XLS-70 and XLS-80 define the identity and permissioning layers for XRPL’s proposed lending protocol. They control who can borrow, lend, issue, or interact. If these break, the protocol breaks with them. Both are in scope for the $200K @rippleXDev XRPL Attackathon on Immunefi.

@RippleXDev XLS-70 introduces Credentials. These are on-ledger attestations issued by trusted parties. They can include KYC outcomes, risk scores, or regulatory flags. Loans and other actions can be gated based on these credentials.

@RippleXDev Credentials are referenced, not stored, in most cases. They are linked to XRPL accounts and consumed by the protocol to permit or reject actions. If this link is broken or spoofed, all downstream enforcement may fail.

@RippleXDev XLS-80 defines Permissioned Domains. This standard allows asset issuers or protocol operators to set access rules. Domains can restrict issuance, redemptions, or interactions to credentialed or whitelisted accounts.

@RippleXDev Combined, these two standards enforce: • Who can borrow • Who can lend • Who can interact with tokens • What entities qualify under regulatory frameworks These are not cosmetic features. They are protocol gatekeepers.

@RippleXDev Vulnerabilities may include: • Bypassing credential checks • Credential injection or spoofing • Inconsistent domain enforcement • Improper issuer or trust line scoping If you can break access logic, you control who gets to move what.