Pedro Moreno-Sanchez, Mind Your Credit: Assessing the Health of the Ripple Credit Network
The Ripple credit network has emerged as the payment backbone withindisputable advantages for financial institutions and the remittanceindustry. Ripple's market capitalization is currently third only toBitcoin and Ethereum. Its path-based IOweYou (IOU) settlements acrossdifferent currencies conceptually distinguishes the Ripple blockchainfrom the cryptocurrencies (such as Bitcoin) and makes it highly suitableto an orthogonal yet vast set of applications in the remittance worldand beyond. In this talk, I present our recent study of the structure and evolutionof the Ripple network since its inception, and our research resultsregarding its vulnerability to attacks that harm the IOU credit of itswallets. We find that about 13M USD are at risk in the current Ripplenetwork due to inappropriate configuration of the rippling flag oncredit links that paves the way to undesired redistribution of creditacross those links. Although the Ripple network has grown around a fewhighly connected hub (gateway) wallets that make the core of the networkand provide high liquidity to users, such credit link distributionresults in a user base of around 112,000 wallets that can be financiallyalienated by as few as 10 highly connected gateway wallets. Indeed,today about 4.9M USD cannot be withdrawn by their owners from the Ripplenetwork due to PayRoutes, a gateway tagged as faulty by the Ripplecommunity. Finally, we observe that stale exchange offers pose a realproblem, and exchanges (market makers) have not always been vigilantabout periodically updating their exchange offers according to currentreal-world exchange rates. For example, stale offers were used by 84Ripple wallets to gain more than 4.5M USD from mid-July to mid-August2017. Our findings should prompt the Ripple community to improve thehealth of the network by educating its users on increasing theirconnectivity, and by appropriately maintaining the credit limits,rippling flags, and exchange offers on their IOU credit links. About the speaker: Pedro Moreno-Sanchez is a PhD student in the Department of ComputerScience at Purdue University. His advisor is Prof. Aniket Kate. Hiscurrent research focuses on the areas of security, privacy andreliability of credit network based systems such as Ripple. Previously,he also worked on network access control in distributed scenarios suchas eduroam. Before moving to Purdue University in August 2015, he started his PhDstudies at Saarland University in 2013 under the supervision of Prof.Aniket Kate. Previously, he was an intern researcher at IBM Research -Zurich (Switzerland) in 2017 under the supervision of Christian Cachin;at Ripple (USA) in 2016 under the supervision of Stefan Thomas; and atPhilips Research Europe (The Netherlands) under the supervision of OscarGarcia-Morchon and Rafael Marin-Lopez. He received his bachelors andmasters from University of Murcia (Spain) in 2011 and 2013 respectively.
Create your
podcast in
minutes
It is Free