A Bug Found in the XRP Ledger by an AI Tool
A security tool powered by AI has identified a significant bug in the XRP Ledger. This vulnerability, if unnoticed, could have enabled an attacker to access funds from any account on the network without needing the victim’s private key.
The flaw, disclosed by the XRPL Institute, was integrated into the signature validation logic for an upcoming upgrade called Batch Fix. This feature would let users bundle multiple transactions and execute them simultaneously.
Fortunately, this amendment was still undergoing validation votes and hadn’t been activated on the mainnet yet, so no funds were genuinely at risk. Still, the potential for exploitation posed a severe threat to the blockchain.
To break it down, Batch transactions permit users to consolidate various operations into one. Since individual transactions within a batch lack their own signatures, the system depends on a list of signers to confirm that all relevant accounts have approved the bundle.
A critical loop error emerged in the validation function designed to check these signers. If an account does not yet exist in the ledger and a signer’s signing key corresponds to this new account, the system wrongly assumes the whole check is successful and ceases further validation.
An attacker could take advantage of this by creating a batch with three transactions: the first creates a new account under their control, the second performs a simple transaction from that newly established account, and the third involves a payment from the victim’s account to the attacker.
Because the new account isn’t present during validation, the checking process halts after the first entry, skipping the validation of the second entry entirely. Consequently, the victim’s funds could be transferred without needing their keys.
Pranamya Keshkamat and the autonomous security tool Apex from Cantina AI uncovered this vulnerability through static code analysis and reported it responsibly on February 19th. The engineering team at Ripple validated the report with an independent proof of concept that very evening.
A quick response followed: verifiers on the network were promptly advised to vote against the proposed amendment.
An emergency update, Ripple 3.1.1, was released on February 23rd, marking both the Batch amendment and its related fix as unsupported to prevent activation. A revised replacement, BatchV1_1, has been developed and is now under review, but a release date hasn’t been determined yet.
It’s quite notable that an AI tool made this discovery.
XRPL Labs has announced plans to incorporate an AI-assisted code audit process as a standard step in its future reviews, along with upgraded static analysis aimed at catching similar premature loop issues that led to this bug.
