No products in the cart.
Hopes for Non-Fungible Tokens (NFTs) to be Enabled on Ripple’s XRP Ledger Immediately Wait as XRPL Labs Lead Developer Wietse Wind Temporarily Withdraws Voting in Support of Development on Sept. 11 is needed.
A discussion of our recent discovery that a simple ‘flag’ (setting) in a minted NFT can be abused, allowing an NFT issuer to lock all XRP due to the actions of a third party .
Due to this discovery, I have removed my “yay” vote @XRPL Labs validator. Temporarily.
WietseWind XUMM @ XRPL Labs (@WietseWind) September 11, 2022
According to Wind, a configuration has been discovered that allows malicious players to exploit NFTs created.
He added that the flaw could also cause the NFT issuer’s XRP token to be “locked by the actions of a third party.”
The problem essentially lies in collecting royalties for minted NFTs. Usually the issuer gets a percentage for each secondary sale of her NFTs. However, XRPL requires the issuer to have a line of trust.
This is a good thing and prevents spam, but it can seriously affect NFTs. His current XLS-20 spec is flawed. A trust line is automatically created for the NFT issuer if the flag is set on his NFT.
However, a sale may occur without the issuer’s knowledge, in which case the account reserve will be locked.
NFTs once issued and sent/sold at lsfTrustLine + transfer fees can be bought and sold between two or more accounts of the attacker, increasingly against random shitcoins issued by the attacker. Many trust lines may be created.”
Wind said it meant the XLS-20 amendment could lose the majority. However, he argued that this was for the best and would give him time to fix the issue and re-vote.
Wind clarified that the bug was identified by xTokenize.
The withdrawal of a critical vote from the XLS-20 amendment means plans to upgrade the XRPL to allow NFT minting will have to wait. According to Wind, “This isn’t ‘XLS20 Goodbye,’ it’s ‘XLS20 See you later.’
