defirisk.co
rubric v1.7.0

Chainlink CCIP

Cross-Chain Interoperability Protocol (CCIP) — Chainlink Labs' permissioned cross-chain messaging and token-transfer infrastructure. Operates Commit and Execute Decentralised Oracle Networks (DONs) with an independent Risk Management Network (RMN) bless/curse layer. Supports 60+ chains including EVM and non-EVM (Solana, Aptos). Original design; not a fork. Corporate-governed via ManyChainMultiSig + RBACTimelock; no DAO, no LINK-holder voting.

Sector bridge
TVL $7.0B
Reviewed May 16, 2026
Factors 184
Categories 13
Risk score 15.2
DeploymentsBase · —
01

Risk profile at a glance

0 red · 4 yellow · 9 green
25 24 17 13 15 22 16 10 13 12 8 5 4
02

Categories & evidence

184 factors · 13 categories
Code & audits Yellow 24 25 of 25
RD-F-009 red Formal verification coverage No formal verification (Certora, Kani, Halmos) engagement found for CCIP contracts. Chainlink's formal verification article claims 'formal methods are applied to core protocol components' without naming any tool, invariant set, or coverage percentage. ISO 27001 and SOC 2 Type 2 are compliance certifications, not formal verification. Per U8 methodology instruction: zero documented FV on a bridge with ~$7B value secured scores red. RD-F-001 yellow Audit scope mismatch Four audits confirmed (Code4rena May-2023, Jul-2023, Nov-2024; Cyfrin Jul-2024). No audit provides a machine-readable commit SHA in public contest READMEs. Nov-2024 scope covers v1.6 contracts (OffRamp/OnRamp at pragma 0.8.24) but no SHA pinning confirmed. Ethereum mainnet Router/ARM compiled at solc 0.8.19 represent earlier versions. Bytecode matching between Nov-2024 audit and currently deployed contracts cannot be confirmed from available public data. RD-F-005 yellow Audit firm tier Code4rena and Cyfrin are Tier-2 platforms (established, public track record, named judges, significant prize pools). No Tier-1 engagement (Trail of Bits, OpenZeppelin, ConsenSys Diligence, Certora, Sigma Prime, Spearbit, Zellic) found for CCIP. ISO 27001 and SOC 2 Type 2 are compliance certifications, not code-security audits. RD-F-006 yellow Audit-to-deploy gap Code4rena Nov-2024 ended 2024-11-25; CCIP v1.5 live Jan 2025 (~60 days gap, at green boundary). Cyfrin Jul-2024 ended 2024-07-17; v1.5 launched Jan 2025 (~180 days, yellow/red boundary). Cyfrin scope was limited to CCT token pools (subset). Nov-2024 to v1.6 launch May 2025: ~176 days. Mixed signals across engagements; yellow overall. RD-F-013 yellow Arbitrary call with user-controlled target RBACTimelock executeBatch() uses call.target.call{value}(call.data) — arbitrary target and calldata with no contract-level allowlist. Access is gated to EXECUTOR_ROLE. ManyChainMultiSig execute() similarly allows arbitrary calls gated behind Merkle root signatures from authorized operators. Role gating prevents anonymous exploitation but no contract-level target allowlist exists. RD-F-019 yellow ecrecover zero-address return unchecked MultiOCR3Base.sol calls ecrecover() and does NOT explicitly check the return value against address(0). Instead, it relies on implicit protection: address(0) cannot have oracle.role == Role.Signer because the role is never assigned to address(0). The comment at line 324 confirms this design. ManyChainMultiSig uses OZ ECDSA.recover() which internally validates against signature malleability. Implicit protection is architecturally sound but does not meet the explicit != address(0) check standard required for green. RD-F-020 yellow EIP-712 domain separator missing chainId ManyChainMultiSig uses custom domain separators (MANY_CHAIN_MULTI_SIG_DOMAIN_SEPARATOR_OP and _METADATA) via keccak256() not standard EIP-712. chainId is embedded in operation metadata but not in a formal EIP-712 domain separator struct. Internal.sol message hash constants (ANY_2_EVM_MESSAGE_HASH, EVM_2_ANY_MESSAGE_HASH) are static strings without chainId — cross-chain messages are intentionally cross-chain so EIP-712 with chainId is inapplicable to message hashing, but the governance message signing in MCMS should ideally follow EIP-712. RD-F-024 yellow Code complexity vs audit coverage Code4rena Nov-2024: 2697 nSLOC over 25 days (~108 nSLOC/day). Cyfrin Jul-2024: 2114 nSLOC over 15 days (~141 nSLOC/day). Per-audit ratios are within typical bounds. However, total CCIP complexity across 60+ chains (per-lane OnRamp/OffRamp, full OCR2 library, Go offchain) vastly exceeds what any single audit has covered. The on-chain Solidity scope in audits is a subset of total system complexity. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Immunefi scope page explicitly lists CCIP-related assets: CCIP OCR Execute Plugin, CCIP OCR Commit Plugin, CCIP EVM, CCIP Solana — all added August 2025. $3M max payout. Scope uses categorical asset names not individual contract addresses. Cannot confirm whether all highest-TVL contracts (e.g., specific token pools holding cbBTC/cbETH) are explicitly in scope vs. covered categorically by CCIP EVM. Yellow: bounty covers CCIP categorically at high payout but per-contract verification unavailable. RD-F-003 gray Resolved-without-proof findings No public post-audit findings PDF with resolution tracking accessible for any CCIP engagement. smartcontractkit/audits repo returned 404. Code4rena does not publish consolidated resolution matrices. Cannot verify resolution status for any specific finding. RD-F-008 gray Ignored bounty disclosure No known protocol exploits for CCIP (profile §10 confirms zero incidents). No post-mortem exists. Cannot assess ignored disclosure without any prior incident. RD-F-010 gray Static-analyzer high-severity count No published Slither/Mythril/Semgrep tool output found for CCIP deployed contracts. Code4rena Nov-2024 context mentions Slither/Aderyn tooling but no public findings document retrieved. Cannot determine high-severity count without tool run. RD-F-014 gray Reentrancy guard on external-calling functions OffRamp.sol performs external calls to token pools and receiver contracts. Source review did not confirm nonReentrant on primary message execution path. CEI pattern and immutable pool references provide structural mitigation but cannot substitute for confirmed reentrancy guard presence without a Slither tool run. RD-F-015 gray ERC-777/1155/721 hook without reentrancy guard CCIP uses a token pool model where CCT-standard pools handle token operations. Core OnRamp/OffRamp do not directly integrate ERC-777/1155/721 callbacks. Risk depends on individual CCT token pool implementations. Not assessable for third-party token pools without per-pool source review. RD-F-016 gray Divide-before-multiply pattern No published Slither divide-before-multiply detector output found for CCIP. Code4rena Nov-2024 had 99.57% test coverage but no specific Slither output is publicly available. Cannot score without tool run. RD-F-017 gray Mixed-decimals math without explicit scaling FeeQuoter.sol (527 nSLOC) handles cross-chain fee calculation with multi-token arithmetic. Not assessable without Slither inspection of fee calculation paths and decimal normalization patterns. RD-F-018 gray Signed/unsigned arithmetic confusion No published findings of signed/unsigned arithmetic confusion in CCIP contracts. Not assessable without Slither + symbolic execution tool run. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned No UUPS upgrade pattern used in any CCIP core contract. Router is immutable. ARM, OnRamp, OffRamp use constructor-based deployment not proxied. ARMProxy uses custom proxy (setARM() with owner control) not UUPS. ManyChainMultiSig and RBACTimelock are not upgradeable proxies. UUPS pattern is not applicable. RD-F-023 n/a Constructor calls _disableInitializers() No OpenZeppelin proxy initializer pattern is used in any CCIP core contract (Router, ARM, OnRamp, OffRamp, ManyChainMultiSig, RBACTimelock). All use plain constructors. _disableInitializers() is not applicable by construction.
RD-F-002 green Audit recency Most recent audit (Code4rena Nov-2024) ended 2024-11-25. Assessment date 2026-05-16. Delta: ~172 days. Within the 365-day green threshold.
RD-F-004 green Audit count Four distinct audit engagements confirmed: Code4rena May-2023 (CCIP v1.0+ARM), Code4rena Jul-2023 (ccip-owner-contracts), Cyfrin Jul-2024 (v1.5 CCT), Code4rena Nov-2024 (v1.6). All are from two distinct platforms (Code4rena, Cyfrin). Threshold of ≥2 distinct firms met.
RD-F-007 green Bug bounty presence & max payout Active Immunefi program with $3M maximum payout for critical smart contract vulnerabilities. 25 assets in scope including CCIP. Program updated 2026-05-05. HackerOne program also active. Clearly above $500K threshold for green.
RD-F-011 green SELFDESTRUCT reachable from non-admin path No SELFDESTRUCT found in OffRamp.sol, OnRamp.sol, ManyChainMultiSig.sol, or ARMProxy source reviews. Router is immutable. No SELFDESTRUCT indicator in any examined contract source.
RD-F-012 green delegatecall with user-controlled target No user-controlled delegatecall found. OffRamp.sol and OnRamp.sol contain no delegatecall. ManyChainMultiSig uses standard .call() for execution. RBACTimelock uses .call() not delegatecall. ARMProxy uses fallback delegatecall to its implementation but the implementation address is set by the owner (not user-supplied). No open delegatecall-to-user-target pattern identified.
