Bridge tracks nonce-consumed mapping
Circle USYC's assessment for RD-F-153 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
CCTP itself implements replay protection at the attestation layer (Circle's infrastructure tracks message consumption server-side). The CrossChainTeller relies on CCTP's replay protection rather than implementing an independent on-chain nonce-consumed mapping. No independent nonce map visible in CrossChainTeller source. Yellow: replay protection exists via CCTP infrastructure layer, but the Teller contract itself does not independently track nonces, creating a dependency on Circle's off-chain infrastructure for this guarantee.
Sources #
- EtherscanCrossChainTeller BSC - BSCScanCrossChainTeller BSC at 0xf38979E05650be7926EA07BB59C48Fb9b1DB3D08 - confirmed no independent nonce map in BSC contractretrieved 2026-05-16
- CrossChainTeller Ethereum - EtherscanCrossChainTeller Ethereum at 0x5dbeCcECEbCdC2ce3258f6E638373d2923560c7d - no nonce mapping visible in contract source; relies on CCTP attestation layer for replay protectionretrieved 2026-05-16
Methodology #
Determine whether the bridge inbox maintains a nonce-consumed mapping and rejects replay of used nonces.
See the full factor methodology and distribution across all protocols →