Documentation

How XRPGuard works

A short guide to scanning your XRPL wallet, understanding risk categories, and safely revoking what shouldn't be there.

Last updated: April 2026 · v0.1

Contents

What XRPGuard does
Quick start
Why the 200 XRP minimum
Risk categories explained
Revoking a risk
Supported wallets
Security model
FAQ

What XRPGuard does

XRPGuard is a read-only audit tool for the XRP Ledger. You paste your account address, we query the ledger for every object attached to it — trust lines, offers, escrows, payment channels, regular keys, signer lists — and flag the ones that pose a risk or waste reserve.

If we find something worth cleaning up, you can connect your wallet and sign revocation transactions directly on your own device. We never hold keys, never custody funds, and never touch your account without your explicit per-transaction approval.

Think of it as

revoke.cash for the XRP Ledger. EVM chains have approve(); XRPL has trust lines, signer lists, and standing offers. The risk surface is different, but the hygiene problem is the same.

Quick start

Open the scanner.
Paste your XRPL account address (starts with r).
Click Scan wallet. We fetch your account's public ledger state — no signature needed.
Review the findings, grouped by severity (High / Medium / Low).
If you want to act on any of them, click Connect Xaman Wallet and approve each revocation on your phone.

Why the 200 XRP minimum

Accounts with less than 200 XRP are blocked from the scanner. This is a deliberate anti-abuse filter, not a paywall.

Bot spam: automated scrapers hammer public endpoints with empty or newly-funded dust wallets. The minimum pushes their cost of abuse above what they're willing to pay.
Cost of scanning: a full scan runs several ledger queries. We'd rather spend those on real users.
Attack surface: wallets with less than 200 XRP rarely have meaningful trust lines, open offers, or signer lists worth auditing.

If your wallet is below the threshold, the scanner will tell you exactly how much it holds and why it was rejected.

Risk categories explained

Scam trust lines

XRPL accounts accumulate trust lines to every token ever airdropped to them. Many come from known phishing issuers who count on users clicking a "claim" link on a fake domain. XRPGuard maintains a regularly-updated list of flagged issuers and marks their trust lines as High severity.

Rogue signers (regular key / SignerList)

The SetRegularKey transaction lets another account sign on your behalf. SignerListSet does the same for a multi-sig quorum. If you (or a dApp you used) ever set one of these and forgot, that account can move your funds. We flag any active regular key or signer list and highlight unknown signers.

Open NFT offers

NFT sell offers don't expire. Many users have standing offers at prices that were reasonable when the floor was 5 XRP and now look foolish at a 200 XRP floor. XRPGuard lists all open offers involving your account so you can cancel stale ones.

Stale escrows and payment channels

These objects lock XRP. If the counterparty is gone or the deal is off, you may be able to claim or cancel them to free up the funds.

Rippling flags

XRPL trust lines default to "rippling" which enables multi-hop pathfinding through your account. For most users — especially anyone who isn't a market maker — rippling should be off. A trust line with rippling on is a footgun, not a vulnerability, but worth cleaning up.

Reserve reclaim

Every owned ledger object (trust line, offer, escrow, etc.) locks 0.2 XRP of your base reserve. Deleting unused objects refunds that reserve back to your spendable balance.

Revoking a risk

Each finding maps to a specific XRPL transaction your wallet will sign:

Risk type	Revocation transaction
Scam / dust trust line	`TrustSet` with LimitAmount = 0
Rogue regular key	`SetRegularKey` with no key
SignerList entry	`SignerListSet` with updated list or empty
Open NFT offer	`NFTokenCancelOffer`
Open DEX offer	`OfferCancel`
Stale escrow	`EscrowCancel` (after FinishAfter)
Payment channel	`PaymentChannelClaim` with close flag

Every transaction is signed on your device, broadcast through your wallet, and costs 10 drops (0.00001 XRP) in network fees. XRPGuard takes no fee on revocations.

Supported wallets

Xaman (formerly Xumm) — primary integration, mobile signing via QR code.
Crossmark — browser extension, planned.
GemWallet — browser extension, planned.

Hardware wallet support via Ledger is on the roadmap.

Security model

Read-only by default: scanning requires only a public address. No signature, no permission, nothing custodial.
No private keys ever reach our servers. Wallet connection uses the wallet provider's standard protocol (Xaman deep link / OAuth2). Your seed phrase stays on your phone.
Per-transaction approval: you see and sign each revocation individually. There is no "approve all" batch signing.
Open source scanner: the scanning logic and scam issuer list are published so anyone can audit them.

FAQ

Does XRPGuard charge a fee?

No. The scanner is free. Revocation transactions cost only the standard XRPL network fee (0.00001 XRP). We may add optional premium features later — but the core audit + revoke workflow will always be free.

Can XRPGuard move my funds?

No. We cannot sign transactions for you. Every action requires you to approve it in your own wallet on your own device.

Why is my trust line flagged as a scam — I know the project?

Our scam list is conservative and community-sourced. If you believe a listing is wrong, please file a dispute on the issuer review page. We err on the side of flagging; you're always free to keep any trust line you want.

What about Hooks and sidechains?

Hooks on Xahau and XRPL sidechains are on the roadmap. They behave more like EVM approvals than anything on mainnet XRPL, so they're a natural extension of the product.

I found a bug or want to contribute

Report it on GitHub or email [email protected]. Security researchers welcome.