RD-F-022 green Public initialize() without initializer modifier Inspected Router, OffRamp.sol, OnRamp.sol, ARM (0x8B63b3DE), ARMProxy (0x411dE17f), ManyChainMultiSig.sol, RBACTimelock.sol — none have an initialize() function. All use constructors for initialization. No proxy implementation with unguarded initialize() found in core CCIP contracts.
Governance & admin Green 10 24 of 24
RD-F-033 yellow Timelock on sensitive actions Most sensitive actions route through RBACTimelock (2-day delay). However: (1) OnRamp.sol withdrawFeeTokens() is owner-callable with no evidence of timelock gating — routes to fixed fee aggregator address; (2) rate limit changes are applied 'immediately' without timelock per docs; (3) bypasser role (MCMS at 0x177A28...) can execute any action without the 2-day delay in break-glass scenarios. Not all sensitive paths are timelocked. RD-F-038 yellow Proposal execution delay < 24h Normal path enforces 48-hour delay (green). However, bypasser role (MCMS at 0x177A28...) executes changes with no delay via bypasserExecuteBatch. This zero-delay path exists legitimately as a break-glass mechanism. Yellow: normal path is 48h, but bypass path is 0h. Both paths are MCMS-gated (multi-party, not EOA), reducing worst-case risk. RD-F-041 yellow Rescue/emergencyWithdraw without timelock OnRamp.sol withdrawFeeTokens() is owner-callable, routes accumulated fee tokens to a designated fee aggregator address. Not a general drain (fixed destination address set in DynamicConfig). No evidence of timelock gating this specific function. Bypasser MCMS can execute break-glass actions with zero delay. Bypasser is a MCMS (multi-party) not an EOA. Yellow: limited rescue surface with non-arbitrary destination, but bypass path has no timelock and is a MCMS, not purely timelocked. RD-F-047 yellow Governance token concentration (Gini) No token-holder governance — all effective power concentrated with Chainlink Labs via the MCMS. Governance power Gini is effectively 1.0 (complete concentration) by protocol design. This is acknowledged as the corporate multisig model. Yellow not red because it is transparently disclosed as the governance model, not hidden centralization. RD-F-026 gray Upgrade multisig signer configuration (M/N) MCMS signer count and group quorums are deliberately not disclosed by Chainlink Labs. The contract supports up to 200 signers and 32 groups with hierarchical group-based quorum (not simple M-of-N). getConfig() function exists on-chain but results are not published in documentation. Structural transparency gap acknowledged by Chainlink. RD-F-028 gray Low-threshold multisig vs TVL Cannot confirm threshold. Signer count and group quorums are deliberately undisclosed by Chainlink Labs. At $7B+ TVS this opacity is a material concern. Cannot score green (no threshold evidence) or red (no evidence of low threshold). Gray reflects confirmed opacity at scale, not a research gap. RD-F-029 gray Multisig signers co-hosted Cannot assess — signer identities not publicly disclosed. Chainlink claims geographic distribution across multiple regions but no on-chain verification is possible without known signer addresses. ASN/co-hosting analysis cannot be performed. RD-F-030 gray Hot-wallet signer flag Cannot assess — signer addresses not public. Hot-wallet heuristic analysis requires known signer addresses. No on-chain data available to flag hot-wallet behavior. RD-F-031 gray Signer rotation recency No public evidence of MCMS threshold changes. The MCMS setConfig() function is available for configuration. Since signer count/threshold is not disclosed, changes are not trackable. No documented reduction events found. Threshold opacity prevents meaningful assessment of the static-axis Security-Council reduction signal. RD-F-036 n/a Flash-loanable voting weight No DAO governor, no on-chain token-holder voting. CCIP governance is a corporate multisig + RBACTimelock model. LINK token holders have zero governance rights over CCIP configuration. Flash-loan governance attack vector does not exist by construction. RD-F-037 n/a Quorum achievable via single-entity flash loan No on-chain token-holder quorum mechanism for CCIP. Governance is corporate multisig — no quorum achievable via flash loan. RD-F-039 n/a delegatecall/call in proposal execution without allowlist No OZ/Bravo Governor with delegatecall proposal execution. The CallProxy (17 SLOC) makes ordinary calls to the RBACTimelock — not delegatecall. The RBACTimelock executes scheduled calls to target contracts. No proposal-supplied arbitrary delegatecall target exists. RD-F-042 n/a Admin has mint() with unlimited max CCIP admin (Chainlink Labs via MCMS) does not control a protocol governance token with unlimited mint. LINK has a fixed total supply. Bridge token pools use burn/mint where the token issuer (not CCIP admin) controls supply. No CCIP admin mint(...) with unlimited max exists. RD-F-044 gray Admin wallet interacts with flagged addresses Signer addresses not disclosed, so cannot conduct on-chain watchlist check for individual signers. MCMS contract transaction history does not show flagged interactions. CCIP was used as exit venue by exploit proceeds (LayerZero 2026 hack context) but CCIP was a victim recipient context, not admin participant. RD-F-045 gray Constructor args match governance proposal CCIP upgrades are contract redeployments without a public governance forum or proposal records. No governance proposal documentation exists to compare constructor args against. Cannot confirm or deny alignment. Governance process is internal to Chainlink Labs.
RD-F-025 green Admin key custody type Admin key custody type is multisig + RBAC timelock. ManyChainMultiSig (MCMS) at 0xE53289F32c8E690b7173aA33affE9B6B0CB0012F proposes changes; RBACTimelock at 0x9A709B7B69EA42D5eeb1ceBC48674C69E1569eC6 enforces 2-day minimum delay. No EOA admin. Bypasser MCMS exists for break-glass scenarios.
RD-F-027 green Single admin EOA Not a single EOA. Admin is the ManyChainMultiSig contract at 0xE53289F32c8E690b7173aA33affE9B6B0CB0012F — a verified multi-party signing contract requiring group-based quorums. No single EOA holds effective admin over CCIP.
RD-F-032 green Timelock duration on upgrades RBACTimelock minimumDelay = 172,800 seconds (48 hours / 2 days). Confirmed via Etherscan verified contract source code. Proposer is a ManyChainMultiSig (0x20D64e2a787f8264238C2bCCbA81dC19665CCA62). Executor is open — any party can execute after delay expires with no veto. 48 hours materially exceeds the 24h standard threshold.
RD-F-034 green Guardian/pause-keeper distinct from upgrader RMN (Risk Management Network) via ARMProxy (0x411dE17f12D1A34ecC7F45f49844626267c75e81) provides an independent pause/curse capability entirely separate from CCIP admin. RMN can halt all CCIP lanes by issuing a curse transaction. RMN nodes are distinct from CCIP Commit/Execute DON nodes (different operator set, different programming language). Effective dual-layer: admin upgrader vs RMN curse.
RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Role separation exists at multiple layers: RBACTimelock has distinct proposer (MCMS 0x20D64e...), canceller/bypasser (MCMS 0x177A28...), and admin (0x16B534...) roles. FeeQuoter uses AuthorizedCallers for price updates (separate from owner). OnRamp uses AllowlistAdmin role for sender allowlists. Rate-limit admin is a distinct role. All critical roles ultimately trace to MCMS contracts controlled by Chainlink Labs — some centralization exists at the entity level, but role architecture is separated.
RD-F-040 green Emergency-veto multisig present Two veto mechanisms: (1) Node operators securing CCIP can veto any proposal during the 2-day RBACTimelock review window; (2) RMN can curse/halt all lanes independently of admin. Both are distinct from the upgrade/config admin path.
RD-F-043 green Admin = deployer EOA after 7 days Admin is the ManyChainMultiSig contract — not a deployer EOA. CCIP is a Chainlink Labs institutional deployment. Admin was the MCMS from governance architecture deployment. No evidence of a deployer EOA retaining admin past 7 days. This factor's rug-correlation concern does not apply to institutional protocol deployments.
RD-F-046 green Contract unverified on Etherscan/Sourcify All core CCIP contracts are verified on Etherscan with source code publicly available under BSL 1.1: Router v1.2.0 (0x80226fc0...), ARMProxy (0x411dE17...), ARM impl (0x8B63b3...), MCMS (0xE53289...), RBACTimelock (0x9A709B7B...). ccip-owner-contracts audited via Code4rena July 2023 before use in production.
RD-F-167 green Deprecated contract paused but pause reversible by live admin CCIP v1.0.0 was deprecated March 31, 2024. The old Router is immutable — it cannot be paused or controlled. MCMS does not retain a reversible pause over the deprecated v1.0.0 contracts. Deprecated contracts simply became dormant; admin has no ongoing control over them.
