# The Road Toward Mainnet: A Security-First Approach to XRPL Lending Protocol > Source: > Published: 2026-06-18 15:15:00+00:00 Over the last several months, XRP Ledger (XRPL) has fundamentally shifted in how amendments move from concept to mainnet. Historically, amendment development was largely focused on functional correctness, performance testing, traditional security audits, bug bounties and independent validator testing as the last line of defense to catch security vulnerabilities. As XRPL continues to grow in complexity and the value secured by the network increases, we recognized that the previous model was no longer sufficient. Advances in AI are also rapidly reducing the cost of vulnerability discovery, making it increasingly important to identify issues as early as possible in the development lifecycle. With that in mind, we set out to establish a stronger, repeatable, defense-in-depth model that makes it increasingly difficult for critical vulnerabilities, consensus risks, and feature interaction bugs to reach mainnet. The result is a significantly higher bar for amendment activation that combines specification rigor, adversarial testing, multiple independent audits, attackathons with expert security researchers, AI-assisted security reviews and phased deployments. The Lending Protocol ([XLS-66](https://opensource.ripple.com/docs/xls-66-lending-protocol)) and Single Asset Vault (SAV) - [XLS-65](https://opensource.ripple.com/docs/xls-65-single-asset-vault) are among the first major amendments to undergo this full review process, making them some of the most rigorously tested amendments in XRPL's history. They also represent some of the most significant new financial capabilities added to the XRP Ledger since 2012, introducing native primitives for lending and borrowing built around Single Asset Vaults. Together, the Lending Protocol and Single Asset Vault bring lending and borrowing capabilities directly into the core XRPL protocol, advancing XRPL's capabilities for Institutional DeFi. This report provides transparency into the development and security process behind one of the most financially complex features XRPL has ever shipped. As context, the Lending Protocol combines loan lifecycle state management, multi-party fee routing, interest rate arithmetic, credential-gated permissioning, and tight coupling with the Single Asset Vault (SAV). Each of these components introduces unique security and correctness requirements. Moreover, Single Asset Vault is a foundational primitive that looks simple on the surface (deposit, withdraw, get shares) but is deeply complex in practice because it introduces a share price model that creates new economic attack surfaces everywhere it touches another feature. The following sections outline the ten phases of review, testing, internal and external validation that these two amendments underwent before reaching the mainnet proposal. In addition, we provide details on what we have done since beginning to leverage AI-assisted reviews and formal methods as a fundamental part of our day-to-day development at the beginning of the year. **Phase 0: Internal Quality & Performance Testing (Early 2025)** Before any external auditor touched the code, RippleX's core engineering team put both the Lending and SAV amendments through extensive internal quality assurance and performance testing. This included unit tests, integration tests, fuzzing, and load testing to validate correctness, stability, and performance under stress. Next, the Lending Protocol and SAV were submitted to Halborn (end-to-end security firm covering services from smart contract auditing to independent security assessments). **Phase 1: Initial SAV Audit by Halborn (February–April 2025)** Security review began with the Single Asset Vault. [Halborn](https://www.halborn.com/audits/ripple/ripple---single-asset-vault---smart-contract-assessment-d39437) conducted a dedicated smart contract assessment from February 17 to March 13, 2025, covering all core vault transaction types (VaultCreate, VaultDeposit, VaultWithdraw, VaultSet, VaultDelete, and VaultClawback) along with share token management, asset handling, and access controls. Halborn identified 7 findings across the SAV codebase: 2 Critical, 1 High, 2 Medium, 1 Low, and 1 Informational. The critical findings addressed insufficient amount validation in vault operations and a flaw where the vault failed to account for IOU transfer fees. 100% of all reported findings were addressed before the SAV moved forward. For a detailed look at how Halborn collaborated with RippleX's engineering team across these audits, see their published [case study](https://www.halborn.com/case-studies/post/case-study-hardening-new-xrpl-amendments-for-ripple-with-halborn). **Phase 3: Immunefi Attackathon - $200K Public Bug Bounty (October–November 2025)** Rather than stop at private audits, Ripple partnered with [Immunefi](https://immunefi.com/audit-competition/xrpl-ripple-attackathon/information/) to run a public Attackathon - opening both the Lending Protocol and SAV to adversarial testing