A recent draft amendment to the XRP Ledger states that flash loan attacks are "structurally infeasible" on XRPL because the network's transaction structure does not support composable calls within a single transaction. This statement appears in the security notes section of the amendment, further clarifying the architectural differences between XRPL and the Ethereum-dominated DeFi system.

Recent attacks have all targeted flash loans.

Several recent DeFi security incidents have been linked to flash loan mechanisms. Reports indicate that Thorchain lost approximately $10.8 million in a cross-chain attack on May 15th; while Drift, a decentralized perpetual contract protocol on Solana, and KelpDAO, a liquidity staking and re-staking protocol on Ethereum, suffered combined losses exceeding $600 million in April.

Flash loans allow users to borrow large sums of money without collateral, provided the loan is repaid within the same transaction. They were originally used for cross-platform arbitrage, collateral swapping, and liquidation bot operations.

XRPL transactions do not support nested calls.

The draft states that XRPL transactions also possess atomicity, meaning they either all succeed or all fail. However, unlike Ethereum, a single XRPL transaction cannot call another contract during execution, nor can it perform multi-level nested operations within the same transaction encapsulation.

A typical flash loan attack usually requires at least three steps—borrowing, manipulating, and repaying—to be completed within a single transaction. Without this intra-transaction composability, such attack paths become impossible. The report concludes that this is not simply a functional deficiency, but rather a trade-off in XRPL's underlying architecture.

Security advantages accompanied by feature transfer

This design doesn't come without a cost. Flash loans aren't just attack tools; they're also common infrastructure in Ethereum DeFi. Protocols like Aave and dYdX have offered them as product capabilities to users. Arbitrageurs can use them to quickly smooth out price differences across multiple exchanges, and liquidation bots can use them to maintain the operation of the overcollateralized lending market.

In the past, this trade-off had limited impact because XRPL's DeFi scale has always been relatively small. But this is changing. Reports indicate that the total value of tokenized real-world assets on the XRP Ledger has exceeded $3 billion. Meanwhile, this AMM amendment also plans to introduce centralized liquidity and a StableSwap-like pool design for XRPL's native automated market maker.

If the amendment passes, XRPL's weakness in capital efficiency is expected to narrow, potentially attracting more trading and yield strategies to the blockchain. Whether institutions will then view this inherent protection as an advantage will become a real question in XRPL's competition with the Ethereum ecosystem.

Additional information:The report mentioned that a pilot program last month in which Ripple, JPMorgan Chase, Mastercard, and Ondo Finance participated completed the redemption of a tokenized U.S. Treasury bond in 5 seconds.