Ripple Responds to Alarm Over Potential XRP Ledger Loophole
Ripple’s chief technology officer David Schwartz is responding to concerns about a new open-source tool designed to let people upload files of any size onto the XRP ledger.
The tool was released by an anonymous developer. It utilizes the fact that when sending XRP, a user can write a memo that is included with the transaction.
The founder of Ripple-backed XRPL Labs, Wietse Wind, was the first to raise questions about whether the tool will be used to give people a way to upload illegal content onto the ledger. He addressed the anonymous developer on GitHub.
“I’m worried. I operate a full history node on the XRP ledger. I am very very much afraid of what will happen when your service will get some actual use. It’ll be a matter of time before illegal content will be uploaded. Especially with the hate against the XRP community from [Bitcoin maximalists]. When someone uploads pirated content, or worse: child abuse images, no one would be able to remove that from their full history servers.
That would mean it would become a legal nightmare to run full history nodes, not only for me, but for all XRPL enthusiasts and businesses. I would kindly ask (beg) you to take down the project.”
Wind says he’s also concerned that users could eventually upload so many files that it becomes too expensive for companies like his to run a full history of the ledger. To counter the issue, he says the community should consider raising the fees on transactions that take up a significant amount of data.
“In the long term, I would suggest an amendment for the XRPL to exponentially increase the minimum transaction fee when large memos are being sent. That would render this ‘use case’ non-viable. Again: I really appreciate your efforts to develop for the XRP ledger, and please keep on doing so! But if you want to store files, consider using tech meant to store files.”
Other developers on the XRP ledger’s GitHub question whether the tool could also be used to spam and slow down the network.
According to developers, a Discord has already been set up to see what kind of damage, if any, the tool can do. Schwartz says he doubts there’s any danger in the short term.
“I guess it comes down to exactly what sort of problem we think we have. If we think that average-sized transactions are sufficiently handled with the existing fee escalation and the only real issue is that large and small transactions cost the same, then we never have to burden the most common transactions that people make today such as transfers of XRP with no (or minimal) memo.
I suppose the cleanest change would be to start by taking size into account when computing the base transaction fee with things adjusted so that the vast majority of transactions made today still have a 10 drop base fee. For example (and I’m totally making numbers up here, I haven’t measured) if 95% of transactions are less than 1KB, we can make transactions under 1KB pay the base fee and transactions over 1KB pay one base fee per kilobyte.
If we think the problem is that a bad actor can just spam the ledger with 10 drop transactions and not deny any service (except to people who submit 10 drop transactions) but cause an unacceptable ledger growth rate, then I think we need to raise the base fee from 10 drops to a higher amount or, alternatively, trigger fee escalation whenever the transaction rate is higher than some amount.
On the bright side, I don’t believe there’s any serious short-term attack. I believe the threat is that an attacker can maliciously gradually increase the cost of running a server and keeping history over a long period of time.”