Ripple's Former CTO David Schwartz Proposes XRPL has proposed ReservedTxns, a new way to let XRP Ledger users reserve execution for a future transaction and make front-running and sandwich attacks harder on XRPL’s native DEX and AMM.
- ReservedTxns is meant to protect near-term trades from bots and opportunistic ordering abuse.
- The design combines a reservation object, a special reservation transaction, and short timing limits.
- It is still under community discussion and would need validator approval before becoming a network amendment.
- Critics say confidential pending-order handling may be a cleaner long-term fix than paying for priority.
The basic problem is ugly but familiar in crypto. If somebody can see your trade before it lands, they may try to get in front of it, profit from it, or trap it in a sandwich. That is front-running in plain English. A sandwich attack is the same clown show with extra steps. The attacker trades before and after the victim, then pockets the spread created by the victim’s own price impact.
Schwartz’s proposal is meant to reduce that risk without turning the XRP Ledger into a chaotic pay-to-win arena for bots. The goal is not to make every transaction private. It is to let users reserve priority execution for a specific future ledger when they need stronger protection.
That distinction matters. A paid reservation system is not the same thing as hiding the order flow itself. One buys a protected slot. The other tries to make the slot invisible in the first place.
According to the proposal details being discussed, ReservedTxns has two parts. First is a ReservedTxns ledger object that stores a target ledger sequence number and up to 32 transaction IDs. When that target ledger executes, the reserved transactions in the consensus set are processed first, ahead of other transactions. After execution, the object is deleted.
The second part is a TxnReserve transaction type. A reservation must be submitted before the target ledger closes, the reservation fee must be at least twice the standard transaction fee, the target ledger must be within 16 ledgers of the current one, and the actual transaction must set LastLedgerSequence to match the reserved ledger.
That 16-ledger ceiling is doing real work here. It keeps the feature focused on near-term execution instead of letting users lock up long-dated priority like it’s a VIP table at a mediocre club. Dynamic fee scaling is also meant to make abuse more expensive. As reservation slots fill past 16, fees rise, and near 30 slots they can reach several multiples of the base reserve.
Schwartz framed the goal this way:
“This guarantees that you can execute your transaction ahead of any transaction that was formed after your transaction was disclosed, ”
“You would use this approach any time you want to perform a transaction that you want to ensure cannot be sandwiched or front run.”
That is the pitch. The criticism is simpler. If pending trades are still visible, why not protect the pending trades themselves?
XRP Ledger Madness: $2, 000 Fee Burns, AI Bot Chaos, and XRPresso.io, described as an XRP-focused analytics account, raised concerns about front-running on XRPL’s native trading venues. Its argument is that targeted confidentiality for pending transaction details would be a cleaner answer than adding a fee layer for reserved priority. In other words, if attackers can see the trade, hide the trade. Not exactly a wild idea.
That critique lands because it goes after the root of the problem. A reservation system can reduce exposure, but it does not erase the fact that someone with enough visibility and enough speed may still try to game the system. Confidential order flow, private submission paths, encryption, or zero-knowledge-style protections attack the issue more directly. They are also harder to build, harder to audit, and often less convenient. There is no free lunch, just different ways to pay for it.
Schwartz’s counterpoint is that XRPL’s MEV-style risk may be smaller than what Ethereum has historically dealt with. He argued that meaningful extraction needs a combination of high liquidity and low liquidity, which he says is rarely present on XRPL. That is a reasonable argument, but it is still an argument. It does not prove the network has no front-running problem. It says the problem may be less severe or less broadly exploitable than on chains where MEV has become a full-time industry.
He also said that if validators conspired, it would be very obvious who was doing it, and that no such attempt has been confirmed outside of a proof-of-concept. That may be reassuring on paper, but “obvious” is not the same thing as impossible. Blockchains have a bad habit of assuming transparency solves everything. It usually solves less than advertised.
For readers newer to XRPL, the network already uses deterministic canonical ordering for validated transactions. That means transactions are not arranged randomly. The final ledger has a known order based on the final transaction set. Deterministic does not mean harmless, though. If someone can anticipate what lands when, ordering can still be exploited around swaps and liquidity changes.
