1. Home
  2. Circle
  3. Critical bug identified and remedied in Circle’s Noble-CCTP
Critical bug identified and remedied in Circle’s Noble-CCTP

Critical bug identified and remedied in Circle’s Noble-CCTP

0

Source: Coin Telegraph

Blockchain security firm Asymmetric Research privately disclosed the vulnerability to Circle, which has since been addressed.

On Aug. 27, Asymmetric Research revealed it identified a critical bug in Circle’s Noble-CCTP, a component of the USDC (USDC) Cross-Chain Transfer Protocol, on the Cosmos network.

According to the Web3 security firm, a malicious actor could have potentially sidestepped the cross-chain transfer protocol’s message sender verification process to mint fake USDC tokens on the Noble bridge.

More specifically, the Noble-CCTP “ReceiveMessage” handler was accepting “BurnMessages” from any sender without first checking that the bridging message was sent from a verified “TokenMessenger” address on the original chain. The security firm outlined the vulnerability in greater detail:

Read more

Go to Source
Author: Vince Quill