Security

CCTP Express is a protocol developed on top of CCTP. Unlike other types of bridges, this design is immune to MEV attacks and ensures a 1:1 transfer of USDC across chains. During the design process, several security concerns were addressed, and the architecture was crafted to protect users’ assets.

Asset Custody

The SpokePool would serve as an escrow and make sure user's fund would only be released when the bridging intent has been fulfilled.

Reorg Risk

The reorg risk is uniquely borne by fillers. If the filler fills the intent too fast without waiting for the finality on the source chain, the source chain may reorg and cause a loss to the filler since the intent has been filled on the destination chain and the filler would end up in empty hand.

The reorg risk is effectively mitigated by the Insurance Fee, which varies based on the initiateDeadline specified by the user. If the initiateDeadline is sufficiently long, the filler can reinitiate the CrossChainOrder on the origin chain in the event of a reorg, ensuring the user's funds are transferred again. Since the insurance fee decreases significantly when the initiateDeadline is long (it drops to nearly zero if it is 2x of the time needed for finality on the origin chain), a normal user is likely to set a long initiateDeadline to avoid paying the fee, minimizing the reorg risk for the filler.

Fallback Mechanism

In case of no filler filling an order after 15 minutes , a CctpFill to use CCTP would be initiated by Datadaemon and the fund would be bridged via the traditional CCTP route. (See Steps #10 and #11 ofCCTP Express Architecture)