What Happened

Nomad Bridge (Backtest)

$190M|Smart Contract Exploit|August 1, 2022

A routine upgrade initialized the Merkle root to 0x00, which made every message valid by default. Attackers could copy-paste the first exploit transaction, change the recipient address, and drain funds without any special knowledge.

What Hindenrank Would Have Said

As of July 1, 2022

C-

Risk Score

56/100

“High risk -- novel optimistic verification with single-Updater trust assumption, no timelock on contract upgrades, and team-only Watcher operation, in a year when bridges are the most exploited category in DeFi.”

Mechanism Novelty9/15

Interaction Severity14/20

Oracle Surface5/10

Documentation Quality5/10

Track Record6/15

Scale Exposure5/10

Regulatory Risk4/10

Protocol Vitality8/10

Grade Predicted This Failure

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Documentation Quality, Track Record, Regulatory Risk

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

1.Nomad's optimistic verification relies on at least one honest Watcher detecting fraud within a ~30-minute window. Watchers are currently operated by the Nomad team without on-chain incentives, creating a single-point-of-failure if the team's monitoring infrastructure goes down or misses a fraudulent Updater attestation.
2.Smart contracts use an UpgradeBeacon proxy pattern governed by a single GovernanceRouter with no timelock delay on upgrades. L2BEAT has flagged this as critical: a governance multisig compromise or a buggy upgrade could replace contract logic instantly, putting all $190M in locked assets at risk.
3.The Updater is a single trusted party who signs Merkle root attestations. The Updater's bonded stake is designed to be lower than the value secured because the system relies on fraud prevention rather than economic deterrence. If the fraud proof mechanism fails for any reason, the Updater can attest fraudulent messages with no proportional economic penalty.
4.Bridge contracts hold all locked assets in a single honeypot. As the fourth cross-chain bridge exploit of 2022 (Ronin $600M, Wormhole $320M, Harmony $97M), bridges are the highest-target attack surface in DeFi, and Nomad's $190M TVL makes it an attractive target.

Collapse Scenarios

Upgrade-Induced Merkle Root Verification Bypass

Elevated

Trigger

A routine contract upgrade via the UpgradeBeacon proxy alters the Replica contract's message processing logic, introducing a bug in how Merkle roots are validated such as accepting uninitialized or zero-value roots as valid proofs.

Cascade

GovernanceRouter deploys an upgraded Replica implementation via UpgradeBeacon with no timelock delay→New contract logic goes live instantly on all destination chains without any community review window

The upgrade introduces a flaw in the acceptableRoot() validation function, causing it to return true for message proofs that reference an uninitialized Merkle root→Any message can pass verification on the Replica regardless of whether it was actually sent from the Home chain

An attacker discovers the flaw and constructs a fraudulent bridge message to unlock tokens from the Ethereum bridge contract→First exploit transaction drains tokens from the bridge without triggering Watcher alerts since the message is technically valid under the new logic

Because the attack requires no special access beyond the transaction calldata, other attackers copy-paste the transaction with their own recipient addresses→A chaotic mass drain occurs as hundreds of addresses submit copycat transactions, draining the bridge in hours

All madAssets (madUSDC, madWETH, madDAI) on Moonbeam, Evmos, and Avalanche lose their backing simultaneously→madAsset holders across all destination chains suffer total loss; DeFi protocols using madAssets as collateral experience cascading liquidations

Historical Precedent

Wormhole exploit (February 2022, $320M) exploited a verification bypass in bridge message validation. Ronin exploit (March 2022, $600M) exploited compromised validator keys. Both demonstrate that bridge verification logic is the highest-value attack surface in DeFi.

Watcher Liveness Failure Enables Fraudulent Updater Attestation

Moderate

Trigger

All Nomad-operated Watchers experience simultaneous downtime exceeding the 30-minute optimistic verification window, and the Updater submits a fraudulent Merkle root attestation during the gap.

Cascade

Nomad team-operated Watcher infrastructure goes offline for more than 30 minutes due to cloud provider outage or deployment failure→No entity is monitoring the Home contract for fraudulent Updater attestations during the outage window

The Updater (compromised or malicious) signs a fraudulent Merkle root that includes fabricated bridge messages→The fraudulent root is posted to the Home contract and relayed to Replica contracts on all destination chains

The 30-minute optimistic timeout expires without any Watcher submitting a fraud proof→The fraudulent root is accepted as valid on all Replica contracts

Attacker processes the fraudulent messages to unlock all locked tokens from the Ethereum bridge contract→Bridge is drained; Updater bond is slashed but covers only a fraction of the $190M loss

madAssets on all destination chains lose backing→Cascading failures across Moonbeam and Evmos ecosystems as all Nomad-wrapped tokens become worthless

Historical Precedent

Harmony Horizon bridge exploit (June 2022, $97M) exploited compromised keys in a small validator set. Both share the vulnerability of concentrating trust in a small number of parties operated by the team.

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View Leaderboard All Backtests