XRPL also already uses LastLedgerSequence, a field that limits the ledger range in which a transaction can be included. The ReservedTxns proposal builds on that idea by turning a bounded validity window into an explicit reservation mechanism tied to priority execution.
That is why this proposal is still under discussion and not yet a formal amendment. On the XRP Ledger, protocol changes require a supermajority of validators to approve them before activation. That governance step matters, because it forces the network to decide whether this is a practical defense or just a paid fast lane with nicer branding.
The broader tradeoff is easy to see:
Reservation model: simpler to reason about, easier to deploy, and potentially useful for traders who need execution certainty right now.
Confidentiality model: cleaner in principle, because it hides the order flow before it can be exploited, but harder to implement and often more complex to maintain.
Both approaches have merit. Both also come with baggage. A reservation system can become a new thing to game if the incentives get sloppy. Confidentiality tools can raise their own transparency and decentralization concerns. Crypto loves to promise perfect fixes. Reality keeps sending invoices.
That is the real debate around ReservedTxns. It is not whether front-running and sandwich attacks are imaginary. They are not. It is whether XRPL should address the risk with a paid reservation layer, or whether the network should push harder toward more private transaction handling instead.
What Is MEV in Crypto? For readers newer to XRPL, the network already uses deterministic canonical ordering for validated transactions. That means transactions are not arranged randomly. The final ledger has a known order based on the final transaction set. Deterministic does not mean harmless, though. If someone can anticipate what lands when, ordering can still be exploited around swaps and liquidity changes.
XRPL also already uses LastLedgerSequence, a field that limits the ledger range in which a transaction can be included. The ReservedTxns proposal builds on that idea by turning a bounded validity window into an explicit reservation mechanism tied to priority execution.
That is why this proposal is still under discussion and not yet a formal amendment. On the XRP Ledger, protocol changes require a supermajority of validators to approve them before activation. That governance step matters, because it forces the network to decide whether this is a practical defense or just a paid fast lane with nicer branding.
The broader tradeoff is easy to see:
Reservation model: simpler to reason about, easier to deploy, and potentially useful for traders who need execution certainty right now.
Confidentiality model: cleaner in principle, because it hides the order flow before it can be exploited, but harder to implement and often more complex to maintain.
Both approaches have merit. Both also come with baggage. A reservation system can become a new thing to game if the incentives get sloppy. Confidentiality tools can raise their own transparency and decentralization concerns. Crypto loves to promise perfect fixes. Reality keeps sending invoices.
That is the real debate around ReservedTxns. It is not whether front-running and sandwich attacks are imaginary. They are not. It is whether XRPL should address the risk with a paid reservation layer, or whether the network should push harder toward more private transaction handling instead.
Ripple CTO Proposes ReservedTxns to Block Front-Running on XRPresso.io, described as an XRP-focused analytics account, raised concerns about front-running on XRPL’s native trading venues. Its argument is that targeted confidentiality for pending transaction details would be a cleaner answer than adding a fee layer for reserved priority. In other words, if attackers can see the trade, hide the trade. Not exactly a wild idea.
That critique lands because it goes after the root of the problem. A reservation system can reduce exposure, but it does not erase the fact that someone with enough visibility and enough speed may still try to game the system. Confidential order flow, private submission paths, encryption, or zero-knowledge-style protections attack the issue more directly. They are also harder to build, harder to audit, and often less convenient. There is no free lunch, just different ways to pay for it.
Schwartz’s counterpoint is that XRPL’s MEV-style risk may be smaller than what Ethereum has historically dealt with. He argued that meaningful extraction needs a combination of high liquidity and low liquidity, which he says is rarely present on XRPL. That is a reasonable argument, but it is still an argument. It does not prove the network has no front-running problem. It says the problem may be less severe or less broadly exploitable than on chains where MEV has become a full-time industry.
He also said that if validators conspired, it would be very obvious who was doing it, and that no such attempt has been confirmed outside of a proof-of-concept. That may be reassuring on paper, but “obvious” is not the same thing as impossible. Blockchains have a bad habit of assuming transparency solves everything. It usually solves less than advertised.
