Nomad Docs
  • Nomad 101
    • Funds Recovery
    • Introduction
    • Our Mission
    • Getting Started
  • The Nomad Protocol
    • Overview
    • Cross-chain Messaging
      • Lifecycle of a Message
    • Verification Mechanisms
      • Background on Verification
      • Native Verification
      • External Verification
      • Optimistic Verification
      • Comparing Mechanisms
    • Security
      • Root of Trust
        • Fraud
          • Optimistic Timeout Period
          • Fraud Recovery
        • App-Governed Root of Trust
        • Liveness Assumptions
      • Attack Vectors
        • Key Compromise
        • Economic Attacks
        • Smart Contract Bugs
      • Long-Term Security
        • Permissionless Watchers
        • Financial Controls
        • Cross-Domain MEV
    • Smart Contracts
      • Home
      • Replica
      • XAppConnectionManager
    • Off-chain Agents
      • Updater
      • Watchers
      • Relayer
      • Processor
  • Token Bridge
    • Overview
    • How to Bridge
      • Using Etherscan
      • Nomad Bridge App
      • Testnet Bridge App
    • Asset Issuers
      • Custom Representations
    • Deployed Tokens
      • Mainnet
      • Testnet
    • Smart Contracts
      • BridgeRouter
      • TokenRegistry
      • BridgeToken
      • BridgeMessage
    • Architecture
    • FAQ
  • Governance Bridge
    • Overview
    • Zodiac: Nomad Module
    • Smart Contracts
      • NomadModule
    • Architecture
  • Developers
    • Quickstart
      • Send Messages
      • Receive Messages
    • Environments
      • Domain (Chain) IDs
    • Application Developers
      • Building xApps
      • SDK
        • Contracts SDK
        • Typescript SDK
      • Examples
        • Ping Pong
        • Example Bridge GUI
        • xApp Example
      • Advanced
        • Router Pattern
    • Node Operators
      • Running Agents Guide
        • Troubleshooting
      • Running a Watcher
      • Agent Operations
      • Agent Gas Values
      • The Keymaster
    • Core Developers
      • Upgrade Setup
      • Deploying Contracts
        • Development
        • Production
  • Operational Security
    • Audits
    • Bug Bounty
    • Governance
    • Contracts
    • Agent Operations
  • Resources
    • Awesome Interoperability
    • Brand Kit
    • FAQ
    • Glossary
    • GitHub
    • Discord
    • Twitter
    • Website
Powered by GitBook
On this page
  1. The Nomad Protocol

Security

PreviousComparing MechanismsNextRoot of Trust

Last updated 2 years ago

Pre-requisite Reading

The following material assumes an understanding of how cross-chain communication works and specifically how messages are verified.

If you are not familiar with these concepts, it is highly recommended that you read the section on before jumping into this section, which covers security in detail.

Security is paramount for Nomad. As described in the section on , Nomad's design philosophy centers around trust-minimization and a bias towards safety, which are core components of security when it comes to addressing.

This section will cover the three following topics:

  1. Our goal with Nomad is to create cross-chain communication that is resilient against critical attack vectors. Accordingly, this topic will cover the advanced aspects of Nomad's verification mechanism design, including fraud prevention, app-specific design, and liveness assumptions.

  2. This section will cover the common attack vectors used to compromise interoperability protocols, including compromising keys, economic attacks, and smart contract vulnerabilities unrelated to a compromised root-of-trust.

  3. We believe that for crypto to take on the responsibility of onboarding the world's users and becoming the primary rails for finance, we need to think long-term. This means considering financial controls and other common security measures taken in traditional finance. This section is more exploratory in nature.

Note that this Security documentation primarily focuses on protocol security and Nomad's design. To learn more details about Nomad's operational security, check out the section.

Verification Mechanisms
Optimistic Verification
Nomad's Root of Trust
Attack Vectors
Long-term Security
Operational Security
root of trust insecurity