Jump to content
JoelKatz

An update on Ripple's XRP escrow

Recommended Posts

2 hours ago, JoelKatz said:

During an internal audit immediately following our escrow process, we discovered a defect in the implementation that could cause XRP to be released from escrow prior to the intended release dates. While no funds were at risk, we wanted to correct the defect to ensure the implementation is airtight. We then used the defect on all of the escrows created to release the funds back into Ripple's accounts and then lock them up with new escrows that are not vulnerable to the defect. We are confident that there is no ability to release the escrowed funds prior to the intended release dates. We invite anyone interested to investigate the code, the transactions, and the ledger entries. We published a technical paper describing the lockup process, which you can read here:

https://ripple.com/dev-blog/explanation-ripples-xrp-escrow/

 

@JoelKatz  @nikb  Thanks for the transparency about this topic!

Share this post


Link to post
Share on other sites
13 minutes ago, EasterBunny said:

To show an example, we could look at a Tx hash for 1.) original escrow, 2.) released funds 3.) 2nd escrow transaction. Would that help highlight the differences between the 2 escrow transactions?

The issue was that an Escrow that is created with a “CancelAfter” time but no “FinishAfter” time can be finished immediately.

The first set of escrows used the “CancelAfter” condition instead of the “FinishAfter” condition.

This is an escrow created using “CancelAfter”: https://xrpcharts.ripple.com/#/transactions/F4086C558C565FACE4CDE40EE4543278735DF66246F214C3DD72EEC8C6C5F7BF

I don’t have the transaction that completed this escrow handy, but it would be an EscrowFinish transaction, taking advantage of the fact that no “FinishAfter” was specified.

This is another escrow, using “FinishAfter” instead: https://xrpcharts.ripple.com/#/transactions/ABAFB7AFE3B3CD4E1A97F5E4CA29C9163557E18860A1A699609602851C321085

 

Share this post


Link to post
Share on other sites
2 hours ago, JoelKatz said:

During an internal audit immediately following our escrow process, we discovered a defect in the implementation that could cause XRP to be released from escrow prior to the intended release dates. While no funds were at risk, we wanted to correct the defect to ensure the implementation is airtight. We then used the defect on all of the escrows created to release the funds back into Ripple's accounts and then lock them up with new escrows that are not vulnerable to the defect. We are confident that there is no ability to release the escrowed funds prior to the intended release dates. We invite anyone interested to investigate the code, the transactions, and the ledger entries. We published a technical paper describing the lockup process, which you can read here:

https://ripple.com/dev-blog/explanation-ripples-xrp-escrow/

 

Thank you Mr. Curry.

Share this post


Link to post
Share on other sites

In my humble opinion, I think Ripple should quickly publicly makes a big deal out of this themselves, in that they blow it out there via the media that a major mistake was made and it was quickly corrected.  Highlight on major.  It would greatly dilute any FUDding potential, and it would appear that Ripple has no desire to downplay the error to save face.  I say this because I do personally think this was a huge human error.  Being a software engineer, I can empathize and I know it's just a fact of life (oh the stories I could tell), but most non techy people will be wondering if they are being smoke-screened if this is portrayed as anything less than major.

Share this post


Link to post
Share on other sites
22 minutes ago, nikb said:

The destination account for the escrow was an account under Ripple’s control. So the only thing that could happen would be that the escrows would deliver the funds back to Ripple prematurely. Hence no funds were ever at risk.

Okay thanks @nikb!

Share this post


Link to post
Share on other sites
5 minutes ago, galgitron said:

In my humble opinion, I think Ripple should quickly publicly makes a big deal out of this themselves, in that they blow it out there via the media that a major mistake was made and it was quickly corrected.  Highlight on major.  It would greatly dilute any FUDding potential, and it would appear that Ripple has no desire to downplay the error to save face.  I say this because I do personally think this was a huge human error.  Being a software engineer, I can empathize and I know it's just a fact of life (oh the stories I could tell), but most non techy people will be wondering if they are being smoke-screened if this is portrayed as anything less than major.

