L3 | HIGH |
| WH-A06 | wormhole/tree/main/cosmwasm | Smart Contract | L2L3 | HIGH |
| WH-A07 | wormhole/tree/main/algorand | Smart Contract | L2L3 | MEDIUM |
| WH-A08 | wormhole/tree/main/aptos | Smart Contract | L2L3 | MEDIUM |
| WH-A09 | wormhole/tree/main/sui | Smart Contract | L2L3 | MEDIUM |
| WH-A10 | wormhole/tree/main/near | Smart Contract | L2L3 | MEDIUM |
| WH-A11 | wormhole-circle-integration | Smart Contract | L4 | HIGH |
| WH-A12 | native-token-transfers ⭐ | Smart Contract | L4L6 | CRITICAL |
| WH-A13 | multigov/ ⭐ | Smart Contract | L5 | CRITICAL |
⭐ Priority targets — newest code, L5+L6 empirically weakest layers
Priority Targets (ME-COLI Empirical)
Empirical finding from 10-protocol autopsy: L5 Regulation = 5 FAIL, L6 Behavior = 7 FAIL. Every DeFi audit starts at L5+L6. Wormhole's equivalents: NTT (L4+L6) and multigov (L5).
Priority 1 · WH-A12
native-token-transfers (NTT)
Newest code, least audited. Rate limiter (WH-I09), mode switching, peer registration abuse. L4+L6 surface — both empirically weak layers in DeFi.
→ WH-I09 (rate limiter bypass) · WH-I04 (token theft)
Priority 2 · WH-A13
multigov/
Cross-chain governance voting — L5 Regulation. Novel attack surface: quorum manipulation, proposal execution across chains, voting weight discrepancies.
→ WH-I06 (governance → fund loss)
Priority 3 · WH-A04
ethereum/ core bridge
Highest TVL, most battle-tested but richest payout. Transfer Verifier bypass (WP-0014), Accountant bypass (WP-0011), VAA parsing edge cases.
→ WH-I02 (Transfer Verifier) · WH-I08 (Accountant)
Critical Impacts (9)
WH-I01
Super-minority guardian attack (excluding DoS)
WH-I02
Unrestricted bypass of Transfer Verifier (WP-0014)
WH-I03
Race conditions — unlikely but significant impact if triggered
WH-I04
Locking / loss / theft of user funds from Portal Token Bridge
WH-I05
Forging signed messages from a super-minority of Guardians
WH-I06
Unauthorized governance param changes → direct loss of funds
WH-I07
Theft of funds from exposure of production private keys of a quorum of Guardians
WH-I08
Unrestricted bypass of the Accountant (WP-0011)
WH-I09
Unrestricted bypass of rate limiters, including the Governor module
High Impacts (6)
WH-I10
Future-exploitable bugs (config change or likely code change path)
WH-I11
DoS against Guardian network → 24h+ degradation (non-volumetric)
WH-I12
VAA forgery / circumventing VAA verification (non-critical category)
WH-I13
Attacks that are very capital-intensive but could be critical
WH-I14
Attacks that would be critical if a single Guardian were malicious
WH-I15
Critical/high severity requiring feasible guardian or user interaction
Medium Impacts (6)
WH-I16
Compromising a single guardian node
WH-I17
Cryptographic implementation flaws / RNG flaws with limited impact
WH-I18
Compromising a single guardian node (alt scope)
WH-I19
Forging of wormhole messages (VAAs) or circumventing VAA verification
WH-I20
RCE vulnerability → gaining control of multiple Guardian nodes
WH-I21
Any other vulnerabilities leading to Tier 1-3 impacts
Impact Layer Heatmap
L111 impacts · 5 CRITICAL ← most valued layer in program
L25 impacts · 1 CRITICAL
L44 impacts · 3 CRITICAL ← second richest, NTT lives here
L63 impacts · 2 CRITICAL ← empirically weakest DeFi layer
L72 impacts · 0 CRITICAL
L51 impact · 1 CRITICAL ← governance, multigov lives here
L31 impact · 0 CRITICAL
L81 impact · 0 CRITICAL
Finding → Asset → Impact Routing
| Finding Type | Asset | Impact | Tier |
|---|---|---|---|
| NTT rate limiter bypass | WH-A12 | WH-I09 | CRITICAL |
| NTT mode switch / peer registration abuse | WH-A12 | WH-I09 or WH-I04 | CRITICAL |
| multigov quorum manipulation / governance VAA spoof | WH-A13 | WH-I06 | CRITICAL |
| Transfer Verifier bypass (WP-0014) | WH-A04 / WH-A03 | WH-I02 | CRITICAL |
| Accountant bypass (WP-0011) | WH-A04 / WH-A03 | WH-I08 | CRITICAL |
| Portal Token Bridge theft / lock | WH-A04 | WH-I04 | CRITICAL |
| Guardian key exposure (quorum) | WH-A01 | WH-I07 | CRITICAL |
| Super-minority VAA forgery | WH-A01 | WH-I05 | CRITICAL |
| Race condition (state mutation) | WH-A04 / WH-A12 | WH-I03 | CRITICAL |
| VAA replay / verification bypass (controlled) | WH-A04/A05/A03 | WH-I12 | HIGH |
| Future-path exploit (L8 upgrade path) | any | WH-I10 | HIGH |
| Guardian DoS via logic bug | WH-A01 | WH-I11 | HIGH |
| RCE on guardian node | WH-A01 | WH-I20 | MEDIUM |
| CCTP / Circle integration issue | WH-A11 | WH-I04 or WH-I09 | HIGH |
| wormchain governance execution flaw | WH-A02 | WH-I06 | CRITICAL |
Key Whitepapers (CRITICAL impact dependencies)
WP-0014 · CRITICAL
Transfer Verifier — bypass = WH-I02 (CRITICAL)
github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0014_transfer_verifier.md
WP-0011 · CRITICAL
Accountant — bypass = WH-I08 (CRITICAL)
github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0011_accountant.md
GOVERNOR MODULE · CRITICAL
Rate Limiter / Governor — bypass = WH-I09 (CRITICAL)
github.com/wormhole-foundation/wormhole/tree/main/node/pkg/governor
Active Findings (Day 98)
Program entry created Day 98. Research scan in progress.
Priority scan order: WH-A12 (NTT) → WH-A13 (multigov) → WH-A04 (ethereum)
Start with L5+L6 failure modes per ME-COLI empirical findings.
Priority scan order: WH-A12 (NTT) → WH-A13 (multigov) → WH-A04 (ethereum)
Start with L5+L6 failure modes per ME-COLI empirical findings.