Search

Search for projects by name

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

SummaryValue LockedMilestones & IncidentsRisk summaryTechnologyPermissionsSmart contracts

Nomad logoNomad

This project is archived.
The Nomad token bridge contract has recently been exploited and currently is not operational.

About

Nomad is a general messaging bridge that uses optimistic verification to validate cross-chain bridging transactions.

  • Total value locked
  • Destination
    Various
  • Validated by
    Third Party
  • Type
    Token Bridge

    • About

    Nomad is a general messaging bridge that uses optimistic verification to validate cross-chain bridging transactions.

    Value Locked
    Milestones & Incidents

    Contracts hacked for $190M

    2022 Aug 2nd

    Learn more
    Risk summary
    The Nomad token bridge contract has recently been exploited and currently is not operational.

    Users can be censored if

    1. updater fails to attest messages and governance does not change the Updater.
    Technology

    Principle of operation

    Nomad Bridge is a Token Bridge with ability to facilitate fast transfers via additional LP-provided liquidity. For deposits, it locks tokens in the escrow contracts on Ethereum and mints a “representation token” on the destination network. When bridging back to Ethereum tokens are burned and then released from the escrow on Ethereum.

    Third Party

    Messages on the source (home) chain are periodically signed by Updater. Updater cannot censor messages and if it refuses to attest them, it can be changed by the governance. Once message batch is attested, it is relayed to the destination (replica) by the permissionless Relayers. After the 30m fraud proof window messages can be delivered to the destination contract. During the fraud proof window, if malicious Updater tries to relay invalid message batch, anyone can submit a fraud proof to the source (home) chain slashing Updater and stopping home contract. On the destination messages cannot be stopped, so receiving contracts have to be independently notified to not process messages. Currently this mechanism is not implemented.

    • Users can be censored if updater fails to attest messages and governance does not change the Updater.

    • Funds can be stolen if updater manages to relay a fraudulent message batch.

    • Funds can be stolen if destination contract does not block receiving fraudulent messages.

    Destination tokens are upgradeable

    Note: This section requires more research and might not present accurate information.

    Tokens transferred end up as “representation tokens” some of them may be upgradable.

    • Funds can be stolen if destination token contract is maliciously upgraded.

    Permissions

    The system uses the following set of permissioned addresses:

    Governor 0x9327…f68A

    This is a Gnosis Safe with 3 / 5 threshold. Manages Optics V1 bridge components via GovernanceRouter contract.

    Governor participants (5) 0x8386…046e0x2527…733F0xab06…16e50xC69b…627e0x9bdD…25f3

    Those are the participants of the Governor.

    RecoveryManager 0xda2f…986A

    This is a Gnosis Safe with 2 / 3 threshold. Manages Optics V1 bridge recovery via GovernanceRouter contract.

    RecoveryManager participants (3) 0xea24…998A0xDE9c…59E40xCc20…d21d

    Those are the participants of the RecoveryManager.

    Updater 0xa728…87E4

    Permissioned account that can update message roots.

    XAppConnectionManager Watchers (5) 0x9782…883E0x06D8…c7150xcE94…99600x499B…B68f0x9E8e…F98D

    Watchers can unenroll, i.e. stop receiving messages, from a given Replica.

    Smart contracts

    The system consists of the following smart contracts on the host chain (Ethereum):

    HomeBeaconProxy 0x92d3…F4c8Implementation (Upgradable)Admin

    Optics Home. This contract is used to send x-chain messages, such as deposit requests. Messages are regularly signed by the Updater.

    ReplicaBeaconProxy 0x049b…20EFImplementation (Upgradable)Admin

    Optics Replica. This contract is used to receive x-chain messages, such as withdrawal requests, from Relayers.

    BridgeRouterBeaconProxy 0x88A6…30A3Implementation (Upgradable)Admin

    Optics Governance Router. Manages all Optics components. This contract can store any token.

    XAppConnectionManager 0xFe88…3B2F

    Contract managing list of connections to other chains (domains) and list of watchers.

    GovernanceRouterBeaconProxy 0x3009…777aImplementation (Upgradable)Admin

    Optics Governance Router. Manages all Optics components.

    UpdaterManager 0x9272…f715

    Contract allowing Home to slash Updater. Currently does nothing, intended for future functionality.

    UpgradeBeaconController 0xdB37…fD7e

    Contract managing Beacons.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).