From efd4c1b95d329c93dd76e7e3d6ae99337362240c Mon Sep 17 00:00:00 2001 From: Ayaz Salikhov Date: Thu, 30 Oct 2025 12:49:44 +0000 Subject: [PATCH 1/9] chore: Use new prepare-runner (#5970) See: XRPLF/actions#19. --- .github/workflows/reusable-build.yml | 2 +- .github/workflows/upload-conan-deps.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index d156f05394..a9d5fd7f7c 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Prepare runner - uses: XRPLF/actions/.github/actions/prepare-runner@638e0dc11ea230f91bd26622fb542116bb5254d5 + uses: XRPLF/actions/.github/actions/prepare-runner@99685816bb60a95a66852f212f382580e180df3a with: disable_ccache: false diff --git a/.github/workflows/upload-conan-deps.yml b/.github/workflows/upload-conan-deps.yml index aa3870ffcf..f6262a2f1f 100644 --- a/.github/workflows/upload-conan-deps.yml +++ b/.github/workflows/upload-conan-deps.yml @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Prepare runner - uses: XRPLF/actions/.github/actions/prepare-runner@638e0dc11ea230f91bd26622fb542116bb5254d5 + uses: XRPLF/actions/.github/actions/prepare-runner@99685816bb60a95a66852f212f382580e180df3a with: disable_ccache: false From a10f42a3aa4e32943023adef7a13321823050cf3 Mon Sep 17 00:00:00 2001 From: Bart Date: Thu, 30 Oct 2025 09:19:51 -0400 Subject: [PATCH 2/9] ci: Check whether test failures are caused by port exhaustion (#5938) This change adds an extra step to the CI test job that outputs network info, which may allow us to confirm whether random test failures are caused by port exhaustion. --- .github/workflows/reusable-test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/reusable-test.yml b/.github/workflows/reusable-test.yml index 2127355f40..8d4a4a8d33 100644 --- a/.github/workflows/reusable-test.yml +++ b/.github/workflows/reusable-test.yml @@ -100,3 +100,12 @@ jobs: "$test_file" fi done + + - name: Debug failure (Linux) + if: ${{ failure() && runner.os == 'Linux' && inputs.run_tests }} + shell: bash + run: | + echo "IPv4 local port range:" + cat /proc/sys/net/ipv4/ip_local_port_range + echo "Netstat:" + netstat -an From 44e027e51614c10124ab42588c65b63b173c1bf9 Mon Sep 17 00:00:00 2001 From: Pratik Mankawde Date: Thu, 30 Oct 2025 15:27:01 +0000 Subject: [PATCH 3/9] refactor: Retire fixTakerDryOfferRemoval amendment (#5958) Amendments activated for more than 2 years can be retired. This change retires the fixTakerDryOfferRemoval amendment. --- include/xrpl/protocol/detail/features.macro | 2 +- src/test/app/Offer_test.cpp | 25 +++++---------------- src/test/rpc/Feature_test.cpp | 4 ++-- 3 files changed, 8 insertions(+), 23 deletions(-) diff --git a/include/xrpl/protocol/detail/features.macro b/include/xrpl/protocol/detail/features.macro index 0c817829db..6eb9c03267 100644 --- a/include/xrpl/protocol/detail/features.macro +++ b/include/xrpl/protocol/detail/features.macro @@ -101,7 +101,6 @@ XRPL_FIX (QualityUpperBound, Supported::yes, VoteBehavior::DefaultYe XRPL_FEATURE(DeletableAccounts, Supported::yes, VoteBehavior::DefaultYes) XRPL_FIX (PayChanRecipientOwnerDir, Supported::yes, VoteBehavior::DefaultYes) XRPL_FIX (MasterKeyAsRegularKey, Supported::yes, VoteBehavior::DefaultYes) -XRPL_FIX (TakerDryOfferRemoval, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(MultiSignReserve, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(DepositPreauth, Supported::yes, VoteBehavior::DefaultYes) XRPL_FIX (1623, Supported::yes, VoteBehavior::DefaultYes) @@ -144,6 +143,7 @@ XRPL_RETIRE(fix1781) XRPL_RETIRE(fixCheckThreading) XRPL_RETIRE(fixRmSmallIncreasedQOffers) XRPL_RETIRE(fixSTAmountCanonicalize) +XRPL_RETIRE(fixTakerDryOfferRemoval) XRPL_RETIRE(CryptoConditions) XRPL_RETIRE(Escrow) XRPL_RETIRE(EnforceInvariants) diff --git a/src/test/app/Offer_test.cpp b/src/test/app/Offer_test.cpp index c279afd2a2..0dbcfccebd 100644 --- a/src/test/app/Offer_test.cpp +++ b/src/test/app/Offer_test.cpp @@ -5294,14 +5294,12 @@ public: { using namespace jtx; static FeatureBitset const all{testable_amendments()}; - static FeatureBitset const takerDryOffer{fixTakerDryOfferRemoval}; static FeatureBitset const immediateOfferKilled{ featureImmediateOfferKilled}; FeatureBitset const fillOrKill{fixFillOrKill}; FeatureBitset const permDEX{featurePermissionedDEX}; - static std::array const feats{ - all - takerDryOffer - immediateOfferKilled - permDEX, + static std::array const feats{ all - immediateOfferKilled - permDEX, all - immediateOfferKilled - fillOrKill - permDEX, all - fillOrKill - permDEX, @@ -5323,7 +5321,7 @@ public: } }; -class OfferWTakerDryOffer_test : public OfferBaseUtil_test +class OfferWOSmallQOffers_test : public OfferBaseUtil_test { void run() override @@ -5332,7 +5330,7 @@ class OfferWTakerDryOffer_test : public OfferBaseUtil_test } }; -class OfferWOSmallQOffers_test : public OfferBaseUtil_test +class OfferWOFillOrKill_test : public OfferBaseUtil_test { void run() override @@ -5341,7 +5339,7 @@ class OfferWOSmallQOffers_test : public OfferBaseUtil_test } }; -class OfferWOFillOrKill_test : public OfferBaseUtil_test +class OfferWOPermDEX_test : public OfferBaseUtil_test { void run() override @@ -5350,21 +5348,12 @@ class OfferWOFillOrKill_test : public OfferBaseUtil_test } }; -class OfferWOPermDEX_test : public OfferBaseUtil_test -{ - void - run() override - { - OfferBaseUtil_test::run(4); - } -}; - class OfferAllFeatures_test : public OfferBaseUtil_test { void run() override { - OfferBaseUtil_test::run(5, true); + OfferBaseUtil_test::run(4, true); } }; @@ -5376,7 +5365,6 @@ class Offer_manual_test : public OfferBaseUtil_test using namespace jtx; FeatureBitset const all{testable_amendments()}; FeatureBitset const immediateOfferKilled{featureImmediateOfferKilled}; - FeatureBitset const takerDryOffer{fixTakerDryOfferRemoval}; FeatureBitset const fillOrKill{fixFillOrKill}; FeatureBitset const permDEX{featurePermissionedDEX}; @@ -5385,13 +5373,10 @@ class Offer_manual_test : public OfferBaseUtil_test testAll(all - fillOrKill - permDEX); testAll(all - permDEX); testAll(all); - - testAll(all - takerDryOffer - permDEX); } }; BEAST_DEFINE_TESTSUITE_PRIO(OfferBaseUtil, app, ripple, 2); -BEAST_DEFINE_TESTSUITE_PRIO(OfferWTakerDryOffer, app, ripple, 2); BEAST_DEFINE_TESTSUITE_PRIO(OfferWOSmallQOffers, app, ripple, 2); BEAST_DEFINE_TESTSUITE_PRIO(OfferWOFillOrKill, app, ripple, 2); BEAST_DEFINE_TESTSUITE_PRIO(OfferWOPermDEX, app, ripple, 2); diff --git a/src/test/rpc/Feature_test.cpp b/src/test/rpc/Feature_test.cpp index 895988152c..f01ee5b116 100644 --- a/src/test/rpc/Feature_test.cpp +++ b/src/test/rpc/Feature_test.cpp @@ -144,8 +144,8 @@ class Feature_test : public beast::unit_test::suite BEAST_EXPECT(featureToName(featureFlow) == "Flow"); BEAST_EXPECT(featureToName(featureNegativeUNL) == "NegativeUNL"); BEAST_EXPECT( - featureToName(fixTakerDryOfferRemoval) == - "fixTakerDryOfferRemoval"); + featureToName(fixIncludeKeyletFields) == "fixIncludeKeyletFields"); + BEAST_EXPECT(featureToName(featureTokenEscrow) == "TokenEscrow"); } void From b0910e359e4e8af70477ff93e4cde53b067a4b5a Mon Sep 17 00:00:00 2001 From: Pratik Mankawde Date: Thu, 30 Oct 2025 17:33:08 +0000 Subject: [PATCH 4/9] refactor: Retire fix1623 amendment (#5928) Amendments activated for more than 2 years can be retired. This change retires the fix1623 amendment. --- include/xrpl/protocol/detail/features.macro | 2 +- src/test/app/Check_test.cpp | 54 ++++++++------------- src/xrpld/app/tx/detail/CashCheck.cpp | 5 +- src/xrpld/rpc/detail/DeliveredAmount.cpp | 54 +++++---------------- 4 files changed, 35 insertions(+), 80 deletions(-) diff --git a/include/xrpl/protocol/detail/features.macro b/include/xrpl/protocol/detail/features.macro index 6eb9c03267..61382cac13 100644 --- a/include/xrpl/protocol/detail/features.macro +++ b/include/xrpl/protocol/detail/features.macro @@ -103,7 +103,6 @@ XRPL_FIX (PayChanRecipientOwnerDir, Supported::yes, VoteBehavior::DefaultYe XRPL_FIX (MasterKeyAsRegularKey, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(MultiSignReserve, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(DepositPreauth, Supported::yes, VoteBehavior::DefaultYes) -XRPL_FIX (1623, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(Checks, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(DepositAuth, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(Flow, Supported::yes, VoteBehavior::DefaultYes) @@ -139,6 +138,7 @@ XRPL_RETIRE(fix1528) XRPL_RETIRE(fix1543) XRPL_RETIRE(fix1571) XRPL_RETIRE(fix1578) +XRPL_RETIRE(fix1623) XRPL_RETIRE(fix1781) XRPL_RETIRE(fixCheckThreading) XRPL_RETIRE(fixRmSmallIncreasedQOffers) diff --git a/src/test/app/Check_test.cpp b/src/test/app/Check_test.cpp index 74c8e9df6d..5d59e2ebd9 100644 --- a/src/test/app/Check_test.cpp +++ b/src/test/app/Check_test.cpp @@ -1867,49 +1867,35 @@ class Check_test : public beast::unit_test::suite } void - testFix1623Enable(FeatureBitset features) + testDeliveredAmountForCheckCashTxn(FeatureBitset features) { - testcase("Fix1623 enable"); + testcase("DeliveredAmount For CheckCash Txn"); using namespace test::jtx; + Account const alice{"alice"}; + Account const bob{"bob"}; - auto testEnable = [this]( - FeatureBitset const& features, bool hasFields) { - // Unless fix1623 is enabled a "tx" RPC command should return - // neither "DeliveredAmount" nor "delivered_amount" on a CheckCash - // transaction. - Account const alice{"alice"}; - Account const bob{"bob"}; + Env env{*this, features}; - Env env{*this, features}; + env.fund(XRP(1000), alice, bob); + env.close(); - env.fund(XRP(1000), alice, bob); - env.close(); + uint256 const chkId{getCheckIndex(alice, env.seq(alice))}; + env(check::create(alice, bob, XRP(200))); + env.close(); - uint256 