Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

USDC is one of the biggest assets in crypto by usage and TVL. Circle, the owners of USDC, created the protocol Cross Chain Transfer Protocol (CCTP). Although this is a general message passing protocol, the biggest use case is for transferring tokens (main USDC) to other chains that Circle built on top of CCTP. There is an EVM, Solana and Cosmos implementation of this on Noble.

On Noble, it is simply a Cosmos SDK module instead of a smart contract. Like most bridges, this works by emitting an event, having some off-chain entity attest to it and then minting the asset on the other chain. The token bridge works with an allowlisted set of sibling contracts that are owned by Circle. The message must be valid and come from the proper contract address in order to be considered legitimate.

When building protocols on top of each other, there are different security guarantees. CCTP validates that a cross chain message was sent on the other chain. On top of this for the token bridge, there are other things that need to be checked though. Crucially, the sibling check was missing on Noble.

This means that an attacker could call CCTP with a BurnMessage call from their contract and have it handled by the Noble module properly for USDC token minting. If the sibling was properly checked, this wouldn't have been possible though.

Great find by my co-worker! Sometimes picking on the lesser known/used implementation is the game plan. The Solana and Ethereum implementations are solid but this one went through the cracks.