With all do respect......I disagree.  Seems you're only feeding the fire by continually worrying about it.  It's a non issue. imo

Share this post


Link to post
Share on other sites
2 minutes ago, galgitron said:

In my humble opinion, I think Ripple should quickly publicly makes a big deal out of this themselves, in that they blow it out there via the media that a major mistake was made and it was quickly corrected.  Highlight on major.  It would greatly dilute any FUDding potential, and it would appear that Ripple has no desire to downplay the error to save face.  I say this because I do personally think this was a huge human error.  Being a software engineer, I can empathize and I know it's just a fact of life (oh the stories I could tell), but most non techy people will be wondering if they are being smoke-screened if this is portrayed as anything less than major.

 

17 minutes ago, nikb said:

The issue was that an Escrow that is created with a “CancelAfter” time but no “FinishAfter” time can be finished immediately.

The first set of escrows used the “CancelAfter” condition instead of the “FinishAfter” condition.

Issue was discovered and fixed. Why would they go out of their way to make it a big deal when it isn't?

Share this post


Link to post
Share on other sites
Guest
Just now, 1todd960 said:

With all do respect......I disagree.  Seems you're only feeding the fire by continually worrying about it.  It's a non issue. imo

Agree. No harm, no foul.

Share this post


Link to post
Share on other sites

I see 4 possible outcomes of this problem:

1) Ripple doesn't make a big deal, but FUD campaign blows it up and everyone thinks Ripple was trying to sneak it past them (Bad for Ripple)

2) Ripple doesn't make a big deal, FUD campaign fizzles (Good for Ripple)

3) Ripple makes a big deal, nobody cares (Good for Ripple)

4) Ripple makes a big deal, FUDders try to capitalize, but demonstration of integrity overwhelms (Good for Ripple)

THUS applying the first binomial and squaring the root, scenario 1 is the scenario we don't want to happen, and the only way to innoculate that possible outcome is by Ripple making a big deal

Edited by galgitron

Share this post


Link to post
Share on other sites
Guest
10 minutes ago, galgitron said:

I see 4 possible outcomes of this problem:

1) Ripple doesn't make a big deal, but FUD campaign blows it up and everyone thinks Ripple was trying to sneak it past them (Bad for Ripple)

2) Ripple doesn't make a big deal, FUD campaign fizzles (Good for Ripple)

3) Ripple makes a big deal, nobody cares (Good for Ripple)

4) Ripple makes a big deal, FUDders try to capitalize, but demonstration of integrity overwhelms (Good for Ripple)

THUS applying the first binomial and squaring the root, scenario 1 is the scenario we don't want to happen, and the only way to innoculate that possible outcome is by Ripple making a big deal

Yeah... this is slightly flawed. You skewed #4 to make #1 seem like the only truly negative outcome. We all know it's possible that if Ripple made a big deal that the headline could overcome any rational interpretation, where good intentions and integrity get overlooked/ignored. 

I think you're too concerned about FUDders, who are by and large, children: certainly institutions aren't concerned with the scattered internet chatter of children whose primary method of articulation is memes. BUT, if Ripple made a big deal, as you suggest, then you elevate the news to an institutional level that legitimizes concern from any institutional partners. 

Props to your fancy binomial talk though... I assume this is some sort of foundational compsci logic?

Edited by Guest

Share this post


Link to post
Share on other sites
1 minute ago, CartoonCrimes said:

Yeah... this is slightly flawed. You skewed #4 to make #1 seem like the only truly negative outcome. We all know it's possible that if Ripple made a big deal that the headline could overcome any rational interpretation, where good intentions and integrity get overlooked/ignored. 

I think you're too concerned about FUDders, who are by large, children: certainly institutions aren't concerned with the scattered internet chatter of children whose primary method of articulation is memes. BUT, if Ripple made a big deal, as you suggest, then you elevate the news to an institutional level that legitimizes concern from any institutional partners. 

Props to your fancy binomial talk though... I assume this is some sort of foundational compsci logic?

I doubt there's much Ripple could do to worsen what happened by strongly coming clean.  Really, it would just remove any doubt as to the severity of the issue, and believe me, this is quite severe.  The lockup is the most critical aspect to opening the flood gates to institutional money; even the slightest whisper of possible hanky panky could rock their credibility when it comes to TRILLIONS of dollars.  

I'm not worried about the children, I'm worried about the media looking for a major scandal.

Binomials are the backbone of any good proof

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...