Wormhole.

Every inbound Wormhole VAA is verified against the configured Guardian set with secp256k1 ECDSA recovery and the canonical Wormhole signing digest. Verification is fail-closed: a VAA that does not meet the configured Guardian quorum is rejected before any state mutation.

• GuardianSet and GuardianSignature types track the active set.
• Vaa::signing_digest computes the canonical pre-signature hash.
• Vaa::verify_quorum walks the signature set and confirms quorum.
• WormholeAdapter::with_guardian_set / set_guardian_set wires the active set.

After VAA quorum verification, the inbound message walks the standard 6-step TenzroMessage discipline (decode → validate → verify_hash → verify_signature → nonce) on top of payload SHA-256 deduplication. Replay protection persists per-adapter under CF_SETTLEMENTS / bridge_nonce:wormhole:* and bridge_seen:wormhole:*.

NTT preserves TNZOsupply semantics across chains: the asset burns on the source chain and mints on the destination chain. No wrapped representations, no liquidity fragmentation, no bridge-pool risk. Tenzro's native cross-VM token model (the wTNZO ERC-20 pointer on EVM and the wTNZO SPL adapter on SVM share a single underlying balance) extends naturally to Wormhole NTT across the broader Wormhole-supported chain set.

tenzro_wormholeNttListChains returns the supported destinations.

Tenzro maps to a Wormhole chain id, and inbound / outbound messages reference Wormhole chain ids across the protocol. tenzro_wormholeChainId returns the mapping for a given canonical chain identifier; tenzro_wormholeParseVaaId parses a VAA identifier into its source-chain / emitter / sequence components.

• tenzro_wormholeBridge — execute a Wormhole-routed transfer or message.
• tenzro_wormholeChainId — resolve a Wormhole chain id for a canonical destination.
• tenzro_wormholeNttListChains — list NTT-supported chains.
• tenzro_wormholeParseVaaId — parse a VAA identifier.

A node operator who participates in Wormhole bridging configures the Guardian set the adapter trusts via WormholeAdapter::with_guardian_set. Operators who run their own validator-side bridge signing can layer the threshold MPC signer (DKLS23 secp256k1) on top of the Wormhole adapter so the destination-chain signing key is t-of-n split across staked validators rather than held as a single raw key.