BlackHartBlackHart
Scores/Circle CCTP/Provenance/Cross-Chain Messaging
D10

Cross-Chain Messaging

Conditional: bridge trust model, sequencer risk, fraud proof maturity, cross-chain replay risk.

Weight conditional82% confidence
50
Concerning
info

How This Score Is Built

Conditional: bridge trust model, sequencer risk, fraud proof maturity, cross-chain replay risk.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
680
Current BRI
D10Cross-Chain Messaging
Weight 17%
50
(50/100)^0.17 = 0.8888
Contributing Factors
+17DOMINANT dimension for this product. CCTP cross-chain mint depends on Circle's OFF-CHAIN attestation service — a liveness AND integrity single-point-of-trust; a forged/erroneous attestation mints native USDC on the destination chain
+17Replay protection: usedNonces / message-hash tracking prevents re-execution; per-message burn limit and maxMessageBodySize bound blast radius; pauser can halt the transmitter (paused=false at read time)
+17Comparable to other federated/attestation bridges; the 2-of-2 live threshold and replay/burn-limit defenses keep it mid-band rather than low
-50Live config (confirmed on-chain, both V1 and V2): signatureThreshold=2 with 2 enabled attesters — TWO Circle keys must sign every mint; a single key compromise is insufficient (the key mitigation, and the reason this is 50 rather than lower)
0Residual: the 2-of-2 attester set is operated by one entity (Circle) — correlated key risk; attesterManager can change the set/threshold unilaterally with no timelock; the upgradeable proxy is another instant-control lever
Evidence Sources
blackhart_analysisMay 30sha256:4bfec1bd63c0....

Score Composition

-50

Live config (confirmed on-chain, both V1 and V2): signatureThreshold=2 with 2 enabled attesters — TWO Circle keys must sign every mint; a single key compromise is insufficient (the key mitigation, and the reason this is 50 rather than lower)

Negative
0

Residual: the 2-of-2 attester set is operated by one entity (Circle) — correlated key risk; attesterManager can change the set/threshold unilaterally with no timelock; the upgradeable proxy is another instant-control lever

NeutralcodeView in source
+17

DOMINANT dimension for this product. CCTP cross-chain mint depends on Circle's OFF-CHAIN attestation service — a liveness AND integrity single-point-of-trust; a forged/erroneous attestation mints native USDC on the destination chain

PositivecodeView in source
+17

Replay protection: usedNonces / message-hash tracking prevents re-execution; per-message burn limit and maxMessageBodySize bound blast radius; pauser can halt the transmitter (paused=false at read time)

PositivecodeView in source
+17

Comparable to other federated/attestation bridges; the 2-of-2 live threshold and replay/burn-limit defenses keep it mid-band rather than low

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 05:10 AM
sha256:4bfec1bd63c0...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Cross-Chain Messaging scored?← Back to Provenance Ledger