Quick Review: Nomad “falls” without even using hacking techniques

In the early morning of today (August 2), Beijing time, the Nomad bridge, a cross-chain interoperability protocol, was attacked by hackers. During the attack, WETH and WBTC were continuously transferred out at the rate of one million dollars each time. According to DefiLlama data, nearly $200 million of TVL on Nomad was “emptied” by attackers in a short period of time, with less than $4,000 left at the time of writing.

Matt Gleason, a member of the a16z crypto application security team, and Samczsun, research partner and security director at Paradigm, tweeted for the first time to explain the vulnerability exploited by this attack. The following analysis excerpts from both perspectives:

Nomad was attacked this time because the configuration of the cross-chain bridge allows any transaction to be sent through a specific path. The fault lies in the “process” function inside Replica. The “process” function in question is designed to ensure that the information is proven, and then process the information, usually without problems.

Quick Review: Nomad "falls" without even using hacking techniques

The process uses “acceptableRoot” to check if root is proven or confirmed before the current time. The problem exists in the Solidity language, if a map whose map key is not found will return the default value of 0, and the parameter “_root” of “acceptableRoot” will be 0.

Quick Review: Nomad "falls" without even using hacking techniques

However, since “_confirmedRoot” is 0 in the initial state of the contract, 0 is a confirmed value (Note: confirmAt[0] = 1;) “acceptableRoot” can pass the verification by receiving a 0 value.

Quick Review: Nomad "falls" without even using hacking techniques

Quick Review: Nomad "falls" without even using hacking techniques

As a result, the hacker took advantage of this loophole to find a valid transaction and repeatedly sent the constructed transaction data to extract the funds locked in the cross-chain bridge, resulting in almost all of the funds locked on Nomad being stolen.

Quick Review: Nomad "falls" without even using hacking techniques

Affected by the attack on the Nomad cross-chain bridge, Moonbeam token GLMR fell by nearly 10% in a short time, and Evmos token EVMOS rose by more than 150%. This happened because Moonbeam temporarily closed the EVM function, and Nomad was the main cross-chain bridge between Evmos and the Ethereum ecosystem, and the stolen funds needed to be withdrawn through EVMOS.

Quick Review: Nomad "falls" without even using hacking techniques

Evmos officially tweeted that it is currently working closely with the Nomad team and will update the progress when more information is obtained. The current Evmos chain is running normally. Since Nomad is suspended, users cannot withdraw their ERC20 wrapped assets from Evmos to Ethereum, and the team will keep you informed of how this affects Evmos users and users with Nomad wrapped assets.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/quick-review-nomad-falls-without-even-using-hacking-techniques/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-02 10:24
Next 2022-08-02 10:25

Related articles