Circle Fixes Noble-CCTP Critical Vulnerability Without Loss of User Funds or Malicious Attacks
Blockchain security firm Asymmetric Research has disclosed that it discovered a critical vulnerability in Circle's Noble-CCTP, a component of the USDC USDC cross-chain transport protocol, on the Cosmos network and has privately notified Circle of the vulnerability, which was promptly remedied with no loss of user funds or malicious attacks.
The security firm discovered that malicious actors could bypass the message sender verification process of this cross-chain transport protocol and spoof USDC on the Noble bridge. more specifically, without first checking that the bridge message was being sent from a verified “TokenMessenger” address on the initial chain, the Noble-CCTP bridge could be spoofed. The Noble-CCTP “ReceiveMessage” handler accepts “BurnMessages” from any sender.
However, while the vulnerability initially appeared to be an unlimited minting flaw, the actual impact was limited due to Noble's minting limit of approximately 35 million USDC.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Current mainstream CEX and DEX funding rates indicate that the market remains bearish
Trending news
MoreData: In the past 24 hours, total liquidations across the network reached $143 million, with long positions liquidated for $84.3764 million and short positions liquidated for $58.4925 million.
Strategy CEO: Will only consider selling bitcoin if the stock price falls below net asset value and new funds cannot be obtained
Crypto prices
More
