The Challenge

‍

The Lighter Bridge enables cross-chain deposits of USDC into the Lighter protocol using Circle's Cross-Chain Transfer Protocol (CCTP) as the underlying bridging infrastructure. The system required security validation of a novel architecture: lightweight per-user contracts deployed deterministically for each deposit intent.

‍

The technical flow operates as follows: users prefund their deterministic contract with USDC. Once the burn is initiated on the source chain, Circle's CCTP takes over the bridging process. Circle's Attestation Service continuously monitors burn events and issues a signed attestation authorizing the corresponding mint on the destination chain upon verification. This attestation acts as cryptographic proof that USDC burned on the source chain can be safely reminted. The minted tokens are then handled by the FastCCTPV2 contract, which completes the process by depositing them into the LighterProxy contract.

‍

The audit required a thorough understanding of Circle's CCTP bridging process and careful examination of how Lighter's per-user contract system integrated with this external protocol.

‍

‍

‍

Security Assessment: Strengthening Bridge Architecture Through Collaboration

‍

No major vulnerabilities were identified during the audit. Nethermind Security's review validated Lighter's bridge architecture and worked with the team to strengthen edge case handling across governance, fee logic, and approval patterns.

‍

The engagement focused on ensuring robust CCTP integration. The Lighter team was responsive throughout the process, quickly implementing recommendations and actively engaging in technical discussions about how their deterministic contract system interacts with Circle's attestation service.

‍

Key improvements included adding governance safeguards to prevent misconfigurations, aligning fee calculations with CCTP's actual execution modes, and refining token approvals to minimize unnecessary exposure. All five informational findings were resolved before launch.

‍

‍

‍

Our Process

‍

Nethermind Security conducted a comprehensive security assessment following a structured and collaborative approach:

‍

1. ‍Engagement structure: Kickoff call to align on scope, architecture, and focus areas, with regular bi-weekly sync meetings throughout the audit to discuss progress, clarify design details, and review preliminary observations.‍
2. Interim reporting: Shared an intermediary report summarizing auditors' notes, initial concerns, and recommendations for discussion and early mitigation.‍
3. Code review and analysis: Extensive manual review of the entire codebase, supported by internal peer discussions to validate assumptions and findings. The team examined all external dependencies and verified correct integration of third-party components, with particular attention to the CCTP bridging process.

‍

This structured process ensured transparent collaboration with the Lighter team and thorough evaluation of the protocol's security posture.

‍

Total findings:

• 5 Informational findings
• All findings resolved before deployment

‍

‍

‍

Results

‍

All identified improvement opportunities were implemented. The bridge launched with validated security across its CCTP integration, deterministic contract deployment system, and cross-chain deposit flow.

‍

The thorough review process confirmed the soundness of Lighter's architectural decisions while providing actionable improvements to governance safeguards, fee consistency, and approval mechanisms. The protocol successfully integrated Circle's CCTP infrastructure with proper validation of attestations and cross-chain message handling.

‍

"Nethermind's audit validated our CCTP integration and identified important improvements to our fee logic and governance safeguards before launch. Their technical depth with cross-chain bridging infrastructure gave us confidence in our architecture."
Lighter Team

‍

‍

‍

Nethermind Security

‍

We help protocols build with confidence. Start a conversation about your project's security.