Token Escrow is a new feature that expands the XRPL’s native Escrow functionality beyond XRP, allowing users to escrow Trustline-based tokens (IOUs) and Multi-Purpose Tokens (MPTs). To ensure that the feature is ready for production and meets the highest standards, we have engaged the security experts at FYEO to perform a security audit. We are pleased to report that no security issues were identified. There was only one Informational recommendation that our team acknowledged.
The full, detailed report from FYEO is available for public review here: Link.
Summary of Key Findings
The FYEO team concluded that the code implements the documented functionality of Token Escrow, with one recommendation to be aware of future changes to the codebase that could adversely affect it.
Their specific recommendation, “Future-Proofing Advisory for Overflow/Underflow in Escrow Balance Adjustments”, means that we should be aware of how the code performs balance calculations. Under the XRPL’s current rules, these calculations are safe because existing ledger protections already prevent account balances from going too high (overflow) or too low (underflow) to cause an issue.
This is a forward-looking recommendation to add extra, explicit checks that would ensure calculations remain safe even if fundamental ledger rules are changed in the future.
Acknowledgement: The security and integrity of XRPL is our highest priority. We have acknowledged FYEO’s recommendation and will proactively monitor for future changes and incorporate additional safeguards as needed.
Top comments (1)
Thank you for sharing the results of the security audit for IOU Escrow. Could you share when we might expect detailed documentation for this feature to be available on xrpl.org?