XRP Labs founder talks about plans for XRPL security upgrade

  • According to XRP Labs founder Wietse Wind, two new security proposals could be implemented as part of the Hooks amendment for the XRP Ledger (XRPL).
  • The first proposal could prevent the disclosure of the amount of the own XRP holdings to third parties.

A member of the XRP community with the Twitter name @consistentbenny has submitted a new security proposal that could help to prevent both the disclosure of one’s own XRP inventory and contact with fraudulent addresses. Specifically, the XRP enthusiast suggested to the founder of XRPL Labs, Wietse Wind, for XUMM that a blacklist function for each user should be integrated into the wallet.

This would allow users to blacklist their own cold storage addresses to make their disclosure impossible. The second proposal was that Xrpforensics, a service that detects fraudulent activities and addresses on the XRP Ledger (XRPL), should be integrated into the XUMM wallet:

Feature idea for @XummWallet > contact blacklist.

1) Blacklist own cold storage address to make sure to never send #XRP to it from one’s XUMM wallet, as this could reveal holding amount to third parties.

2) Possibility to auto-sync with @xrpforensicsidentified fraud list.

Both proposals were warmly acknowledged by Wietse Wind. Wind explained, however, that it would be better to implement both proposals not only on the client level for XUMM, but to anchor them in the XRP ledger. In this context, Wind referred to his “Hooks” amendment for the XRP ledger, which he published in late July.

According to the proposal, hooks are “small, efficient pieces of code defined on an XRPL account so that the logic can be executed before and/or after XRPL transactions”. For example, a hook can automatically send a portion of a received deposit to a vacation savings account or store account-based flags such as “Has this user performed and passed KYC”.

As Wind explained, the Hooks amendment is about extending the functionality of the XRP ledger, with implementation on the ledger, since many developers and companies do not have the necessary licenses to handle user funds or custody. According to Wind, the two proposals are ideally suited to be implemented within the Hooks amendment:

This is a great idea, but even better if solved client independent. This is a great idea for the Hooks amendment we’re working on. You could store an *on ledger, native* list of hashes of account addresses you want to block. Then, no matter the client you use (XUMM, …).

Regarding (2): The @xrpforensics is already present in XUMM, XUMM will warn / block (level 2, level 3) transactions to listed accounts. But even that will be possible with Hooks, on ledger. You can just install a hook to “Subscribe” to the @xrpforensics advisory on ledger.

According to the blog post published by Wind in late July, the Hooks amendment is still in the works. Once finished, an open source proof of concept will be published, first in a private and then in the public XRPL testnet. Wind wrote back then:

While we still need some time, we are already really excited about engaging with you, devs & businesses, testing, integrating, and hopefully: seeing validators vote for our “Hooks” amendment (to be), at some point in the future.