Simply put
- Ripple is teaming up with Immunefi, a blockchain security firm, to organize an “attack-thon” aimed at the XRP Ledger lending protocol.
- Participants who discover a significant bug will be eligible for a $200,000 reward.
- This protocol is designed to provide fixed-term unsecured loans on the XRP Ledger in the future.
Ripple is offering a total of up to $200,000 to those who identify security vulnerabilities in its proposed XRP Ledger lending protocols, encouraging ethical hackers to “attack” forthcoming platforms.
This reward is part of a collaborative effort between Ripple and Immunefi, which invites security researchers to thoroughly investigate the code for potential issues, especially those threatening fund security and vault integrity.
“The XRPL community is gearing up for one of its more significant upgrades regarding the proposed lending protocol, which validators will vote on later this year. It’s crucial to ensure that the code is as secure as it can be before we go ahead with such a major change,” said Jasmine Cooper, Product Director at RippleX.
She also mentioned, “Teaming up with Immunefi, a leading on-chain security platform, helps us tap into a global network of top researchers who have secured large DeFi protocols.” The attack-thon is just a piece of an extensive security process.
To assist newcomers to the XRP Ledger, the firms will provide a two-week educational period for interested participants. During this time, researchers will receive guidance from Ripple engineers along with access to devnet resources, testing environments, and more.
The attack-thon is set to kick off on October 27 and will run until November 29.
“If we identify even one valid bug, the full $200,000 reward will be made available,” a spokesperson noted. “If no bugs are identified, a fallback pool of $30,000 will be handed out to those who submit valid insights.”
The lending protocol was unveiled during last fall’s XRP Ledger Apex, a Ripple-backed summit aimed at speeding up the development of decentralized networks.
This initiative plans to roll out fixed-term unsecured loans right on the XRP Ledger, excluding the use of smart contracts or wrapped assets. Instead, it relies on off-chain methods to establish trustworthiness, pooling funds on-chain with repayment conditions enforced by the protocol.
Participants in the attack-thon will focus on specific vulnerabilities, including liquidation logic, interest accrual bugs that may mistakenly reward the wrong parties, and administrative loopholes that could allow tampering with protocol records.
Ripple is associated with the XRP network and is a significant contributor to the XRP Ledger, though it does not control many of the validators on the network. Former CTO David Schwartz previously indicated that Ripple accounts for about 1% of the XRP Ledger.
Despite a recent report by Kaiko that ranked the network last among 14 other blockchains in terms of security, the ledger’s developers have defended against these claims, showcasing security support from firms like CertiK, Halborn, and FYEO.
