The XRP Ledger team encountered serious problems in building support for NFTs. As a result, the developers withdrew their consent votes. Ripple has been forced to undertake remedial work. How long will it last?
Serious bug for NFTs on the XRP Ledger
It turns out that within the NFT on the XRP Ledger there was a serious bug. As a result of it, the NFTs knocked out in this space are susceptible to attacks by malicious users. The effect of such an attack can be that the attacker creates a myriad of currencies within the issuing account and thus increases the reserves in the victim’s account.
The so-called Lines of Trust, which are part of the XRP Ledger structure, are violated here. They enforce the principle that no one can be caused to hold a token they do not want. The operation of the lines in the ecosystem can be explained in simple terms. Each creator has the right to order the payment of a fee for the transfer of his NFT. As a rule, this is done in the currency in which the NFT was sold. In order for this to be possible, Lines of Confidence are necessary, for the asset in question. Meanwhile, a loophole means that even though such a line has not been activated, it can be automatically added.
As a result, transfer fees can be paid in a different coin, which is not XRP. A potential bad actor could thus sell NFTs between several accounts, for any currency. In doing so, the process would come at the expense of XRP reserves.
Validators withhold their votes
The possibilities that a potential attacker receives through this bug have caused developers and validators to withhold their votes in approving the progressive changes. This is because the risk has arisen that an attacker could even issue his own unsupported currency, for newly launched Lines of Trust.
Validator Alloy Networks, via Twitter reported:
“A late-stage possible exploit has been reported in connection with the XLS20 patch. In light of this, we will veto the patch until a fix is found. It’s disappointing, yes, but the security of both issuers and buyers is paramount. And the network, of course.”
Next steps for XRP Ledger
WietseWind, on the other hand, also announced via Twitter the planned course of corrective work. First, the code is to be corrected at the source. Later, operators will be forced to make an update that will incorporate the fix. In further steps, a retest and another vote is to take place. Its results will determine whether the new version will be published.
Combat Kanga, on the other hand, was tempted to indicate a time frame. In his estimation, implementation of the amendment could take from a month to as much as two and a half. At the same time, he pointed out that haste is not an ally in this case.