A draft amendment to the XRP Ledger (XRPL) notes that flash loan attacks are 'structurally impossible' on the network due to its transaction architecture. Unlike Ethereum, XRPL transactions cannot make composable intra-transaction calls, preventing the borrow-manipulate-repay sequence that enables flash loan exploits. This design choice has spared XRPL from a class of attacks that has cost Ethereum DeFi billions, including recent exploits on Thorchain ($10.8 million) and Drift Protocol/KelpDAO ($600 million combined). The amendment, which proposes concentrated liquidity and StableSwap-style pools for XRPL's native automated market maker, highlights this structural resistance in its security considerations. However, flash loans also have legitimate uses, such as arbitrage, liquidation, and collateral swaps. XRPL sacrifices these functionalities to eliminate the attack vector entirely. As XRPL's DeFi ecosystem grows—with tokenized real-world assets exceeding $3 billion—the trade-off becomes increasingly relevant. If the amendment passes, it could close the capital-efficiency gap with Ethereum, raising the question of whether structural exploit resistance is a competitive advantage or a feature that institutions overlook in favor of existing liquidity.

Key facts

• XRPL transactions cannot call other contracts, preventing flash loan sequences.
• Flash loan attacks cost Ethereum DeFi billions; XRPL remains unaffected.
• Recent exploits on Thorchain and Drift/KelpDAO used flash loans.
• XRPL sacrifices legitimate flash loan uses to eliminate the attack class.
• XRPL DeFi grows with $3B tokenized RWA; amendment may boost DeFi.

KeyAudit data perspective