Prepared by:
HALBORN
Last Updated 06/27/2025
Date of Engagement: February 17th, 2025 - March 13th, 2025
100% of all REPORTED Findings have been addressed
All findings
7
Critical
2
High
1
Medium
2
Low
1
Informational
1
Ripple engaged Halborn to conduct a security assessment on XRP Ledger (XRPL) feature amendments beginning on February 17, 2025 and ending on March 13, 2025, focusing on PR #5224
The feature introduces a Single Asset Tokenized Vault, a new on-chain primitive that allows for aggregating assets (XRP, IOU, or MPT) from one or more depositors and represents ownership through MPToken shares. The vault serves as a foundational building block for diverse purposes such as lending markets, aggregators, yield-bearing tokens, and asset management by decoupling the liquidity provision functionality from specific protocol logic. The implementation includes core functionality for vault creation, deposits, withdrawals, and clawback operations, with support for both public and private vaults through permissioned domains.
The team at Halborn assigned a full-time security engineer to assess the security of the node. The security engineer is a blockchain and smart-contract security expert in advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.
The scope of this audit encompasses:
Single Asset Vault Ledger Entry Implementation
Core Vault Transaction Types (Create, Set, Delete, Deposit, Withdraw, Clawback)
Share Token Management and Access Controls
Asset Handling and Transfer Mechanisms
Vault State Management and Accounting
Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the Batch Transaction feature security assessment. The following phases and tools were used:
Research into the architecture and mechanics of the Single Asset Vault through review of the specification, including asset management, share tokenization, and vault ownership models.
Manual code review and walkthrough to identify potential vulnerabilities in vault operations, share calculations, and asset transfers.
Security control testing for vault access restrictions, private vault permissions, and non-transferable share enforcement.
Documentation analysis covering vault creation parameters, transaction flows, and security considerations.
Edge case testing for asset freezes, transfer fees, and maximum vault capacity limits.
Functional testing of transaction processing flows and error handling mechanisms.
Review of error handling and recovery mechanisms.
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
2
High
1
Medium
2
Low
1
Informational
1
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Insufficient Amount Validation in Vault Operations | Critical | Solved - 03/12/2025 |
| Vault Fails to Account for IOU Transfer Fees Leading to Negative User Balances | Critical | Solved - 04/01/2025 |
| Unsafe Arithmetic Operations in Vault Asset Management | High | Not Applicable - 04/01/2025 |
| Missing Validation Allows Creation of Private Vaults for XRP Native Asset | Medium | Risk Accepted - 04/01/2025 |
| Missing Validation Allows Setting of Contradictory Vault Flags | Medium | Risk Accepted - 04/01/2025 |
| Missing Non-Transferable Share Validation in Vault Withdrawals | Low | Risk Accepted - 04/01/2025 |
| Avoid Unnecessary Processing Overhead via Early Authorization Check | Informational | Solved - 04/01/2025 |
//Critical
//Critical
//High
//Medium
//Medium
//Low
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
Ripple - Single Asset Vault - Smart Contract Assessment
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
