-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
> tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all
From this explainer:
> It’s [Nomad is] built to address security first The Nomad team has been building secure bridges as a team for 4+ years and has studied the pitfalls of multi-sig and validator-based bridges.
https://medium.com/imperator-guide/nomad-a-cross-chain-inter...
Assuming this is true, and assuming the team is not incompetent or composed of the typical grifters, perhaps it's time to draw the inevitable conclusion. No amount of experience is sufficient to safeguard an Ethereum protocol of any interesting complexity.
It's a reasonable question to ask, WTF is Nomad for? After all, isn't Ethereum supposed to be the World Computer, Turing complete and ready for any task? Nope. Never was.
I think a good chunk of the answer can be found on the home page:
> Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.
https://www.nomad.xyz
That world computer is bogged down. The proliferation of chains is the response. Each one is less secure than the parent. Stuff like Nomad is the "connective tissue" to get the various organs of this science project talking to each other.
Dive deeply enough down and you find the root of it all: everybody wants to make the next Bitcoin, Ethereum, and so on. With each turn of the crank a new crop of Barnums springs up to take the money of an unending supply of digital rubes.
if you enjoy obfuscated c, we have this https://underhanded.soliditylang.org/
This is untested on ETH PoS and could result in a significant loss in value for ETH holders. Not only that, but it gets even more complicated with stablecoins that are on ETH. What makes all of this quite interesting is the exchanges who get to decide which USDC on ETH they sell to you. Likely a big reason why exchanges, like Coinbase, are some of the largest ETH stakers.
[1] https://github.com/stickfigure/blog/wiki/Proof-Of-Stake-Wear...
If you want more details you can always read the Gasper paper[1], the spec[2], or client code.
It is complex to somebody not familiar with consensus and blockchain execution, but you might say that about any modern engineering. PoW is undoubtedly simpler but also exponentially more environmentally destructive.
[1] https://arxiv.org/abs/2003.03052
[2] https://github.com/ethereum/consensus-specs/blob/dev/specs/p...