Ripple devs rush to fix flaw in XRP’s blockchain

A fix is in the works to stop XRP’s blockchain from getting bogged down by spam.

An anonymous developer has created an open source tool that allows anyone to upload files of any size onto the XRP blockchain. The tool works by exploiting the memo field (known as the destination tag) that all XRP transactions have, which is designed to help transactions be identified. While the memo field was built to be, “Indestructible. Immutable. Infinite File Storage.” in the hands of spammers, and the IndImm application, it could slow the network down and push up the cost of transactions. But a fix, say developers, is in the works.

“Let’s start with a big thanks & hats off to you, as we can’t have enough development in this ecosystem,” said Wietse Wind, a developer of the XRP tipbot, commenting on the exploit. “BUT, on a different note: I’m worried. I operate a full history node on the XRP ledger.”

The problem is that blockchains are not designed to store unlimited amounts of data. In order for a blockchain to be secure, lots of people need to hold a full history of the network on their computers. As the log history gets larger, so the number of people who can afford to keep the full history locally goes down. As of June 2019, bitcoin’s network history is 226GB. A spammer could dump huge files into those XRP memo fields, swamping the network with extra storage, and making it prohibitively expensive to run. As a saving grace, the spammer would have to expend huge sums of money to generate enough transactions stuffed with spam in order to cause any real damage to a network. But a bunch of people believe they can use this exploit to take down the XRP blockchain.

A Discord group has been set up to try to coordinate an attack on the network and upload large amounts of huge transactions in one go. So far, it does not appear to have worked. The group, which is largely comprised of individuals who frequent 4chan—a notorious, anonymous online forum—either haven’t been able to coordinate successfully, or haven’t been able to afford the attack.

XRP developer Wind is also worried about another problem. The tool could be used to upload images of child abuse or other illegal material, in theory, making running a full node illegal. However, several developers pointed out, a bit too casually, this has been the case on the bitcoin blockchain for many years and little seems to have been done to stop it.

To fix the issue, Wind issued a comment on the XRP Github account, suggesting that fees should be charged to safeguard the network. A technical discussion has been started in order to fix the problem. Some developers are in favour of the fees, others suggested they should be lower. So far, a course of action has not yet been chosen.

Ripple CTO David Schwartz said, “On the bright side, I don’t believe there’s any serious short-term attack. I believe the threat is that an attacker can maliciously gradually increase the cost of running a server and keeping history over a long period of time.” Which is like the black knight saying, “tis but a scratch.”