Circle Fixes Noble-CCTP Critical Vulnerability Without Loss of User Funds or Malicious Attacks
Blockchain security firm Asymmetric Research has disclosed that it discovered a critical vulnerability in Circle's Noble-CCTP, a component of the USDC USDC cross-chain transport protocol, on the Cosmos network and has privately notified Circle of the vulnerability, which was promptly remedied with no loss of user funds or malicious attacks.
The security firm discovered that malicious actors could bypass the message sender verification process of this cross-chain transport protocol and spoof USDC on the Noble bridge. more specifically, without first checking that the bridge message was being sent from a verified “TokenMessenger” address on the initial chain, the Noble-CCTP bridge could be spoofed. The Noble-CCTP “ReceiveMessage” handler accepts “BurnMessages” from any sender.
However, while the vulnerability initially appeared to be an unlimited minting flaw, the actual impact was limited due to Noble's minting limit of approximately 35 million USDC.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
The Avalanche Foundation will launch the infraBUIDL (AI) program
Two whales borrowed 45,800 ETH from Aave in nearly 10 hours and then transferred it into CEX
Trending news
MoreCrypto prices
More
