Difference between revisions of "Nomad"

From CryptoWiki

m
Line 7: Line 7:
*[[Mainnet]] release:
*[[Mainnet]] release:
==History==
==History==
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"It is an extended implementation of the Optics Protocol (OPTimistic Interchain Communication), and the team includes many of the same core team members."''
==Audits & Exploits==
==Audits & Exploits==
*[[bug bounty|Bug bounty]] program can be found [insert here].
*[[bug bounty|Bug bounty]] program can be found [insert here].
Line 14: Line 19:
===Bugs/Exploits===
===Bugs/Exploits===


* [https://twitter.com/samczsun/status/1554252024723546112 From] [[samczsun]] (2-8-2022):
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"The team has managed to recover over $37M (20% of the stolen funds) through the tremendous work of whitehat hackers. It’s important to note that the hack does not reflect Nomad’s design as it was an implementation-level issue."''
*[https://twitter.com/samczsun/status/1554252024723546112 From] [[samczsun]] (2-8-2022):


''"Nomad just got drained for over $150M [190M [https://rekt.news/nomad-rekt/ according] to [[rekt]]] in one of the most chaotic hacks that [[Web3]] has ever seen. A routine upgrade marked the zero [[hash]] as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste [[Transaction (Tx)|transactions]] and quickly drained the [[bridge]] in a frenzied free-for-all. You didn't need to know about [[Solidity]] or [[Merkle Tree|Merkle Trees]] or anything like that. All you had to do was find a [[transaction]] that worked, find/replace the other person's [[address]] with [[yours]], and then re-broadcast it."''
''"Nomad just got drained for over $150M [190M [https://rekt.news/nomad-rekt/ according] to [[rekt]]] in one of the most chaotic hacks that [[Web3]] has ever seen. A routine upgrade marked the zero [[hash]] as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste [[Transaction (Tx)|transactions]] and quickly drained the [[bridge]] in a frenzied free-for-all. You didn't need to know about [[Solidity]] or [[Merkle Tree|Merkle Trees]] or anything like that. All you had to do was find a [[transaction]] that worked, find/replace the other person's [[address]] with [[yours]], and then re-broadcast it."''

Revision as of 07:47, 2 October 2022

Nomad is an approach to blockchain interoperability that leverages an optimistic mechanism to increase the security of cross-chain communication.

Basics

  • Based in:
  • Started in / Announced on:
  • Testnet release:
  • Mainnet release:

History

"It is an extended implementation of the Optics Protocol (OPTimistic Interchain Communication), and the team includes many of the same core team members."

Audits & Exploits

"The project completed a Quantstamp audit in June, with issue QSP-19 foreshadowing a similar vulnerability. The auditor’s remarks that “We believe the Nomad team has misunderstood the issue” speak to a worrying attitude towards security that the project docs’ “Long-Term Security” plan appears to confirm. Concerns were also raised around the response time of the team facing a live and public exploit; the team’s official acknowledgement came three hours after the exploit began."

Bugs/Exploits

"The team has managed to recover over $37M (20% of the stolen funds) through the tremendous work of whitehat hackers. It’s important to note that the hack does not reflect Nomad’s design as it was an implementation-level issue."

"Nomad just got drained for over $150M [190M according to rekt] in one of the most chaotic hacks that Web3 has ever seen. A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all. You didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it."

Governance

Admin Keys

DAO

Treasury

Token

Launch

Token Allocation

Utility

Other Details

Coin Distribution

Technology

  • Whitepaper or docs can be found here.
  • Code can be viewed [insert here].

Implementations

Transaction Details

How it works

  • From this bridge blog (21-4-2022):

"Nomad is a design for very cheap cross-chain communication that skips the need for header verification. Nomad draws a lot of inspiration from the Optimism team. Nomad itself is actually an implementation and extension of their Optics protocol (OPTimistic Interchain Communication). But Nomad only has a latency of thirty minutes (rather than an ORU’s one-week fraud-proof window). It works like a notary service. The source chain produces and sends some “documents” (messages), the “notary” (called The Updater) is contracted to sign the documents and is incentivized only to approve valid messages or risk being financially punished and losing their “notary license”. The secret sauce from their docs:

“Nomad creates an authenticated data structure on any home chain, and relays updates to that data structure on any number of replicas. As a result, the home chain and all replicas [[[contracts]] that maintain a queue of pending updates, accepts proofs, and dispatches messages] will agree on the state of the data structure. By embedding data (“messages”) in this data structure we can propagate it between chains with a high degree of confidence.”"

Fees

Upgrades

Staking

Validator Stats

Liquidity Mining

Scaling

Interoperability

"Nomad channels and the flagship xApp (cross-chain app), the Nomad token bridge, are live on Ethereum, Moonbeam, and Milkomeda, with more chains coming soon."

Other Details

Oracle Method

Their Other Projects

Roadmap

  • Can be found [Insert link here].

Usage

"The token bridge has only been live for 3 months and has amassed $288m in volume with $47m TVL. Nomad's locked asset distribution is made up of 33.6% $USDC followed by 29.7% $FRAX, which makes up a total of $30M of the current TVL. However, $USDT and $WETH have made a surge in the past couple of days on the Moonbeam side, and $WETH and $WBTC are quite popular bridging over to Milkomeda."

Projects that use or built on it

Competition

Pros and Cons

Pros

Cons

Team, Funding and Partners

Team

  • Full team can be found [here].

Funding

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated:) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31