Slow Mist: A Brief Analysis of Nomad Bridge Attacks on Cross-Chain Interoperability Protocols

According to SlowMist, the Nomad bridge, a cross-chain interoperability protocol, was attacked by hackers, causing funds to be withdrawn unexpectedly.

The analysis of the SlowMist security team is as follows:

1. In Nomad’s Replica contract, users can initiate cross-chain transactions through the send function and execute them on the target chain through the process function. During the process operation, it will be checked through the acceptableRoot that the message submitted by the user must belong to an acceptable root, which will be set in the prove. Therefore, the user must submit a valid message to proceed.
2. When initializing the deployment of the Replica contract, the project party first sets the trusted root to 0, and then sets the trusted root to normal non-zero data through the update function. In the Replica contract, the time when the trusted root starts to take effect is saved through the confirmAt map so that the message root can be checked in the acceptableRoot. However, when the new root is updated, the confirmAt of the old root is not set to 0, which will cause the old root to be still in effect although the trusted root in the contract has changed.
3. Therefore, the attacker can directly construct any message. Because the root of this message map is 0 because it has not been proven, the project party has set 0 as the root of trust during initialization and it has not been modified with the root of trust. However, the failure results in that the arbitrarily constructed message by the attacker can be executed normally, thereby stealing the assets of the Nomad bridge.

To sum up, this attack is because the Nomad bridge Replica contract is initialized with the trusted root set to 0x0, and the old root is not invalidated when the trusted root is modified, which allows the attack to construct arbitrary messages to steal funds from the bridge.