Difference between revisions of "Nomad"

From CryptoWiki

 
(5 intermediate revisions by the same user not shown)
Line 7: Line 7:
*[[Mainnet]] release:
*[[Mainnet]] release:
==History==
==History==
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"It is an extended implementation of the Optics Protocol (OPTimistic Interchain Communication), and the team includes many of the same core team members."''
==Audits & Exploits==
==Audits & Exploits==
*[[bug bounty|Bug bounty]] program can be found [insert here].
*[[bug bounty|Bug bounty]] program can be found [insert here].
*[https://rekt.news/nomad-rekt/ From] [[Rekt]] (2-8-2022):
''"The project completed a [[Quantstamp (QSP)|Quantstamp]] [https://certificate.quantstamp.com/full/nomad audit] in June, with issue QSP-19 foreshadowing a similar vulnerability. The auditor’s remarks that “We believe the Nomad team has misunderstood the issue” speak to a worrying attitude towards security that the project docs’ “Long-Term Security” plan appears to confirm. Concerns were also raised around the response time of the team facing a live and public exploit; the team’s official acknowledgement came three hours after the exploit began."''
===Bugs/Exploits===
===Bugs/Exploits===


* [https://twitter.com/samczsun/status/1554252024723546112 From] [[samczsun]] (2-8-2022):
* Update: [https://twitter.com/nomadxyz_/status/1600476119924322305 started] a [[KYC]] process for recovery of assets in the bridge (7-12-2022).
*[https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"The team has managed to recover over $37M (20% of the stolen funds) through the tremendous work of whitehat hackers. It’s important to note that the hack does not reflect Nomad’s design as it was an implementation-level issue."''
*[https://twitter.com/samczsun/status/1554252024723546112 From] [[samczsun]] (2-8-2022):


''"Nomad just got drained for over $150M in one of the most chaotic hacks that [[Web3]] has ever seen. A routine upgrade marked the zero [[hash]] as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste [[Transaction (Tx)|transactions]] and quickly drained the [[bridge]] in a frenzied free-for-all. You didn't need to know about [[Solidity]] or [[Merkle Tree|Merkle Trees]] or anything like that. All you had to do was find a [[transaction]] that worked, find/replace the other person's [[address]] with [[yours]], and then re-broadcast it."''
''"Nomad just got drained for over $150M [190M [https://rekt.news/nomad-rekt/ according] to [[rekt]]] in one of the most chaotic hacks that [[Web3]] has ever seen. A routine upgrade marked the zero [[hash]] as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste [[Transaction (Tx)|transactions]] and quickly drained the [[bridge]] in a frenzied free-for-all. You didn't need to know about [[Solidity]] or [[Merkle Tree|Merkle Trees]] or anything like that. All you had to do was find a [[transaction]] that worked, find/replace the other person's [[address]] with [[yours]], and then re-broadcast it."''


