The most critical subjects covered in our review are signature handling, event handling, access control and functional correctness. Security regarding all the aforementioned subjects is high.

The general subjects covered are trustworthiness, upgradeability, gas efficiency and documentation. The contracts in the scope of this review are not upgradeable, however, several accounts are required to be trusted, see Roles and Trust Model. Also, we have highlighted accounts of high importance in Potential single points of failure. The project has extensive documentation and inline code specification.

In summary, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

Circle implements a Cross-Chain Transfer Protocol (CCTP), allowing bridging native tokens from a source chain to a destination chain. The CCTP relies on an off-chain attestation service to sign transfer messages, which is currently operated by Circle.

“Circle is a global financial technology company helping money move at internet speed. Our mission is to raise global economic prosperity through the frictionless exchange of value.”

(Source: circle.com/en/about-circle)

“USDC is a faster, safer, and more efficient way to send, spend, and exchange money around the globe. USDC powers apps to provide anytime access to payments and financial services.”

(Source: circle.com/en/usdc)