Critical bug identified and remedied in Circle’s Noble-CCTP
Blockchain security firm Asymmetric Research privately disclosed the vulnerability to Circle, which has since been addressed.
On Aug. 27, Asymmetric Research revealed it identified a critical bug in Circle’s Noble-CCTP, a component of the USDC (USDC) Cross-Chain Transfer Protocol, on the Cosmos network.
According to the Web3 security firm, a malicious actor could have potentially sidestepped the cross-chain transfer protocol’s message sender verification process to mint fake USDC tokens on the Noble bridge.
More specifically, the Noble-CCTP “ReceiveMessage” handler was accepting “BurnMessages” from any sender without first checking that the bridging message was sent from a verified “TokenMessenger” address on the original chain. The security firm outlined the vulnerability in greater detail:
Go to Source
Author: Vince Quill