Critical Bug in Circle's Noble-CCTP Exposes Vulnerability, Promptly Resolved by Circle

Aug 27, 2024

Critical Bug in Circle's Noble-CCTP Exposes Vulnerability, Promptly Resolved by Circle
Critical Bug in Circle's Noble-CCTP Exposes Vulnerability, Promptly Resolved by Circle
Critical Bug in Circle's Noble-CCTP Exposes Vulnerability, Promptly Resolved by Circle

A critical vulnerability was recently identified in Circle's Noble-CCTP, a component of the USDC Cross-Chain Transfer Protocol on the Cosmos network. Disclosed by Asymmetric Research, the bug could have allowed malicious actors to bypass the sender verification process, enabling the minting of fake USDC tokens on the Noble bridge. Specifically, the protocol's "ReceiveMessage" handler was accepting messages from any sender without verifying the origin, posing a security risk. Fortunately, Circle quickly addressed the issue, and no funds were lost as a result of the vulnerability. This incident highlights the ongoing challenges in securing cross-chain protocols, particularly in light of similar vulnerabilities, such as the one found in Wormhole on the Aptos network in 2024.