A severe logic flaw within the XRP Ledger (XRPL) codebase was narrowly averted this month, a recent blog post states.
Security researchers discovered a vulnerability that could have allowed attackers to drain user wallets without needing their private keys.
The bug, which was spotted in the proposed “Batch” amendment (XLS-56), was identified earlier this month by independent researcher Pranamya Keshkamat and an autonomous AI security tool named Apex.
The amendment was still in its voting phase and had not been activated on the XRPL mainnet. Hence, no user funds were at risk or lost.
The vulnerability explained
The Batch amendment would allow multiple “inner” transactions to be grouped together.
These inner transactions are intentionally left unsigned in order to save processing power. Instead, authorization is delegated to the outer batch’s list of signers.
A critical loop error caused a major vulnerability in the process of calling signers.
You Might Also Like
If the system encountered a signer for an account that did not yet exist on the ledger, and the signing key matched that new account, the system immediately declared the validation a success. It then exited the loop early, avoiding validator checks.
A specific sequence of batched transactions could have been used by the attacker to exploit the aforementioned vulnerability.
Had the Batch amendment been activated on the mainnet before this discovery, the XRPL ecosystem would have potentially suffered a severe blow. An attacker could have stolen funds, modified the ledge state, and destabilized the ecosystem.
Earlier this week, developers released the Rippled 3.1.1 reference server software. This emergency patch explicitly marks the Batch amendment as unsupported,
A comprehensive fix that removes the early-exit loop and adds tighter authorization guards has been developed. It is currently undergoing rigorous peer review.