==Governance==
==Governance==
===Admin Keys===
===Admin Keys===
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"Currently, Nomad’s smart contracts are governed by multi-sigs. Either ⅗ or ⅔ signatures are needed to upgrade the contracts.''
''Updater is the only validator — Nomad’s system relies on the updater to maintain uptime. Nomad has a permissioned Watcher set — meaning that currently, there could be a known cost to attack the system since the watchers are fixed and can be corrupted. However, xApps can overcome this by running their own delegated watchers."''
===DAO===
===DAO===
===Treasury===
===Treasury===
Line 27: Line 45:
==Technology==
==Technology==
*[[Whitepaper]] or docs can be found [https://docs.nomad.xyz here].
*[[Whitepaper]] or docs can be found [https://docs.nomad.xyz here].
*Code can be viewed [insert here].
*Code can be viewed [https://github.com/nomad-xyz here].
===Implementations===
===Implementations===
*Built on: [[Ethereum (ETH)|Ethereum]], [[Moonbeam (GLMR) & Moonriver (MOVR)|Moonbeam]] and [[Milkomeda]] ([https://ournetwork.substack.com/p/ournetwork-issue-117?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo1MjI3MDIyNCwiXyI6ImR6bWdYIiwiaWF0IjoxNjUwMjUyMTI3LCJleHAiOjE2NTAyNTU3MjcsImlzcyI6InB1Yi0yMTM2MiIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.IpmhQvFeqeFMRwa7Rot6HH0Oi9kRILOXvr6HdRG_iRs&s=r 15-4-2022]) " ''The team has plans to deploy on 10 more chains over the next 1-2 months."''
*Built on: [[Ethereum (ETH)|Ethereum]], [[Moonbeam (GLMR) & Moonriver (MOVR)|Moonbeam]] and [[Milkomeda]] ([https://ournetwork.substack.com/p/ournetwork-issue-117?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo1MjI3MDIyNCwiXyI6ImR6bWdYIiwiaWF0IjoxNjUwMjUyMTI3LCJleHAiOjE2NTAyNTU3MjcsImlzcyI6InB1Yi0yMTM2MiIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.IpmhQvFeqeFMRwa7Rot6HH0Oi9kRILOXvr6HdRG_iRs&s=r 15-4-2022]) " ''The team has plans to deploy on 10 more chains over the next 1-2 months."''
Line 36: Line 54:
===How it works===
===How it works===


* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"Nomad introduces a new flavor to the cross-chain industry: optimistically verified bridges that trade latency (or speed) in the design space for security. This is a new tradeoff that could arguably make the [https://blog.connext.network/the-interoperability-trilemma-657c2cf69f17 interoperability trilemma] a quadrilemma.''
''Here’s how Nomad works at a high level:''
# ''Users or dApps post data to the home contract on the source chain, where all the message/data is added and committed to a [[Merkle Tree|Merkle tree]] (message tree).''
# ''An off-chain agent called an Updater notarizes or signs the root of the Merkle tree with the data. In the future, the Updaters will have to submit a bonding stake on the source chain, which will get [[Slashing|slashed]] in the event of fraud.''
# ''This root is read and forwarded by the Relayer to the destination chain in an “update”, posted to the replica contract.''
# ''Once posted, a 30-minute fraud-proof window opens up, during which a Watcher can prove fraud and stop the data from going through.''
# ''If no fraud proofs are submitted within the 30-minute window, a Processor submits the Merkle proof of the data in the replica contract on the destination chain."''
* From this bridge [https://medium.com/momentum6/cross-chain-bridges-explored-929e6b68dcd1 blog] (21-4-2022):
* From this bridge [https://medium.com/momentum6/cross-chain-bridges-explored-929e6b68dcd1 blog] (21-4-2022):


Line 43: Line 72:


===Fees===
===Fees===
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"The user only has to pay network gas fees while Nomad takes care of the rest and subsidizes the relaying and processing cost (for all chains except Ethereum) while taking no platform fees."''
===Upgrades===
===Upgrades===
===Staking===
===Staking===
Line 50: Line 84:
===Interoperability===
===Interoperability===


* [https://ournetwork.substack.com/p/ournetwork-issue-117?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo1MjI3MDIyNCwiXyI6ImR6bWdYIiwiaWF0IjoxNjUwMjUyMTI3LCJleHAiOjE2NTAyNTU3MjcsImlzcyI6InB1Yi0yMTM2MiIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.IpmhQvFeqeFMRwa7Rot6HH0Oi9kRILOXvr6HdRG_iRs&s=r From] [[Our Network]] (15-4-2022):
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"As of September 2022, Nomad supports six chains: Ethereum, Moonbeam, [[Evmos (EVMOS)|Evmos]], [[Milkomeda]], [[Gnosis Chain (GNO)|Gnosis Chain]], and [[Avalanche (AVAX)|Avalanche]]."''
*[https://ournetwork.substack.com/p/ournetwork-issue-117?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo1MjI3MDIyNCwiXyI6ImR6bWdYIiwiaWF0IjoxNjUwMjUyMTI3LCJleHAiOjE2NTAyNTU3MjcsImlzcyI6InB1Yi0yMTM2MiIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.IpmhQvFeqeFMRwa7Rot6HH0Oi9kRILOXvr6HdRG_iRs&s=r From] [[Our Network]] (15-4-2022):


