WebsCrypto
  • News
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Markets
  • Business
  • Opinions
  • Press Releases
Facebook Twitter LinkedIn Telegram
WebsCryptoWebsCrypto
  • News
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Markets
  • Business
  • Opinions
  • Press Releases
Bitcoin (BTC) $26,603.13 2.13%Ethereum (ETH) $1,591.08 2.57%BNB (BNB) $210.79 2.46%XRP (XRP) $0.510485 2.01%Cardano (ADA) $0.247823 3.09%Solana (SOL) $19.69 2.89%Dogecoin (DOGE) $0.06157 1.63%Polkadot (DOT) $4.03 2.79%Shiba Inu (SHIB) $0.000007 1.94%Dai (DAI) $0.999566 0.08%TRON (TRX) $0.083306 1.62%Polygon (MATIC) $0.526554 3.34%Avalanche (AVAX) $8.90 1.74%Uniswap (UNI) $4.25 3.44%Litecoin (LTC) $64.76 0.55%
Crypto Prices
WebsCrypto
Markets

Slow Mist: A Brief Analysis of Nomad Bridge Attacks on Cross-Chain Interoperability Protocols

By WebsCryptoAugust 2, 20222 Mins Read
Slow Mist: A Brief Analysis of Nomad Bridge Attacks on Cross-Chain Interoperability Protocols
Share
Facebook Twitter Telegram LinkedIn Reddit Email

According to SlowMist, the Nomad bridge, a cross-chain interoperability protocol, was attacked by hackers, causing funds to be withdrawn unexpectedly.

The analysis of the SlowMist security team is as follows:

Advertisements
  1. In Nomad’s Replica contract, users can initiate cross-chain transactions through the send function and execute them on the target chain through the process function. During the process operation, it will be checked through the acceptableRoot that the message submitted by the user must belong to an acceptable root, which will be set in the prove. Therefore, the user must submit a valid message to proceed.
  2. When initializing the deployment of the Replica contract, the project party first sets the trusted root to 0, and then sets the trusted root to normal non-zero data through the update function. In the Replica contract, the time when the trusted root starts to take effect is saved through the confirmAt map so that the message root can be checked in the acceptableRoot. However, when the new root is updated, the confirmAt of the old root is not set to 0, which will cause the old root to be still in effect although the trusted root in the contract has changed.
  3. Therefore, the attacker can directly construct any message. Because the root of this message map is 0 because it has not been proven, the project party has set 0 as the root of trust during initialization and it has not been modified with the root of trust. However, the failure results in that the arbitrarily constructed message by the attacker can be executed normally, thereby stealing the assets of the Nomad bridge.

To sum up, this attack is because the Nomad bridge Replica contract is initialized with the trusted root set to 0x0, and the old root is not invalidated when the trusted root is modified, which allows the attack to construct arbitrary messages to steal funds from the bridge.

DISCLAIMER: The information provided by WebsCrypto does not represent any investment suggestion. The articles published on this site only represent personal opinions and have nothing to do with the official position of WebsCrypto.
WebsCrypto
  • Website
  • Facebook
  • Twitter
  • Instagram

WebsCrypto is your best bet for the latest crypto news from around the world.

Recommended Reading

Markets September 19, 2023

Ether (ETH) Prices are Trading at 27% Discount to Fair Value, New Research Shows

Markets September 19, 2023

Stablecoin Ecosystem Holds Firm Despite Lackluster Activity

Markets September 19, 2023

Bitcoin’s Dominance in the Cryptocurrency Market Surges to 50%

Markets September 17, 2023

DeFi Economic Activity Declines in August

Markets September 17, 2023

Stablecoin Market Experiences Significant Reshuffling Amid Regulatory Concerns

Markets September 15, 2023

Anticipated Bitcoin Trends: The Influence of Market Dynamics and QCP Capital’s Predictions

The Latest
Markets September 19, 2023

Ether (ETH) Prices are Trading at 27% Discount to Fair Value, New Research Shows

Markets September 19, 2023

Stablecoin Ecosystem Holds Firm Despite Lackluster Activity

News September 19, 2023

Cryptocurrency Mining Hardware Market to Experience Significant Growth

Markets September 19, 2023

Bitcoin’s Dominance in the Cryptocurrency Market Surges to 50%

Markets September 17, 2023

DeFi Economic Activity Declines in August

EDITOR’S CHOICE
SEC Chairman Gary Gensler Raises Concerns Over Crypto Compliance and Broader Economic Impact
Ether (ETH) Prices are Trading at 27% Discount to Fair Value, New Research Shows
DeFi Economic Activity Declines in August
G20 Leaders Converge on Cryptocurrency Regulatory Roadmap Amid Rapid Ecosystem Evolution
News
  • News
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Markets
  • Business
  • Markets
Information
  • Opinions
  • Guides
  • Press Release
  • Sponsored
Price Indexes
  • Market Cap
  • Bitcoin Price
  • Ethereum Price
  • Cardano Price
  • Solana Price
  • Polkadot Price
  • Polygon Price
Services
  • About Us
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Service
WebsCrypto
Twitter Facebook Telegram LinkedIn RSS
© 2023 WebsCrypto

Type above and press Enter to search. Press Esc to cancel.