Oracle & external dependencies Green 15 17 of 17
RD-F-051 yellow Fallback behavior on oracle failure FeeQuoter has designed fallback: Keystone stale -> AggregatorV3. However AggregatorV3 staleness deliberately unchecked per code comment: 'data feed staleness is unchecked in the FeeQuoter to decouple it from data feed delay issues'. Token transfer validity path has no oracle fallback - if DON + RMN both fail, transfers halt. Fee errors do not cause fund loss. RD-F-052 yellow Breakage analysis per dependency Breakage scenarios: DON fail -> messages halt; manual execution possible after DON backoff. RMN curse -> global bridge halt. FeeQuoter oracle stale -> fee degraded, no fund loss. MCMS compromise -> all lane configs at risk during 2-day timelock. Token pool exploit -> isolated to that token/lane. No single-point-of-catastrophic-failure outside MCMS key compromise. RD-F-057 yellow Circuit breaker on price deviation No circuit breaker on fee price deviation. Per-lane token-bucket rate limits act as outflow circuit breakers (capacity exhausted -> transfer reverts until refill). FeeQuoter has no deviation-from-reference check. Rate limits cap per-window outflow (example: 100,000 USD capacity, 167 USD/sec refill). RD-F-059 yellow Oracle staleness check present Oracle staleness check explicitly absent on FeeQuoter AggregatorV3 fallback - deliberate design: 'data feed staleness is unchecked in the FeeQuoter to decouple it from data feed delay issues' (FeeQuoter.sol code comment). Stale prices accepted without revert. Impact: fee accuracy risk only, not fund security. No updatedAt comparison against staleness threshold. RD-F-180 yellow Immutable oracle address [★ CRITICAL-CANDIDATE, held per PD-017 - NOT counted in 19-star total] YELLOW - partial match. FeeQuoter dataFeedAddress fields are admin-settable (not EVM immutable); DON/RMN sets are configurable via MCMS governance. However, the DON operator set is not trustlessly replaceable (requires MCMS corporate governance), creating an embedded-oracle corporate-liveness dependency. The EVM-immutable-address failure mode does not map cleanly to CCIP (it is not a lending protocol with collateral oracle addresses). Failure mode is DON liveness dependency, not oracle-address-immutability causing collateral mispricing. Score: YELLOW for partial embedded-oracle concern; NOT RED because oracle address is technically replaceable by admin action and CCIP is not a lending protocol. RD-F-054 n/a TWAP window duration CCIP does not use TWAP or DEX-pool-based oracles in any price path. Fee oracles are Chainlink aggregator feeds and Keystone push. No TWAP window applies. RD-F-055 n/a Oracle pool depth (USD) No DEX pool oracle used in CCIP for any function. Not applicable by protocol architecture. RD-F-056 n/a Single-pool oracle (no medianization) No DEX pool oracle used in CCIP. Fee oracle is Chainlink multi-node aggregated feed (AggregatorV3 / Keystone), not a single DEX pool. Medianization factor not applicable. RD-F-058 n/a Max-deviation threshold (bps) No deviation threshold in bps is configured on the FeeQuoter fee oracle path. Per-lane token-bucket limits exist but are configured in token units per window (not bps deviation). Specific per-lane capacity values depend on each token pool's config set by token issuers and CCIP admin; not publicly enumerated in a single document. RD-F-061 n/a LP token balanceOf used for pricing CCIP uses no LP token pricing anywhere. Token pools hold locked tokens or manage mint/burn; no balanceOf-based pricing. Not applicable by protocol architecture. RD-F-181 n/a Permissionless-pool lending oracle Not applicable - CCIP is a bridge infrastructure protocol, not a lending protocol. No permissionless pool creation for collateral pricing. Token pools are registered in TokenAdminRegistry (not a permissionless collateral-pool listing mechanism). data-cache borrow.present: false.
RD-F-048 green Oracle providers used CCIP does not consume external price oracles for token transfer decisions. Fee estimation uses Chainlink Keystone (internal push) and AggregatorV3 as fallback for LINK/USD, ETH/USD, and gas prices. No third-party oracle provider. CCIP IS the oracle layer for cross-chain function.
RD-F-049 green Oracle role per asset Fee oracle roles: LINK/USD = Primary (Keystone push) with AggregatorV3 fallback; ETH/USD = same; gas price per destination chain = same. Token transfer security has NO oracle role - validity is Merkle-proof based (OCR3 consensus + RMN bless).
RD-F-050 green Dependency graph (protocols depended upon) Core dependencies enumerated: (1) Chainlink DON operator set - liveness critical; (2) RMN node set (3 bless nodes, 2/3 threshold on Ethereum ARM v1) - security+liveness critical; (3) Chainlink Keystone + AggregatorV3 - fee accuracy only; (4) MCMS governance multisig - config security critical. No dependency on Aave, Uniswap, or other DeFi protocols.
RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL] GREEN - CCIP does not use spot DEX prices for any security-critical function. Token transfers use OCR3 Merkle-root attestation + RMN bless (not DEX-priced). FeeQuoter uses Chainlink AggregatorV3 + Keystone push feeds for fee estimation only - not DEX spot prices. No TWAP needed as no DEX oracle is in use.
RD-F-060 green Chainlink aggregator min/max bound misconfig Chainlink price feeds used by FeeQuoter are CCIP's own infrastructure feeds (e.g., LINK/USD 0x2c1d072e956AFFC0D435Cb7AC38EF18d24d9127c, 3600s heartbeat, 0.5% deviation; ETH/USD 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419, 3600s, 0.5%). These power fee estimation only, not collateral safety. MinAnswer/maxAnswer misconfig causes fee mispricing, not fund loss. Standard well-established feeds.
RD-F-062 green External keeper/relayer not redundant Execute DON is multi-node (not a single keeper). If Execute DON fails, users can manually execute valid transactions via CCIP Explorer after the DON retries and backs off. Liveness depends on Commit DON + RMN cooperating first (Merkle root must be blessed). No single-keeper-point-of-failure in the execution path.
Economic risk Yellow 33 13 of 13
RD-F-063 yellow TVL (current + 30d trend) Value secured ~$9.57B+ (curator-sourced): ~$7B Coinbase Wrapped Assets exclusively bridged via CCIP (2025-12-11 press release) plus ~$2.57B LayerZero migration protocols (Solv Protocol ~$700M, Re ~$475M, Kraken kBTC; 2026-05 reporting). Trend strongly up following KelpDAO exploit-driven migration from LayerZero. DefiLlama blocked (Polymarket-class exception; coverage_flags.defillama_blocked=true). All figures curator-sourced from press releases and news reports, not real-time on-chain snapshots. Yellow (not green) because primary sources are December 2025 press releases; current real-time value-secured is unverifiable. No TVL-decline incidents or exploit-driven loss of value secured. RD-F-064 yellow TVL concentration (top-10 wallet share) Significant single-counterparty concentration: Coinbase accounts for ~$7B of ~$9.57B+ total value secured (~73%). This is a partnership-level concentration — Coinbase's exclusive CCIP agreement represents the single largest anchor. If Coinbase migrated to alternate bridge infrastructure, value-secured would drop ~73% immediately. LayerZero-migration protocols (Solv ~$700M, Re ~$475M, Kraken kBTC) provide some diversification but each at 4-7% of total. On-chain wallet-level depositor concentration data not available (no DefiLlama breakdown; no per-depositor scan performed). The concentration is structural and well-documented from public sources. Yellow rather than red because: (a) Coinbase is a creditworthy, regulated counterparty not a flight risk; (b) the exclusive agreement is contractual and publicly announced; (c) the LayerZero migration is adding diversification. Would be red if the concentration were from anonymous or low-credit-quality counterparties. RD-F-065 n/a Liquidity depth per major asset Not applicable — CCIP is a cross-chain messaging and token-bridge protocol with no on-chain AMM or liquidity pool. Tokens transit through token pools (lock/burn on source chain, mint/unlock on destination chain) rather than pooling in a DEX AMM. There is no single-pool depth to measure at 2% or 5% slippage thresholds. The closest analog is the per-lane rate-limit capacity, which bounds maximum transfer volume per window, not slippage. Taxonomy Cat 4 assigns F065 to 'all protocol types' but this was specified for DEX/perps with on-chain pools; the bridge transit model is structurally different and has no measurable liquidity depth. RD-F-066 n/a Utilization rate (lending protocols) Not applicable — lending-only factor per PD-024 resolution. CCIP has no lending book, no borrow/supply ratio, no utilization rate. Protocol type is BRIDGE. RD-F-067 n/a Historical bad-debt events Not applicable — lending-only factor per PD-024 resolution. No lending market, no bad debt mechanism. No bad debt events recorded — confirmed by hacks database grep (profile §10: zero incidents; all 15 DB matches reference Chainlink price feed manipulations, not CCIP lane exploits). RD-F-068 n/a Collateralization under stress Not applicable — lending-only factor per PD-024 resolution. No collateralized position book, no collateralization ratio. CCIP token pools operate on lock/burn/mint/unlock mechanics with no over-collateralized position structure. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Not applicable — lending-only factor per PD-024 resolution. CCIP is a cross-chain bridge/messaging infrastructure, not a stablecoin protocol. No algorithmic stablecoin design. Protocol category is BRIDGE per profile §1. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) Not applicable — CCIP is not a Compound V2 fork and has no cToken-style market with share-based accounting. The empty-cToken-style donation exploit requires: (1) a share-based vault where totalSupply can be zero; (2) an exchange rate formula that divides by totalSupply; (3) ability to donate tokens to inflate the exchange rate. CCIP token pools use a lock/burn/mint/unlock model with no share pricing, no totalSupply/totalBorrow accounting, and no exchange rate formula. The taxonomy (03-taxonomy.md §Category 4 PD-024 resolution) formally classifies RD-F-070 as 'Compound-fork-only (subset of lending-only); N/A for non-Compound-fork protocols; critical still applies when protocol IS a Compound fork.' CCIP is an original design by Chainlink Labs (profile §5 Fork Lineage: not forked / original) built on OCR2 consensus, not a fork of any lending protocol. No donation attack vector exists in this architecture. RD-F-071 n/a Seed-deposit requirement for new market listing Not applicable — lending-only factor per PD-024 resolution. No market-listing mechanism requiring a seed deposit. Token pool registration in TokenAdminRegistry uses self-serve CCT standard or owner-controlled access, not a seed-deposit guard. RD-F-072 n/a Market-listing governance threshold Not applicable — lending-only factor per PD-024 resolution. No market-listing governance threshold in the lending sense. Token registration uses the CCT self-serve standard or owner-controlled TokenAdminRegistry. RD-F-073 n/a Oracle-manipulation-proof borrow cap Not applicable — lending-only factor per PD-024 resolution. No borrow cap, no oracle-fed price inputs for lending calculations. CCIP token pools use static token-bucket rate limits (capacity and refill rate parameters), not oracle-dependent borrow caps. Rate limits are configured by the rateLimitAdmin role and are static parameters, not dynamically adjusted by oracle price. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) Not applicable — lending-only factor per PD-024 resolution. CCIP token pools are not ERC-4626 vaults; no share accounting or virtual-offset pattern applies. Lock/burn/mint/unlock model has no share price formula susceptible to virtual-share attacks. RD-F-075 n/a First-depositor / share-inflation guard Not applicable — lending-only factor per PD-024 resolution. No share-based vault, no first-depositor inflation attack surface. CCIP token pools do not use share pricing and have no first-depositor share-inflation vulnerability by architecture.
