File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -2460,6 +2460,14 @@ <h3 id="gateway-seed-compromise">Gateway Seed Compromise</h3>
24602460issue an XRPL Credential (XLS-70) to the gateway account; on compromise, the PA deletes the
24612461credential to revoke the gateway's on-chain authorization. Operators SHOULD monitor for
24622462on-chain payments without corresponding SBAs. See < a href ="../trust-model/#gateway-seed-security "> Gateway Seed Security</ a > .</ p >
2463+ < h3 id ="trust-bundle-signer-key-compromise "> Trust Bundle Signer Key Compromise</ h3 >
2464+ < p > If the root key used to sign Trust Bundles is compromised, an attacker can distribute
2465+ fraudulent bundles containing injected issuer keys. Offline merchants will accept forged
2466+ SBAs until the compromised bundle expires.</ p >
2467+ < p > < strong > Mitigations:</ strong > Short bundle lifetimes (hours, not days) limit the exposure window.
2468+ Verifiers MUST support emergency bundle refresh. For XRPL deployments, the bundle signer
2469+ SHOULD maintain an on-chain credential for its signing key; verifiers check this on reconnect
2470+ as a freshness signal. See < a href ="../trust-bundles/#bundle-signer-key-compromise "> Trust Bundles — Bundle Signer Key Compromise</ a > .</ p >
24632471< h3 id ="settlement-tampering "> Settlement Tampering</ h3 >
24642472< p > Verification ensures that executed settlement transactions match authorized parameters before the session is finalized.</ p >
24652473< hr />
You can’t perform that action at this time.
0 commit comments