Back to blog

XRPL EVM v11: Stronger Security, Safer Cross-Chain Connectivity

XRPL EVM Sidechain v11 is a security-focused upgrade that strengthens economic security, hardens IBC transfers, reduces attack surface, improves PoA validator management, and reinforces the network’s foundation for continued ecosystem growth.

5 min readby XRPL EVM Team

Overview

Security is one of the foundations of any blockchain securing real value. While many network upgrades focus on introducing new features, XRPL EVM v11 is focused on something equally important: making the network safer, more resilient, and easier to operate.

This release introduces a series of improvements across validator management, cross-chain infrastructure, and internal security processes. Most of these changes happen behind the scenes without affecting developers or end users, but together they strengthen the long-term security and reliability of the network.

The v11 upgrade is a focused, security-first release for the XRPL EVM sidechain (exrpd). It concentrates on economic security, reducing attack surface, and hardening the validator and IBC layers. In short, v11 delivers:

  • Stronger economic security, by increasing the staking unbonding period from one day to one week.
  • A smaller attack surface, by disabling the Interchain Accounts (ICA) host feature.
  • Hardened cross-chain transfers, by enforcing rate limits on outbound IBC transfers.
  • Stricter Proof-of-Authority (PoA) validator management, closing off non-authority paths to validator creation.
  • Additional security hardening informed by AI-assisted auditing, resolved and verified ahead of the release.

The rest of this post walks through each change, summarizes the security work without disclosing implementation-specific details, and describes the AI-assisted auditing process that helped strengthen the network.

Technical Details

Staking: unbonding period increased to one week

Staking is one of the core mechanisms that protects the network. By increasing the time validators must wait before withdrawing their stake, the chain gains a larger window to detect and penalize malicious behaviour if necessary.

v11 raises the staking unbonding period from 1 day to 7 days. A longer unbonding window gives the network more time to detect and penalize misbehavior before stake can exit, which strengthens the chain's economic security.

Other chains connected over IBC keep their own copy of this setting, so v11 is delivered as an IBC software upgrade that hands them the new value automatically. And because the period is getting longer rather than shorter, transfers keep working normally while they update.

IBC: Interchain Accounts host disabled

One of the simplest ways to improve security is to remove functionality that is not needed.

v11 switches off the Interchain Accounts (ICA) host feature, which allowed other chains to open and control accounts directly on XRPL EVM. The network has no use for that capability today, so removing it cuts down the attack surface. Everyday cross-chain token transfers continue to work as before.

IBC: recovering stranded Elys escrow

A previous IBC transfer channel to the Elys network stopped working after its connection expired, leaving funds locked in escrow with no way to release them. v11 performs a one-time, on-chain recovery: it unescrows the stranded amount from the expired channel and sends it to a designated recovery address (approximately 6,955 XRP on mainnet).

IBC: rate limiting on outbound transfers

Cross-chain bridges are among the most security-sensitive components of any blockchain ecosystem, making additional safeguards particularly valuable.

v11 enforces rate limiting on outbound IBC transfers. This caps how much value can leave the chain in a given time window, so even in a worst-case incident only a limited amount can exit before the limit engages. It complements the protections already in place for incoming transfers.

Proof-of-Authority hardening

XRPL EVM uses a Proof-of-Authority consensus model, where validator set changes are gated by a designated authority rather than open staking. Maintaining tight control over validator management is therefore an important part of the network's security model.

v11 makes two changes:

  • The standard validator-creation path is now blocked after launch, so no one can join the validator set outside the authority.
  • Validators can now remove themselves voluntarily, instead of relying on the authority to remove them.

Security fixes

This cycle included a round of security work. In line with responsible disclosure, we are grouping the findings by area rather than publishing specifics:

  • Transaction validation: the checks every transaction passes through.
  • Upgrade handling: making sure version upgrades cannot corrupt the chain's state.
  • Internal module setup: making sure components start in a consistent state.
  • Build and release pipeline: hardening the process that produces the software you run.

All identified issues were resolved and verified before the v11 release. Detailed write-ups are intentionally omitted here and will follow the project's coordinated-disclosure process.

How we found them: AI-assisted security auditing

XRPL EVM runs a recurring, AI-assisted security audit, and v11 is the first release to benefit from it end to end. The process pairs AI breadth with human judgment.

It starts from a written scope and threat model. Two documents in the repository are read first: a scope that defines what to review and which areas matter most, and a threat model describing the assets at risk and how they might be attacked. This keeps every audit focused on what matters for a chain securing real funds.

One specialized reviewer per area. A separate AI reviewer focuses on each area, reads the scope and threat model, and audits only its part of the codebase. Every pass also re-checks the project's core safety rules, such as that only the authority can change the validator set and that every transaction goes through the right checks.

Findings are triaged, deduplicated, and human-reviewed. They are tracked privately, checked against existing reports, and confirmed by a person before any fix lands. The AI widens coverage; engineers validate and fix.

Build, dependencies, and supply-chain hygiene

v11 also includes routine build and dependency hardening, including pinned dependencies and container images, and the removal of dead code. None of this changes how the chain behaves, but it reduces supply-chain risk.

Conclusion

Security is never a one-time milestone—it is an ongoing process of continuously strengthening the network as it evolves.

With v11, XRPL EVM takes another important step in that direction. The release improves economic security through a longer staking unbonding period, reduces unnecessary attack surface, strengthens cross-chain protections, refines Proof-of-Authority validator management, and incorporates a new generation of AI-assisted security auditing into the development process.

While most of these improvements happen behind the scenes, they directly contribute to a more secure and resilient blockchain for everyone building on XRPL EVM. Rather than introducing major new user-facing features, v11 focuses on reinforcing the foundations that applications, developers, institutions, and users rely on every day.

As the ecosystem continues to grow, maintaining a strong security posture is essential. By continuously investing in infrastructure, security practices, and operational excellence, XRPL EVM is building a stronger, more resilient foundation for the next generation of decentralized applications and institutional use cases.

More news

View more