const chkId{getCheckIndex(alice, env.seq(alice))}; - env(check::create(alice, bob, XRP(200))); - env.close(); + env(check::cash(bob, chkId, check::DeliverMin(XRP(100)))); - env(check::cash(bob, chkId, check::DeliverMin(XRP(100)))); + // Get the hash for the most recent transaction. + std::string const txHash{ + env.tx()->getJson(JsonOptions::none)[jss::hash].asString()}; - // Get the hash for the most recent transaction. - std::string const txHash{ - env.tx()->getJson(JsonOptions::none)[jss::hash].asString()}; + env.close(); + Json::Value const meta = env.rpc("tx", txHash)[jss::result][jss::meta]; - // DeliveredAmount and delivered_amount are either present or - // not present in the metadata returned by "tx" based on fix1623. - env.close(); - Json::Value const meta = - env.rpc("tx", txHash)[jss::result][jss::meta]; - - BEAST_EXPECT( - meta.isMember(sfDeliveredAmount.jsonName) == hasFields); - BEAST_EXPECT(meta.isMember(jss::delivered_amount) == hasFields); - }; - - // Run both the disabled and enabled cases. - testEnable(features - fix1623, false); - testEnable(features, true); + // DeliveredAmount and delivered_amount are present. + BEAST_EXPECT(meta.isMember(sfDeliveredAmount.jsonName)); + BEAST_EXPECT(meta.isMember(jss::delivered_amount)); } void @@ -2711,7 +2697,7 @@ class Check_test : public beast::unit_test::suite testCashInvalid(features); testCancelValid(features); testCancelInvalid(features); - testFix1623Enable(features); + testDeliveredAmountForCheckCashTxn(features); testWithTickets(features); } diff --git a/src/xrpld/app/tx/detail/CashCheck.cpp b/src/xrpld/app/tx/detail/CashCheck.cpp index 73dedba170..9107dece50 100644 --- a/src/xrpld/app/tx/detail/CashCheck.cpp +++ b/src/xrpld/app/tx/detail/CashCheck.cpp @@ -276,7 +276,6 @@ CashCheck::doApply() // work to do... auto viewJ = ctx_.app.journal("View"); auto const optDeliverMin = ctx_.tx[~sfDeliverMin]; - bool const doFix1623{psb.rules().enabled(fix1623)}; if (srcId != account_) { @@ -311,7 +310,7 @@ CashCheck::doApply() return tecUNFUNDED_PAYMENT; } - if (optDeliverMin && doFix1623) + if (optDeliverMin) // Set the DeliveredAmount metadata. ctx_.deliver(xrpDeliver); @@ -461,7 +460,7 @@ CashCheck::doApply() << "flow did not produce DeliverMin."; return tecPATH_PARTIAL; } - if (doFix1623 && !checkCashMakesTrustLine) + if (!checkCashMakesTrustLine) // Set the delivered_amount metadata. ctx_.deliver(result.actualAmountOut); } diff --git a/src/xrpld/rpc/detail/DeliveredAmount.cpp b/src/xrpld/rpc/detail/DeliveredAmount.cpp index 9a6d0e9dc8..b38210d19e 100644 --- a/src/xrpld/rpc/detail/DeliveredAmount.cpp +++ b/src/xrpld/rpc/detail/DeliveredAmount.cpp @@ -78,51 +78,25 @@ getDeliveredAmount( } // Returns true if transaction meta could contain a delivered amount field, -// based on transaction type, transaction result and whether fix1623 is enabled -template +// based on transaction type and transaction result bool -canHaveDeliveredAmountHelp( - GetFix1623Enabled const& getFix1623Enabled, +canHaveDeliveredAmount( std::shared_ptr const& serializedTx, TxMeta const& transactionMeta) { if (!serializedTx) return false; + TxType const tt{serializedTx->getTxnType()}; + // Transaction type should be ttPAYMENT, ttACCOUNT_DELETE or ttCHECK_CASH + // and if the transaction failed nothing could have been delivered. + if ((tt == ttPAYMENT || tt == ttCHECK_CASH || tt == ttACCOUNT_DELETE) && + transactionMeta.getResultTER() == tesSUCCESS) { - TxType const tt{serializedTx->getTxnType()}; - if (tt != ttPAYMENT && tt != ttCHECK_CASH && tt != ttACCOUNT_DELETE) - return false; - - if (tt == ttCHECK_CASH && !getFix1623Enabled()) - return false; + return true; } - // if the transaction failed nothing could have been delivered. - if (transactionMeta.getResultTER() != tesSUCCESS) - return false; - - return true; -} - -// Returns true if transaction meta could contain a delivered amount field, -// based on transaction type, transaction result and whether fix1623 is enabled -bool -canHaveDeliveredAmount( - RPC::Context const& context, - std::shared_ptr const& serializedTx, - TxMeta const& transactionMeta) -{ - // These lambdas are used to compute the values lazily - auto const getFix1623Enabled = [&context]() -> bool { - auto const view = context.app.openLedger().current(); - if (!view) - return false; - return view->rules().enabled(fix1623); - }; - - return canHaveDeliveredAmountHelp( - getFix1623Enabled, serializedTx, transactionMeta); + return false; } void @@ -133,12 +107,8 @@ insertDeliveredAmount( TxMeta const& transactionMeta) { auto const info = ledger.info(); - auto const getFix1623Enabled = [&ledger] { - return ledger.rules().enabled(fix1623); - }; - if (canHaveDeliveredAmountHelp( - getFix1623Enabled, serializedTx, transactionMeta)) + if (canHaveDeliveredAmount(serializedTx, transactionMeta)) { auto const getLedgerIndex = [&info] { return info.seq; }; auto const getCloseTime = [&info] { return info.closeTime; }; @@ -167,7 +137,7 @@ getDeliveredAmount( TxMeta const& transactionMeta, GetLedgerIndex const& getLedgerIndex) { - if (canHaveDeliveredAmount(context, serializedTx, transactionMeta)) + if (canHaveDeliveredAmount(serializedTx, transactionMeta)) { auto const getCloseTime = [&context, @@ -212,7 +182,7 @@ insertDeliveredAmount( std::shared_ptr const& transaction, TxMeta const& transactionMeta) { - if (canHaveDeliveredAmount(context, transaction, transactionMeta)) + if (canHaveDeliveredAmount(transaction, transactionMeta)) { auto amt = getDeliveredAmount( context, transaction, transactionMeta, [&transactionMeta]() { From b39d7a65199943f142ff6b87a7d726b82b5d637c Mon Sep 17 00:00:00 2001 From: Pratik Mankawde Date: Thu, 30 Oct 2025 18:47:47 +0000 Subject: [PATCH 5/9] refactor: Retire fixQualityUpperBound amendment (#5960) Amendments activated for more than 2 years can be retired. This change retires the fixQualityUpperBound amendment. --- include/xrpl/protocol/detail/features.macro | 8 +++++--- src/xrpld/app/paths/detail/DirectStep.cpp | 18 ------------------ 2 files changed, 5 insertions(+), 21 deletions(-) diff --git a/include/xrpl/protocol/detail/features.macro b/include/xrpl/protocol/detail/features.macro index 61382cac13..c20f323e3d 100644 --- a/include/xrpl/protocol/detail/features.macro +++ b/include/xrpl/protocol/detail/features.macro @@ -97,7 +97,6 @@ XRPL_FEATURE(NegativeUNL, Supported::yes, VoteBehavior::DefaultYe XRPL_FIX (AmendmentMajorityCalc, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(HardenedValidations, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(RequireFullyCanonicalSig, Supported::yes, VoteBehavior::DefaultYes) -XRPL_FIX (QualityUpperBound, Supported::yes, VoteBehavior::DefaultYes) XRPL_FEATURE(DeletableAccounts, Supported::yes, VoteBehavior::DefaultYes) XRPL_FIX (PayChanRecipientOwnerDir, Supported::yes, VoteBehavior::DefaultYes) XRPL_FIX (MasterKeyAsRegularKey, Supported::yes, VoteBehavior::DefaultYes) @@ -125,8 +124,10 @@ XRPL_FEATURE(CryptoConditionsSuite, Supported::yes, VoteBehavior::Obsolete) // The following amendments have been active for at least two years. Their // pre-amendment code has been removed and the identifiers are deprecated. -// All known amendments and amendments that may appear in a validated -// ledger must be registered either here or above with the "active" amendments +// All known amendments and amendments that may appear in a validated ledger +// must be registered either here or above with the "active" amendments +// +// Please keep this list sorted alphabetically for convenience. XRPL_RETIRE(fix1201) XRPL_RETIRE(fix1368) XRPL_RETIRE(fix1373) @@ -141,6 +142,7 @@ XRPL_RETIRE(fix1578) XRPL_RETIRE(fix1623) XRPL_RETIRE(fix1781) XRPL_RETIRE(fixCheckThreading) +XRPL_RETIRE(fixQualityUpperBound) XRPL_RETIRE(fixRmSmallIncreasedQOffers) XRPL_RETIRE(fixSTAmountCanonicalize) XRPL_RETIRE(fixTakerDryOfferRemoval) diff --git a/src/xrpld/app/paths/detail/DirectStep.cpp b/src/xrpld/app/paths/detail/DirectStep.cpp index a0808985b5..541b04b4c4 100644 --- a/src/xrpld/app/paths/detail/DirectStep.cpp +++ b/src/xrpld/app/paths/detail/DirectStep.cpp @@ -844,24 +844,6 @@ DirectStepI::qualityUpperBound( { auto const dir = this->debtDirection(v, StrandDirection::forward); - if (!v.rules().enabled(fixQualityUpperBound)) - { - std::uint32_t const srcQOut = [&]() -> std::uint32_t { - if (redeems(prevStepDir) && issues(dir)) - return transferRate(v, src_).value; - return QUALITY_ONE; - }(); - auto dstQIn = static_cast(this)->quality( - v, QualityDirection::in); - - if (isLast_ && dstQIn > QUALITY_ONE) - dstQIn = QUALITY_ONE; - Issue const iss{currency_, src_}; - return { - Quality(getRate(STAmount(iss, srcQOut), STAmount(iss, dstQIn))), - dir}; - } - auto const [srcQOut, dstQIn] = redeems(dir) ? qualitiesSrcRedeems(v) : qualitiesSrcIssues(v, prevStepDir); From 8d1b3b39940eca2735a0e9279bdd92b0748fd84c Mon Sep 17 00:00:00 2001 From: Ed Hennis Date: Thu, 30 Oct 2025 15:39:56 -0400 Subject: [PATCH 6/9] refactor: Add support for extra transaction signature validation (#5851) - Restructures `STTx` signature checking code to be able to handle a `sigObject`, which may be the full transaction, or may be an object field containing a separate signature. Either way, the `sigObject` can be a single- or multi-sign signature. - This is distinct from 550f90a75e (#5594), which changed the check in Transactor, which validates whether a given account is allowed to sign for the given transaction. This cryptographically checks the signature validity. --- include/xrpl/protocol/STObject.h | 5 + include/xrpl/protocol/STTx.h | 48 ++++++-- include/xrpl/protocol/jss.h | 1 + src/libxrpl/protocol/STObject.cpp | 16 +++ src/libxrpl/protocol/STTx.cpp | 140 +++++++++++++++-------- src/test/jtx/JTx.h | 6 +- src/test/jtx/TestHelpers.h | 2 +- src/test/jtx/amount.h | 8 +- src/test/jtx/impl/Env.cpp | 19 ++- src/test/jtx/impl/mpt.cpp | 2 +- src/test/jtx/impl/multisign.cpp | 17 ++- src/test/jtx/impl/sig.cpp | 14 ++- src/test/jtx/impl/utility.cpp | 12 +- src/test/jtx/mpt.h | 2 +- src/test/jtx/multisign.h | 53 ++++++++- src/test/jtx/sig.h | 25 +++- src/test/jtx/utility.h | 6 + src/test/rpc/RPCCall_test.cpp | 98 ++++++++++++---- src/xrpld/app/main/Main.cpp | 2 +- src/xrpld/app/tx/detail/Batch.cpp | 74 ++++++++---- src/xrpld/rpc/detail/RPCCall.cpp | 20 +++- src/xrpld/rpc/detail/TransactionSign.cpp | 71 ++++++++++-- 22 files changed, 511 insertions(+), 130 deletions(-) diff --git a/include/xrpl/protocol/STObject.h b/include/xrpl/protocol/STObject.h index 1c22b08aba..84706c5833 100644 --- a/include/xrpl/protocol/STObject.h +++ b/include/xrpl/protocol/STObject.h @@ -244,6 +244,9 @@ public: getFieldPathSet(SField const& field) const; STVector256 const& getFieldV256(SField const& field) const; + // If not found, returns an object constructed with the given field + STObject + getFieldObject(SField const& field) const; STArray const& getFieldArray(SField const& field) const; STCurrency const& @@ -390,6 +393,8 @@ public: setFieldV256(SField const& field, STVector256 const& v); void setFieldArray(SField const& field, STArray const& v); + void + setFieldObject(SField const& field, STObject const& v); template void diff --git a/include/xrpl/protocol/STTx.h b/include/xrpl/protocol/STTx.h index f0d2157283..ac0223ee77 100644 --- a/include/xrpl/protocol/STTx.h +++ b/include/xrpl/protocol/STTx.h @@ -87,8 +87,14 @@ public: getFullText() const override; // Outer transaction functions / signature functions. + static Blob + getSignature(STObject const& sigObject); + Blob - getSignature() const; + getSignature() const + { + return getSignature(*this); + } uint256 getSigningHash() const; @@ -119,13 +125,20 @@ public: getJson(JsonOptions options, bool binary) const; void - sign(PublicKey const& publicKey, SecretKey const& secretKey); + sign( + PublicKey const& publicKey, + SecretKey const& secretKey, + std::optional> signatureTarget = + {}); - /** Check the signature. - @return `true` if valid signature. If invalid, the error message string. - */ enum class RequireFullyCanonicalSig : bool { no, yes }; + /** Check the signature. + @param requireCanonicalSig If `true`, check that the signature is fully + canonical. If `false`, only check that the signature is valid. + @param rules The current ledger rules. + @return `true` if valid signature. If invalid, the error message string. + */ Expected checkSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules) const; @@ -150,17 +163,34 @@ public: char status, std::string const& escapedMetaData) const; - std::vector + std::vector const& getBatchTransactionIDs() const; private: + /** Check the signature. + @param requireCanonicalSig If `true`, check that the signature is fully + canonical. If `false`, only check that the signature is valid. + @param rules The current ledger rules. + @param sigObject Reference to object that contains the signature fields. + Will be *this more often than not. + @return `true` if valid signature. If invalid, the error message string. + */ Expected - checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const; + checkSign( + RequireFullyCanonicalSig requireCanonicalSig, + Rules const& rules, + STObject const& sigObject) const; + + Expected + checkSingleSign( + RequireFullyCanonicalSig requireCanonicalSig, + STObject const& sigObject) const; Expected checkMultiSign( RequireFullyCanonicalSig requireCanonicalSig, - Rules const& rules) const; + Rules const& rules, + STObject const& sigObject) const; Expected checkBatchSingleSign( @@ -179,7 +209,7 @@ private: move(std::size_t n, void* buf) override; friend class detail::STVar; - mutable std::vector batch_txn_ids_; + mutable std::vector batchTxnIds_; }; bool diff --git a/include/xrpl/protocol/jss.h b/include/xrpl/protocol/jss.h index 8609aedaef..bb5af1fc4d 100644 --- a/include/xrpl/protocol/jss.h +++ b/include/xrpl/protocol/jss.h @@ -569,6 +569,7 @@ JSS(settle_delay); // out: AccountChannels JSS(severity); // in: LogLevel JSS(shares); // out: VaultInfo JSS(signature); // out: NetworkOPs, ChannelAuthorize +JSS(signature_target); // in: TransactionSign JSS(signature_verified); // out: ChannelVerify JSS(signing_key); // out: NetworkOPs JSS(signing_keys); // out: ValidatorList diff --git a/src/libxrpl/protocol/STObject.cpp b/src/libxrpl/protocol/STObject.cpp index 77e5fd1ad9..8fb21a638d 100644 --- a/src/libxrpl/protocol/STObject.cpp +++ b/src/libxrpl/protocol/STObject.cpp @@ -688,6 +688,16 @@ STObject::getFieldV256(SField const& field) const return getFieldByConstRef(field, empty); } +STObject +STObject::getFieldObject(SField const& field) const +{ + STObject const empty{field}; + auto ret = getFieldByConstRef(field, empty); + if (ret != empty) + ret.applyTemplateFromSField(field); + return ret; +} + STArray const& STObject::getFieldArray(SField const& field) const { @@ -833,6 +843,12 @@ STObject::setFieldArray(SField const& field, STArray const& v) setFieldUsingAssignment(field, v); } +void +STObject::setFieldObject(SField const& field, STObject const& v) +{ + setFieldUsingAssignment(field, v); +} + Json::Value STObject::getJson(JsonOptions options) const { diff --git a/src/libxrpl/protocol/STTx.cpp b/src/libxrpl/protocol/STTx.cpp index 8be8f906a5..7326f48424 100644 --- a/src/libxrpl/protocol/STTx.cpp +++ b/src/libxrpl/protocol/STTx.cpp @@ -200,11 +200,11 @@ STTx::getSigningHash() const } Blob -STTx::getSignature() const +STTx::getSignature(STObject const& sigObject) { try { - return getFieldVL(sfTxnSignature); + return sigObject.getFieldVL(sfTxnSignature); } catch (std::exception const&) { @@ -234,35 +234,68 @@ STTx::getSeqValue() const } void -STTx::sign(PublicKey const& publicKey, SecretKey const& secretKey) +STTx::sign( + PublicKey const& publicKey, + SecretKey const& secretKey, + std::optional> signatureTarget) { auto const data = getSigningData(*this); auto const sig = ripple::sign(publicKey, secretKey, makeSlice(data)); - setFieldVL(sfTxnSignature, sig); + if (signatureTarget) + { + auto& target = peekFieldObject(*signatureTarget); + target.setFieldVL(sfTxnSignature, sig); + } + else + { + setFieldVL(sfTxnSignature, sig); + } tid_ = getHash(HashPrefix::transactionID); } +Expected +STTx::checkSign( + RequireFullyCanonicalSig requireCanonicalSig, + Rules const& rules, + STObject const& sigObject) const +{ + try + { + // Determine whether we're single- or multi-signing by looking + // at the SigningPubKey. If it's empty we must be + // multi-signing. Otherwise we're single-signing. + + Blob const& signingPubKey = sigObject.getFieldVL(sfSigningPubKey); + return signingPubKey.empty() + ? checkMultiSign(requireCanonicalSig, rules, sigObject) + : checkSingleSign(requireCanonicalSig, sigObject); + } + catch (std::exception const&) + { + } + return Unexpected("Internal signature check failure."); +} + Expected STTx::checkSign( RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules) const { - try + if (auto const ret = checkSign(requireCanonicalSig, rules, *this); !ret) + return ret; + + /* Placeholder for field that will be added by Lending Protocol + if (isFieldPresent(sfCounterpartySignature)) { - // Determine whether we're single- or multi-signing by looking - // at the SigningPubKey. If it's empty we must be - // multi-signing. Otherwise we're single-signing. - Blob const& signingPubKey = getFieldVL(sfSigningPubKey); - return signingPubKey.empty() - ? checkMultiSign(requireCanonicalSig, rules) - : checkSingleSign(requireCanonicalSig); + auto const counterSig = getFieldObject(sfCounterpartySignature); + if (auto const ret = checkSign(requireCanonicalSig, rules, counterSig); + !ret) + return Unexpected("Counterparty: " + ret.error()); } - catch (std::exception const&) - { - } - return Unexpected("Internal signature check failure."); + */ + return {}; } Expected @@ -382,23 +415,23 @@ STTx::getMetaSQL( static Expected singleSignHelper( - STObject const& signer, + STObject const& sigObject, Slice const& data, bool const fullyCanonical) { // We don't allow both a non-empty sfSigningPubKey and an sfSigners. // That would allow the transaction to be signed two ways. So if both // fields are present the signature is invalid. - if (signer.isFieldPresent(sfSigners)) + if (sigObject.isFieldPresent(sfSigners)) return Unexpected("Cannot both single- and multi-sign."); bool validSig = false; try { - auto const spk = signer.getFieldVL(sfSigningPubKey); + auto const spk = sigObject.getFieldVL(sfSigningPubKey); if (publicKeyType(makeSlice(spk))) { - Blob const signature = signer.getFieldVL(sfTxnSignature); + Blob const signature = sigObject.getFieldVL(sfTxnSignature); validSig = verify( PublicKey(makeSlice(spk)), data, @@ -418,12 +451,14 @@ singleSignHelper( } Expected -STTx::checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const +STTx::checkSingleSign( + RequireFullyCanonicalSig requireCanonicalSig, + STObject const& sigObject) const { auto const data = getSigningData(*this); bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) || (requireCanonicalSig == STTx::RequireFullyCanonicalSig::yes); - return singleSignHelper(*this, makeSlice(data), fullyCanonical); + return singleSignHelper(sigObject, makeSlice(data), fullyCanonical); } Expected @@ -440,31 +475,29 @@ STTx::checkBatchSingleSign( Expected