It is important to note that the faulty logic appeared in the commit https://github.com/nomad-xyz/m..., which was not part of the Quantstamp audit.

需要注意的是，提交中出现了错误的逻辑 https://github.com/ nomad-xyz/m...，这不是 Quantstamp 审计的一部分。

Furthermore, confirmAt for 0x0 is set to 1 in the same transaction. This made it an acceptable root.

此外，在同一事务中将 0x0 的 confirmAt 设置为 1。这使它成为一个可接受的根。

For any message that was not included in the state ever, method process() would ask if the root 0x0…0 is acceptable, which now is the case. Consequently, every such message was considered valid and handled. https://t.co/yhjpMxsJSI

对于从未包含在状态中的任何消息，方法 process() 会询问根 0x0…0 是否可以接受，现在就是这种情况。因此，每个这样的消息都被认为是有效的并得到处理。 https://t.co/yhjpMxsJSI

The function acceptableRoot() does not handle messages with root 0x0 explicitly, so in line 263, the mapping confirmAt returns the value 1 which is the assigned to _time. It returns 1 because of how confirmAt is set to 1 for 0x0.

函数acceptableRoot() 不会显式处理根为0x0 的消息，因此在第263 行，映射confirmAt 返回值1，该值分配给_time。它返回 1 是因为 confirmAt 如何为 0x0 设置为 1。

Furthermore, acceptableRoot() passes the final check for block.timestamp.

此外，acceptableRoot() 通过了对 block.timestamp 的最终检查。

The root 0x0…0 was set to confirmed during an upgrade of the contract in transaction:
https://etherscan.io/tx/0x53fd...

在交易合约升级期间，根 0x0…0 被设置为已确认：
https://etherscan.io/tx/0x53fd...

The smart contract Replica.sol contains a function process() that is responsible for handling messages.
The function is public and can be called by anyone.

智能合约 Replica.sol 包含一个负责处理消息的函数 process()。
该函数是公开的，任何人都可以调用。

Before handling the message, the function process() needs to check that the message was previously included in some Merkle tree state root which would be acceptable.
Acceptable state roots are those that were previously proven, or have been stamped as confirmed.

在处理消息之前，函数 process() 需要检查消息之前是否包含在某个可接受的 Merkle 树状态根中。
可接受的状态根源是那些先前已被证明或已被标记为已确认的状态。

A message that hasn’t been previously proven would be returned from the mapping messages as 0x0, which would then be passed to the function acceptableRoot().

先前未证明的消息将从映射消息中返回为 0x0，然后将其传递给函数可接受的Root()。

LEGACY_STATUS_PROVEN, LEGACY_STATUS_PROCESSED, and LEGACY_STATUS_NONE were the newly introduced constants in commit 46d145, which was not part of the audit. The acceptableRoot public function only handled 2 constants. This exploit could have been prevented with more testing. https://t.co/Xk8DQK1Y2Q

LEGACY_STATUS_PROVEN、LEGACY_STATUS_PROCESSED 和 LEGACY_STATUS_NONE 是提交 46d145 中新引入的常量，这不是审计的一部分。可接受的根公共函数只处理 2 个常量。通过更多的测试可以防止这种利用。 https://t.co/Xk8DQK1Y2Q

A more detailed explanation of the exploit follows:

该漏洞利用的更详细解释如下：

During the Nomad audit, we identified 40 issues, including QSP-19, 21, and 23 which are issues around input validation and edge cases.
See the full audit report: https://certificate.quantstamp...

在 Nomad 审计期间，我们发现了 40 个问题，包括 QSP-19、21 和 23，它们是围绕输入验证和边缘案例的问题。
查看完整的审计报告：https://certificate.quantstamp...

Audits are a snapshot of the code at a given moment in time. It’s important to get new code audited, or in the absence of auditing new additions, to do extensive testing around new features.

审计是给定时刻的代码快照。重要的是要审核新代码，或者在没有审核新添加的情况下，围绕新功能进行广泛的测试。

Our team has investigated the Nomad incident and here’s a summary of what we found 👇

我们的团队已经调查了 Nomad 事件，这里是我们发现的摘要👇

The exact bug that led to the exploit was in commit 46d145, which introduced new logic that was not part of the audit. https://t.co/k00MY1sg1U

导致漏洞利用的确切错误在提交 46d145 中，它引入了不属于审计的新逻辑。 https://t.co/k00MY1sg1U

RT: ❓How to audit.
Yesterday, @banescusebi, manager of @Quantstamp Germany, held an Exclusive Talents Workshop about Smart Contract #Auditing.
Our talents were very interested and could learn a lot from the leader in #Blockchain Security.
Check them out: https://quantstamp.com/

转发：❓如何审计。
昨天，@Quantstamp德国公司经理@banescusebi举办了一场关于智能合约审计的独家人才研讨会。
我们的人才非常感兴趣，可以从区块链安全领域的领导者那里学到很多东西。
请查看：https://quantstamp.com/

RT: @banescusebi and @iamdonho pitched Chainproof at #EthVC (collocated with @EthCC) last week. We got an amazing response from so many people who have reached out to us since 🚀
The event was excellently organized by @KaikoData and we thank them for having us 🙏 https://t.co/EMopMIafAA

转发：@banescusebi和@iamdonho上周在#EthVC（与@EthCC并置）投出了Chainproof。从那以后，我们得到了很多人的热烈响应🚀
活动由@KaikoData出色组织，我们感谢他们邀请我们参加🙏 https://t.co/EMopMIafAA

RT: It’s time, NFT curators + fans.
RARA’s Social Curation Protocol for NFTs is launching on Saturday, July 23rd with an exclusive alpha for our most loyal community members.
Welcome frens to the 🌞 Summer of RA! https://t.co/iPY7jCl2l5

RT：是时候了，NFT策展人+粉丝。
RARA的NFT社会策展协议将于7月23日（周六）推出，为我们最忠诚的社区成员提供独家alpha服务。
欢迎法国人来到🌞 RA的夏天！https://t.co/iPY7jCl2l5

RT: Thank you @lisasterb for joining @sabsnft & Tyler on
@CuratedNFTShow.
Lisa is the producer of @stonercatstv & partnered with
Mila Kunis on Orchard Farm Productions.
We talked how NFTs are helping Hollywood creatives & ways to leverage the technology.
https://www.youtube.com/watch?... https://t.co/rgzrDhoIeB

RT：感谢@lisasterb加入@sabsnft&；Tyler打开
@策展NFTShow。
Lisa是@stonercatstv&；与合作伙伴
Mila Kunis谈果园农场生产。
我们讨论了NFT是如何帮助好莱坞创意人士的；利用该技术的方法。
https://www.youtube.com/watch?... https://t.co/rgzrDhoIeB

RT: On June 8th, 2022 RARA's protocol received a Security Assessment Certificate from Quantstamp.
This assessment covered rara-protocol repo at commit a4a2474 - which excluded the integration of the RoyaltyRegistry.
For more info, read the assessment.
https://twitter.com/Quantstamp...

转发：2022年6月8日，RARA的协议收到了Quantstamp的安全评估证书。
该评估涵盖了提交a4a2474时的rara协议回购，其中不包括RoyaltyRegistry的整合。
有关更多信息，请阅读评估。
https://twitter.com/Quantstamp...