ChainCatcher news reports that the blockchain security company Asymmetric Research has disclosed a critical vulnerability in Circle's Noble-CCTP (a component of the USDC cross-chain transfer protocol) found on the Cosmos network, and has privately notified Circle. The vulnerability has been promptly fixed, with no loss of user funds or malicious attacks occurring.The security company discovered that malicious actors could bypass the sender verification process of the cross-chain transfer protocol and forge USDC on the Noble bridge. More specifically, the "ReceiveMessage" handler of Noble-CCTP accepts "BurnMessages" from any sender without first verifying that the bridging message was sent from the validated "TokenMessenger" address on the original chain.However, although the vulnerability initially appeared to be an infinite minting flaw, the actual impact is limited due to Noble's minting cap of approximately 35 million USDC.