Analysis: Nomad attackers use the contract process function to extract

[Analysis: Nomad attackers use contract process function to extract] Jinjin Finance News, at noon on August 2, Beijing time, public opinion monitoring of Chengdu Lianan Chain Bing-Blockchain Security Situational Awareness Platform showed that the cross-chain communication protocol Nomad was attacked , Chengdu Lianan security team will now share the analysis results as follows. Through the transfer transactions of the attacked contract (0x88a69b4e698a4b090df6cf5bd7b2d47325ad30a3), we can see that many addresses have been attacked. By finding a related transaction, we can see that the attacker used the process function in the contract (0xb36f6479b1aa5582ce862bfb6eb94591e1b0e0b977188c2e8ca85699efcd6183) to extract.

In the process function, you can see that the contract has judged _messageHash, and when the input messages[_messageHash] is 0x000000...., it is equivalent to any unused hash and can be judged to pass. Then follow up the acceptableRoot function, because _root is set to zero (x000000....), and confirmAt[_root] is equal to 1, resulting in a constant judgment and the attacker can withdraw funds. The Chengdu Lianan Lianbizhui platform will monitor the stolen funds in real time.

Other news:

Institutional analysis: WTI crude oil option long trading is active, indicating that it may continue to rise above $80: According to news on October 8, after the price of U.S. crude oil futures reached $80 a barrel, the oil options market showed that traders were hedging the risk of further price rises. On Friday, call premiums exceeded put premiums for the first time since October 2019. WTI oil prices hit a near seven-year high of $80 a barrel this week, but traders worry that higher natural gas prices will lead to a surge in demand for oil, while OPEC+ refrains from increasing output. ICAP energy expert Scott Shelton said severe winter weather "increases the potential for an upside burst in this market, and this skew (skew) will continue for several months." (Golden Ten) [2021/10/9 5:48:30]

Institutional analysis: Bitcoin's decline may signal a pause in bond selling: Bitcoin is about to suffer its largest two-day drop in a month, which may be a harbinger of a pause in bond selling that has panicked the market. Both cryptocurrencies and bond yields are surging for the same reason, expectations of massive stimulus. Based on market value, bitcoin yields are largely in sync with 10-year government bond yields in countries like the UK, Canada, Germany and the US. The bond sell-off in Asia is even showing signs of easing. It should be noted that this theory does not apply to oil prices. Bitcoin and oil prices also tend to move in tandem, but the cryptocurrency's ups and downs haven't had much of an impact on oil prices so far. (Golden Ten) [2021/2/23 17:43:36]

Analysis | coindesk analysis: Bitcoin has continued to fall for six months or will fall to $3,100: According to coindesk analysis, Bitcoin fell for the sixth consecutive month in January, enhancing the credibility of the bearish. Therefore, Bitcoin may retest the December low around $3,100. If strong support is found from the 200-week moving average at $3,298 and eventually pushes the price to $3,658, a sustained rally to $4,000 is possible. [2019/2/1]