In brief
- Ripple is teaming with blockchain security firm Immunefi to host an “attackathon” for the XRP Ledger lending protocol.
- If one serious bug is found, a full $200,000 will be provided to participants.
- The protocol aims to eventually offer fixed-term, uncollateralized loans on the XRP Ledger.
Ripple is offering up to $200,000 to users who find security flaws in the proposed XRP Ledger lending protocol, incentivizing white hat hackers to “attack” the upcoming platform.
The rewards are part of an “attackathon” hosted by Ripple and blockchain security firm Immunefi that asks security researchers to poke and prod the codebase to find potential flaws, with a particular focus given to bugs that impact fund security and vault solvency.
“The XRPL community is preparing for one of its most significant upgrades yet with the proposed lending protocol, which is expected to go to validator vote later this year. Before any major amendment like this moves forward, it’s critical to ensure the code is as secure and resilient as possible,” RippleX Head of Product Jasmine Cooper told Decrypt.
“Partnering with Immunefi, one of the top on-chain security platforms, allows us to tap into a global network of elite researchers who have secured some of the largest DeFi protocols to date,” she added. “The Attackathon is just one part of a broader, layered security process.”
To encourage those without experience on XRP Ledger, the firms are opening a two-week educational period for interested participants. During this time, researchers can gain support from Ripple engineers, access devnet guides and test environments, and more.
After the education period is over, the attackathon will begin on October 27 and run through November 29.
“If even one valid bug is found during the program, the full $200,000 is unlocked and will be distributed,” the announcement post reads. “If no bugs are found, a fallback pool of $30,000 is paid out to participants who submitted valid insights.”
The XRP Ledger lending protocol was introduced last fall at XRP Ledger Apex, a Ripple-hosted summit dedicated to fostering the build of the decentralized network.
The protocol aims to introduce fixed-term, uncollateralized loans directly on XRP Ledger, without using smart contracts or wrapped assets. Instead, the protocol deliberately will rely on off-chain procedures to determine creditworthiness. Funds will then be pooled on-chain and repayments follow protocol-enforced terms.
Specific targets for the attackathon participants include liquidation logic, interest accrual bugs that may reward the wrong party, administrative attacks that could allow for alteration of protocol records, among others.
While payments firm Ripple is linked to the network’s native token XRP and is a major contributor to the XRP Ledger, it does not have an affiliation with the bulk of the XRP Ledger validators. In August, former Ripple CTO David Schwartz told Decrypt that the firm runs “something like 1% of the XRP Ledger.”
The network earned a last place security ranking from research firm Kaiko when compared to 14 other blockchains in August. But developers for the ledger pushed back on the claim and highlighted security endorsements from firms like CertiK, Halborn, and FYEO.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Source: https://decrypt.co/344136/ripple-offering-200k-attack-xrp-ledger-lending-protocol
