An autonomous AI security tool identified a critical vulnerability in the XRP Ledger’s Batch amendment, which, if undetected, could have permitted unauthorized fund transfers from user accounts without requiring access to private keys. This flaw resided in the signature-validation logic of the amendment, designed to enable bundled transactions. Although the amendment was in the voting stage and not yet live, the potential exploit posed a severe threat to blockchain security. The flaw arose when validation mismanaged a new signer’s non-existent account, allowing attackers to siphon funds using cleverly structured batch transactions. On February 19, Pranamya Keshkamat and Cantina AI’s tool flagged the issue, leading to rapid responses from Ripple’s engineering team, including an emergency update to block the amendment. Moving forward, XRPL Labs plans to integrate AI-assisted audits and enhanced static analysis to prevent similar vulnerabilities, emphasizing the crucial role of AI in blockchain security.
Source link
