check nonce in _cctpMessage

contracts/src/L1/gateways/usdc/L1USDCGatewayCCTP.sol

@@ -6,7 +6,6 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own
 import {IERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
 import {SafeERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
 
-import {IFiatToken} from "../../../interfaces/IFiatToken.sol";
 import {ITokenMessenger} from "../../../interfaces/ITokenMessenger.sol";
 import {IL2ERC20Gateway} from "../../../L2/gateways/IL2ERC20Gateway.sol";
 import {IL1ScrollMessenger} from "../../IL1ScrollMessenger.sol";
@@ -67,6 +66,11 @@ contract L1USDCGatewayCCTP is OwnableUpgradeable, CCTPGatewayBase, L1ERC20Gatewa
 
     /// @notice Relay cross chain message and claim USDC that has been cross chained.
     /// @dev The `_scrollMessage` is actually encoded calldata for `L1ScrollMessenger.relayMessageWithProof`.
+    ///
+    /// @dev This helper function is aimed to claim USDC in single transaction.
+    ///      Normally, an user should call `L1ScrollMessenger.relayMessageWithProof` first,
+    ///      then `L1USDCGatewayCCTP.claimUSDC`.
+    ///
     /// @param _nonce The nonce of the message from CCTP.
     /// @param _cctpMessage The message passed to MessageTransmitter contract in CCTP.
     /// @param _cctpSignature The message passed to MessageTransmitter contract in CCTP.
@@ -81,7 +85,6 @@ contract L1USDCGatewayCCTP is OwnableUpgradeable, CCTPGatewayBase, L1ERC20Gatewa
         // call messenger to set `status[_nonce]` to `CCTPMessageStatus.Pending`.
         (bool _success, ) = messenger.call(_scrollMessage);
         require(_success, "call messenger failed");
-        require(status[_nonce] == CCTPMessageStatus.Pending, "message relay failed");
 
         claimUSDC(_nonce, _cctpMessage, _cctpSignature);
     }

contracts/src/L2/gateways/usdc/L2USDCGatewayCCTP.sol

@@ -6,7 +6,6 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own
 import {IERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
 import {SafeERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
 
-import {IFiatToken} from "../../../interfaces/IFiatToken.sol";
 import {ITokenMessenger} from "../../../interfaces/ITokenMessenger.sol";
 import {IL1ERC20Gateway} from "../../../L1/gateways/IL1ERC20Gateway.sol";
 import {IL2ScrollMessenger} from "../../IL2ScrollMessenger.sol";

contracts/src/libraries/gateway/CCTPGatewayBase.sol

@@ -47,11 +47,7 @@ abstract contract CCTPGatewayBase is ScrollGatewayBase {
      * Constructor *
      ***************/
 
-    constructor(
-        address _l1USDC,
-        address _l2USDC,
-        uint32 _destinationDomain
-    ) {
+    constructor(address _l1USDC, address _l2USDC, uint32 _destinationDomain) {
         l1USDC = _l1USDC;
         l2USDC = _l2USDC;
         destinationDomain = _destinationDomain;
@@ -70,11 +66,16 @@ abstract contract CCTPGatewayBase is ScrollGatewayBase {
     /// @param _nonce The nonce of the message from CCTP.
     /// @param _cctpMessage The message passed to MessageTransmitter contract in CCTP.
     /// @param _cctpSignature The message passed to MessageTransmitter contract in CCTP.
-    function claimUSDC(
-        uint256 _nonce,
-        bytes calldata _cctpMessage,
-        bytes calldata _cctpSignature
-    ) public {
+    function claimUSDC(uint256 _nonce, bytes calldata _cctpMessage, bytes calldata _cctpSignature) public {
+        // Check `_nonce` match with `_cctpMessage`.
+        // According to the encoding of `_cctpMessage`, the nonce is in bytes 12 to 16.
+        // See here: https://github.com/circlefin/evm-cctp-contracts/blob/master/src/messages/Message.sol#L29
+        uint256 _expectedMessageNonce;
+        assembly {
+            _expectedMessageNonce := and(shr(96, calldataload(_cctpMessage.offset)), 0xffffffffffffffff)
+        }
+        require(_expectedMessageNonce == _nonce, "nonce mismatch");
+
         require(status[_nonce] == CCTPMessageStatus.Pending, "message not relayed");
 
         // call transmitter to mint USDC