.svg)
.svg)
Summary
Only the smart contracts of the xReserve are assessed. We could not assess if the smart contract provide all necessary checks as some of the checks are performed off-chain.
Circle did not provide sufficient documentation on the integration of the contracts into the off-chain system, nor was a list of guarantees provided that the on-chain part should cover. The bridge’s off-chain system is vital for the system’s security, and it must be assumed that Circle performs all checks not covered on-chain correctly off-chain.
We provided a non-exhaustive list of checks that should be performed off-chain in On-chain and off-chain checks.
Otherwise, the smart contracts are well-structured and implemented. Almost all issues are informational.
In summary, we find that the isolated smart contract provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Circle xReserve
The assessed contracts are part of Circle xReserve, a bridge that allows users to bridge assets between chains. Chains without support for native USDC tokens will deploy a USDC-backed stablecoin and the backing USDC will be held in the xReserve contract on Ethereum.