by the global security research community. This was the first public program of its kind and yielded significant results. The Attackathon launched on October 27, 2025 with a $200,000 prize pool (paid in RLUSD). A two-week learning period preceded the live window, giving researchers access to educational resources and full [scope documentation](https://immunefi.com/audit-competition/xrpl-ripple-attackathon/scope/#top) covering 35,498 lines of C/C++ code. The results were: The triage period closed January 7, 2026, and all findings were reviewed by RippleX's core engineering team, which addressed every identified issue and prepared the codebase for re-audit. Immunefi report is published [here](https://drive.google.com/file/d/1PsfPxaQJgCgm0ch8SoC1s9t7xcCKAI7k/view). Building on the findings from v1.0, we are planning a v1.1 enhancement amendment to incorporate partner feedback and operational learnings. The release includes both user-facing improvements and targeted protocol enhancements and is scheduled for Q3 this year. **Phase 4: Halborn Re-Audit Post-Attackathon (December 2025–January 2026)** With all critical/high and medium Attackathon findings fixed, we submitted the updated Lending Protocol codebase to Halborn for a second audit starting December 15, 2025. This was a full month engagement covering the entire protocol after incorporating fixes from both the original audits and the Attackathon. Halborn delivered the re-audit in January 2026. RippleX's engineering team finalized all remaining fixes before the mainnet release. **Phase 5: Mainnet Release & Validator Voting (January 2026)** On January 28–29, 2026, the Lending Protocol and Single Asset Vault shipped in rippled v3.1.0 and went live for initial validator voting and independent community testing by validators and core developers. **Phase 6: Independent Community Testing (March 2026)** The XRPL Commons independently tested the Single Asset Vault, running [257 test cases across 10 categories](https://x.com/xrpl_commons/status/2029584834373263823) covering every transaction type, edge case, and adversarial scenario they could identify. 257 out of 257 tests passed, representing a 100% pass rate. Squid UNL validator performed extensive testing in April 2026 ([here](https://x.com/ecdsafu/status/2044808910222373249)). **Phase 7: Red Team Activities and Bug Bounty (March - May 2026)** Between March and May 2026, the Lending Protocol and SAV went through the most rigorous pre-launch security process of any XRPL feature to date, across three parallel tracks on top of community testing: The fixes from these efforts were split between the recent [3.1.3 release](https://xrpl.org/blog/2026/rippled-3.1.3) and the new [3.2.0 release](https://xrpl.org/blog/2026/xrpld-3.2.0) on June 15th. **Phase 8: Formal Verification in Collaboration with Common Prefix** We began with an exploratory phase focused on [formally specifying critical components](https://dev.to/ripplexdev/a-formal-verification-of-the-xrp-ledger-part-ii-4a0j) of the Lending Protocol in Lean 4. Over eight weeks (Feb - April 2026), Common Prefix modeled key protocol components and defined the properties they must satisfy. These formal modeling efforts exposed subtle edge cases that might otherwise have gone undetected, including vault invariant violations, loan payment assertion failures, arithmetic rounding errors, and discrepancies between the XLS specification and the implementation. The identified issues have since been addressed in the latest 3.1.3 and 3.2.0 releases. **Phase 9: Partner Adoption and additional testing** Institutional-grade players like [Evernorth](https://www.evernorth.xyz/blog-post-01-29-2026), [SOIL](https://chainwire.org/2026/02/09/soil-introduces-single-asset-vault-on-xrpl-to-streamline-institutional-lending/?mfk=d1VEvuqkqNRkpIuUNZCdz0sEORUrCf5VNatGzl%2B9qq%2FVJDFYlfmXucPPCqXWqUj0SEarxTZsJgH9N9M1jxkSkRQvM%2FbKpxti1f%2FxUuT5qwd%2F3BPMQpFaXEm%2FQrPOqOOXr01q7Jqzg61LeOoMbpftsrhuu6%2Fp) and [VS1.Finance](https://x.com/vs1_finance/status/2044819609455345977) have already lined up to leverage and build on the Single Asset Vault and Lending Protocol - a signal that the security rigor behind these features is translating directly into business confidence. This list is not exhaustive: more partners are in flight and will be covered in dedicated posts as they become public. The most important takeaway is that preparing the Lending Protocol and Single Asset Vault for production through the phases described above has helped establish a new security and quality baseline for XRPL amendments. This baseline is backed by multiple independent layers of validation, including multiple independent audits, attackathons / bug bounties, AI-assisted security reviews, red team activities, formal modeling, UNL validator review, and community testing. Collectively, these efforts uncovered issues that other approaches would have missed. Together, this defense-in-depth approach has significantly raised the bar for production readiness and will help shape how future XRPL amendments are developed, reviewed, and deployed.