Full Report
USDC is one of the biggest assets in crypto by usage and TVL. Circle, the owners of USDC, created the protocol Cross Chain Transfer Protocol (CCTP). Although this is a general message passing protocol, the biggest use case is for transferring tokens (main USDC) to other chains that Circle built on top of CCTP. There is an EVM, Solana and Cosmos implementation of this on Noble. On Noble, it is simply a Cosmos SDK module instead of a smart contract. Like most bridges, this works by emitting an event, having some off-chain entity attest to it and then minting the asset on the other chain. The token bridge works with an allowlisted set of sibling contracts that are owned by Circle. The message must be valid and come from the proper contract address in order to be considered legitimate. When building protocols on top of each other, there are different security guarantees. CCTP validates that a cross chain message was sent on the other chain. On top of this for the token bridge, there are other things that need to be checked though. Crucially, the sibling check was missing on Noble. This means that an attacker could call CCTP with a BurnMessage call from their contract and have it handled by the Noble module properly for USDC token minting. If the sibling was properly checked, this wouldn't have been possible though. Great find by my co-worker! Sometimes picking on the lesser known/used implementation is the game plan. The Solana and Ethereum implementations are solid but this one went through the cracks.
Analysis Summary
# Vulnerability: Circle CCTP Noble Minting Sibling Verification Bypass
## CVE Details
- CVE ID: Not assigned (Privately disclosed via bug bounty)
- CVSS Score: Estimated 9.1 - 10.0 (Critical)
- CWE: CWE-285: Improper Authorization / CWE-345: Insufficient Verification of Data Authenticity
## Affected Systems
- Products: Circle Noble-CCTP (Cosmos SDK Module)
- Versions: Versions prior to the August 2024 patch
- Configurations: Specifically the Cosmos SDK implementation on the Noble chain; Solana and EVM implementations were not affected.
## Vulnerability Description
The vulnerability existed in the `noble-cctp` module, which handles the Cross-Chain Transfer Protocol (CCTP) on the Noble Cosmos app chain. Unlike EVM or Solana implementations that use smart contracts, Noble uses a built-in module.
The flaw was a missing "sibling" check during the message handling process. While CCTP successfully validated that a message was legitimate and signed by Circle's off-chain attestation service, the Noble module failed to verify the **source sender address** of the message. In a secure bridge transaction, the destination chain must verify that the burn message originated from an authorized "sibling" TokenMessenger contract on the source chain. Because this check was absent, an attacker could use their own unprivileged contract on a source chain (like Ethereum) to call the CCTP `sendMessage()` function with a crafted `BurnMessage`. The Noble module would then process this as a valid minting instruction, effectively allowing the creation of "fake" USDC on Noble.
## Exploitation
- Status: No exploitation in the wild (PoC confirmed by researchers)
- Complexity: Medium (Requires crafting a CCTP message and obtaining an attestation for a custom contract)
- Attack Vector: Network
## Impact
- Confidentiality: None
- Integrity: Critical (Potential for infinite minting of USDC tokens)
- Availability: High (Potential for economic collapse of the asset on the Noble chain)
## Remediation
### Patches
- Circle has patched the `noble-cctp` module. Users and node operators on Noble should ensure they are running the latest version of the Noble chain software as released following the disclosure in August 2024.
- Original Repository: hxxps://github[.]com/circlefin/noble-cctp
### Workarounds
- No manual workarounds provided; the fix requires a protocol-level update to the Noble Cosmos module to enforce sibling validation.
## Detection
- Indicators of compromise: Discrepancies between `Burn` events on source chains (EVM/Solana) and `Mint` events on Noble that do not originate from authorized Circle TokenMessenger addresses.
- Detection methods: Auditing CCTP `ReceiveMessage` logs for sender addresses that do not match the official Circle deployment registry.
## References
- Asymmetric Research Blog: hxxps://blog[.]asymmetric[.]re/circles-cctp-noble-mint-bug/
- Circle CCTP Documentation: hxxps://developers[.]circle[.]com/stablecoins/docs/cctp-technical-overview
- Noble Network: hxxps://www[.]noble[.]xyz/