Hope Ripple Enables Non-Fungible Tokens (NFTs) XRP The lead developer at XRPL Labs, Wietse Wind, temporarily withdrew his vote in favor of development on Sept. 11, so ledger will have to wait soon.
A discussion of our recent discovery that a simple ‘flag’ (setting) in a minted NFT can be abused, allowing an NFT issuer to lock all XRP due to the actions of a third party 🧵 .
Due to this discovery, I have removed my “yay” vote @XRPL Labs validator. Temporarily.
— WietseWind – 🛠 XUMM @ XRPL Labs (@WietseWind) September 11, 2022
According to Wind, a configuration has been discovered that allows malicious players to exploit NFTs created.
He added that the flaw could also cause the NFT issuer’s XRP token to be “locked by third party actions.”
The problem essentially lies in collecting royalties for minted NFTs. Usually the issuer gets a percentage for each secondary sale of her NFTs. However, XRPL requires the issuer to have a line of trust.
This is a good thing and prevents spam, but it can seriously affect NFTs. His current XLS-20 spec is flawed. A trust line is automatically created for the NFT issuer if the flag is set on his NFT.
However, a sale may occur without the issuer’s knowledge, in which case the account reserve will be locked.
“Using lsfTrustLine + Transfer Fee, NFTs once created and sent/sold can be bought and sold between two or more attacker accounts and transferred to random shitcoins issued by the attacker. It is likely that more and more trust lines will be created against
Wind said it meant the XLS-20 amendment could lose the majority. However, he argued that this was for the best and would give him time to fix the issue and re-vote.
Wind clarified that the bug was identified by xTokenize.
Withdrawal of that critical vote from the XLS-20 amendment means plans to upgrade XRPL to enable mining of NFTs will have to wait. “, not “XLS20 See you later”.