multiSignHelper( - STObject const& signerObj, + STObject const& sigObject, + std::optional txnAccountID, bool const fullyCanonical, std::function makeMsg, Rules const& rules) { // Make sure the MultiSigners are present. Otherwise they are not // attempting multi-signing and we just have a bad SigningPubKey. - if (!signerObj.isFieldPresent(sfSigners)) + if (!sigObject.isFieldPresent(sfSigners)) return Unexpected("Empty SigningPubKey."); // We don't allow both an sfSigners and an sfTxnSignature. Both fields // being present would indicate that the transaction is signed both ways. - if (signerObj.isFieldPresent(sfTxnSignature)) + if (sigObject.isFieldPresent(sfTxnSignature)) return Unexpected("Cannot both single- and multi-sign."); - STArray const& signers{signerObj.getFieldArray(sfSigners)}; + STArray const& signers{sigObject.getFieldArray(sfSigners)}; // There are well known bounds that the number of signers must be within. if (signers.size() < STTx::minMultiSigners || signers.size() > STTx::maxMultiSigners(&rules)) return Unexpected("Invalid Signers array size."); - // We also use the sfAccount field inside the loop. Get it once. - auto const txnAccountID = signerObj.getAccountID(sfAccount); - // Signers must be in sorted order by AccountID. AccountID lastAccountID(beast::zero); @@ -472,8 +505,10 @@ multiSignHelper( { auto const accountID = signer.getAccountID(sfAccount); - // The account owner may not multisign for themselves. - if (accountID == txnAccountID) + // The account owner may not usually multisign for themselves. + // If they can, txnAccountID will be unseated, which is not equal to any + // value. + if (txnAccountID == accountID) return Unexpected("Invalid multisigner."); // No duplicate signers allowed. @@ -489,6 +524,7 @@ multiSignHelper( // Verify the signature. bool validSig = false; + std::optional errorWhat; try { auto spk = signer.getFieldVL(sfSigningPubKey); @@ -502,15 +538,16 @@ multiSignHelper( fullyCanonical); } } - catch (std::exception const&) + catch (std::exception const& e) { // We assume any problem lies with the signature. validSig = false; + errorWhat = e.what(); } if (!validSig) return Unexpected( std::string("Invalid signature on account ") + - toBase58(accountID) + "."); + toBase58(accountID) + errorWhat.value_or("") + "."); } // All signatures verified. return {}; @@ -532,8 +569,9 @@ STTx::checkBatchMultiSign( serializeBatch(dataStart, getFlags(), getBatchTransactionIDs()); return multiSignHelper( batchSigner, + std::nullopt, fullyCanonical, - [&dataStart](AccountID const& accountID) mutable -> Serializer { + [&dataStart](AccountID const& accountID) -> Serializer { Serializer s = dataStart; finishMultiSigningData(accountID, s); return s; @@ -544,19 +582,27 @@ STTx::checkBatchMultiSign( Expected STTx::checkMultiSign( RequireFullyCanonicalSig requireCanonicalSig, - Rules const& rules) const + Rules const& rules, + STObject const& sigObject) const { bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) || (requireCanonicalSig == RequireFullyCanonicalSig::yes); + // Used inside the loop in multiSignHelper to enforce that + // the account owner may not multisign for themselves. + auto const txnAccountID = &sigObject != this + ? std::nullopt + : std::optional(getAccountID(sfAccount)); + // We can ease the computational load inside the loop a bit by // pre-constructing part of the data that we hash. Fill a Serializer // with the stuff that stays constant from signature to signature. Serializer dataStart = startMultiSigningData(*this); return multiSignHelper( - *this, + sigObject, + txnAccountID, fullyCanonical, - [&dataStart](AccountID const& accountID) mutable -> Serializer { + [&dataStart](AccountID const& accountID) -> Serializer { Serializer s = dataStart; finishMultiSigningData(accountID, s); return s; @@ -569,7 +615,7 @@ STTx::checkMultiSign( * * This function returns a vector of transaction IDs by extracting them from * the field array `sfRawTransactions` within the STTx. If the batch - * transaction IDs have already been computed and cached in `batch_txn_ids_`, + * transaction IDs have already been computed and cached in `batchTxnIds_`, * it returns the cached vector. Otherwise, it computes the transaction IDs, * caches them, and then returns the vector. * @@ -579,7 +625,7 @@ STTx::checkMultiSign( * empty and that the size of the computed batch transaction IDs matches the * size of the `sfRawTransactions` field array. */ -std::vector +std::vector const& STTx::getBatchTransactionIDs() const { XRPL_ASSERT( @@ -588,16 +634,20 @@ STTx::getBatchTransactionIDs() const XRPL_ASSERT( getFieldArray(sfRawTransactions).size() != 0, "STTx::getBatchTransactionIDs : empty raw transactions"); - if (batch_txn_ids_.size() != 0) - return batch_txn_ids_; - for (STObject const& rb : getFieldArray(sfRawTransactions)) - batch_txn_ids_.push_back(rb.getHash(HashPrefix::transactionID)); + // The list of inner ids is built once, then reused on subsequent calls. + // After the list is built, it must always have the same size as the array + // `sfRawTransactions`. The assert below verifies that. + if (batchTxnIds_.size() == 0) + { + for (STObject const& rb : getFieldArray(sfRawTransactions)) + batchTxnIds_.push_back(rb.getHash(HashPrefix::transactionID)); + } XRPL_ASSERT( - batch_txn_ids_.size() == getFieldArray(sfRawTransactions).size(), + batchTxnIds_.size() == getFieldArray(sfRawTransactions).size(), "STTx::getBatchTransactionIDs : batch transaction IDs size mismatch"); - return batch_txn_ids_; + return batchTxnIds_; } //------------------------------------------------------------------------------ diff --git a/src/test/jtx/JTx.h b/src/test/jtx/JTx.h index 198839dd28..36127f1843 100644 --- a/src/test/jtx/JTx.h +++ b/src/test/jtx/JTx.h @@ -54,7 +54,11 @@ struct JTx bool fill_sig = true; bool fill_netid = true; std::shared_ptr stx; - std::function signer; + // Functions that sign the transaction from the Account + std::vector> mainSigners; + // Functions that sign something else after the mainSigners, such as + // sfCounterpartySignature + std::vector> postSigners; JTx() = default; JTx(JTx const&) = default; diff --git a/src/test/jtx/TestHelpers.h b/src/test/jtx/TestHelpers.h index a7bdbb9b9f..5d919add47 100644 --- a/src/test/jtx/TestHelpers.h +++ b/src/test/jtx/TestHelpers.h @@ -618,7 +618,7 @@ create( } // namespace check -static constexpr FeeLevel64 baseFeeLevel{256}; +static constexpr FeeLevel64 baseFeeLevel{TxQ::baseLevel}; static constexpr FeeLevel64 minEscalationFeeLevel = baseFeeLevel * 500; template diff --git a/src/test/jtx/amount.h b/src/test/jtx/amount.h index a793f3a287..f14a65f6b8 100644 --- a/src/test/jtx/amount.h +++ b/src/test/jtx/amount.h @@ -213,14 +213,16 @@ public: template PrettyAmount - operator()(T v) const + operator()(T v, Number::rounding_mode rounding = Number::getround()) const { - return operator()(Number(v)); + return operator()(Number(v), rounding); } PrettyAmount - operator()(Number v) const + operator()(Number v, Number::rounding_mode rounding = Number::getround()) + const { + NumberRoundModeGuard mg(rounding); STAmount amount{asset_, v * scale_}; return {amount, ""}; } diff --git a/src/test/jtx/impl/Env.cpp b/src/test/jtx/impl/Env.cpp index f17f6cb39d..ce5f6f150c 100644 --- a/src/test/jtx/impl/Env.cpp +++ b/src/test/jtx/impl/Env.cpp @@ -34,6 +34,7 @@ #include #include +#include #include #include #include @@ -531,8 +532,22 @@ void Env::autofill_sig(JTx& jt) { auto& jv = jt.jv; - if (jt.signer) - return jt.signer(*this, jt); + + scope_success success([&]() { + // Call all the post-signers after the main signers or autofill are done + for (auto const& signer : jt.postSigners) + signer(*this, jt); + }); + + // Call all the main signers + if (!jt.mainSigners.empty()) + { + for (auto const& signer : jt.mainSigners) + signer(*this, jt); + return; + } + + // If the sig is still needed, get it here. if (!jt.fill_sig) return; auto const account = jv.isMember(sfDelegate.jsonName) diff --git a/src/test/jtx/impl/mpt.cpp b/src/test/jtx/impl/mpt.cpp index f2f51492e3..aaa5e433f2 100644 --- a/src/test/jtx/impl/mpt.cpp +++ b/src/test/jtx/impl/mpt.cpp @@ -507,7 +507,7 @@ MPTTester::getFlags(std::optional const& holder) const } MPT -MPTTester::operator[](std::string const& name) +MPTTester::operator[](std::string const& name) const { return MPT(name, issuanceID()); } diff --git a/src/test/jtx/impl/multisign.cpp b/src/test/jtx/impl/multisign.cpp index 6ed6df6804..fc6163a2f3 100644 --- a/src/test/jtx/impl/multisign.cpp +++ b/src/test/jtx/impl/multisign.cpp @@ -69,8 +69,15 @@ void msig::operator()(Env& env, JTx& jt) const { auto const mySigners = signers; - jt.signer = [mySigners, &env](Env&, JTx& jtx) { - jtx[sfSigningPubKey.getJsonName()] = ""; + auto callback = [subField = subField, mySigners, &env](Env&, JTx& jtx) { + // Where to put the signature. Supports sfCounterPartySignature. + auto& sigObject = subField ? jtx[*subField] : jtx.jv; + + // The signing pub key is only required at the top level. + if (!subField) + sigObject[sfSigningPubKey] = ""; + else if (sigObject.isNull()) + sigObject = Json::Value(Json::objectValue); std::optional st; try { @@ -81,7 +88,7 @@ msig::operator()(Env& env, JTx& jt) const env.test.log << pretty(jtx.jv) << std::endl; Rethrow(); } - auto& js = jtx[sfSigners.getJsonName()]; + auto& js = sigObject[sfSigners]; for (std::size_t i = 0; i < mySigners.size(); ++i) { auto const& e = mySigners[i]; @@ -96,6 +103,10 @@ msig::operator()(Env& env, JTx& jt) const strHex(Slice{sig.data(), sig.size()}); } }; + if (!subField) + jt.mainSigners.emplace_back(callback); + else + jt.postSigners.emplace_back(callback); } } // namespace