Bridge rate-limiter / chain-pause as positive mitigant

Chainlink CCIP's assessment for RD-F-185 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CCIP has a robust positive mitigant stack: (1) Per-lane token-bucket rate limits (inbound and outbound per connected chain per token pool) — limits blast radius per exploit; (2) RMN can issue curse to halt all CCIP lanes globally; (3) MultiAggregateRateLimiter provides aggregate cross-pool rate limiting; (4) Bypasser MCMS enables emergency response without 2-day delay. Rate limiter implementation confirmed via Code4rena 2024-11 (RateLimiter.sol, MultiAggregateRateLimiter.sol in scope). This is a well-documented, functioning safety control layer.

Sources #

GitHub
RateLimiter.sol — Code4rena 2024-11-chainlinkCode4rena 2024-11 — MultiAggregateRateLimiter.sol and RateLimiter.sol confirmed in audit scope (16 contracts, 2,697 SLOC)retrieved 2026-05-16
Docs
How Rate Limits Work | Chainlink DocumentationCCIP rate limit management docs — per-lane token bucket (inbound + outbound), capacity + rate configurable, setChainRateLimiterConfig on token poolretrieved 2026-05-16
URL
CCIP Risk Management Network | Chainlink BlogChainlink RMN blog — RMN curse halts all CCIP lanes globally; independent from primary CCIP adminretrieved 2026-05-16

Methodology #

Determine whether the bridge implements a per-window outflow rate-limiter (and at what cap), and whether the protocol team can trigger a chain-level or validator-set emergency pause.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-185 score green collected_at 2026-05-16 01:55:09