Spammers could potentially exploit a tool intended to upload files onto the XRP blockchain. This would result in higher transaction fees and cause network bloating. A fix is currently in development.
XRP’s blockchain could potentially be bogged down by spam if this exploit goes unpatched. Essentially, an open-source tool called Indlmm was put in place to upload files onto the XRP network. Its tagline reads “Indestructible. Immutable. Infinite File Storage.” However, it seems that the developer’s good intentions have been hijacked by a group of spammers. With the software, files attackers could spam files to slow down the network, potentially upping the cost of transactions.
Wietse Wind, the creator of the popular XRP tip bot, said that although he commends the open-source tool, “I’m worried. I operate a full history node on the XRP ledger.” Many other developers have voiced similar concerns.
The issue is that XRP’s blockchain cannot store unlimited amounts of data. In fact, the larger the blockchain gets, the harder it will be for people to download the full network history on their computer. For comparison, as of now, Bitcoin’s entire network is 226GB. A potential spammer on XRP could use Indlmm to upload massive files, thereby making the network very expensive to run. Luckily, such an attack would be quite costly, but it is still a risk that developers are taking seriously.
Such an attack was actively being discussed on a Discord group mainly comprised of 4chan users. The group, however, failed to coordinate themselves and the plan fell through. However, another problem remains – one that Wind is worried about: the potential for illicit images and child abuse photos to be uploaded to the XRP blockchain. With Indlmm, this is possible, and it should be noted that such images are already being inadvertently stored on Bitcoin’s blockchain. Its developers, however, say that nothing can be done about it. The situation is not unlike the recent spam on the Ethereum blockchain.
Discussions are currently underway to address this potential problem. Some users propose that fees should be further charged as a safeguard. Others suggest this proposal should be scrapped entirely. Regardless, it does not seem that XRP is under threat at this moment. Ripple CTO David Schwartz said that the risk is not in a short-term attack, but one where an attack can “maliciously gradually increase the cost of running a server and keeping history over a long period of time.” It might be a good idea to get this fixed sooner rather than later, then.
Do you believe that this is a non-issue or should developers focus on finding a solution? Let us know your thoughts in the comments down below.