GUNZ

This Report aims to be solely a deployment verification for GUNZ OFT integration on Solana. No independent security evaluation was performed as part of this engagement. Consequently, the GUNZ program may inherit the security assurances of the audits performed on the OFT smart contracts, provided that the deployed bytecode remains unchanged.

We express our gratitude to the GUNZ team for the collaborative engagement that enabled the execution of this Smart Contract Deployment Verification Statement.

GUNZ is an Omnichain Fungible Token (OFT) deployed on Solana among others, enabling seamless and native cross-chain transfers while maintaining a unified total supply across supported networks via the LayerZero protocol.

Statement

It was verified that the GUNZ OFT integration program deployed at 2TtLXuQzQ2VaBgmbrUAt9PviBSJ1W4FugSpE4gZZe2rL → has bytecode equivalent to the program available at LayerZero-Labs repository →. This was confirmed by building the referenced repository and comparing the resulting program hash to the hash of the deployed GUNZ program.

As a result, the GUNZ program may therefore inherit the assurances provided by audits conducted on the OFT smart contracts, to the extent that the deployed bytecode remains unchanged. Some of the audits can be found here → and here →%20-%20Zellic%20Audit%20Report.pdf).

The GUNZ token deployed at 3jUf2RTyXp867piSB2dt8uUcNiLDW58asjGtXkRAkBbe → is controlled by the aforementioned 2TtLXuQzQ2VaBgmbrUAt9PviBSJ1W4FugSpE4gZZe2rL →. This can be verified by inspecting the token’s Mint Authority and Freeze Authority, both of which are assigned to the multisig address Are38jg4UScBrqph2JVhW1srZzE5wsbShd3X3k4FN4sV →. One of the signers of this multisig is the address Awob9SsU3oF7SHs4AvQxmngP7pkRoxgmoH6cTHSrrBZ6 →, which is a Program Derived Address (PDA) controlled by the program at 2TtLXuQzQ2VaBgmbrUAt9PviBSJ1W4FugSpE4gZZe2rL →. All of the above can be independently verified using the provided links.

This confirms that the GUNZ token is governed by the same OFT integration program for which bytecode equivalence with the LayerZero OFT reference implementation was previously established.

As such, the GUNZ token deployed at 3jUf2RTyXp867piSB2dt8uUcNiLDW58asjGtXkRAkBbe → may therefore inherit the assurances provided by audits conducted on the OFT smart contracts, to the extent that the deployed bytecode remains unchanged. Some of the audits can be found here → and here →%20-%20Zellic%20Audit%20Report.pdf).

Steps to reproduce byte equivalence

Repo: https://github.com/LayerZero-Labs/devtools →

Commit: 2648a5cb4497019c03d516d809d8be25bfbd1798 →

Path to program: examples/oft-solana/programs/oft/ →

1. Clone the repository and check out the specified commit.

2. Navigate to the program directory and build the Solana program using the following command:  anchor build -v -e OFT_ID=2TtLXuQzQ2VaBgmbrUAt9PviBSJ1W4FugSpE4gZZe2rL

3. After building, calculate the hash of the compiled program using: solana-verify get-executable-hash ./target/verifiable/oft.so

The resulting hash is 246b0222e459c983af5c814abcf3549717ada50b593eeee0b6e20d0c56d68702. This hash matches the hash of the deployed program at address 2TtLXuQzQ2VaBgmbrUAt9PviBSJ1W4FugSpE4gZZe2rL →, confirming bytecode equivalence with the source at the specified commit.

Disclaimer

The verification was performed at block 330,341,000. Given that the program is upgradeable, its logic may be altered in future deployments or upgrades.