David Schwartz, Chief Technology Officer at Ripple, issued an urgent message to validators across the XRP Ledger (XRPL), urging them to upgrade to the newly released rippled 2.3.0 software. The call comes after a bug caused a temporary network pause on November 25, 2024.
According to a blog post by Brad Chase, VP of Engineering at RippleX, the disruption was traced to a bug in the caching layer of the rippled server software.
Validators, please upgrade to rippled 2.3.0 ASAP to ensure XRPL's stability and security. https://t.co/yMN6Ehc5RC
— David "JoelKatz" Schwartz (@JoelKatz) December 3, 2024
This bug introduced more than six months ago, occasionally caused the caching mechanism to return inconsistent result types, leading to server crashes under specific conditions. Although undetected during initial testing, there is no evidence of prior exploitation.
Details of the Network Pause
At 13:39 UTC, several XRPL nodes crashed and restarted simultaneously, halting the network’s ability to process transactions for approximately 10 minutes. The network’s consensus mechanism prioritized safety during the instability, ensuring no loss of funds, and full transaction processing resumed by 13:49 UTC.
Chase explained that RippleX identified the issue during recent testing of rippled 2.3.0 and included a fix in the update. To mitigate risks, the team withheld detailed technical information about the bug, preventing potential reverse engineering that could enable exploitation.
We are on twitter, follow us to connect with us :- @TimesTabloid1
— TimesTabloid (@TimesTabloid1) July 15, 2023
Following the mainnet incident, RippleX validated the fix and collaborated with the community and the Unique Node List (UNL) operators to ensure a coordinated response.
By 1:30 UTC on November 26, the community had responded swiftly. According to Chase, 33 of 35 validators on the default UNL had already upgraded to rippled 2.3.0, along with nearly half of all known servers. However, Chase emphasized the need for remaining node operators to update their infrastructure promptly to avoid potential vulnerabilities.
Chase also noted that RippleX deliberately delayed isolating the issue or releasing a standalone patch before the mainnet incident, citing concerns that this could increase security risks.
He added that RippleX plans to disclose more technical details about the bug on December 12, 2024, to allow additional time to upgrade unpatched nodes. According to Chase, if such details are shared, the vulnerability can be identified and exploited easily. That’s why the upgrade is imported.
RippleX pledged to continue refining the system to enhance its security and reliability. Schwartz also weighed in on the network pause recently, explaining why this was different from previous network outages suffered by Solana, highlighting the reliability of the XRPL, as the network recovered by itself. For node operators and XRPL users, upgrading to rippled 2.3.0 is essential to ensuring the long-term stability and security of the ledger.
Disclaimer: This content is meant to inform and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not represent Times Tabloid’s opinion. Readers are urged to do in-depth research before making any investment decisions. Any action taken by the reader is strictly at their own risk. Times Tabloid is not responsible for any financial losses.
Follow us on Twitter, Facebook, Telegram, and Google News