''"Nomad channels and the flagship xApp ([[cross-chain]] app), t[https://app.nomad.xyz/ he Nomad token] [[bridge]], are live on [[Ethereum]], [[Moonbeam]], and Milkomeda, with more chains coming soon."''
''"Nomad channels and the flagship xApp ([[cross-chain]] app), t[https://app.nomad.xyz/ he Nomad token] [[bridge]], are live on [[Ethereum]], [[Moonbeam]], and Milkomeda, with more chains coming soon."''
Line 69: Line 105:
==Pros and Cons==
==Pros and Cons==
===Pros===
===Pros===
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
# ''"Minimal trust assumptions — Nomad has a challenge period where watchers observing the system can flag fraud. This design requires Nomad to only have a single honest verifier assumption (1 of n watchers to correctly verify updates) to ensure security.''
# ''Minimum costs for users — The user only has to pay network gas fees while Nomad takes care of the rest and subsidizes the relaying and processing cost (for all chains except Ethereum) while taking no platform fees.''
# ''Simple user experience — Nomad offers a simple and cost-minimized user experience with additional features for users’ convenience, like the ability to transfer assets across chains to different [[Address|addresses]]."''
===Cons===
===Cons===
==Team, Funding and Partners==
==Team, Funding and Partners==
Line 74: Line 117:
*Full team can be found [here].
*Full team can be found [here].
===Funding===
===Funding===
* Nomad raised [https://blog.nomad.xyz/nomad-raises-22m-seed-round-for-security-first-interoperability-5d6b15c96007 $22 million] in the seed round led by [[Polychain Capital]].
===Partners===
===Partners===


* Works [https://medium.com/momentum6/cross-chain-bridges-explored-929e6b68dcd1 together closely] with [[Optimism (OP)|Optimism]] and [[Connext (NEXT)|Connext]] (4-2022).
* Mentioned as part of the [[Cross Chain Coalition]] ([https://crosschaindev.substack.com/p/cross-chain-weekly-30 15-12-2022]).
*Works [https://medium.com/momentum6/cross-chain-bridges-explored-929e6b68dcd1 together closely] with [[Optimism (OP)|Optimism]] and [[Connext (NEXT)|Connext]] (4-2022).


==(:==
==(:==

Latest revision as of 02:40, 19 December 2022

Nomad is an approach to blockchain interoperability that leverages an optimistic mechanism to increase the security of cross-chain communication.

Basics

  • Based in:
  • Started in / Announced on:
  • Testnet release:
  • Mainnet release:

History

"It is an extended implementation of the Optics Protocol (OPTimistic Interchain Communication), and the team includes many of the same core team members."

Audits & Exploits

"The project completed a Quantstamp audit in June, with issue QSP-19 foreshadowing a similar vulnerability. The auditor’s remarks that “We believe the Nomad team has misunderstood the issue” speak to a worrying attitude towards security that the project docs’ “Long-Term Security” plan appears to confirm. Concerns were also raised around the response time of the team facing a live and public exploit; the team’s official acknowledgement came three hours after the exploit began."

Bugs/Exploits

  • Update: started a KYC process for recovery of assets in the bridge (7-12-2022).
  • From Li.Fi (19-9-2022):

"The team has managed to recover over $37M (20% of the stolen funds) through the tremendous work of whitehat hackers. It’s important to note that the hack does not reflect Nomad’s design as it was an implementation-level issue."

"Nomad just got drained for over $150M [190M according to rekt] in one of the most chaotic hacks that Web3 has ever seen. A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all. You didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it."

Governance

Admin Keys

"Currently, Nomad’s smart contracts are governed by multi-sigs. Either ⅗ or ⅔ signatures are needed to upgrade the contracts.