Operational history Green 17 15 of 15
RD-F-089 red Insurance coverage active No active protocol-level insurance coverage found for Chainlink CCIP on Nexus Mutual, Sherlock, or Unslashed. At approximately $7B value-secured (Coinbase wrapped assets alone per 2025-12-11 announcement), no proportional cover exists. Nexus Mutual operates smart contract cover for individual user policies and integration partnerships with Chainlink (oracle data feeds for claims), but does not list CCIP as a covered protocol in its protocol cover listings. Sherlock is an audit-focused coverage program; no Chainlink CCIP listing found. This is near-default red for large-TVL bridge protocols per process-learnings: insurance at this scale does not exist in the DeFi insurance market. RD-F-088 yellow Re-deployed to new addresses in last year CCIP has deployed multiple new contract sets in the past 12 months as part of active version upgrades. CCIP v1.5 (announced Oct 2024, went live Jan 2025) and v1.6 (May 2025) both introduced new OnRamp/OffRamp contract addresses per lane on each supported chain. The Ethereum Router (0x80226fc0ee2b096224eeac085bb9a8cba1146f7d) is immutable and unchanged, but per-lane routing contracts are version-specific. New contract deploy surface is inherent to CCIP's versioning model - not an incident indicator but noted as new attack surface creation. Changelog: https://dev.chain.link/changelog shows active deployment cadence. RD-F-166 yellow Deprecated contracts still holding value CCIP v1.0.0 routers were officially deprecated with a published migration deadline (testnet: January 31, 2024; mainnet: March 31, 2024). Migration guidance was published: router interface unchanged (no user token-approval migration required), only addresses changed. No evidence of stuck user funds published by Chainlink or found in community reporting. On-chain balance confirmation of residual value in deprecated v1.0.0 router addresses is not possible in agent scope (specific deprecated addresses not indexed in a single public document; RPC not available). Given CCIP's messaging-rail architecture (no user-deposited collateral or LP positions; tokens transit via lock/mint pools, not the router itself), residual stuck value in old routers is structurally expected near-zero. Scored yellow: deprecation announcement and migration were adequate, but on-chain balance confirmation is outstanding. RD-F-081 gray Post-exploit response score No incident has occurred; curator post-exploit response score (1-5) requires at least one incident to evaluate. Factor cannot be assessed. Per methodology: gray = no prior incidents, cannot assess. RD-F-082 gray Post-mortem published within 30 days No incident has occurred; post-mortem publication timeliness cannot be assessed without a prior incident. Gray per methodology. RD-F-083 gray Auditor re-engaged after last exploit No incident has occurred; auditor re-engagement post-exploit cannot be assessed. Gray per methodology. RD-F-084 gray TVL stability (CoV over 90d) DefiLlama protocol-TVL blocked for CCIP (defillama_blocked: true; Polymarket-class exception - infrastructure protocol with no single TVL pool). No continuous daily TVL time-series available to compute coefficient of variation over trailing 90 days. Curator-sourced value-secured figures are point-in-time snapshots, not a continuous series. Structural data gap per process-learnings: DefiLlama TVL daily series persistent 403. RD-F-085 gray Incident response time (minutes) No incident has occurred; incident response time (minutes from exploit to first official statement) cannot be assessed. Gray per methodology.
RD-F-076 green Protocol age (days) CCIP mainnet launched 2023-07-17 (Mainnet Early Access on Ethereum, Avalanche, Optimism, Polygon). As of 2026-05-16 this is approximately 1034 days (~34 months) live, well above the 12-month A-grade floor. Protocol has since reached General Availability (2024-04-24), v1.5 (Jan 2025), and v1.6 (May 2025), demonstrating continuous production operation.
RD-F-077 green Prior exploit count Zero confirmed CCIP-specific protocol exploits across all searched sources. Hacksdatabase grep returned 23 matching files; all reference Chainlink as an oracle provider used by other protocols (Bonq, Deus DAO, Inverse Finance, Lodestar, Venus/Blizz, WooFi, Rho, Moonwell) - none involve CCIP cross-chain infrastructure. REKT data-cache: sources.rekt.incidents = []. Web OSINT: no exploit, post-mortem, or CVE for CCIP lanes. The April 2026 KelpDAO $292M exploit was a LayerZero 1-of-1 DVN failure; CCIP was the migration destination, not the exploited system.
RD-F-078 green Chronic-exploit flag (≥3 incidents) Zero incidents on record. Chronic flag (>=3 exploits) condition is structurally impossible with zero incidents. Derived from F077.
RD-F-079 green Same-root-cause repeat exploit No incidents on record; same-root-cause repeat exploit condition cannot apply. Zero incidents confirmed via hacks DB, REKT cache, and web OSINT.
RD-F-080 green Days since last exploit No prior exploit on record. Days-since-last-exploit is effectively infinite (N/A - no incident). Display value: no incident recorded in 34+ months of mainnet operation.
RD-F-086 green Pause activations (trailing 12 months) No deliberate pause activations confirmed in trailing 12 months. The RMN/ARM curse mechanism is CCIP's emergency-stop analog; no historical curse activation found in any public source (CCIP Explorer lane status, GitHub issues, blog posts, web OSINT). CCIP remained fully operational during the October 2025 AWS outage that caused downtime for other cross-chain providers. [?] On-chain event log query for Cursed() events on ARM contract 0x8B63b3DE93431C0f756A493644d128134291fA1b would provide definitive confirmation but requires RPC not available in agent scope. Scored green at medium confidence based on absence of any public reporting of a curse activation.
RD-F-087 green Pause > 7 consecutive days No extended pause (>7 consecutive days) confirmed in the past 12 months. No outage of this duration found in public reporting, CCIP Explorer records, or GitHub incident history. Positive data point: zero downtime during October 2025 AWS outage. Medium confidence - same RPC limitation as F086 applies to historical curse event log confirmation.
Real-time signals Green 7 22 of 22
RD-F-109 yellow Social-media impersonation scam spike Persistent and confirmed brand impersonation activity. (1) Official Chainlink Discord compromised 2024-09-03: phishing link posted; community warned via Twitter; never officially acknowledged by Chainlink; total victim losses unknown but wallet-drain mechanism confirmed active. (2) chnlink[.]xyz: confirmed active fake Chainlink site operating as cryptocurrency drainer (PCRisk documented; serving IP 104.21.96.1). (3) register-chain[.]link: confirmed fake airdrop mimicking Chainlink (PCRisk). (4) dashboard-chain[.]xyz: confirmed fake Chainlink site. (5) Fake CCIP bridge scam resulting in $520K LINK loss documented (Binance Square). (6) ChainLink phishing technique using trusted service chains documented by BleepingComputer and SecurityQuotient. Score: yellow — ongoing elevated impersonation activity; one confirmed Discord compromise incident; no spike uniquely targeting CCIP as a pre-strike reconnaissance pattern. Persistent structural threat. RD-F-182 yellow Security-Council threshold reduction (RT) F182 (batch-24, Cat 6B): Security-Council threshold reduction RT signal. Highest-salience Cat 6B factor for CCIP. Threshold: any MCMS threshold reduction, RBACTimelock delay reduction, or new signer addition within 14 days of another change fires the signal. Current posture: No MCMS threshold reduction detected since CCIP mainnet launch (July 2023). September 2023 incident (Chainlink multisig signer rotation, one signer removed from a related LINK multisig) resolved as 'routine periodic rotation, threshold maintained at 4-of-9' per Chainlink spokesperson — this was NOT a threshold reduction; it was a signer removal with threshold unchanged. However: (1) MCMS signer count and threshold are not publicly disclosed, making ongoing monitoring harder than for transparent Gnosis Safe multisigs; (2) the 2023 community concern shows even benign rotations can go undisclosed for days; (3) post-KelpDAO-migration, CCIP is now the highest-value bridge target making any threshold reduction immediatel RD-F-090 gray Mixer withdrawal → protocol interaction Applicable: CCIP is a high-value bridge target; mixer-to-protocol interaction is a Tier C advisory signal. No confirmed Tornado Cash withdrawal to CCIP core contract interaction detected via public OSINT. CTI feed required (Chainalysis/TRM) for definitive assessment. CCIP per-lane token-bucket rate limits provide natural detection window if a mixer-funded attacker attempts a large transfer. Signal is advisory-only (Tier C) and not grade-eligible even when live. RD-F-091 n/a Partial-drain test transactions v1-deferred. Applicable in principle — partial-drain test transaction patterns are a bridge-class precursor. CCIP's dual-layer verification (Commit DON + RMN bless) means incremental probing via test transactions provides minimal reconnaissance value for an attacker vs. single-layer bridges. No partial-drain test pattern detected via public data. PH method; RT signal requiring on-chain