Breakage analysis per dependency
Chainlink CCIP's assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Breakage scenarios: DON fail -> messages halt; manual execution possible after DON backoff. RMN curse -> global bridge halt. FeeQuoter oracle stale -> fee degraded, no fund loss. MCMS compromise -> all lane configs at risk during 2-day timelock. Token pool exploit -> isolated to that token/lane. No single-point-of-catastrophic-failure outside MCMS key compromise.
Sources #
- URLChainlink CCIP Architecture Explainer - LlamariskLlamarisk CCIP explainer - DON failure scenario: Executing DON retries, users can manually execute after backoffretrieved 2026-05-16
- CCIP Upgradability Architecture - Chainlink DocumentationCCIP upgradability docs - MCMS governance and RBACTimelock 2-day review windowretrieved 2026-05-16
Methodology #
Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-052 score yellow collected_at 2026-05-16 01:55:09