WebsCrypto
  • News
  • Prices
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Blockchain
  • DeFi
  • Policy
  • Opinions
  • Guides
  • PR
Facebook Twitter LinkedIn Telegram
WebsCryptoWebsCrypto
ADVERTISE
  • News
  • Prices
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Blockchain
  • DeFi
  • Policy
  • Opinions
  • Guides
  • PR
WebsCrypto
Markets

Slow Mist: A Brief Analysis of Nomad Bridge Attacks on Cross-Chain Interoperability Protocols

By WebsCryptoAugust 2, 20222 Mins Read
Slow Mist: A Brief Analysis of Nomad Bridge Attacks on Cross-Chain Interoperability Protocols
Share
Facebook Twitter Telegram LinkedIn Reddit Email

According to SlowMist, the Nomad bridge, a cross-chain interoperability protocol, was attacked by hackers, causing funds to be withdrawn unexpectedly.

The analysis of the SlowMist security team is as follows:

  1. In Nomad’s Replica contract, users can initiate cross-chain transactions through the send function and execute them on the target chain through the process function. During the process operation, it will be checked through the acceptableRoot that the message submitted by the user must belong to an acceptable root, which will be set in the prove. Therefore, the user must submit a valid message to proceed.
  2. When initializing the deployment of the Replica contract, the project party first sets the trusted root to 0, and then sets the trusted root to normal non-zero data through the update function. In the Replica contract, the time when the trusted root starts to take effect is saved through the confirmAt map so that the message root can be checked in the acceptableRoot. However, when the new root is updated, the confirmAt of the old root is not set to 0, which will cause the old root to be still in effect although the trusted root in the contract has changed.
  3. Therefore, the attacker can directly construct any message. Because the root of this message map is 0 because it has not been proven, the project party has set 0 as the root of trust during initialization and it has not been modified with the root of trust. However, the failure results in that the arbitrarily constructed message by the attacker can be executed normally, thereby stealing the assets of the Nomad bridge.

To sum up, this attack is because the Nomad bridge Replica contract is initialized with the trusted root set to 0x0, and the old root is not invalidated when the trusted root is modified, which allows the attack to construct arbitrary messages to steal funds from the bridge.

DISCLAIMER: The information provided by WebsCrypto does not represent any investment suggestion. The articles published on this site only represent personal opinions and have nothing to do with the official position of WebsCrypto.
Crypto
Related News

US Government Seizes $5.6 Billion Worth of Bitcoin in Three High-Profile Cases

CFTC Defines Bitcoin, Ethereum and Litecoin as Commodities, Not Securities

Why Is the CFTC Suing Binance?

Venezuelan Regulators Shut Down Cryptocurrency Exchanges, Mining Farms

Dogecoin Foundation Releases Major Update to Libdogecoin Toolkit, Supports BIP-39 Seeds and QR Code Generation

Billionaire Tim Draper: Companies Should Hold Bitcoin After SVB Bankruptcy

The Latest
Markets March 28, 2023
US Government Seizes $5.6 Billion Worth of Bitcoin in Three High-Profile Cases
Markets March 28, 2023
CFTC Defines Bitcoin, Ethereum and Litecoin as Commodities, Not Securities
Business March 28, 2023
Balmain Launches Limited Edition NFT Series Unicorn Phygit Wearable Collection
News March 28, 2023
Timothy Peterson Claims 6 Million Bitcoins Are Lost Forever
Opinions March 28, 2023
Why Is the CFTC Suing Binance?
Block 3000

WebsCrypto contains crypto news about cryptocurrencies, bitcoin, ethereum, altcoins and more.

Facebook Twitter LinkedIn Telegram RSS
Categories
  • News
  • Markets
  • Business
  • Markets
  • Opinions
  • Guides
  • Press Release
  • Sponsored
Tags
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFTs
  • Blockchain
  • DeFi
  • Regulation
  • Policy
About
  • About Us
  • Contact Us
  • Advertise
  • Crypto Prices
  • Privacy Policy
  • Terms of Service
© 2023 WebsCrypto.

Type above and press Enter to search. Press Esc to cancel.