Updater is the only validator — Nomad’s system relies on the updater to maintain uptime. Nomad has a permissioned Watcher set — meaning that currently, there could be a known cost to attack the system since the watchers are fixed and can be corrupted. However, xApps can overcome this by running their own delegated watchers."

DAO

Treasury

Token

Launch

Token Allocation

Utility

Other Details

Coin Distribution

Technology

Implementations

Transaction Details

How it works

"Nomad introduces a new flavor to the cross-chain industry: optimistically verified bridges that trade latency (or speed) in the design space for security. This is a new tradeoff that could arguably make the interoperability trilemma a quadrilemma.

Here’s how Nomad works at a high level:

  1. Users or dApps post data to the home contract on the source chain, where all the message/data is added and committed to a Merkle tree (message tree).
  2. An off-chain agent called an Updater notarizes or signs the root of the Merkle tree with the data. In the future, the Updaters will have to submit a bonding stake on the source chain, which will get slashed in the event of fraud.
  3. This root is read and forwarded by the Relayer to the destination chain in an “update”, posted to the replica contract.
  4. Once posted, a 30-minute fraud-proof window opens up, during which a Watcher can prove fraud and stop the data from going through.
  5. If no fraud proofs are submitted within the 30-minute window, a Processor submits the Merkle proof of the data in the replica contract on the destination chain."
  • From this bridge blog (21-4-2022):

"Nomad is a design for very cheap cross-chain communication that skips the need for header verification. Nomad draws a lot of inspiration from the Optimism team. Nomad itself is actually an implementation and extension of their Optics protocol (OPTimistic Interchain Communication). But Nomad only has a latency of thirty minutes (rather than an ORU’s one-week fraud-proof window). It works like a notary service. The source chain produces and sends some “documents” (messages), the “notary” (called The Updater) is contracted to sign the documents and is incentivized only to approve valid messages or risk being financially punished and losing their “notary license”. The secret sauce from their docs:

“Nomad creates an authenticated data structure on any home chain, and relays updates to that data structure on any number of replicas. As a result, the home chain and all replicas [[[contracts]] that maintain a queue of pending updates, accepts proofs, and dispatches messages] will agree on the state of the data structure. By embedding data (“messages”) in this data structure we can propagate it between chains with a high degree of confidence.”"

Fees

"The user only has to pay network gas fees while Nomad takes care of the rest and subsidizes the relaying and processing cost (for all chains except Ethereum) while taking no platform fees."

Upgrades

Staking

Validator Stats

Liquidity Mining

Scaling

Interoperability

"As of September 2022, Nomad supports six chains: Ethereum, Moonbeam, Evmos, Milkomeda, Gnosis Chain, and Avalanche."

"Nomad channels and the flagship xApp (cross-chain app), the Nomad token bridge, are live on Ethereum, Moonbeam, and Milkomeda, with more chains coming soon."

Other Details

Oracle Method

Their Other Projects

Roadmap

  • Can be found [Insert link here].

Usage

"The token bridge has only been live for 3 months and has amassed $288m in volume with $47m TVL. Nomad's locked asset distribution is made up of 33.6% $USDC followed by 29.7% $FRAX, which makes up a total of $30M of the current TVL. However, $USDT and $WETH have made a surge in the past couple of days on the Moonbeam side, and $WETH and $WBTC are quite popular bridging over to Milkomeda."

Projects that use or built on it

Competition

Pros and Cons

Pros

  1. "Minimal trust assumptions — Nomad has a challenge period where watchers observing the system can flag fraud. This design requires Nomad to only have a single honest verifier assumption (1 of n watchers to correctly verify updates) to ensure security.
  2. Minimum costs for users — The user only has to pay network gas fees while Nomad takes care of the rest and subsidizes the relaying and processing cost (for all chains except Ethereum) while taking no platform fees.
  3. Simple user experience — Nomad offers a simple and cost-minimized user experience with additional features for users’ convenience, like the ability to transfer assets across chains to different addresses."

Cons

Team, Funding and Partners

Team

  • Full team can be found [here].

Funding

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated:) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31