- XRP Ledger dodged a massive $80B hack after Cantina flagged a critical Batch amendment flaw in time.
- A signature-validation bug could have let attackers move funds without private keys—but quick action stopped it.
- Ripple validators halted XLS-56 upgrade, and Rippled 3.1.1 patched the flaw, protecting the entire ecosystem.
A critical security flaw threatened Ripple’s XRP Ledger just days before a major upgrade vote. However, developers moved fast and stopped a potentially historic exploit. On February 19, security engineer Pranamya Keshkamat at Cantina identified a dangerous logic error. Cantina’s AI security bot also flagged the issue during testing.
The XRP Ledger Foundation confirmed the vulnerability on Thursday. The flaw affected the proposed “Batch” amendment, known as XLS-56. Developers had not yet activated the amendment on the XRP Ledger mainnet. Consequently, no user funds were exposed or stolen. The team quickly alerted validators and halted the upgrade. Hence, the network avoided what experts described as a massive financial risk.
Critical Logic Flaw in Signature Validation
The vulnerability targeted the signature-validation process within the Batch amendment. This feature allows multiple inner transactions inside a single outer transaction. Developers designed it to reduce processing power and improve efficiency. However, inner transactions remain unsigned and rely on outer signers for authorization.
A loop error in the signer-calling mechanism created the core weakness. If the system encountered a signer linked to a new account, validation could pass instantly. Moreover, the loop exited early and skipped critical security checks. An attacker could have crafted batched transactions to exploit that flaw. Consequently, bad actors might have moved funds without private keys. The flaw also opened the door to ledger tampering and ecosystem instability.
Rapid Response Prevented Disaster
Cantina and Spearbit CEO Hari Mulackal praised the swift action. He wrote, “Great work by the Ripple team on responding quickly to our disclosure, alerting the validators who promptly voted down the upgrade that was scheduled to go live on March.”
He added, “Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk.” He likely referenced XRP’s market capitalization.
Additionally, the XRP Ledger Foundation instructed validators to reject the amendment. Developers released Rippled 3.1.1 as an emergency update. That update blocked activation of the flawed amendment.
