Support for lsfDepositAuth (RIPD-1487):

The DepositAuth feature allows an account to require that it signs for any funds that are deposited to the account. For the time being this limits the account to accepting only XRP, although there are plans to allow IOU payments in the future. The lsfDepositAuth protections are not extended to offers. If an account creates an offer it is in effect saying, “I will accept funds from anyone who takes this offer.” Therefore, the typical user of the lsfDepositAuth flag will choose never to create any offers. But they can if they so choose. The DepositAuth feature leaves a small gap in its protections. An XRP payment is allowed to a destination account with the lsfDepositAuth flag set if: - The Destination XRP balance is less than or equal to the base reserve and - The value of the XRP Payment is less than or equal to the base reserve. This exception is intended to make it impossible for an account to wedge itself by spending all of its XRP on fees and leave itself unable to pay the fee to get more XRP. This commit - adds featureDepositAuth, - adds the lsfDepositAuth flag, - adds support for lsfDepositAuth in SetAccount.cpp - adds support in Payment.cpp for rejecting payments that don't meet the lsfDepositAuth requirements, - adds unit tests for Payment transactions to an an account with lsfDepositAuth set. - adds Escrow and PayChan support for lsfDepositAuth along with as unit tests.
2025-12-06 17:27:55 +00:00 · 2017-08-25 12:55:48 -07:00
parent a307d2d03f
commit 259394029a
17 changed files with 689 additions and 127 deletions
--- a/src/test/app/PayChan_test.cpp
+++ b/src/test/app/PayChan_test.cpp
@@ -691,6 +691,75 @@ struct PayChan_test : public beast::unit_test::suite
            *env.current (), channel (*env.current (), alice, bob)));
    }

+    void
+    testDepositAuth ()
+    {
+        testcase ("Deposit Authorization");
+        using namespace jtx;
+        using namespace std::literals::chrono_literals;
+
+        auto const alice = Account ("alice");
+        auto const bob = Account ("bob");
+        auto USDA = alice["USD"];
+        {
+            Env env (*this);
+            env.fund (XRP (10000), alice, bob);
+
+            env (fset (bob, asfDepositAuth));
+            env.close();
+
+            auto const pk = alice.pk ();
+            auto const settleDelay = 100s;
+            env (create (alice, bob, XRP (1000), settleDelay, pk));
+            env.close();
+
+            auto const chan = channel (*env.current (), alice, bob);
+            BEAST_EXPECT (channelBalance (*env.current (), chan) == XRP (0));
+            BEAST_EXPECT (channelAmount (*env.current (), chan) == XRP (1000));
+
+            // alice can add more funds to the channel even though bob has
+            // asfDepositAuth set.
+            env (fund (alice, chan, XRP (1000)));
+            env.close();
+
+            // alice claims. Fails because bob's lsfDepositAuth flag is set.
+            env (claim (alice, chan,
+                XRP (500).value(), XRP (500).value()), ter (tecNO_PERMISSION));
+            env.close();
+
+            // Claim with signature
+            auto const baseFee = env.current()->fees().base;
+            auto const preBob = env.balance (bob);
+            {
+                auto const delta = XRP (500).value();
+                auto const sig = signClaimAuth (pk, alice.sk (), chan, delta);
+
+                // alice claims with signature.  Fails since bob has
+                // lsfDepositAuth flag set.
+                env (claim (alice, chan,
+                    delta, delta, Slice (sig), pk), ter (tecNO_PERMISSION));
+                env.close();
+                BEAST_EXPECT (env.balance (bob) == preBob);
+
+                // bob claims with signature.  Succeeds even though bob's
+                // lsfDepositAuth flag is set since bob signed the transaction.
+                env (claim (bob, chan, delta, delta, Slice (sig), pk));
+                env.close();
+                BEAST_EXPECT (env.balance (bob) == preBob + delta - baseFee);
+            }
+
+            // bob clears lsfDepositAuth.  Now alice can use an unsigned claim.
+            env (fclear (bob, asfDepositAuth));
+            env.close();
+
+            // alice claims successfully.
+            env (claim (alice, chan, XRP (800).value(), XRP (800).value()));
+            env.close();
+            BEAST_EXPECT (
+                env.balance (bob) == preBob + XRP (800) - (2 * baseFee));
+        }
+    }
+
    void
    testMultiple ()
    {
@@ -994,6 +1063,7 @@ struct PayChan_test : public beast::unit_test::suite
        testDefaultAmount ();
        testDisallowXRP ();
        testDstTag ();
+        testDepositAuth ();
        testMultiple ();
        testRPC ();
        testOptionalFields ();