jtx diff --git a/src/test/jtx/impl/sig.cpp b/src/test/jtx/impl/sig.cpp index fa1977fe08..6ea1c153cb 100644 --- a/src/test/jtx/impl/sig.cpp +++ b/src/test/jtx/impl/sig.cpp @@ -29,12 +29,22 @@ sig::operator()(Env&, JTx& jt) const { if (!manual_) return; - jt.fill_sig = false; + if (!subField_) + jt.fill_sig = false; if (account_) { // VFALCO Inefficient pre-C++14 auto const account = *account_; - jt.signer = [account](Env&, JTx& jtx) { jtx::sign(jtx.jv, account); }; + auto callback = [subField = subField_, account](Env&, JTx& jtx) { + // Where to put the signature. Supports sfCounterPartySignature. + auto& sigObject = subField ? jtx[*subField] : jtx.jv; + + jtx::sign(jtx.jv, account, sigObject); + }; + if (!subField_) + jt.mainSigners.emplace_back(callback); + else + jt.postSigners.emplace_back(callback); } } diff --git a/src/test/jtx/impl/utility.cpp b/src/test/jtx/impl/utility.cpp index 27b45a32cb..fbdbaee4ef 100644 --- a/src/test/jtx/impl/utility.cpp +++ b/src/test/jtx/impl/utility.cpp @@ -44,14 +44,20 @@ parse(Json::Value const& jv) } void -sign(Json::Value& jv, Account const& account) +sign(Json::Value& jv, Account const& account, Json::Value& sigObject) { - jv[jss::SigningPubKey] = strHex(account.pk().slice()); + sigObject[jss::SigningPubKey] = strHex(account.pk().slice()); Serializer ss; ss.add32(HashPrefix::txSign); parse(jv).addWithoutSigningFields(ss); auto const sig = ripple::sign(account.pk(), account.sk(), ss.slice()); - jv[jss::TxnSignature] = strHex(Slice{sig.data(), sig.size()}); + sigObject[jss::TxnSignature] = strHex(Slice{sig.data(), sig.size()}); +} + +void +sign(Json::Value& jv, Account const& account) +{ + sign(jv, account, jv); } void diff --git a/src/test/jtx/mpt.h b/src/test/jtx/mpt.h index 2eacac68ec..422afa8fab 100644 --- a/src/test/jtx/mpt.h +++ b/src/test/jtx/mpt.h @@ -235,7 +235,7 @@ public: getBalance(Account const& account) const; MPT - operator[](std::string const& name); + operator[](std::string const& name) const; private: using SLEP = std::shared_ptr; diff --git a/src/test/jtx/multisign.h b/src/test/jtx/multisign.h index 1fed895c6d..7a035a9ff0 100644 --- a/src/test/jtx/multisign.h +++ b/src/test/jtx/multisign.h @@ -67,18 +67,63 @@ class msig { public: std::vector signers; + /** Alternative transaction object field in which to place the signer list. + * + * subField is only supported if an account_ is provided as well. + */ + SField const* const subField = nullptr; + /// Used solely as a convenience placeholder for ctors that do _not_ specify + /// a subfield. + static constexpr SField* const topLevel = nullptr; - msig(std::vector signers_) : signers(std::move(signers_)) + msig(SField const* subField_, std::vector signers_) + : signers(std::move(signers_)), subField(subField_) { sortSigners(signers); } + msig(SField const& subField_, std::vector signers_) + : msig{&subField_, signers_} + { + } + + msig(std::vector signers_) : msig(topLevel, signers_) + { + } + template requires std::convertible_to - explicit msig(AccountType&& a0, Accounts&&... aN) - : signers{std::forward(a0), std::forward(aN)...} + explicit msig(SField const* subField_, AccountType&& a0, Accounts&&... aN) + : msig{ + subField_, + std::vector{ + std::forward(a0), + std::forward(aN)...}} + { + } + + template + requires std::convertible_to + explicit msig(SField const& subField_, AccountType&& a0, Accounts&&... aN) + : msig{ + &subField_, + std::vector{ + std::forward(a0), + std::forward(aN)...}} + { + } + + template + requires( + std::convertible_to && + !std::is_same_v) + explicit msig(AccountType&& a0, Accounts&&... aN) + : msig{ + topLevel, + std::vector{ + std::forward(a0), + std::forward(aN)...}} { - sortSigners(signers); } void diff --git a/src/test/jtx/sig.h b/src/test/jtx/sig.h index aa65a4f697..b96a306a37 100644 --- a/src/test/jtx/sig.h +++ b/src/test/jtx/sig.h @@ -35,7 +35,20 @@ class sig { private: bool manual_ = true; + /** Alternative transaction object field in which to place the signature. + * + * subField is only supported if an account_ is provided as well. + */ + SField const* const subField_ = nullptr; + /** Account that will generate the signature. + * + * If not provided, no signature will be added by this helper. See also + * Env::autofill_sig. + */ std::optional account_; + /// Used solely as a convenience placeholder for ctors that do _not_ specify + /// a subfield. + static constexpr SField* const topLevel = nullptr; public: explicit sig(autofill_t) : manual_(false) @@ -46,7 +59,17 @@ public: { } - explicit sig(Account const& account) : account_(account) + explicit sig(SField const* subField, Account const& account) + : subField_(subField), account_(account) + { + } + + explicit sig(SField const& subField, Account const& account) + : sig(&subField, account) + { + } + + explicit sig(Account const& account) : sig(topLevel, account) { } diff --git a/src/test/jtx/utility.h b/src/test/jtx/utility.h index 2c21fbd3ff..9e89c3bb93 100644 --- a/src/test/jtx/utility.h +++ b/src/test/jtx/utility.h @@ -51,6 +51,12 @@ struct parse_error : std::logic_error STObject parse(Json::Value const& jv); +/** Sign automatically into a specific Json field of the jv object. + @note This only works on accounts with multi-signing off. +*/ +void +sign(Json::Value& jv, Account const& account, Json::Value& sigObject); + /** Sign automatically. @note This only works on accounts with multi-signing off. */ diff --git a/src/test/rpc/RPCCall_test.cpp b/src/test/rpc/RPCCall_test.cpp index d22896388d..26a6a536ef 100644 --- a/src/test/rpc/RPCCall_test.cpp +++ b/src/test/rpc/RPCCall_test.cpp @@ -4643,10 +4643,34 @@ static RPCCallTestData const rpcCallTestArray[] = { } ] })"}, - {"sign: too many arguments.", + {"sign: offline flag with signature_target.", __LINE__, {"sign", "my_secret", R"({"json_argument":true})", "offline", "extra"}, RPCCallTestData::no_exception, + R"({ + "method" : "sign", + "params" : [ + { + "api_version" : %API_VER%, + "offline" : true, + "secret" : "my_secret", + "signature_target" : "extra", + "tx_json" : + { + "json_argument" : true + } + } + ] + })"}, + {"sign: too many arguments.", + __LINE__, + {"sign", + "my_secret", + R"({"json_argument":true})", + "offline", + "CounterpartySignature", + "extra"}, + RPCCallTestData::no_exception, R"({ "method" : "sign", "params" : [ @@ -4675,20 +4699,24 @@ static RPCCallTestData const rpcCallTestArray[] = { } ] })"}, - {"sign: invalid final argument.", + {"sign: misspelled offline flag interpreted as signature_target.", __LINE__, {"sign", "my_secret", R"({"json_argument":true})", "offlin"}, RPCCallTestData::no_exception, R"({ - "method" : "sign", - "params" : [ - { - "error" : "invalidParams", - "error_code" : 31, - "error_message" : "Invalid parameters." - } - ] - })"}, + "method" : "sign", + "params" : [ + { + "api_version" : %API_VER%, + "secret" : "my_secret", + "signature_target" : "offlin", + "tx_json" : + { + "json_argument" : true + } + } + ] + })"}, // sign_for // -------------------------------------------------------------------- @@ -4880,10 +4908,34 @@ static RPCCallTestData const rpcCallTestArray[] = { } ] })"}, - {"submit: too many arguments.", + {"submit: offline flag with signature_target.", __LINE__, {"submit", "my_secret", R"({"json_argument":true})", "offline", "extra"}, RPCCallTestData::no_exception, + R"({ + "method" : "submit", + "params" : [ + { + "api_version" : %API_VER%, + "offline" : true, + "secret" : "my_secret", + "signature_target" : "extra", + "tx_json" : + { + "json_argument" : true + } + } + ] + })"}, + {"submit: too many arguments.", + __LINE__, + {"submit", + "my_secret", + R"({"json_argument":true})", + "offline", + "CounterpartySignature", + "extra"}, + RPCCallTestData::no_exception, R"({ "method" : "submit", "params" : [ @@ -4912,19 +4964,23 @@ static RPCCallTestData const rpcCallTestArray[] = { } ] })"}, - {"submit: last argument not \"offline\".", + {"submit: misspelled offline flag interpreted as signature_target.", __LINE__, {"submit", "my_secret", R"({"json_argument":true})", "offlne"}, RPCCallTestData::no_exception, R"({ - "method" : "submit", - "params" : [ - { - "error" : "invalidParams", - "error_code" : 31, - "error_message" : "Invalid parameters." - } - ] + "method" : "submit", + "params" : [ + { + "api_version" : %API_VER%, + "secret" : "my_secret", + "signature_target" : "offlne", + "tx_json" : + { + "json_argument" : true + } + } + ] })"}, // submit_multisigned diff --git a/src/xrpld/app/main/Main.cpp b/src/xrpld/app/main/Main.cpp index 2353d7acd1..3dff9d4d5f 100644 --- a/src/xrpld/app/main/Main.cpp +++ b/src/xrpld/app/main/Main.cpp @@ -173,7 +173,7 @@ printHelp(po::options_description const& desc) " server_state [counters]\n" " sign [offline]\n" " sign_for " - "[offline]\n" + "[offline] []\n" " stop\n" " simulate [|] []\n" " submit |[ ]\n" diff --git a/src/xrpld/app/tx/detail/Batch.cpp b/src/xrpld/app/tx/detail/Batch.cpp index cba89348d0..4ffdd2d57c 100644 --- a/src/xrpld/app/tx/detail/Batch.cpp +++ b/src/xrpld/app/tx/detail/Batch.cpp @@ -237,6 +237,39 @@ Batch::preflight(PreflightContext const& ctx) std::unordered_set uniqueHashes; std::unordered_map> accountSeqTicket; + auto checkSignatureFields = [&parentBatchId, &j = ctx.j]( + STObject const& sig, + uint256 const& hash, + char const* label = "") -> NotTEC { + if (sig.isFieldPresent(sfTxnSignature)) + { + JLOG(j.debug()) + << "BatchTrace[" << parentBatchId << "]: " + << "inner txn " << label << "cannot include TxnSignature. " + << "txID: " << hash; + return temBAD_SIGNATURE; + } + + if (sig.isFieldPresent(sfSigners)) + { + JLOG(j.debug()) + << "BatchTrace[" << parentBatchId << "]: " + << "inner txn " << label << " cannot include Signers. " + << "txID: " << hash; + return temBAD_SIGNER; + } + + if (!sig.getFieldVL(sfSigningPubKey).empty()) + { + JLOG(j.debug()) + << "BatchTrace[" << parentBatchId << "]: " + << "inner txn " << label << " SigningPubKey must be empty. " + << "txID: " << hash; + return temBAD_REGKEY; + } + + return tesSUCCESS; + }; for (STObject rb : rawTxns) { STTx const stx = STTx{std::move(rb)}; @@ -266,29 +299,23 @@ Batch::preflight(PreflightContext const& ctx) return temINVALID_FLAG; } - if (stx.isFieldPresent(sfTxnSignature)) - { - JLOG(ctx.j.debug()) << "BatchTrace[" << parentBatchId << "]: " - << "inner txn cannot include TxnSignature. " - << "txID: " << hash; - return temBAD_SIGNATURE; - } + if (auto const ret = checkSignatureFields(stx, hash)) + return ret; - if (stx.isFieldPresent(sfSigners)) + /* Placeholder for field that will be added by Lending Protocol + // Note that the CounterpartySignature is optional, and should not be + // included, but if it is, ensure it doesn't contain a signature. + if (stx.isFieldPresent(sfCounterpartySignature)) { - JLOG(ctx.j.debug()) << "BatchTrace[" << parentBatchId << "]: " - << "inner txn cannot include Signers. " - << "txID: " << hash; - return temBAD_SIGNER; - } - - if (!stx.getSigningPubKey().empty()) - { - JLOG(ctx.j.debug()) << "BatchTrace[" << parentBatchId << "]: " - << "inner txn SigningPubKey must be empty. " - << "txID: " << hash; - return temBAD_REGKEY; + auto const counterpartySignature = + stx.getFieldObject(sfCounterpartySignature); + if (auto const ret = checkSignatureFields( + counterpartySignature, hash, "counterparty signature ")) + { + return ret; + } } + */ auto const innerAccount = stx.getAccountID(sfAccount); if (auto const preflightResult = ripple::preflight( @@ -385,6 +412,13 @@ Batch::preflightSigValidated(PreflightContext const& ctx) // inner account to the required signers set. if (innerAccount != outerAccount) requiredSigners.insert(innerAccount); + /* Placeholder for field that will be added by Lending Protocol + // Some transactions have a Counterparty, who must also sign the + // transaction if they are not the outer account + if (auto const counterparty = rb.at(~sfCounterparty); + counterparty && counterparty != outerAccount) + requiredSigners.insert(*counterparty); + */ } // Validation Batch Signers diff --git a/src/xrpld/rpc/detail/RPCCall.cpp b/src/xrpld/rpc/detail/RPCCall.cpp index 57432d920f..822eb440b3 100644 --- a/src/xrpld/rpc/detail/RPCCall.cpp +++ b/src/xrpld/rpc/detail/RPCCall.cpp @@ -965,7 +965,16 @@ private: Json::Value txJSON; Json::Reader reader; bool const bOffline = - 3 == jvParams.size() && jvParams[2u].asString() == "offline"; + jvParams.size() >= 3 && jvParams[2u].asString() == "offline"; + std::optional const field = + [&jvParams, bOffline]() -> std::optional { + if (jvParams.size() < 3) + return std::nullopt; + if (jvParams.size() < 4 && bOffline) + return std::nullopt; + Json::UInt index = bOffline ? 3u : 2u; + return jvParams[index].asString(); + }(); if (1 == jvParams.size()) { @@ -978,7 +987,7 @@ private: return jvRequest; } else if ( - (2 == jvParams.size() || bOffline) && + (jvParams.size() >= 2 || bOffline) && reader.parse(jvParams[1u].asString(), txJSON)) { // Signing or submitting tx_json. @@ -990,6 +999,9 @@ private: if (bOffline) jvRequest[jss::offline] = true; + if (field) + jvRequest[jss::signature_target] = *field; + return jvRequest; } @@ -1270,11 +1282,11 @@ public: {"server_definitions", &RPCParser::parseServerDefinitions, 0, 1}, {"server_info", &RPCParser::parseServerInfo, 0, 1}, {"server_state", &RPCParser::parseServerInfo, 0, 1}, - {"sign", &RPCParser::parseSignSubmit, 2, 3}, + {"sign", &RPCParser::parseSignSubmit, 2, 4}, {"sign_for", &RPCParser::parseSignFor, 3, 4}, {"stop", &RPCParser::parseAsIs, 0, 0}, {"simulate", &RPCParser::parseSimulate, 1, 2}, - {"submit", &RPCParser::parseSignSubmit, 1, 3}, + {"submit", &RPCParser::parseSignSubmit, 1, 4}, {"submit_multisigned", &RPCParser::parseSubmitMultiSigned, 1, 1}, {"transaction_entry", &RPCParser::parseTransactionEntry, 2, 2}, {"tx", &RPCParser::parseTx, 1, 4}, diff --git a/src/xrpld/rpc/detail/TransactionSign.cpp b/src/xrpld/rpc/detail/TransactionSign.cpp index 175fd84c9b..aa7c706a19 100644 --- a/src/xrpld/rpc/detail/TransactionSign.cpp +++ b/src/xrpld/rpc/detail/TransactionSign.cpp @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -54,6 +55,7 @@ private: AccountID const* const multiSigningAcctID_; std::optional multiSignPublicKey_; Buffer multiSignature_; + std::optional> signatureTarget_; public: explicit SigningForParams() : multiSigningAcctID_(nullptr) @@ -116,12 +118,25 @@ public: return multiSignature_; } + std::optional> const& + getSignatureTarget() const + { + return signatureTarget_; + } + void setPublicKey(PublicKey const& multiSignPublicKey) { multiSignPublicKey_ = multiSignPublicKey; } + void + setSignatureTarget( + std::optional> const& field) + { + signatureTarget_ = field; + } + void moveMultiSignature(Buffer&& multiSignature) { @@ -427,6 +442,29 @@ transactionPreProcessImpl( bool const verify = !(params.isMember(jss::offline) && params[jss::offline].asBool()); + auto const signatureTarget = + [¶ms]() -> std::optional> { + if (params.isMember(jss::signature_target)) + return SField::getField(params[jss::signature_target].asString()); + return std::nullopt; + }(); + + // Make sure the signature target field is valid, if specified, and save the + // template for use later + auto const signatureTemplate = signatureTarget + ? InnerObjectFormats::getInstance().findSOTemplateBySField( + *signatureTarget) + : nullptr; + if (signatureTarget) + { + if (!signatureTemplate) + { // Invalid target field + return RPC::make_error( + rpcINVALID_PARAMS, signatureTarget->get().getName()); + } + signingArgs.setSignatureTarget(signatureTarget); + } + if (!params.isMember(jss::tx_json)) return RPC::missing_field_error(jss::tx_json); @@ -541,9 +579,10 @@ transactionPreProcessImpl( JLOG(j.trace()) << "verify: " << toBase58(calcAccountID(pk)) << " : " << toBase58(srcAddressID); - // Don't do this test if multisigning since the account and secret - // probably don't belong together in that case. - if (!signingArgs.isMultiSigning()) + // Don't do this test if multisigning or if the signature is going into + // an alternate field since the account and secret probably don't belong + // together in that case. + if (!signingArgs.isMultiSigning() && !signatureTarget) { // Make sure the account and secret belong together. if (tx_json.isMember(sfDelegate.jsonName)) @@ -598,7 +637,17 @@ transactionPreProcessImpl( { // If we're generating a multi-signature the SigningPubKey must be // empty, otherwise it must be the master account's public key. - parsed.object->setFieldVL( + STObject* sigObject = &*parsed.object; + if (signatureTarget) + { + // If the target object doesn't exist, make one. + if (!parsed.object->isFieldPresent(*signatureTarget)) + parsed.object->setFieldObject( + *signatureTarget, + STObject{*signatureTemplate, *signatureTarget}); + sigObject = &parsed.object->peekFieldObject(*signatureTarget); + } + sigObject->setFieldVL( sfSigningPubKey, signingArgs.isMultiSigning() ? Slice(nullptr, 0) : pk.slice()); @@ -630,7 +679,7 @@ transactionPreProcessImpl( } else if (signingArgs.isSingleSigning()) { - stTx->sign(pk, sk); + stTx->sign(pk, sk, signatureTarget); } return transactionPreProcessResult{std::move(stTx)}; @@ -1195,11 +1244,17 @@ transactionSignFor( signer.setFieldVL( sfSigningPubKey, signForParams.getPublicKey().slice()); + STObject& sigTarget = [&]() -> STObject& { + auto const target = signForParams.getSignatureTarget(); + if (target) + return sttx->peekFieldObject(*target); + return *sttx; + }(); // If there is not yet a Signers array, make one. - if (!sttx->isFieldPresent(sfSigners)) - sttx->setFieldArray(sfSigners, {}); + if (!sigTarget.isFieldPresent(sfSigners)) + sigTarget.setFieldArray(sfSigners, {}); - auto& signers = sttx->peekFieldArray(sfSigners); + auto& signers = sigTarget.peekFieldArray(sfSigners); signers.emplace_back(std::move(signer)); // The array must be sorted and validated. From 4cb1084c02ee4ac7149a3d0753ee636cae37caf2 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 30 Oct 2025 21:04:55 +0000 Subject: [PATCH 7/9] fix: Change Credential sfSubjectNode to optional (#5936) Field `sfSubjectNode` is not populated by `CredentialCreate` in self-issued credentials. Rather than fixup the Credentials already on the ledger, we can in this case safely change the object template for this field from `soeREQUIRED` to `soeOPTIONAL`. --- include/xrpl/protocol/detail/ledger_entries.macro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/xrpl/protocol/detail/ledger_entries.macro b/include/xrpl/protocol/detail/ledger_entries.macro index f76188095e..d3b1b3c651 100644 --- a/include/xrpl/protocol/detail/ledger_entries.macro +++ b/include/xrpl/protocol/detail/ledger_entries.macro @@ -457,7 +457,7 @@ LEDGER_ENTRY(ltCREDENTIAL, 0x0081, Credential, credential, ({ {sfExpiration, soeOPTIONAL}, {sfURI, soeOPTIONAL}, {sfIssuerNode, soeREQUIRED}, - {sfSubjectNode, soeREQUIRED}, + {sfSubjectNode, soeOPTIONAL}, {sfPreviousTxnID, soeREQUIRED}, {sfPreviousTxnLgrSeq, soeREQUIRED}, })) From 2dd1d682ac894a7ae9bb3e35437d454dd18c32be Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 30 Oct 2025 21:31:03 +0000 Subject: [PATCH 8/9] Remove directory size limit (#5935) This change introduces the `fixDirectoryLimit` amendment to remove the directory pages limit. We found that the directory size limit is easier to hit than originally