Strengthening XRPL EVM Sidechain: Key Takeaways from Informal Systems Security Audit

Ajit Kulkarni — Thu, 03 Apr 2025 22:43:46 +0000

The XRPL EVM Sidechain—bringing smart contract capabilities to the XRP Ledger ecosystem—recently underwent a rigorous security audit conducted by Informal Systems, a team of world-class researchers, engineers and operators who specialize in security audits for blockchain products.. The audit, carried out in February of 2025, assessed the correctness, security, and reliability of the XRPL EVM Sidechain implementation, including both the core node diff and its customized Cosmos EVM fork.

As programmability expands across the XRP Ledger ecosystem, ensuring a secure foundation is paramount. The XRPL EVM Sidechain is built with Cosmos SDK and its consensus layer is enabled by CometBFT. It has full EVM compatibility, including all Ethereum libraries, smart contracts and EVM development tools like Open Zeppelin and Hardhat, and it supports institutional use cases and cross-chain flow of digital assets. This audit helps validate the robustness of the sidechain’s architecture as it scales for real-world financial applications.

The diagram above illustrates the architecture of Cosmos SDK using Evmos/Cosmos EVM as the EVM execution layer and CometBFT as the consensus layer.

Exploring Audit Findings
The audit identified only one critical issue overall, which was tied to the use case of the crisis module for invariant enforcement. Other issues were rated low or informational and are largely related to architectural clarity and best practices. All of these findings have since been resolved by the Peersyst and RippleX engineering teams, with Informal Systems designating them as such. Let’s dive into a breakdown of the aforementioned findings:

Reference material for the report

Critical Finding: Crisis module Ineffectiveness
The audit identified that the crisis module does not reliably halt the chain upon detecting invariant violations, which could allow unnoticed security issues. This behaviour is consistent with a broader Cosmos SDK advisory.

RippleX and building partner Peersyst are actively considering alternative approaches for checking invariants, and have since added a relevant fix which has been acknowledged by Informal Systems.

PoA with Guardrails: A Secure Validator Set
The audit outlines that the XRPL EVM Sidechain’s Proof-of-Authority (PoA) consensus is enforced with strong and stable safeguards that include the fact that validators can only be added or removed via a transparent governance process. A key aim in building the XRPL EVM Sidechain was the preservation of the XRP Ledger’s focus on security and trust, where consensus participants define their own Unique Node List (UNL) and as a consequence the XRPL network minimizes the risk of a single point of failure or centralized control.

The PoA Consensus is built on CometBFT’s PoS: The XRPL EVM sidechain adapts CometBFT’s PoS consensus by introducing specific restrictions to enforce PoA:

Validators are added and removed exclusively through the governance process.
A special BondDenom token is used solely for staking:
-- When a validator is created, a predefined amount is minted as stake.
-- When a validator is removed, the staked amount is burned.
The system does not contain any unstaked (free) BondDenom tokens.
Re-delegations and un-delegations are not permitted.
Each validator has only a single self-delegation (created at the moment of adding the validator, when the staking amount is minted).
Slashing penalties do not apply, meaning staking amounts remain unchanged.
No BondDenom token rewards are distributed (no inflationary rewards), and since there are no delegations, rewards distribution and commission rate settings are irrelevant.

These parameters reinforce predictable validator behaviour and reduce governance and consensus risk, which is of course critical for institutional-grade applications.

Strengthened Token Management via Cosmos EVM Fork
The Evmos fork introduced enhancements to ERC-20 token precompiles, allowing minting, burning, and ownership transfer. The audit confirmed that only authorized token owners can mint or burn assets. Ownership is gated through governance or EVM precompiles with strict checks, and no unauthorized token actions are possible through the Cosmos SDK or EVM paths.

The audit also suggested separating ownership revocation from transfer logic to avoid unintentional contract lockouts- an improvement the team has acknowledged and will consider for future releases.

Low-Risk and Informational Observations Roundup
Most other findings related to other informational aspects that did not pose immediate risks but offer opportunities for streamlining and ensuring further clarity in future development cycles.

