On 13:39 UTC on November 25 2024, the XRP Ledger experienced an issue in which several nodes across the network crashed and restarted at similar times. During periods of instability, the XRPL network consensus model favors safety over progress, and as a result, the network did not process any transactions for approximately 10 minutes as it recovered. There was no loss of funds (just momentary pause of new transactions). The network resumed normal behavior and forward progress at 13:49 UTC on the same day.
Thanks to the community’s quick response once the fix was introduced (1:30 UTC November 26), 33 of 35 validators on the default UNL upgraded to rippled 2.3.0 by publish time of this post, along with nearly half of known servers. While the core of the network has upgraded, unpatched nodes remain potentially susceptible, and we encourage all users to update their infrastructure to rippled 2.3.0 immediately.
Last week, at the same time as completing the testing of rippled 2.3.0, the RippleX team identified the bug and included a fix in an internal release candidate. To minimize risks, we decided not to isolate the issue pre-release or create a standalone patch, as this could have enabled reverse engineering and exploitation of the bug. When a similar issue appeared on mainnet, we validated the fix and worked directly with the community and other UNL operators to coordinate upgrades and secure the network.
The issue stems from a bug introduced more than 6 months ago. In some circumstances, the caching layer in rippled can return an inconsistent result type which can cause a server to crash. Although this bug went undetected during testing of this refactor, there is no prior evidence of exploitation. To minimize potential risks for unpatched users, we are still withholding specific technical details until the majority of servers are upgraded.
So what's next? To give remaining node operators sufficient time to upgrade, we will wait to share more technical details until December 12. Once those details are available, the bug will become easier to identify, potentially increasing the risk for nodes that remain unpatched. Again, we strongly recommend upgrading to 2.3.0 as soon as possible.
This issue is a reminder of the complexities that come with innovation and introducing new features to a decentralized system like the XRPL. There’s always room to improve, and we appreciate the close collaboration among the community to make the network stronger and safer.
The XRPL depends on the global community of validators, developers, and contributors to keep it running. By learning and continuing to iterate, together, we can make the network more secure and reliable for everyone.
Top comments (0)