assumed, and there is no good reason to keep this limit, since the object reserve provides the necessary incentive to avoid creating unnecessary objects on the ledger. --- include/xrpl/protocol/Protocol.h | 5 +- include/xrpl/protocol/detail/features.macro | 3 +- src/libxrpl/ledger/ApplyView.cpp | 18 ++- src/test/app/Credentials_test.cpp | 34 +++++ src/test/jtx.h | 1 + src/test/jtx/directory.h | 81 +++++++++++ src/test/jtx/impl/directory.cpp | 145 ++++++++++++++++++++ src/test/ledger/Directory_test.cpp | 88 ++++++++++++ src/xrpld/app/tx/detail/Credentials.cpp | 4 +- 9 files changed, 373 insertions(+), 6 deletions(-) create mode 100644 src/test/jtx/directory.h create mode 100644 src/test/jtx/impl/directory.cpp diff --git a/include/xrpl/protocol/Protocol.h b/include/xrpl/protocol/Protocol.h index 84b8c3889b..b3e7086d03 100644 --- a/include/xrpl/protocol/Protocol.h +++ b/include/xrpl/protocol/Protocol.h @@ -55,7 +55,10 @@ std::size_t constexpr oversizeMetaDataCap = 5200; /** The maximum number of entries per directory page */ std::size_t constexpr dirNodeMaxEntries = 32; -/** The maximum number of pages allowed in a directory */ +/** The maximum number of pages allowed in a directory + + Made obsolete by fixDirectoryLimit amendment. +*/ std::uint64_t constexpr dirNodeMaxPages = 262144; /** The maximum number of items in an NFT page */ diff --git a/include/xrpl/protocol/detail/features.macro b/include/xrpl/protocol/detail/features.macro index c20f323e3d..6100c9c61b 100644 --- a/include/xrpl/protocol/detail/features.macro +++ b/include/xrpl/protocol/detail/features.macro @@ -29,9 +29,8 @@ // Add new amendments to the top of this list. // Keep it sorted in reverse chronological order. -// If you add an amendment here, then do not forget to increment `numFeatures` -// in include/xrpl/protocol/Feature.h. +XRPL_FIX (DirectoryLimit, Supported::yes, VoteBehavior::DefaultNo) XRPL_FIX (IncludeKeyletFields, Supported::yes, VoteBehavior::DefaultNo) XRPL_FEATURE(DynamicMPT, Supported::no, VoteBehavior::DefaultNo) XRPL_FIX (TokenEscrowV1, Supported::yes, VoteBehavior::DefaultNo) diff --git a/src/libxrpl/ledger/ApplyView.cpp b/src/libxrpl/ledger/ApplyView.cpp index b2a24f4582..bbc8f317ce 100644 --- a/src/libxrpl/ledger/ApplyView.cpp +++ b/src/libxrpl/ledger/ApplyView.cpp @@ -22,6 +22,9 @@ #include #include +#include +#include + namespace ripple { std::optional @@ -91,8 +94,21 @@ ApplyView::dirAdd( return page; } + // We rely on modulo arithmetic of unsigned integers (guaranteed in + // [basic.fundamental] paragraph 2) to detect page representation overflow. + // For signed integers this would be UB, hence static_assert here. + static_assert(std::is_unsigned_v); + // Defensive check against breaking changes in compiler. + static_assert([](std::type_identity) constexpr -> T { + T tmp = std::numeric_limits::max(); + return ++tmp; + }(std::type_identity{}) == 0); + ++page; // Check whether we're out of pages. - if (++page >= dirNodeMaxPages) + if (page == 0) + return std::nullopt; + if (!rules().enabled(fixDirectoryLimit) && + page >= dirNodeMaxPages) // Old pages limit return std::nullopt; // We are about to create a new node; we'll link it to diff --git a/src/test/app/Credentials_test.cpp b/src/test/app/Credentials_test.cpp index 8f953bf35c..ed19c4da2a 100644 --- a/src/test/app/Credentials_test.cpp +++ b/src/test/app/Credentials_test.cpp @@ -558,6 +558,39 @@ struct Credentials_test : public beast::unit_test::suite jle[jss::result][jss::node]["CredentialType"] == strHex(std::string_view(credType))); } + + { + testcase("Credentials fail, directory full"); + std::uint32_t const issuerSeq{env.seq(issuer) + 1}; + env(ticket::create(issuer, 63)); + env.close(); + + // Everything below can only be tested on open ledger. + auto const res1 = directory::bumpLastPage( + env, + directory::maximumPageIndex(env), + keylet::ownerDir(issuer.id()), + directory::adjustOwnerNode); + BEAST_EXPECT(res1); + + auto const jv = credentials::create(issuer, subject, credType); + env(jv, ter(tecDIR_FULL)); + // Free one directory entry by using a ticket + env(noop(issuer), ticket::use(issuerSeq + 40)); + + // Fill subject directory + env(ticket::create(subject, 63)); + auto const res2 = directory::bumpLastPage( + env, + directory::maximumPageIndex(env), + keylet::ownerDir(subject.id()), + directory::adjustOwnerNode); + BEAST_EXPECT(res2); + env(jv, ter(tecDIR_FULL)); + + // End test + env.close(); + } } { @@ -1084,6 +1117,7 @@ struct Credentials_test : public beast::unit_test::suite testSuccessful(all); testCredentialsDelete(all); testCreateFailed(all); + testCreateFailed(all - fixDirectoryLimit); testAcceptFailed(all); testDeleteFailed(all); testFeatureFailed(all - featureCredentials); diff --git a/src/test/jtx.h b/src/test/jtx.h index 6347b9dcf9..3d3a4f41f8 100644 --- a/src/test/jtx.h +++ b/src/test/jtx.h @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include diff --git a/src/test/jtx/directory.h b/src/test/jtx/directory.h new file mode 100644 index 0000000000..67e9900c6c --- /dev/null +++ b/src/test/jtx/directory.h @@ -0,0 +1,81 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2025 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +#ifndef RIPPLE_TEST_JTX_DIRECTORY_H_INCLUDED +#define RIPPLE_TEST_JTX_DIRECTORY_H_INCLUDED + +#include + +#include +#include +#include + +#include +#include + +namespace ripple::test::jtx { + +/** Directory operations. */ +namespace directory { + +enum Error { + DirectoryRootNotFound, + DirectoryTooSmall, + DirectoryPageDuplicate, + DirectoryPageNotFound, + InvalidLastPage, + AdjustmentError +}; + +/// Move the position of the last page in the user's directory on open ledger to +/// newLastPage. Requirements: +/// - directory must have at least two pages (root and one more) +/// - adjust should be used to update owner nodes of the objects affected +/// - newLastPage must be greater than index of the last page in the directory +/// +/// Use this to test tecDIR_FULL errors in open ledger. +/// NOTE: effects will be DISCARDED on env.close() +auto +bumpLastPage( + Env& env, + std::uint64_t newLastPage, + Keylet directory, + std::function adjust) + -> Expected; + +/// Implementation of adjust for the most common ledger entry, i.e. one where +/// page index is stored in sfOwnerNode (and only there). Pass this function +/// to bumpLastPage if the last page of directory has only objects +/// of this kind (e.g. ticket, DID, offer, deposit preauth, MPToken etc.) +bool +adjustOwnerNode(ApplyView& view, uint256 key, std::uint64_t page); + +inline auto +maximumPageIndex(Env const& env) -> std::uint64_t +{ + if (env.enabled(fixDirectoryLimit)) + return std::numeric_limits::max(); + return dirNodeMaxPages - 1; +} + +} // namespace directory + +} // namespace ripple::test::jtx + +#endif diff --git a/src/test/jtx/impl/directory.cpp b/src/test/jtx/impl/directory.cpp new file mode 100644 index 0000000000..8250c5422e --- /dev/null +++ b/src/test/jtx/impl/directory.cpp @@ -0,0 +1,145 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2025 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +#include + +#include + +namespace ripple::test::jtx { + +/** Directory operations. */ +namespace directory { + +auto +bumpLastPage( + Env& env, + std::uint64_t newLastPage, + Keylet directory, + std::function adjust) + -> Expected +{ + Expected res{}; + env.app().openLedger().modify( + [&](OpenView& view, beast::Journal j) -> bool { + Sandbox sb(&view, tapNONE); + + // Find the root page + auto sleRoot = sb.peek(directory); + if (!sleRoot) + { + res = Unexpected(DirectoryRootNotFound); + return false; + } + + // Find last page + auto const lastIndex = sleRoot->getFieldU64(sfIndexPrevious); + if (lastIndex == 0) + { + res = Unexpected(DirectoryTooSmall); + return false; + } + + if (sb.exists(keylet::page(directory, newLastPage))) + { + res = Unexpected(DirectoryPageDuplicate); + return false; + } + + if (lastIndex >= newLastPage) + { + res = Unexpected(InvalidLastPage); + return false; + } + + auto slePage = sb.peek(keylet::page(directory, lastIndex)); + if (!slePage) + { + res = Unexpected(DirectoryPageNotFound); + return false; + } + + // Copy its data and delete the page + auto indexes = slePage->getFieldV256(sfIndexes); + auto prevIndex = slePage->at(~sfIndexPrevious); + auto owner = slePage->at(~sfOwner); + sb.erase(slePage); + + // Create new page to replace slePage + auto sleNew = + std::make_shared(keylet::page(directory, newLastPage)); + sleNew->setFieldH256(sfRootIndex, directory.key); + sleNew->setFieldV256(sfIndexes, indexes); + if (owner) + sleNew->setAccountID(sfOwner, *owner); + if (prevIndex) + sleNew->setFieldU64(sfIndexPrevious, *prevIndex); + sb.insert(sleNew); + + // Adjust root previous and previous node's next + sleRoot->setFieldU64(sfIndexPrevious, newLastPage); + if (prevIndex.value_or(0) == 0) + sleRoot->setFieldU64(sfIndexNext, newLastPage); + else + { + auto slePrev = sb.peek(keylet::page(directory, *prevIndex)); + if (!slePrev) + { + res = Unexpected(DirectoryPageNotFound); + return false; + } + slePrev->setFieldU64(sfIndexNext, newLastPage); + sb.update(slePrev); + } + sb.update(sleRoot); + + // Fixup page numbers in the objects referred by indexes + if (adjust) + for (auto const key : indexes) + { + if (!adjust(sb, key, newLastPage)) + { + res = Unexpected(AdjustmentError); + return false; + } + } + + sb.apply(view); + return true; + }); + + return res; +} + +bool +adjustOwnerNode(ApplyView& view, uint256 key, std::uint64_t page) +{ + auto sle = view.peek({ltANY, key}); + if (sle && sle->isFieldPresent(sfOwnerNode)) + { + sle->setFieldU64(sfOwnerNode, page); + view.update(sle); + return