Circle fixed a critical vulnerability in Noble-CCTP, with no loss of user funds or malicious attacks occurring

2024-08-28 14:59:01

Collection

ChainCatcher news reports that the blockchain security company Asymmetric Research has disclosed a critical vulnerability in Circle's Noble-CCTP (a component of the USDC cross-chain transfer protocol) found on the Cosmos network, and has privately notified Circle. The vulnerability has been promptly fixed, with no loss of user funds or malicious attacks occurring.

The security company discovered that malicious actors could bypass the sender verification process of the cross-chain transfer protocol and forge USDC on the Noble bridge. More specifically, the "ReceiveMessage" handler of Noble-CCTP accepts "BurnMessages" from any sender without first verifying that the bridging message was sent from the validated "TokenMessenger" address on the original chain.

However, although the vulnerability initially appeared to be an infinite minting flaw, the actual impact is limited due to Noble's minting cap of approximately 35 million USDC.

(Source Link)

Related tags

Circle vulnerability fix

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.