XUMM SDK: 5. Security & finishing touch 🎉

#xumm

Previous: 4. Verify the results ⛑ and push 🚀

If you have made it this far, you may want to actually build something (even if it's just a hobby project) using the XUMM SDK. If you do, please VERIFY THE PAYLOAD RESULT ON the XRP LEDGER.

You can use the XRPL-TxData package, or use the Sdk.getTransaction(txHash) method to do this by relying on the XUMM platform to fetch the on ledger transaction outcome for you, or, for example, by using the xrpl-txdata package to verify 'locally'.

By using the xrpl-txdata package, you can connect to one of the public XRP ledger nodes and verify the transaction. To do so, add the xrpl-txdata package to your project by entering this in the terminal: npm install xrpl-txdata. You can then verify a transaction as per the package documentation.

Pay special attention to the balanceChanges response.
❗ There are several reasons why you need to check. For example, a payment can yield a different result (eg. lower amount sent) than requested!

It is your responsibility to check the transaction outcome returned from the XRP ledger rather than relying on XUMM telling you that a transaction has been signed. For example if:

The user signed successfully in XUMM, but with a key that is no longer valid for a certain account (because multisign has been configured, an account has been rekeyed, etc.)
The user sent a Partial Payment (e.g., sending EUR to deliver XRP, while the owned amount of EUR was insufficient due to exchange rate slippage)
The user tried to trick you into accepting a testnet payment, by signing with a funded Testnet account

Please take a look at this sample code implementing the xrpl-txdata package to verify on ledger balance changes for a signed XUMM payload.

That's it! You made it 🎉

Thank you for reading this tutorial! We hope you had fun! If you have questions, suggestions, something to share: our contact details are available at https://xrpl-labs.com :)