true; + } + + return false; +} + +} // namespace directory + +} // namespace ripple::test::jtx diff --git a/src/test/ledger/Directory_test.cpp b/src/test/ledger/Directory_test.cpp index fe8f04523f..3488f25fd8 100644 --- a/src/test/ledger/Directory_test.cpp +++ b/src/test/ledger/Directory_test.cpp @@ -22,9 +22,11 @@ #include #include #include +#include #include #include +#include namespace ripple { namespace test { @@ -489,6 +491,91 @@ struct Directory_test : public beast::unit_test::suite } } + void + testDirectoryFull() + { + using namespace test::jtx; + Account alice("alice"); + + auto const testCase = [&, this](FeatureBitset features, auto setup) { + using namespace test::jtx; + + Env env(*this, features); + env.fund(XRP(20000), alice); + env.close(); + + auto const [lastPage, full] = setup(env); + + // Populate root page and last page + for (int i = 0; i < 63; ++i) + env(credentials::create(alice, alice, std::to_string(i))); + env.close(); + + // NOTE, everything below can only be tested on open ledger because + // there is no transaction type to express what bumpLastPage does. + + // Bump position of last page from 1 to highest possible + auto const res = directory::bumpLastPage( + env, + lastPage, + keylet::ownerDir(alice.id()), + [lastPage, this]( + ApplyView& view, uint256 key, std::uint64_t page) { + auto sle = view.peek({ltCREDENTIAL, key}); + if (!BEAST_EXPECT(sle)) + return false; + + BEAST_EXPECT(page == lastPage); + sle->setFieldU64(sfIssuerNode, page); + // sfSubjectNode is not set in self-issued credentials + view.update(sle); + return true; + }); + BEAST_EXPECT(res); + + // Create one more credential + env(credentials::create(alice, alice, std::to_string(63))); + + // Not enough space for another object if full + auto const expected = full ? ter{tecDIR_FULL} : ter{tesSUCCESS}; + env(credentials::create(alice, alice, "foo"), expected); + + // Destroy all objects in directory + for (int i = 0; i < 64; ++i) + env(credentials::deleteCred( + alice, alice, alice, std::to_string(i))); + + if (!full) + env(credentials::deleteCred(alice, alice, alice, "foo")); + + // Verify directory is empty. + auto const sle = env.le(keylet::ownerDir(alice.id())); + BEAST_EXPECT(sle == nullptr); + + // Test completed + env.close(); + }; + + testCase( + testable_amendments() - fixDirectoryLimit, + [this](Env&) -> std::tuple { + testcase("directory full without fixDirectoryLimit"); + return {dirNodeMaxPages - 1, true}; + }); + testCase( + testable_amendments(), // + [this](Env&) -> std::tuple { + testcase("directory not full with fixDirectoryLimit"); + return {dirNodeMaxPages - 1, false}; + }); + testCase( + testable_amendments(), // + [this](Env&) -> std::tuple { + testcase("directory full with fixDirectoryLimit"); + return {std::numeric_limits::max(), true}; + }); + } + void run() override { @@ -497,6 +584,7 @@ struct Directory_test : public beast::unit_test::suite testRipd1353(); testEmptyChain(); testPreviousTxnID(); + testDirectoryFull(); } }; diff --git a/src/xrpld/app/tx/detail/Credentials.cpp b/src/xrpld/app/tx/detail/Credentials.cpp index b6471d6a20..2277b4ace6 100644 --- a/src/xrpld/app/tx/detail/Credentials.cpp +++ b/src/xrpld/app/tx/detail/Credentials.cpp @@ -162,7 +162,7 @@ CredentialCreate::doApply() << to_string(credentialKey.key) << ": " << (page ? "success" : "failure"); if (!page) - return tecDIR_FULL; // LCOV_EXCL_LINE + return tecDIR_FULL; sleCred->setFieldU64(sfIssuerNode, *page); adjustOwnerCount(view(), sleIssuer, 1, j_); @@ -182,7 +182,7 @@ CredentialCreate::doApply() << to_string(credentialKey.key) << ": " << (page ? "success" : "failure"); if (!page) - return tecDIR_FULL; // LCOV_EXCL_LINE + return tecDIR_FULL; sleCred->setFieldU64(sfSubjectNode, *page); view().update(view().peek(keylet::account(subject))); } From cf2d763fa128b9c2116d2933f92556928ea69570 Mon Sep 17 00:00:00 2001 From: Vlad <129996061+vvysokikh1@users.noreply.github.com> Date: Fri, 31 Oct 2025 16:10:14 +0000 Subject: [PATCH 9/9] refactor: Improve txset handling (#5951) --- src/xrpld/overlay/detail/OverlayImpl.cpp | 11 +- src/xrpld/shamap/detail/SHAMapSync.cpp | 127 ++++++++++++++--------- 2 files changed, 87 insertions(+), 51 deletions(-) diff --git a/src/xrpld/overlay/detail/OverlayImpl.cpp b/src/xrpld/overlay/detail/OverlayImpl.cpp index 025fcfabce..5f3404196f 100644 --- a/src/xrpld/overlay/detail/OverlayImpl.cpp +++ b/src/xrpld/overlay/detail/OverlayImpl.cpp @@ -1228,7 +1228,16 @@ OverlayImpl::relay( { auto& txn = tx->get(); SerialIter sit(makeSlice(txn.rawtransaction())); - relay = !isPseudoTx(STTx{sit}); + try + { + relay = !isPseudoTx(STTx{sit}); + } + catch (std::exception const&) + { + // Could not construct STTx, not relaying + JLOG(journal_.debug()) << "Could not construct STTx: " << hash; + return; + } } Overlay::PeerSequence peers = {}; diff --git a/src/xrpld/shamap/detail/SHAMapSync.cpp b/src/xrpld/shamap/detail/SHAMapSync.cpp index 176c9f2a3a..8a7d75ccf8 100644 --- a/src/xrpld/shamap/detail/SHAMapSync.cpp +++ b/src/xrpld/shamap/detail/SHAMapSync.cpp @@ -18,6 +18,7 @@ //============================================================================== #include +#include #include #include @@ -591,16 +592,16 @@ SHAMap::addKnownNode( } auto const generation = f_.getFullBelowCache()->getGeneration(); - SHAMapNodeID iNodeID; - auto iNode = root_.get(); + SHAMapNodeID currNodeID; + auto currNode = root_.get(); - while (iNode->isInner() && - !static_cast(iNode)->isFullBelow(generation) && - (iNodeID.getDepth() < node.getDepth())) + while (currNode->isInner() && + !static_cast(currNode)->isFullBelow(generation) && + (currNodeID.getDepth() < node.getDepth())) { - int branch = selectBranch(iNodeID, node.getNodeID()); + int const branch = selectBranch(currNodeID, node.getNodeID()); XRPL_ASSERT(branch >= 0, "ripple::SHAMap::addKnownNode : valid branch"); - auto inner = static_cast(iNode); + auto inner = static_cast(currNode); if (inner->isEmptyBranch(branch)) { JLOG(journal_.warn()) << "Add known node for empty branch" << node; @@ -614,58 +615,84 @@ SHAMap::addKnownNode( } auto prevNode = inner; - std::tie(iNode, iNodeID) = descend(inner, iNodeID, branch, filter); + std::tie(currNode, currNodeID) = + descend(inner, currNodeID, branch, filter); - if (iNode == nullptr) + if (currNode != nullptr) + continue; + + auto newNode = SHAMapTreeNode::makeFromWire(rawNode); + + if (!newNode || childHash != newNode->getHash()) { - auto newNode = SHAMapTreeNode::makeFromWire(rawNode); + JLOG(journal_.warn()) << "Corrupt node received"; + return SHAMapAddNode::invalid(); + } - if (!newNode || childHash != newNode->getHash()) + // In rare cases, a node can still be corrupt even after hash + // validation. For leaf nodes, we perform an additional check to + // ensure the node's position in the tree is consistent with its + // content to prevent inconsistencies that could + // propagate further down the line. + if (newNode->isLeaf()) + { + auto const& actualKey = + static_cast(newNode.get()) + ->peekItem() + ->key(); + + // Validate that this leaf belongs at the target position + auto const expectedNodeID = + SHAMapNodeID::createID(node.getDepth(), actualKey); + if (expectedNodeID.getNodeID() != node.getNodeID()) { - JLOG(journal_.warn()) << "Corrupt node received"; + JLOG(journal_.debug()) + << "Leaf node position mismatch: " + << "expected=" << expectedNodeID.getNodeID() + << ", actual=" << node.getNodeID(); return SHAMapAddNode::invalid(); } + } - // Inner nodes must be at a level strictly less than 64 - // but leaf nodes (while notionally at level 64) can be - // at any depth up to and including 64: - if ((iNodeID.getDepth() > leafDepth) || - (newNode->isInner() && iNodeID.getDepth() == leafDepth)) - { - // Map is provably invalid - state_ = SHAMapState::Invalid; - return SHAMapAddNode::useful(); - } - - if (iNodeID != node) - { - // Either this node is broken or we didn't request it (yet) - JLOG(journal_.warn()) << "unable to hook node " << node; - JLOG(journal_.info()) << " stuck at " << iNodeID; - JLOG(journal_.info()) << "got depth=" << node.getDepth() - << ", walked to= " << iNodeID.getDepth(); - return SHAMapAddNode::useful(); - } - - if (backed_) - canonicalize(childHash, newNode); - - newNode = prevNode->canonicalizeChild(branch, std::move(newNode)); - - if (filter) - { - Serializer s; - newNode->serializeWithPrefix(s); - filter->gotNode( - false, - childHash, - ledgerSeq_, - std::move(s.modData()), - newNode->getType()); - } - + // Inner nodes must be at a level strictly less than 64 + // but leaf nodes (while notionally at level 64) can be + // at any depth up to and including 64: + if ((currNodeID.getDepth() > leafDepth) || + (newNode->isInner() && currNodeID.getDepth() == leafDepth)) + { + // Map is provably invalid + state_ = SHAMapState::Invalid; return SHAMapAddNode::useful(); } + + if (currNodeID != node) + { + // Either this node is broken or we didn't request it (yet) + JLOG(journal_.warn()) << "unable to hook node " << node; + JLOG(journal_.info()) << " stuck at " << currNodeID; + JLOG(journal_.info()) << "got depth=" << node.getDepth() + << ", walked to= " << currNodeID.getDepth(); + return SHAMapAddNode::useful(); + } + + if (backed_) + canonicalize(childHash, newNode); + + newNode = prevNode->canonicalizeChild(branch, std::move(newNode)); + + if (filter) + { + Serializer s; + newNode->serializeWithPrefix(s); + filter->gotNode( + false, + childHash, + ledgerSeq_, + std::move(s.modData()), + newNode->getType()); + } + + return SHAMapAddNode::useful(); } JLOG(journal_.trace()) << "got node, already had it (late)";