A severe logic flaw within the XRP Ledger (XRPL) codebase was narrowly averted this month, a recent blog post states
Security researchers discovered a vulnerability that could have allowed attackers to drain user wallets without needing their private keys.
The bug, which was spotted in the proposed “Batch” amendment (XLS-56), was identified earlier this month by independent researcher Pranamya Keshkamat and an autonomous AI security tool named Apex
HOT Stories
Critical XRP Ledger Bug in Batch Amendment Could Have Drained User Wallets
Crypto Market Review: XRP Volatility Squeeze is a $2 Recipe, Will Dogecoin (DOGE) Zero Removal Happen in February? Shiba Inu (SHIB) Bullruns Aren’t Possible Yet
The amendment was still in its voting phase and had not been activated on the XRPL mainnet. Hence, no user funds were at risk or lost.
The vulnerability explained
The Batch amendment would allow multiple “inner” transactions to be grouped together.
These inner transactions are intentionally left unsigned in order to save processing power. Instead, authorization is delegated to the outer batch’s list of signers.
A critical loop error caused a major vulnerability in the process of calling signers.
If the system encountered a signer for an account that did not yet exist on the ledger, and the signing key matched that new account, the system immediately declared the validation a success. It then exited the loop early, avoiding validator checks
A specific sequence of batched transactions could have been used by the attacker to exploit the aforementioned vulnerability
Had the Batch amendment been activated on the mainnet before this discovery, the XRPL ecosystem would have potentially suffered a severe blow. An attacker could have stolen funds, modified the ledge state, and destabilized the ecosystem
Earlier this week, developers released the Rippled 3.1.1 reference server software. This emergency patch explicitly marks the Batch amendment as unsupported,
A comprehensive fix that removes the early-exit loop and adds tighter authorization guards has been developed. It is currently undergoing rigorous peer review
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Ripple 攜前西聯部門 Convera,穩定幣橋接 140 種貨幣跨境支付
Ripple Labs 與 Convera 宣布合作,透過「穩定幣三明治」模式提升全球支付效率。企業可利用法幣與穩定幣進行跨境支付,無需直接管理數位資產。此合作旨在加速結算、降低成本,並保持合規性,助力企業在200個國家進行多幣種支付。Ripple 也在新加坡進行其他擴展計畫。
MarketWhisper1h fa
XRP 今日新聞:持有者大量撤回代幣,供應衝擊訊號浮現
4月1日,XRP報1.32美元,經歷五個月連跌後試圖企穩。鏈上數據顯示,XRP流出交易所的數量持續增加,尤其是2月份流出70.3億枚。機構和鯨魚的行為出現分歧,鯨魚在累積資產,而機構資金則出現流出,市場需關注1.27美元支撐的保持情況。若支撐被突破,可能觸發更深的回調。
MarketWhisper2h fa
Is the XRP Bottom Finally Here? 3 Massive Bullish Signals You Need to See
Although in a more modest manner, XRP whales have returned to the scene, amassing more tokens over the past week, which is categorized as the first bullish sign for the underlying asset.
Another could come in the form of the technical tool used to determine whether that asset’s move in either
CryptoPotato4h fa
Ripple (XRP) Price Jumps 8%, New Crypto Project PlayNance (GCoin) Locks 250M Tokens Within Hours
XRP’s price has increased by more than 8% over the past week, pushing above the pivotal $1.5 level.
Ripple’s native cryptocurrency is also a leading performer for the past 24 hours, up by 2.8% – the most out of the top 10 coins by means of total market capitalization.
Source: TradingView
It’s w
CryptoPotato7h fa