For readers newer to XRPL, the network already uses deterministic canonical ordering for validated transactions. That means transactions are not arranged randomly. The final ledger has a known order based on the final transaction set. Deterministic does not mean harmless, though. If someone can anticipate what lands when, ordering can still be exploited around swaps and liquidity changes.
XRPL also already uses LastLedgerSequence, a field that limits the ledger range in which a transaction can be included. The ReservedTxns proposal builds on that idea by turning a bounded validity window into an explicit reservation mechanism tied to priority execution.
That is why this proposal is still under discussion and not yet a formal amendment. On the XRP Ledger, protocol changes require a supermajority of validators to approve them before activation. That governance step matters, because it forces the network to decide whether this is a practical defense or just a paid fast lane with nicer branding.
The broader tradeoff is easy to see:
Reservation model: simpler to reason about, easier to deploy, and potentially useful for traders who need execution certainty right now.
Confidentiality model: cleaner in principle, because it hides the order flow before it can be exploited, but harder to implement and often more complex to maintain.
Both approaches have merit. Both also come with baggage. A reservation system can become a new thing to game if the incentives get sloppy. Confidentiality tools can raise their own transparency and decentralization concerns. Crypto loves to promise perfect fixes. Reality keeps sending invoices.
That is the real debate around ReservedTxns. It is not whether front-running and sandwich attacks are imaginary. They are not. It is whether XRPL should address the risk with a paid reservation layer, or whether the network should push harder toward more private transaction handling instead.
Key questions and takeaways
-
What does ReservedTxns try to stop?
It is meant to reduce front-running and sandwich attacks on XRPL’s native DEX and AMM by reserving execution for a specific near-term ledger. -
How does the reservation mechanism work?
A ReservedTxns ledger object stores a target ledger sequence number and transaction IDs, while a TxnReserve transaction claims the slot under fee and timing rules. -
Is ReservedTxns live on XRPL?
No. It is still being discussed and would need validator supermajority approval before it could become a network amendment. -
Why are some people pushing back?
Critics argue that hiding or shielding pending transaction details would be a better long-term fix than selling priority execution. -
Does XRPL face the same MEV problem as Ethereum?
Not necessarily. Schwartz argues XRPL’s liquidity profile makes the worst-case MEV dynamic less likely, but ordering-based abuse is still a valid concern. -
Does ReservedTxns solve the root problem?
Not fully. It can reduce exposure for near-term trades, but more confidential order-flow handling would address the underlying visibility issue more directly.
XRP Ledger Documentation & Developer Resources The sane takeaway is this: if a blockchain makes trade intent visible before settlement, somebody will try to weaponize that visibility. ReservedTxns is one way to blunt the damage on XRPL. It may prove useful, it may prove clunky, or it may end up being a stopgap on the way to stronger privacy tooling. But at least it is aimed at a real problem instead of pretending bots will suddenly grow a conscience.
That alone is worth paying attention to. Serious decentralized markets need more than throughput and feel-good slogans. They need credible defenses against the grubby mechanics of market abuse. No bullshit: that part is not optional.
XRP Ledger Tokenized U.S. Treasuries Surge 8x to $418M as the sane takeaway is this: if a blockchain makes trade intent visible before settlement, somebody will try to weaponize that visibility. ReservedTxns is one way to blunt the damage on XRPL. It may prove useful, it may prove clunky, or it may end up being a stopgap on the way to stronger privacy tooling. But at least it is aimed at a real problem instead of pretending bots will suddenly grow a conscience.
That alone is worth paying attention to. Serious decentralized markets need more than throughput and feel-good slogans. They need credible defenses against the grubby mechanics of market abuse. No bullshit: that part is not optional.
Mastercard Tests RLUSD on XRP Ledger for Faster Card settles? That alone is worth paying attention to. Serious decentralized markets need more than throughput and feel-good slogans. They need credible defenses against the grubby mechanics of market abuse. No bullshit: that part is not optional.
