Rippled Audit

Methodology

The purpose of this research is to perform a complete, thorough, & independent audit of the rippled codebase backing the XRP Ledger and Network.

At the time of writing this report, rippled 1.1.0-rc2 is the latest release tagged in the upstream github repo. To copy locally:

  • Install git
  • $ git clone git@github.com:ripple/rippled.git
  • $ git checkout c0d396fb3c71ca87990b41bfeabc6301c23d7e46

For this document, the overall project structure and build workflow were analyzed before we dove into specific modules for assessment.

API Docs

For this analysis we tweaked the rippled documentation config to generate more documentation and diagrams and uploaded the result here.

Disclaimer

We made all the best efforts to analyze the source code is a systematic and unbiased manner, starting from the top level down. We strive to fully represent the source code through independent understanding and analysis.

That being said we make no guarantees as to the accuracy or the comprehensiveness of this report, and we suggest verifying findings and conclusions before relying on them. Any mistakes can be submitted by sending an email to devnullproductions@gmail.com which we will try to address in a timely manner.

Possessing basic knowledge of the C++ programming language and general software concepts will assist in understanding the technical aspects of this document. Care was taken to share concepts in an easy-to-understand manner so that even those with limited coding knowledge can follow along. That being said, a basic grasp of classes, interfaces, and inheritance will go a long way to following understanding contained analysis.

Thank you for reading!