pattern-matching infrastructure not available in static dry run. RD-F-092 gray Unusual mempool pattern from deployer wallet v2-deferred. Deployer wallets (0xf55037738604fddfc4043d12f25124e94d7d1780, 0x6f61507f902e1c22bcd7aa2c0452cd2212009b61) are historical/legacy; active CCIP admin operations flow through the ManyChainMultiSig (0xE53289F32c8E690b7173aA33affE9B6B0CB0012F), not deployer EOAs. This signal is structurally less applicable vs protocols with active deployer-EOA admin. PH method; P2 signal. RD-F-093 gray Abnormal gas-price willingness from attacker wallet v2-deferred. Gas-price anomaly monitoring requires continuous mempool infrastructure. No anomalous gas-price willingness from flagged wallets toward CCIP contracts detected via public OSINT. P2 signal; PH method. RD-F-094 gray New contract with similar bytecode to exploit template v2-deferred. Exploit-template deployment targeting CCIP is conceivable but no prior CCIP exploit means no known-exploit selector template exists. No new contract deployments matching CCIP-class attack patterns detected via public OSINT. PH method; P2 signal. RD-F-095 n/a Known-exploit function-selector replay No prior exploit of CCIP exists in the hack database; therefore no known-exploit selector replay template exists for CCIP specifically. CCIP has 0 protocol exploits in 34 months of operation. Wormhole-class (ecrecover zero-address) and Nomad-class (bytes32(0) root) templates do not apply to CCIP's distinct OCR + RMN architecture. Factor is not applicable by construction — it requires a prior exploit to generate a template. RD-F-096 gray New ERC-20 approval to unverified contract from whale v2-deferred. User-level ERC-20 approval monitoring to CCIP Router (0x80226fc0ee2b096224eeac085bb9a8cba1146f7d) or unverified contracts masquerading as CCIP contracts is a user-protection signal. No evidence of whale approvals to unverified contracts via public data. P2 signal; consumer-app scope per T-09 §3.3. RD-F-097 gray Sybil surge of identical-pattern transactions v2-deferred. Sybil transaction surges at CCIP smart contract level don't directly map to protocol compromise because CCIP's DON quorum consensus cannot be influenced by sybil EOA activity. PH method; v2-deferred per T-09 §3.3. RD-F-099 n/a Oracle price deviation >X% from secondary CCIP is the oracle infrastructure, not an oracle consumer. CCIP's core contracts do not consume external price feeds for internal rate-limiting or message-validation decisions. Token pools use static token-bucket parameters (absolute token quantities), not oracle-fed USD pricing. CCIP has no lending book, no collateral pricing, no oracle dependency in the Cat 3 sense. This signal is structurally inapplicable to CCIP's own operation. Note: Downstream protocols that USE CCIP (e.g., Aave GHO, Coinbase Wrapped Assets) may consume Chainlink price feeds separately, but those are not CCIP's internal dependency. RD-F-100 n/a Flash loan >$10M targeting protocol tokens CCIP has no borrow market, no AMM liquidity pool, and no flash-loan vulnerability surface. CCIP's OCR consensus mechanism cannot be manipulated via flash loans — flash loans require within-transaction state changes that interact with a single contract's accounting; CCIP's message validation requires cross-DON quorum consensus across off-chain nodes, which is immune to flash-loan timing. No LINK token flash-loan governance vulnerability applies (LINK holders have no on-chain CCIP governance votes). Structurally not applicable. RD-F-104 n/a Stablecoin depeg >2% on shared-LP venue CCIP itself has no internal stablecoin dependency. As a bridge protocol, it transports stablecoins but does not hold them as collateral or use stablecoin prices for internal rate calculations. Token pool rate limits are in absolute token quantities, not USD values tied to stablecoin pegs. A stablecoin depeg affects the economic value of tokens transiting CCIP but not the protocol's cross-chain messaging security or operational integrity. The stablecoin depeg signal fires when a protocol's internal health is endangered by a collateral depeg — CCIP has no such dependency. RD-F-107 gray Admin EOA signing from new geography/device P2 signal; not assessable without team opt-in to signing telemetry. CCIP admin operations flow through MCMS (a smart contract), not individual EOA signing. Geographic signing telemetry would apply to MCMS signers but their identities are not publicly disclosed by Chainlink Labs. Structurally gray for all CCIP governance operations — not negligence, just the opacity of the MCMS model. RD-F-110 gray Unusual pending/executed proposal ratio v2-deferred. CCIP uses ManyChainMultiSig (MCMS), not a standard OZ/Compound Governor with ProposalCreated/ProposalQueued events. Monitoring pending:executed proposal ratio requires MCMS-specific tooling (parsing MCMS opCount and proposal state). No standard PE pipeline exists for MCMS proposal ratio monitoring. No unusual MCMS proposal patterns observed from public sources.
RD-F-098 green TVL anomaly — % drop in <1h T-09 v1 production signal. CCIP has no direct DefiLlama TVL pool; TVL proxy = sum of token pool balances across 60+ chains. CCIP Explorer (ccip.chain.link/status) checked 2026-05-16: all primary lanes operational, only Blast Mainnet in maintenance. No TVL drain anomaly detected. LayerZero-migration TVS inflows ongoing (positive trend). Per-lane token-bucket rate limits cap drain rate, extending detection window. ~$7B Coinbase-secured TVS and ~$2.57B migration TVS stable per curator sources.
RD-F-101 green Large governance proposal queued T-09 v1 production signal. Applicable but modified — CCIP has no standard OZ/Compound Governor; proposals flow through ManyChainMultiSig (MCMS) + RBACTimelock. No unusual MCMS proposal pattern detected from public sources. Most recent documented governance actions were product deployments (v1.5 Jan 2025, v1.6 May 2025) — normal protocol lifecycle, not anomalous admin actions. The 2-day RBACTimelock minimum delay (172,800s per Etherscan-verified RBACTimelock) provides a veto window for node operators. No reports of unusual MCMS proposals in 2025-2026 from public sources.
RD-F-102 green Admin/upgrade transaction in mempool T-09 v1 production signal (v1 phase 2 infra required). Applicable for upgradeable contracts (OnRamp/OffRamp/TokenPools via MCMS+RBACTimelock). Router (0x80226fc0ee2b096224eeac085bb9a8cba1146f7d) is immutable — exempt from this signal. ARM/RMN proxy upgrades (via ARMProxy 0x411dE17f12D1A34ecC7F45f49844626267c75e81) would transit timelock. No unusual admin/upgrade tx detected in mempool context from public sources. 2-day RBACTimelock provides a 48-hour detection window before execution. MCMS multi-party sign-off requirement before timelock queue reduces probability of undetected admin tx.
RD-F-103 green Bridge signer-set change proposed/executed T-09 v1 production signal — directly applicable (highest-priority Cat 6B for a bridge protocol). CCIP's Commit DON, Execute DON, and RMN node sets are the bridge signer sets. CCIP Explorer (ccip.chain.link/status) checked 2026-05-16: no active lane pauses or curse transactions detected; all primary lanes operational. September 2023 MCMS signer rotation for a related Chainlink multisig resolved as routine periodic rotation with no threshold change (Chainlink spokesperson confirmed). No unscheduled signer-set change documented in CCIP DON or RMN sets for 2024-2026. RMN per-chain cursing capability (per v1.5+ architecture) provides granular response without global pause.
RD-F-105 green DNS/CDN/frontend hash drift T-09 v1 production signal (v1 phase 2 infra). Applicable — ccip.chain.link (Explorer) and docs.chain.link are high-value targets. No DNS drift or TLS cert change detected as of 2026-05-16. September 2024 Discord compromise (phishing link posted 2024-09-03) was a social-media account hijack, NOT a DNS or frontend compromise — ccip.chain.link was not affected. Chainlink holds ISO 27001 and SOC 2 Type 2 certifications indicating formal ISMS in place. Cloudflare-proxied infrastructure (observed from chnlink[.]xyz serving IP 104.21.96.1 being Cloudflare-proxied, suggesting Chainlink's own infra also uses Cloudflare for DDoS/DNS protection).
RD-F-106 green Cross-chain bridge unverified mint pattern Directly applicable — unverified mint on destination chain is precisely the failure mode CCIP's dual-DON + RMN architecture is designed to prevent. Current posture: no unverified mint pattern detected. CCIP architecture requires: (1) Commit DON posts Merkle root, (2) RMN independently blesses, (3) Execute DON finalizes. The three-layer verification makes bypass of all layers simultaneously unprecedented. CCIP Explorer shows all lanes operational. No report of unverified cross-chain mints via CCIP in 34 months of operation.
RD-F-108 green GitHub force-push to sensitive branch Applicable — smartcontractkit/chainlink and smartcontractkit/ccip-owner-contracts are the code-bearing repos. No force-push or unauthorized sensitive-branch push reported in public GitHub activity. Last commit date: 2026-05-16 on smartcontractkit/chainlink-ccip per data cache. Chainlink is a large corporate engineering organization with ISO 27001 certification implying code-review and branch-protection controls. No unauthorized push events reported in public channels.
