# CCIP Security Documentation **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- **Date**: $(date) **Network**: ChainID 138 **Purpose**: Security information for all CCIP contracts --- ## 🔐 Contract Access Control ### CCIP Router - **Address**: `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` - **Access Control**: Standard CCIP Router implementation - **Owner Function**: `owner()` function not available (may use different access control pattern) - **Admin Functions**: Standard CCIP Router admin functions - **Pause Mechanism**: Standard CCIP Router pause functionality (if implemented) **Note**: Contract owner/admin addresses need to be retrieved from deployment transactions or contract storage. ### CCIP Sender - **Address**: `0x105F8A15b819948a89153505762444Ee9f324684` - **Access Control**: Standard CCIP Sender implementation - **Owner Function**: `owner()` function not available - **Router Reference**: `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` **Note**: Access control details need to be retrieved from contract source code or deployment logs. ### CCIPWETH9Bridge - **Address**: Use env `CCIPWETH9_BRIDGE_CHAIN138` (set after `scripts/deploy-and-configure-weth9-bridge-chain138.sh`); canonical: `0xcacfd227A040002e49e2e01626363071324f820a`. **Deprecated (do not use):** `0x89dd12025bfCD38A168455A44B400e913ED33BE2` — old bridge with router mismatch. See [CONTRACT_INVENTORY_AND_VERIFICATION.md](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md). - **Access Control**: Bridge contract access control - **Owner Function**: `owner()` function not available - **Admin Functions**: Bridge-specific admin functions **Destination Chains Configured**: - ✅ BSC: `0x9d70576d8E253BcF...` (truncated, full address in storage) - ✅ Polygon: `0x383a1891AE1915b1...` (truncated) - ✅ Avalanche: `0x594862Ae1802b3D5...` (truncated) - ✅ Base: `0xdda641cFe44aff82...` (truncated) - ✅ Arbitrum: `0x44aE84D8E9a37444...` (truncated) - ✅ Optimism: `0x33d343F77863CAB8...` (truncated) ### CCIPWETH10Bridge - **Address**: `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` - **Access Control**: Bridge contract access control - **Owner Function**: `owner()` function not available - **Admin Functions**: Bridge-specific admin functions **Destination Chains Configured**: - ✅ BSC: `0x9d70576d8E253BcF...` (truncated, full address in storage) - ✅ Polygon: `0x383a1891AE1915b1...` (truncated) - ✅ Avalanche: `0x594862Ae1802b3D5...` (truncated) - ✅ Base: `0xdda641cFe44aff82...` (truncated) - ✅ Arbitrum: `0x44aE84D8E9a37444...` (truncated) - ✅ Optimism: `0x33d343F77863CAB8...` (truncated) --- ## 🔍 How to Retrieve Admin/Owner Addresses ### Method 1: From Deployment Transaction ```bash # Get deployment transaction hash cast tx --rpc-url $RPC_URL_138 # Extract deployer address from transaction cast tx --rpc-url $RPC_URL_138 | grep "from" ``` ### Method 2: From Contract Storage ```bash # Try common storage slots for owner addresses cast storage 0 --rpc-url $RPC_URL_138 cast storage 1 --rpc-url $RPC_URL_138 ``` ### Method 3: From Source Code If contracts are verified on Blockscout, check the source code for: - `Ownable` pattern (OpenZeppelin) - Custom access control implementations - Multi-sig patterns --- ## 🛡️ Security Recommendations ### 1. Access Control Verification - ✅ Verify all admin/owner addresses - ✅ Document multi-sig requirements (if any) - ✅ Review access control mechanisms - ⚠️ **Action Required**: Retrieve and document actual owner addresses ### 2. Upgrade Mechanisms - ⚠️ Verify if contracts are upgradeable - ⚠️ Document upgrade procedures - ⚠️ Review upgrade authorization requirements ### 3. Pause Mechanisms - ⚠️ Verify pause functionality (if implemented) - ⚠️ Document pause procedures - ⚠️ Review pause authorization requirements ### 4. Emergency Procedures - ⚠️ Document emergency response procedures - ⚠️ Review circuit breakers (if implemented) - ⚠️ Document recovery procedures --- ## 📋 Security Checklist - [ ] Admin/owner addresses documented - [ ] Access control mechanisms reviewed - [ ] Upgrade procedures documented - [ ] Pause mechanisms documented - [ ] Emergency procedures documented - [ ] Multi-sig requirements documented (if applicable) - [ ] Key rotation procedures documented - [ ] Incident response plan documented --- ## 🔗 Related Documentation - [CCIP Sender Contract Reference](./CCIP_SENDER_CONTRACT_REFERENCE.md) - [CCIP Sender Contract Reference](./CCIP_SENDER_CONTRACT_REFERENCE.md) - [Contract Addresses Reference](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) (bridge and CCIP addresses) --- **Last Updated**: $(date) **Status**: ⚠️ **INCOMPLETE** - Owner addresses need to be retrieved