bin2chen

And we finalized! Happy merge all. This is a big moment for the Ethereum ecosystem. Everyone who helped make the merge happen should feel very proud today.

1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇

至于为什么黑客可以初始化已经initialised的合约，初步推测是proxy合约里的自定义的address private proxyAdmin碰撞了initialized或者initializing这两个变量，导致 modifier initializer() 能够通过。

我把initialized和initialized两个变量打了个日志，有proxyAdmin变量的proxy合约，其initialized和initializing在初始时就有问题。没有这个变量的则没问题。黑客利用了这点进行了攻击。至于他怎么知道的这点还不清楚，毕竟原合约这俩都是private变量，也没有日志。

Java这种垃圾语言没有被时代淘汰是web2最大的遗憾，如果更垃圾的solidity能活到十年以后，那么它就是web3最大的耻辱