Dev identity & insider risk Green 3 16 of 16
RD-F-123 yellow Sudden admin-rescue/ACL change without discussion CCIP admin changes flow through the documented MCMS -> RBACTimelock (2-day minimum delay) -> node-operator veto pathway, providing on-chain transparency. However, no public governance forum (Snapshot, Commonwealth, Tally) exists for CCIP configuration changes. Major version upgrades (v1.5 Jan 2025, v1.6 May 2025) were blog-announced coincident with deployment ('is now live' language), not with a 14+ day pre-deployment public discussion period. Dev changelog shows only lane deprecation/addition entries, no ACL change entries. No evidence of emergency admin-rescue or out-of-timelock ACL change found. Yellow: structural gap in off-chain pre-announcement discipline; not an insider-implant signal. The bypasser role (0x177A2884D8d3F78d9b4C758a7EA7f86d42920c2d) use history not checked at this tier — governance-admin-analyst should verify. RD-F-117 gray ENS/NameStone identity bound to deployer No ENS name found bound to deployer EOA 0x5c19826E72a40cf73681f757d6Bf90f5cDA89414. Chainlink Labs identity is anchored to corporate domains chain.link and chainlinklabs.com, not to ENS. Absence of ENS on a corporate deployer wallet is not a risk signal — it is consistent with institutional operational security. U7 (non-EVM substrate) does NOT apply as CCIP is EVM-based; assessed on merits. Scored gray as not-applicable-by-corporate-model rather than an evidence gap. RD-F-122 n/a Contributor paid to DPRK-cluster wallet Chainlink Labs has off-chain payroll (~600 employees, corporate entity). No on-chain payment streams to individual contributors identified. Per process-learnings guidance: F122 cannot be meaningfully assessed at OSINT tier for companies with off-chain payroll. LINK node-operator rewards are on-chain but node operators are independent third-party entities, not Chainlink Labs employees. Structural data gap — not a fabricated result. RD-F-184 gray Real-capital social-engineering persona Per process-learnings guidance and taxonomy definition: mark gray + note the Drift comparator (UNC4736 6-month capital-deposit persona build-up) as the reference pattern. Chainlink Labs is a 600-employee established corporate entity with multi-year public history, ISO 27001 + SOC 2 certification, and VC backing. The insider-persona attack vector targets younger less-established teams. No curator-flagged persona identified for CCIP. Evidence of absence cannot be established for a pattern designed to leave no public trace. CCIP's RBACTimelock + MCMS multi-signer model provides structural resistance to single-insider escalation. Gray is the correct score — spending time proving absence of something designed to leave no trace is explicitly ruled out by process-learnings.
RD-F-111 green Team doxx status Chainlink Labs is a real-name doxxed corporate entity. Co-founders Sergey Nazarov and Steve Ellis are publicly identified with LinkedIn profiles, conference appearances, and whitepaper co-authorship. Chief Scientist Ari Juels is a Cornell Tech professor with academic publications and Congressional testimony (Jan 2022). Broader team is ~600 employees per PitchBook (March 2026). ISO 27001 + SOC 2 Type 2 (Deloitte-audited) certifications confirm institutional identity.
RD-F-112 green Team public accountability surface Multiple verifiable public trails per named team member. Nazarov has Token2049 keynote PDF, CoinDesk profile, whitepaper co-authorship. Ellis has LinkedIn and co-founder public presence. Juels has peer-reviewed academic publications, RSA Security 17-year career, Congressional testimony. ISO 27001 + SOC 2 Type 2 (Deloitte) certification implies third-party-verified organizational accountability.
RD-F-113 green Team other-protocol involvement history Nazarov and Ellis co-founded SmartContract.com (2014) which became Chainlink — no prior rug or failed-protocol history. Juels had 17-year RSA Security background before Chainlink. OSINT search for Chainlink Labs exit scam/rug pull returned zero adverse results. Chainlink has been operating since 2014 with institutional partnerships (Swift, Euroclear, Fidelity, UBS) and CFTC advisory committee membership.
RD-F-114 green Deployer address prior on-chain history Deployer EOA 0x5c19826E72a40cf73681f757d6Bf90f5cDA89414 has 1,755 total transactions. ARM/RMN implementation deployed ~June 2022 (approximately 313 days before page fetch in May 2026) by this same address — predating CCIP Router by ~13 months. This is a long-lived Chainlink Labs operational deployer, not a fresh wallet. No linked-to-prior-rug history found via OSINT.
RD-F-115 green Prior rug/exit-scam affiliation OSINT search for Chainlink Labs exit scam / rug pull returned zero adverse results. Results showed exclusively legitimate institutional activity. No team member linked to a prior rugged protocol. Chainlink has operated continuously since 2014 with institutional-grade partnerships and regulatory engagement (CFTC advisory committee).
RD-F-116 green Contributor tenure at admin-permissioned PR smartcontractkit GitHub org has 366+ repositories with multi-year contributor history dating to 2018+. Organization has 4.1k followers with established contributor base. No evidence of a freshly-onboarded contributor authoring an admin-permissioned change — consistent with a large established engineering organization (~600 employees). MCMS signers are stated to be Chainlink node operators with proven multi-year track records. Confidence medium — specific tenure of most recent admin-PR author not extracted.
RD-F-118 green Handle reuse across failed/rugged projects @chainlink (X/Twitter) and all associated social handles are long-established (Chainlink founded 2014, mainnet 2019). No evidence of handle reuse from a prior failed project. Chainlink is one of the most recognized oracle protocols in the industry with continuous corporate identity since 2014.
RD-F-119 green Commit timezone consistent with stated geography smartcontractkit/chainlink-ccip shows active commits consistent with a distributed global organization. Data-cache shows last commit date 2026-05-16. Chainlink Labs states signers are spread across multiple geographic locations globally. No North-Korea-anomaly commit-hour pattern identifiable at OSINT level. Confidence medium — full commit-hour distribution not extracted.
RD-F-120 green Video-off/voice-consistency flag Sergey Nazarov appears on video at Token2049 Singapore (September 2024), Proof of Talk Summit (listed as speaker with bio), and multiple media appearances. No curator-observed video-off or voice-inconsistency flags. In-person conference presence provides biometric consistency evidence.
RD-F-121 green Contributor OSINT depth score Curator-scored 4/5. Named founders have deep LinkedIn histories (10+ years professional track records), academic institution affiliations (Juels at Cornell Tech), peer-reviewed publications, and extensive public media appearances. Score reflects named leadership quality; full 600-employee contributor roster not individually profiled at this assessment tier.
RD-F-124 green Deployer wallet mixer-funded within 30 days Deployer EOA 0x5c19826E72a40cf73681f757d6Bf90f5cDA89414 received 1.014 ETH from 0x61E5E1ea8fF9Dc840e0A549c752FA7BDe9224e99 on June 7, 2023 (tx 0xfc3a1f5ecb8fdc6de1eed700384f0d3b65592a8a4ce35c38b4a055fc7bd8a0cc). CCIP Router deployed approximately July 17, 2023. Funding gap: ~40 days before deploy — outside the 30-day RD-F-124 window. ARM/RMN impl deployed ~June 2022 by same deployer confirms long-lived operational wallet. 1-hop funder (0x61E5E1ea8...) has no Tornado Cash / Railgun / mixer label; 1,815 txs across 33 chains since ~5 years ago. No mixer interaction identified at any traced hop. Chainlink Labs is a VC-backed corporate entity (a16z, Sequoia) inconsistent with mixer-funded deployer pattern.
RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No OFAC SDN listing for Chainlink Labs, Sergey Nazarov, Steve Ellis, or any Chainlink entity. No Chainalysis-labeled Lazarus cluster linkage at deployer EOA or identified funding hops. OSINT search combining 'Chainlink Labs' + DPRK/Lazarus/North Korea developer 2024-2025 returned zero adverse results. Chainlink Labs achieved ISO 27001 + SOC 2 Type 2 (Deloitte-audited) certifications implying third-party-verified security management. U4 applied: CCIP being used as drain-venue by attackers in unrelated exploits does NOT flag F125 — belongs in Cat 5/Cat 11.
Fork / dependency lineage Green 11 10 of 10
RD-F-133 yellow Dependency manifest uses unpinned versions ccip-owner-contracts: forge-std pinned to commit 74cfb77 and openzeppelin-contracts pinned to commit e50c24f (= OZ v4.9.2) per .gitmodules — both exact commit pins, green for this repo. The chainlink monorepo (primary Solidity contracts) uses both OZ v4.8.3 and OZ v5.0.2 per npm @chainlink/contracts-ccip package documentation. Exact commit pinning in the monorepo's dependency manifest was not verifiable via available routes. Yellow conservatively given the dual-version pattern and unverified monorepo manifest. RD-F-126 n/a Is-a-fork-of CCIP is an original protocol design by Chainlink Labs. Not a fork of any external protocol. Protocol profile §5 confirms original design. No upstream fork. RD-F-127 n/a Upstream patch not merged No upstream fork exists. Factor not applicable. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) No upstream fork exists. Factor not applicable. RD-F-129 n/a Code divergence from upstream (%) No upstream fork. Code divergence from upstream is not applicable. RD-F-130 n/a Fork depth (generations from original audit) No fork lineage. Fork depth concept does not apply to an original design. RD-F-131 n/a Fork retains upstream audit coverage No upstream audit coverage to inherit. Factor not applicable to original-design protocol. RD-F-132 n/a Fork has different economic parameters than upstream No upstream protocol with audited default parameters. Factor not applicable.
RD-F-134 green Dependency had malicious-release incident (last 90d) OZ v4.9.2 (commit e50c24f, released 2023-06-16) and forge-std have no active malicious-release advisory in trailing 90 days as of 2026-05-16. No GHSA advisory found for these packages.
RD-F-135 green Shared-library version with known-vuln status OZ v4.9.2 is not on any active high/critical CVE or GHSA advisory list as of 2026-05-16. The 4.9.2 release itself contains a critical bugfix for MerkleProof.processMultiProof — meaning the fix is included, not the vulnerability. No active advisory for OZ v4.9.2 or OZ v5.0.2.
