- Ripple is running a bug bounty programme for its coming lending protocol.
- It is partnering with Immunefi on the initiative.
- Code bugs have previously cost DeFi protocols billions of dollars.
Ripple is offering $200,000 to security researchers who find bugs in its XRP Ledger blockchain lending protocol before it launches.
The firm has partnered with bug bounty platform Immunefi on the initiative, which will run from October 27 until November 29.
Bug bounty programmes are a popular way for developers to crowd-source security. Projects publicly post the code behind their protocols and offer cash rewards to those who can find bugs, with greater rewards for those who identify more critical vulnerabilities.
Jasmine Cooper, Ripple’s director of product, said she expects the bounty programme to root out any key weaknesses in the lending protocol before developers can build on it.
“Partnering with Immunefi allows us to work with some of the top security researchers to help strengthen this new layer of XRPL’s DeFi infrastructure,” she said in a statement.
Ripple’s lending protocol
Last month, Ripple announced a new institutional DeFi roadmap for the XRP Ledger blockchain.
Among the plans is a native lending protocol, which will be built into the blockchain. It will enable institutions to open lending markets, allowing them to borrow assets from XRP holders.
“If there’s one large untapped asset that the XRP Ledger has, it’s the XRP Army,” Cooper told DL News at the time. “There are tens of thousands of XRP holders out there that do not have an opportunity to gain yield on that XRP.”
Unlike most DeFi lending, the loans on the Ripple-built market will be uncollateralised, although institutions will have the ability to offer safer overcollateralised lending through offchain agreements with lenders.
The bug bounty comes after the XRP Ledger, which Ripple helps develop, suffered a security breach in April.
A hacker compromised a key piece of software used by developers, implanting code designed to steal the password-like private keys that grant access to crypto wallets.
In August, blockchain research firm Kaiko gave the XRP Ledger a security rating of 41 out of 100, the lowest score among the 15 blockchains the firm analysed.
Code bugs
Code bugs have previously cost DeFi protocols billions of dollars combined.
Cetus, Sui’s largest decentralised exchange, was the victim of an estimated $223 million hack in May, according to Halborn, a crypto security firm.
In 2023, a hacker exploited a code bug in lending protocol Euler to steal $197 million; however, these funds were later returned by the hacker.
Many DeFi projects have bug bounties in place to try to prevent such attacks. The hope is that by offering a cash reward, hackers will be less incentivised to exploit a vulnerability should they discover one, and can claim a lump sum of clean cash instead.
Ripple’s lending protocol is in its final stages of development and will be put to a vote among the XRPL blockchain’s validators this month, who will decide if it will be added in a coming upgrade.
If all goes well, the new protocol could be deployed around the start of next year.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
