DEV Community

Ajit Kulkarni for RippleX Developers

Posted on

Results from the Bishop Fox Security Audit and Remediation of the Cross-Chain Bridge and EVM Sidechain

As new and exciting developments are made on the XRP Ledger, comprehensive security audits remain an important part of ensuring innovations remain rigorous and secure.

On July 24, the cyber security firm Bishop Fox completed an extensive security audit of the EVM sidechain. The team specifically assessed the EVM sidechain implementation, its consensus mechanism and the bridging implementation between the XRPL and the EVM that uses the cross-chain bridging (XLS-38d) specification for the XRPL.

On October 6, Bishop Fox delivered remediation reports for both the EVM Sidechain and the XLS-38 Cross-Chain Bridge. All of the reports are listed below, followed by a summary of the findings.

Reference material for the reports:

Audit Findings, EVM Sidechain

The auditor determined that “RPC networking interfaces were well-protected against injection-based attacks and identified no core issues with the bridging functionality.”

Overall, the audit didn’t find any critical or high severity issues. There were 11 total findings - 3 of “medium” risk, and 8 of “low” risk. The audit found minor issues related to the use of outdated dependencies and the use of some unsafe command and code execution patterns. Bishop Fox recommended that the developer team firstly update software dependencies, and secondly remove unsafe execution patterns.

The PeerSyst team has since addressed these issues in the latest implementation and these fixes will be part of the Mainnet launch of the EVM sidechain.

The latest remediation report underlines the relevant progress that has been made. Partial and complete remediations, as can be viewed in the document, have in turn ensured that relevant risk levels have been downgraded for highlighted vulnerabilities.

Notably, Bishop Fox added in the initial report that “despite attempting multiple potential attack paths against the EVM bridge, the team did not identify mechanisms for a remote attacker to violate the operational integrity of the EVM bridge applications or forge bridging transactions.” While the initial report findings were reassuring, the PeerSyst team’s remediation efforts have ensured the implementation is even more robust.

Audit Findings, XLS-38 Cross-Chain Bridge
The RippleX engineering team also fixed the issues brought out by the Bishop Fox team during their audit of the XLS-38 Cross-Chain Bridge changes in rippled code. The Bishop Fox team conducted remediation testing and has published a remediation report verifying these fixes.

About the EVM Sidechain

The EVM sidechain is being developed by Peersyst in partnership with Ripple and is effectively optimized for DeFi. Users have already enjoyed the sidechain which has been available on a new version of Devnet (v2), as of June 2023.

As a result of the development, builders will have the opportunity to be one of the first to market their DeFi app on a new chain that is home to a user base of over 4.5M XRP wallet holders. Builders will be able to utilize familiar smart contract languages to build and deploy cross-chain dApps seamlessly. EVM sidechain is built with CometBFT to enable 3.5 second block times and low gas fees that are paid for in XRP. You are also able to utilize the secure bridge, based on the XLS-38 cross-chain bridging specification, to transfer funds seamlessly between XRPL Mainnet and the EVM sidechain, ensuring easy navigation.

Connect to the EVM sidechain Devnet here:

Name: EVM Sidechain
RPC URL: https://rpc-evm-sidechain.xrpl.org
Network identifier: 1440002
Digital Asset: XRP
EVM Block Explorer URL: https://evm-sidechain.xrpl.org
Bridge URL: https://bridge.devnet.xrpl.org

Top comments (0)