Post-deploy hygiene & change mgmt Yellow 21 13 of 13
RD-F-136 yellow Deployed bytecode matches signed release tag CCIP uses redeployment (not proxy upgrade). Contracts are verified on Etherscan providing source-to-bytecode confirmation at verification time. No signed release-tag commit was directly matched against deployed bytecode (would require local build reproduction). Partial credit: Etherscan verification confirms source-bytecode alignment. Full deterministic build reproduction not confirmed. RD-F-137 yellow Upgrade frequency (per 90 days) CCIP uses redeployment cycles. Major versions: v1.5 (January 2025), v1.6 (May 2025). No major redeployment in last 90 days from assessment (May 2026). However, per-lane OnRamp/OffRamp config updates via MCMS proposals occur regularly; new chain integrations add fresh contracts. Rate is elevated due to rapid expansion (60+ chains, 26 new networks in 2025). RD-F-138 yellow Hot-patch deploys without timelock (last 30 days) Normal config changes route through MCMS -> RBACTimelock (2-day delay). Bypasser MCMS can execute with no delay (break-glass). Rate limit changes are applied immediately (no timelock). No specific bypass events in last 30 days identified. Yellow: regular config changes are timelocked but bypass path exists and rate limits change without delay. RD-F-139 yellow Post-audit code changes without re-audit Substantial audit coverage: Code4rena May 2023 (v1.0 core+ARM), Code4rena July 2023 (ccip-owner-contracts), Cyfrin July 2024 (v1.5 CCT/TokenPool), Code4rena November 2024 (16 contracts, 2,697 SLOC, v1.5/v1.6 prep). Gap: token pools were explicitly out of scope in Nov 2024 audit; v1.6 launched May 2025 adding Solana/non-EVM support — no identified public audit for v1.6 Solana components. Gap is ~6-12 months on new surfaces. Yellow not red: core EVM contracts well-audited; private/internal review likely not captured in public list. RD-F-145 yellow Deployed bytecode reproducibility Contracts are verified on Etherscan (source + compiler settings published — v0.8.19, optimization settings per contract). Build reproduction requires specific compiler version and constructor args. Etherscan verification provides partial reproducibility anchor. Full deterministic independent build reproduction not confirmed. RD-F-146 yellow New contract deploys in last 30 days CCIP is expanding aggressively — 60+ chains supported, 26 new networks added in 2025. LayerZero migration inflows (April-May 2026) likely accelerated new token pool onboarding. New chain deployments add fresh OnRamp/OffRamp/TokenPool surfaces on a continuous basis. Elevated fresh attack surface creation rate. RD-F-168 yellow Stale-approval exposure on deprecated router CCIP v1.0.0 was deprecated in 2024 (March 31, 2024 deadline). Users who granted token approvals to the v1.0.0 Router retain stale approvals. Chainlink published migration docs but no evidence of systematic on-chain revoke-notice or approval cleanup. Risk bounded because v1.0.0 Router is immutable and cannot execute arbitrary transfers without a CCIP message, but stale approval surface exists. RD-F-142 n/a Storage-layout collision risk across upgrades CCIP uses redeployment (new contract deployment + reference redirect), NOT proxy upgrade with storage layout continuity. Storage layout collision risk is eliminated by architectural design — each new version is a fresh deployment with fresh storage at a new address. RD-F-143 n/a Reinitializable implementation (no _disableInitializers) Core CCIP contracts (OnRamp, OffRamp, FeeQuoter, ARM) use constructor-only initialization with no OZ Initializable proxy pattern. No initialize() function exists in these contracts. Router is immutable. No reinitializer attack surface exists. This class of vulnerability does not apply to CCIP's non-proxy architecture.
RD-F-140 green Fix-merged-but-not-deployed gap No known fix-merged-but-not-deployed gap identified. CCIP uses redeployment cycles (v1.0 -> v1.2 -> v1.5 -> v1.6). Code4rena and Cyfrin audit systems generally require fixes to be implemented before final report acceptance. No public record of a merged fix not yet deployed found.
RD-F-141 green Test-mode parameters in deploy No test-mode parameters identified in production contracts. OnRamp, OffRamp, FeeQuoter use constructor-injected production addresses. ARM/RMN has no test-mode indicators in verified source. MCMS and RBACTimelock show production configurations.
RD-F-144 green CREATE2 factory permits same-address redeploy No evidence of CREATE2 deployment pattern in CCIP core contracts. Standard CREATE used for contract deployment. Constructor-based pattern confirmed across OnRamp, OffRamp, FeeQuoter, ARM.
RD-F-185 green Bridge rate-limiter / chain-pause as positive mitigant CCIP has a robust positive mitigant stack: (1) Per-lane token-bucket rate limits (inbound and outbound per connected chain per token pool) — limits blast radius per exploit; (2) RMN can issue curse to halt all CCIP lanes globally; (3) MultiAggregateRateLimiter provides aggregate cross-pool rate limiting; (4) Bypasser MCMS enables emergency response without 2-day delay. Rate limiter implementation confirmed via Code4rena 2024-11 (RateLimiter.sol, MultiAggregateRateLimiter.sol in scope). This is a well-documented, functioning safety control layer.
Cross-chain & bridge Green 13 12 of 12
RD-F-148 yellow Bridge validator count (M) Commit DON: 2F+1 quorum required (exact node count not publicly disclosed; multi-node). RMN Ethereum ARM v1 (0x8B63b3DE93431C0f756A493644d128134291fA1b): 3 blessing nodes + 3 cursing nodes verified on-chain. RMNRemote (newer architecture): F+1 signatures required; per-chain signer count not publicly enumerated. YELLOW: Ethereum ARM v1 has low absolute node count (3 bless) for ~$7B secured value. RD-F-149 yellow Bridge validator threshold (k-of-M) RMN Ethereum ARM v1: 2/3 bless threshold, 2/3 curse threshold (verified on-chain). OCR3 Commit DON: 2F+1 quorum. RMNRemote: requires F+1 signatures; config enforces 2F+1 total signers (Byzantine fault tolerant). YELLOW: ARM v1 2/3 threshold is BFT minimum for 3 nodes - meets mathematical safety requirement but is low absolute count for $7B secured value. RD-F-157 yellow Bridge TVL per validator ratio Using $7B value-secured anchor and 3 RMN blessing nodes (Ethereum ARM v1): $7B / 3 = ~$2.3B per blessing node. Extremely high TVS-to-validator ratio. Note: ARM v1 covers Ethereum mainnet; other chains have own ARM/RMN instances. If RMNRemote scales validators proportionally across 60 chains, per-chain concentration is lower, but Ethereum-secured value (cbBTC, cbETH) is the largest pool. RD-F-150 n/a Bridge validator co-hosting Not assessable from public data. Chainlink does not publish node operator infrastructure details for DON or RMN. Documentation states nodes are 'distributed across multiple geographic regions' but per-datacenter/ASN analysis is not possible externally. RMN blog confirms no operator overlap between RMN and Commit DON (set-level diversity). RD-F-155 n/a Bridge validator-set rotation recency Not assessable - Chainlink does not publish validator set rotation dates for DON or RMN. ARM contract shows 600+ days of transaction history (active). MCMS governance is the rotation mechanism. Exact rotation schedule not publicly disclosed. RD-F-156 n/a Bridge uses same key custody for >30% validators Not assessable - Chainlink does not disclose key custody arrangements for DON or RMN nodes. Documentation claims geographic distribution but custodian details are not public. RMN design ensures no node overlap with DON (separate Rust implementation, different team) providing set-level key custody separation. RD-F-179 n/a LayerZero OFT DVN config (count, threshold, diversity) Not applicable - CCIP is its own messaging protocol, not a LayerZero OApp. data-cache layerzero.present=false. CCIP does not use LayerZero DVNs; it has its own DON + RMN validation layer. F179 is structurally inapplicable to CCIP.
RD-F-147 green Protocol has bridge surface CCIP IS the bridge. 60+ chains, lock/burn/mint token pools, cross-chain messaging. Router 0x80226fc0ee2b096224eeac085bb9a8cba1146f7d is the user entry point; OnRamp/OffRamp pairs per lane. Profile flags: is_a_bridge=true, has_bridge_surface=true.
RD-F-151 green Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] GREEN - PASS. MultiOCR3Base.sol: oracle set assignment rejects address(0) with OracleCannotBeZeroAddress(). In _verifySignatures, ecrecover result checked against signer role map - zero-address cannot hold Role.Signer. RMNRemote.sol verify(): 'if (signerAddress == address(0)) revert InvalidSignature()'. Both DON OCR path and RMN verification path guard against zero-address ecrecover return.
RD-F-152 green Bridge binds message to srcChainId OCR3 commit reports include source chain selector as part of per-chain Merkle root trees. OffRamp s_roots mapping indexed by [sourceChainSelector][merkleRoot]. Messages bound to origin chain, preventing cross-chain replay via chain-selector mismatch.
RD-F-153 green Bridge tracks nonce-consumed mapping CCIP uses sequence numbers per source chain (NonceManager contract). OffRamp checks minSeqNr/maxSeqNr intervals; rejects duplicate sequence ranges. Duplicate root rejection: 'we disallow duplicate roots as that would reset the timestamp'. Execution state tracked per message. Three-layer replay protection: (1) root timestamp deduplication, (2) sequence number range enforcement, (3) per-message execution state.
RD-F-154 green Default bytes32(0) acceptable as valid root [★ CRITICAL] GREEN - PASS. OffRamp.sol commit function line 919: 'if (merkleRoot == bytes32(0)) revert InvalidRoot()'. The Nomad-class zero-root acceptance vulnerability is explicitly guarded. bytes32(0) root cannot be committed; the attack vector of accepting any message against a zero default root is blocked.
