CCTP Technical Guide

Cross-Chain Transfer Protocol (CCTP) uses generalized message passing to facilitate the native burning and minting of USDC across supported blockchains, also known as domains. Message passing is a three-step process:

1. An onchain component on the source domain emits a message.
2. Circle's offchain attestation service signs the message.
3. The onchain component at the destination domain receives the message, and forwards the message body to the specified recipient.

Onchain components serve the same purpose across all domains, but their implementations differ between EVM-compatible and non-EVM domains. Moreover, there are both implementation and naming differences between CCTP V2 and previous versions due to the addition of Fast Transfer and other improvements.

The relationship between CCTP V2's onchain components and Circle's offchain Attestation Service is illustrated below for a burn-and-mint of USDC between EVM-compatible domains:

On EVM domains, the onchain component for cross-chain burning and minting is called TokenMessengerV2, which is built on top of MessageTransmitterV2, an onchain component for generalized message passing.

In the diagram above, a token depositor calls the TokenMessengerV2#depositForBurn function to deposit a native token (such as USDC), which delegates to the TokenMinterV2 contract to burn the token. The TokenMessengerV2 contract then sends a message via the MessageTransmitterV2#sendMessage function. After sufficient block confirmations, Circle's offchain attestation service, Iris, signs the message. An API consumer must query this attestation and submits it onchain to the destination domain's MessageTransmitterV2#receiveMessage function.

To send an arbitrary message, directly call MessageTransmitterV2#sendMessage. The message recipient must implement the following methods to handle messages based on their finality threshold:

• Implement IMessageHandlerV2#handleReceiveFinalizedMessage to receive messages with finalityThresholdExecuted ≥ 2000.
• Implement IMessageHandlerV2#handleReceiveUnfinalizedMessage to receive messages with finalityThresholdExecuted < 2000.

This distinction allows the recipient to control the level of finality it requires before accepting a message.

CCTP is also available on several non-EVM blockchains where USDC is natively issued, extending cross-chain functionality to the broader ecosystem. While most non-EVM domains support CCTP V1, Circle is expanding support to include later CCTP versions.

The top-level message header format is standard for all messages passing through CCTP.

A CCTP V2 nonce is a unique identifier for a message that can only be used once on the destination domain. Circle assigns CCTP V2 nonces offchain. The nonce for each message in a transaction can be queried through the /v2/messages API, using the transaction hash as a query parameter.

The message format includes a dynamically sized messageBody field, used for application-specific messages. For example, TokenMessengerV2 defines a BurnMessageV2 with data related to cross-chain transfers.

CCTP provides a set of API hosts and endpoints to manage messages, attestations, and transaction details for your cross-chain USDC transfers.

CCTP V2 endpoints enable advanced functionality such as fetching attestations for Standard Transfer or Fast Transfer burn events, verifying public keys across versions, accessing transaction details, querying fast transfer allowances and fees, and initiating re-attestation processes. Below is an overview of the CCTP V2 public endpoints. Click on any endpoint for its API reference.

CCTP V2 introduces the concept of a finality threshold, which is a chain-agnostic representation of the confirmation level required before an attestation is issued. This allows integrators to specify how many confirmations are needed based on their risk tolerance or use case.

In CCTP V2, each message specifies a minFinalityThreshold. This threshold indicates the minimum level of confirmation required for Circle's attestation service (Iris) to attest to the message. Iris will not attest to a message at a confirmation level below the specified minimum threshold. This allows applications to enforce a desired level of finality before acting on an attestation on the destination chain.

CCTP V2 defines the following finality thresholds:

• Messages with a minFinalityThreshold of 1000 or lower are considered Fast messages. These messages are eligible for fast attestation at the confirmed level by Iris.
• Messages with a minFinalityThreshold of 2000 are considered Standard messages. These messages are attested to at the finalized level by Iris.

For CCTP V2 transfers, a fee is collected onchain at the time of USDC minting. Retrieve the applicable fee by calling the API every time before executing a transaction. Fees are subject to change with advance notice. See the table below for rates.

• The maxFee parameter in depositForBurn specifies the maximum fee that can be charged during minting.
  • If maxFee is less than the minimum Standard Transfer fee, the burn reverts onchain.
  • If maxFee is equal to or greater than the minimum Fast Transfer fee and minFinalityThreshold is 1000 or lower, the attestation is eligible for Fast Transfer. In this case, the Fast Transfer fee (which varies by chain) is charged onchain at minting.
• If the attestation results in a Standard Transfer—for example, because maxFee is below the Fast Transfer fee or minFinalityThreshold is greater than 1000—the Standard Transfer fee is charged onchain at minting.

• CCTP V2 Fast Transfer Fee
• CCTP V2 Standard Transfer Fee

Some chains support a Standard Transfer fee switch, which enables enforcing a minimum fee during a CCTP V2 Standard Transfer.

• Some deployments of the TokenMessengerV2 contract include a fee switch that enforces a minimum onchain fee. This fee is collected during USDC minting in a Standard Transfer. See tables below for supported chains.
• TokenMessengerV2 contracts with fee switch support include the getMinFeeAmount function, which calculates and returns the minimum fee required for a given burn amount, in units of the burnToken.

CCTP V2 TokenMessenger Contracts (No Standard Transfer Fee Switch support)

CCTP V2 TokenMessenger Contracts (with Standard Transfer Fee Switch support)

Hooks in CCTP V2 are metadata that can be attached to a burn message, allowing integrators to execute custom logic at the destination chain. Hook execution is left entirely to the integrator, offering maximum flexibility and enabling broader cross-chain compatibility without altering the core CCTP protocol.

CCTP does not implement hook execution in the core protocol. Instead, hooks are treated as opaque metadata passed along with the burn message. This design allows integrators to define and control how hooks are processed on the destination chain, based on their own infrastructure and trust model.

• Maximum flexibility for integrators

  • Determine execution timing: pre-mint or post-mint
  • Implement custom recovery or error-handling strategies if hook execution fails
  • Choose any execution environment (EVM or non-EVM); even non-EVM chains can support Hooks as data passed into a function call.

• Consistency with the destinationCaller pattern

  • CCTP V2 continues the destinationCaller model from CCTP V1.
  • In most integrations, the destinationCaller is expected to handle hook execution, making it a natural extension of an existing pattern familiar to integrators.

• Improved Compliance and Security Separation

  • Compliance: By delegating hook execution to the integrator, the protocol maintains a clear boundary between CCTP's core message-passing functionality and application-specific logic. This modular approach helps integrators meet their own compliance requirements with greater flexibility.
  • Security: By keeping hook execution outside the core protocol, CCTP maintains a smaller and more focused security surface, while allowing integrators to manage their own execution environments independently.

WHAT'S NEXT

• CCTP FAQ