Scores/Circle CCTP

Circle CCTP

TEMPERED

Bridge · Multi-chain · N/A (burn-and-mint) TVL · 3 contracts

Official site: www.circle.com/cross-chain-transfer-protocol ↗

680

3004756508251000

Confidence76%

Z-Factor0.78

Updated 2026-06-01Public score

Security Profile

Access Control
48

Economic Soundness
78

Oracle Integrity
55

Compositional Risk
60

Governance
40

Maturity
72

Resilience
68

Supply Chain
84

Cross-Chain Messaging
50

Cascade Exposure
60

Access Ctrl
48

Economic
78

Oracle
55

Compos.
60

Govern.
40

Maturity
72

Resilience
68

Supply Ch.
84

X-Chain
50

Cascade
60

Min

Avg

Max

Audit History

ChainSecurity (CCTP V2)

2025-03Report

ChainSecurity (CCTP V1 / EVM Bridge)

2023-04Report

Bug Bounty Program

$5,000

Max payout on HackerOne

View Program

Assessment

CCTP bridge re-scope = 702 TEMPERED, just below the USDC issuer (733). The dominant surface (D10=50, weight 0.17) is the off-chain 2-of-2 attestation trust model — strengthened materially vs the prior combined baseline once the live signatureThreshold=2 was read on-chain (the old baseline assumed threshold=1). Burn-and-mint conserves supply (D2=78, no TVL). Centralization (single operator, unilateral attester/threshold control, instant upgradeable proxy, $5k bounty cap) holds D1=48/D5=40 down. Younger and more complex than the issuer (D6=72, V2 ~15 months) with ChainSecurity 'high' coverage (D7=68). Confidence 76: every role/threshold/attester read on-chain, ChainSecurity V2 audit cited; only D7 (light pass, no full Mode-B) and D12 (analyst judgment) remain soft.

Dimension Breakdown

Methodology

12 dimensions · Updated 2026-06-01

Additional Dimensions

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Cross-Chain Messaging

50+50.3 potential

Live config (confirmed on-chain, both V1 and V2): signatureThreshold=2 with 2 enabled attesters — TWO Circle keys must sign every mint; a single key compromise is insufficient (the key mitigation, and the reason this is 50 rather than lower)

Access Control

48+50.1 potential

Modifiers: onlyOwner, onlyAttesterManager, onlyTokenController, whenNotPaused; attester enable/disable and threshold changes are unilateral by attesterManager with no delay

Governance & Upgradeability

40+34.5 potential

Bug-bounty governance signal: Circle BBP (HackerOne, public mode) caps the CRITICAL payout at $5,000 (min $150); circlefin/evm-cctp-contracts IS a bounty-eligible smart-contract asset — a weak incentive relative to a bridge that can mint native USDC on dozens of chains

Oracle Integrity

55+32.5 potential

Centralized attestor remains a TRUST assumption, not a cryptographic safety guarantee: if 2 attester keys are compromised or the service signs a malicious message, unbacked USDC is minted on the destination chain

Adversarial Resilience

68+15.8 potential

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2023-04-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "circle-cctp"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("circle-cctp")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/circle-cctp?variant=card&theme=dark"
  title="BlackHart Risk Index: Circle CCTP"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review