Threat intelligence & recon Yellow 25 8 of 8
RD-F-161 red Protocol-impersonator domain registered (typosquat) Process-learnings instruction: assess F161 first for top-tier DeFi brands; calculate registration-date-to-assessment-date delta explicitly. Multiple confirmed active typosquat and impersonator domains targeting Chainlink: (1) chnlink[.]xyz — active cryptocurrency drainer, confirmed by PCRisk; serving IP 104.21.96.1 (Cloudflare-proxied active site); mimics chain.link. (2) dashboard-chain[.]xyz — confirmed fake Chainlink site (PCRisk same report). (3) register-chain[.]link — confirmed fake airdrop domain mimicking chain.link (PCRisk Chainlink Airdrop Scam guide). (4) Fake bridge scam resulting in $520,000 LINK loss (Binance Square). WHOIS gap: DomainTools API not available in static dry run; exact registration dates not determinable for 90-day threshold calculation [?]. Assessment basis: multiple confirmed active fraud domains at different domain types (.xyz, .link subdomains, others); PCRisk removal guides indicate active operation post-2024; 'ChainLink phishing' technique evolution doc RD-F-158 gray Known-threat-actor cluster has touched protocol T-09 v1 production signal (Tier C advisory; phase 2 infra required). Highly applicable — CCIP is the highest-value bridge target in DeFi post-LayerZero migration (~$9.57B total TVS). Lazarus/DPRK actors are actively targeting bridge infrastructure. U4 note: KelpDAO exploit proceeds (April 2026) were laundered via various channels but CCIP was a migration DESTINATION not a laundering route — this is adversarial-venue-use of LayerZero (not CCIP), not F158 for CCIP. No confirmed Lazarus/DPRK wallet interaction with CCIP core contracts via public OSINT. CTI feed (Chainalysis/TRM) required for definitive assessment — 'no public evidence' is not 'no interaction' for this high-profile target. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Applicable — pre-strike probe pattern (low-gas failing txs to OnRamp/OffRamp from CTI-flagged addresses). No confirmed pre-strike probe pattern detected via public OSINT. CCIP's architecture means useful reconnaissance requires actual valid cross-chain message attempts, not just failing low-gas txs. PH signal; mempool + CTI feed required; v1 phase 2 infra scope. RD-F-164 gray Leaked credential on paste/sentry site Applicable — Chainlink Labs operates node infrastructure with sensitive credentials. No confirmed paste-site or credential dump referencing Chainlink CCIP infrastructure found via public OSINT. ISO 27001 certification implies formal credential management. P2 signal; paste monitoring not configured for static dry run; M-only method requiring curator access to paste monitoring feeds. RD-F-165 gray Protocol social channel has scam-coordinator flag Applicable — Chainlink Discord (discord.gg/chainlink) is the official community channel. September 2024 Discord compromise: phishing link was posted by a compromised account; Chainlink never officially acknowledged; no confirmed scam-coordinator confirmed in a channel admin role post-incident. Current status of Chainlink Discord admin security: unknown from public OSINT. P2 signal; curator scam-coordinator watchlist not maintained. Scored gray rather than red because no confirmed ongoing scam-coordinator in admin role is evidenced.
RD-F-160 green GitHub malicious-dependency incident touching protocol deps Applicable — CCIP has Go offchain dependencies (smartcontractkit/chainlink-ccip) and Solidity onchain dependencies. No active GHSA advisory affecting CCIP dependencies found via public OSINT as of 2026-05-16. Chainlink is an established organization with mature dependency management processes (ISO 27001 certification). Active repo development (last commit 2026-05-16) suggests maintained dependency tracking. No malicious-release incident in trailing 90 days matching CCIP's dependency tree reported.
RD-F-162 green Known-exploit-template selector deployed by any address No known exploit template exists for CCIP — 34 months of operation with zero protocol exploits means no in-sample exploit selector template has been created for CCIP's specific OCR/RMN message format. Generic bridge exploit templates (Wormhole ecrecover-zero-address, Nomad bytes32(0)-root, Ronin validator-compromise) do not map to CCIP's distinct architecture. No new contract deployments matching CCIP-class attack patterns detected via public OSINT.
RD-F-163 green Avg attacker reconnaissance time for peer-class protocols Bridge-class protocol reconnaissance time from hack DB. Sophisticated nation-state actors targeting bridges (Ronin/Lazarus, Harmony Horizon, Kelp/LayerZero) exhibit reconnaissance periods of 30-90+ days. The KelpDAO/Lazarus case: attackers operated as node operators for 15+ months before the exploit. This ≥30 day average reconnaissance time indicates a sufficient warning window for well-instrumented CTI signals (F158, F090). CCIP's architecture (requiring compromise of both DON quorum AND RMN independently) would require even longer reconnaissance periods than single-layer bridges. Green: ≥30 days average reconnaissance for bridge class.
Tooling / compiler / AI Green 8 5 of 5
RD-F-170 yellow Solc version used (known-bug versions flagged) Three compiler versions: (1) solc 0.8.19 — Router, ARM, ARMProxy, ManyChainMultiSig, RBACTimelock; (2) solc 0.8.24 — OnRamp/OffRamp (Nov-2024 audit scope); (3) pragma ^0.8.4 — MultiOCR3Base library. Known bugs for 0.8.19: StorageWriteRemovalBeforeConditionalTermination (medium/high, optimizer-required at 26000 runs), InlineAssemblyMemorySideEffects (medium, optimizer-required). TransientStorageClearingHelperCollision bug (high, viaIR required) does NOT apply — CCIP uses 0.8.19/0.8.24, both below the 0.8.28 floor. Yellow: medium-severity optimizer-related bugs exist for 0.8.19 with optimizer, but high/critical bugs are not confirmed applicable to CCIP's usage pattern. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation CCIP is an original design with no audited upstream to compare bytecode against. The AI-copy-risk pattern (bytecode similarity to audited upstream with behavior deviation) requires a reference upstream. Not applicable to original-design protocols.
RD-F-172 green Repo shows AI-tool co-authorship in critical files No AI tool co-authorship indicators (co-authored-by trailers for GitHub Copilot, ChatGPT Code Interpreter) found in commit history of examined repos (chainlink-ccip, ccip-owner-contracts, code-423n4/2024-11-chainlink audit snapshot). No AI co-authorship metadata observed in any security-critical contract file reviewed.
RD-F-173 green Team self-disclosure of AI-generated Solidity No Chainlink Labs blog, press release, or technical document found disclosing AI-generated Solidity in CCIP security-critical production code. ChainGPT integration is a user-facing partner product for generating user contracts, not CCIP's own internal Solidity. No AI disclosure for internal code found.
RD-F-174 green Dependency tree uses EOL Solidity version Solc 0.8.19 and 0.8.24 are both within the actively supported Solidity 0.8.x series. EOL concerns apply to 0.6.x and older versions. The ^0.8.4 floating pragma in MultiOCR3Base is a library pragma floor; deployed bytecode is fixed at compile time (0.8.19 observed). No EOL version found in deployed CCIP contracts.
Response & disclosure hygiene Green 8 4 of 4
RD-F-176 yellow Disclosure SLA public No explicit acknowledgment-time SLA (e.g., 72-hour acknowledgment, 30-day remediation window) is published on the Immunefi program page or in Chainlink's security documentation. The Immunefi Approval Required category implies an embargo period (researchers must coordinate before public disclosure), but no specific timeline is stated. Chainlink does not publish a separate responsible disclosure policy document with stated SLA. Immunefi's platform norms provide implicit triage SLA, but this is platform-level rather than a Chainlink-published commitment. HackerOne program policy may contain a written SLA but was not confirmed from public-facing pages. Scored yellow: disclosure channel exists (green F175) but specific SLA is unpublished.
RD-F-175 green Disclosure channel exists Chainlink operates dual public security disclosure channels: (1) Immunefi bug bounty program at $3M maximum critical payout - CCIP OCR Execute Plugin, CCIP OCR Commit Plugin, CCIP EVM, and CCIP Solana are explicitly listed as in-scope assets among 25 total in-scope assets; (2) HackerOne program linked from GitHub security tab covering node software and smart contracts. Immunefi program active since May 2021 expansion. Over $500K in payouts across 75+ resolved reports to 50+ researchers confirmed. Critical impact category includes RMN onchain curse bypass, directly relevant to CCIP. KYC required; PoC required; triaged by Immunefi.
RD-F-177 green Prior known-ignored disclosure No evidence of a security disclosure being ignored prior to exploitation for CCIP. No incidents have occurred (F077 = zero exploits), making this based on absence of negative evidence. Additionally, Chainlink's published bug bounty history demonstrates good-faith response: $500K+ in payouts across 75+ resolved reports; a confirmed $300K payout for a critical Chainlink VRF vulnerability (top-10 Immunefi payout). Chainlink is stated to only accept vulnerability reports via Immunefi and HackerOne, indicating a structured triage process. No post-mortem, CVE, or community report documents a pre-exploit disclosure being ignored.
RD-F-178 green CVE/GHSA advisory issued against protocol No CVE, GHSA, or equivalent public advisory found for Chainlink CCIP in CVE databases, CISA bulletins, GitHub Security Advisory database, or NVD. Web search for CCIP CVE/security advisory returned no hits specific to CCIP infrastructure. CISA weekly vulnerability bulletins searched (including December 2025 bulletin surfaced in search results) - no CCIP entry. Note: this reflects CCIP's clean exploit record; absence of CVE is consistent with zero known exploits.
rubric_version v1.7.0 graded_at 2026-05-16 11:30:10 factors 184 protocol chainlink-ccip