Minimum and maximum validator number validation
Unnecessary token burning on validator removal
Cosmos SDK v0.50 upgrade housekeeping
Separate revoke ownership from transfer ownership
Messages MsgDelegate and MsgCancelUnbondingDelegation should be disabled
Refactoring suggestions (For example, separating logic in mint.go)

Building on the Audit
The RippleX engineering team and Peersyst have since addressed all relevant recommendations, as outlined in the final report, and will continue to strengthen the XRPL EVM Sidechain ahead of production-grade adoption. This audit reaffirms the XRPL EVM Sidechain’s willingness and readiness to support enterprise-grade tokenization, smart contract deployment, and real-world asset applications.

To learn more you can explore the official XRPL EVM Sidechain website and reach out to the Peersyst team and broader RippleX team via X to stay up to date on future developments, open source contributions, and production rollout plans. You can also reach out to the masterminds at Peersyst who have been instrumental in the development of the XRPL EVM Sidechain.

Results from the Bishop Fox Security Audit and Remediation of the Cross-Chain Bridge and EVM Sidechain

Ajit Kulkarni — Thu, 16 Nov 2023 19:46:42 +0000

As new and exciting developments are made on the XRP Ledger, comprehensive security audits remain an important part of ensuring innovations remain rigorous and secure.

On July 24, the cyber security firm Bishop Fox completed an extensive security audit of the EVM sidechain. The team specifically assessed the EVM sidechain implementation, its consensus mechanism and the bridging implementation between the XRPL and the EVM that uses the cross-chain bridging (XLS-38d) specification for the XRPL.

On October 6, Bishop Fox delivered remediation reports for both the EVM Sidechain and the XLS-38 Cross-Chain Bridge. All of the reports are listed below, followed by a summary of the findings.

Reference material for the reports:

Audit Findings, EVM Sidechain

The auditor determined that “RPC networking interfaces were well-protected against injection-based attacks and identified no core issues with the bridging functionality.”

Overall, the audit didn’t find any critical or high severity issues. There were 11 total findings - 3 of “medium” risk, and 8 of “low” risk. The audit found minor issues related to the use of outdated dependencies and the use of some unsafe command and code execution patterns. Bishop Fox recommended that the developer team firstly update software dependencies, and secondly remove unsafe execution patterns.

The PeerSyst team has since addressed these issues in the latest implementation and these fixes will be part of the Mainnet launch of the EVM sidechain.

The latest remediation report underlines the relevant progress that has been made. Partial and complete remediations, as can be viewed in the document, have in turn ensured that relevant risk levels have been downgraded for highlighted vulnerabilities.

Notably, Bishop Fox added in the initial report that “despite attempting multiple potential attack paths against the EVM bridge, the team did not identify mechanisms for a remote attacker to violate the operational integrity of the EVM bridge applications or forge bridging transactions.” While the initial report findings were reassuring, the PeerSyst team’s remediation efforts have ensured the implementation is even more robust.

Audit Findings, XLS-38 Cross-Chain Bridge
The RippleX engineering team also fixed the issues brought out by the Bishop Fox team during their audit of the XLS-38 Cross-Chain Bridge changes in rippled code. The Bishop Fox team conducted remediation testing and has published a remediation report verifying these fixes.

About the EVM Sidechain

The EVM sidechain is being developed by Peersyst in partnership with Ripple and is effectively optimized for DeFi. Users have already enjoyed the sidechain which has been available on a new version of Devnet (v2), as of June 2023.

As a result of the development, builders will have the opportunity to be one of the first to market their DeFi app on a new chain that is home to a user base of over 4.5M XRP wallet holders. Builders will be able to utilize familiar smart contract languages to build and deploy cross-chain dApps seamlessly. EVM sidechain is built with CometBFT to enable 3.5 second block times and low gas fees that are paid for in XRP. You are also able to utilize the secure bridge, based on the XLS-38 cross-chain bridging specification, to transfer funds seamlessly between XRPL Mainnet and the EVM sidechain, ensuring easy navigation.

Connect to the EVM sidechain Devnet here:

Name: EVM Sidechain
RPC URL: https://rpc-evm-sidechain.xrpl.org
Network identifier: 1440002
Digital Asset: XRP
EVM Block Explorer URL: https://evm-sidechain.xrpl.org
Bridge URL: https://bridge.devnet.xrpl.org

DEV Community: Ajit Kulkarni

Strengthening XRPL EVM Sidechain: Key Takeaways from Informal Systems Security Audit

Results from the Bishop Fox Security Audit and Remediation of the Cross-Chain Bridge and EVM Sidechain