fix: Mark SAV and Lending transactions as NotDelegable (#6489)

New transactions should be marked as `NotDelegable`, until the interactions with other transactions have been fully tested and validated.
2026-04-29 15:37:57 +00:00 · 2026-03-11 17:27:35 -04:00
parent ce9ccf844a
commit 46d5c67a8d
3 changed files with 67 additions and 148 deletions
--- a/src/test/app/Delegate_test.cpp
+++ b/src/test/app/Delegate_test.cpp
@@ -1614,13 +1614,7 @@ class Delegate_test : public beast::unit_test::suite
            {"CredentialDelete", featureCredentials},
            {"NFTokenModify", featureDynamicNFT},
            {"PermissionedDomainSet", featurePermissionedDomains},
-            {"PermissionedDomainDelete", featurePermissionedDomains},
-            {"VaultCreate", featureSingleAssetVault},
-            {"VaultSet", featureSingleAssetVault},
-            {"VaultDelete", featureSingleAssetVault},
-            {"VaultDeposit", featureSingleAssetVault},
-            {"VaultWithdraw", featureSingleAssetVault},
-            {"VaultClawback", featureSingleAssetVault}};
+            {"PermissionedDomainDelete", featurePermissionedDomains}};

        // Can not delegate tx if any required feature disabled.
        {
@@ -1660,6 +1654,56 @@ class Delegate_test : public beast::unit_test::suite
        }
    }

+    void
+    testTxDelegableCount()
+    {
+        testcase("Delegable Transactions Completeness");
+
+        std::size_t delegableCount = 0;
+
+#pragma push_macro("TRANSACTION")
+#undef TRANSACTION
+
+#define TRANSACTION(tag, value, name, delegable, ...) \
+    if (delegable == xrpl::delegable)                 \
+    {                                                 \
+        delegableCount++;                             \
+    }
+
+#include <xrpl/protocol/detail/transactions.macro>
+
+#undef TRANSACTION
+#pragma pop_macro("TRANSACTION")
+
+        // ====================================================================
+        // IMPORTANT NOTICE:
+        //
+        // If this test fails, it indicates that the 'Delegation::delegable' status
+        // in transactions.macro has been changed. Delegation allows accounts to act
+        // on behalf of others, significantly increasing the security surface.
+        //
+        //
+        // To ENSURE any added transaction is safe and compatible with delegation:
+        //
+        // 1. Verify that the transaction is intended to be delegable.
+        // 2. Every standard test case for that transaction MUST be
+        //    duplicated and verified for a Delegated context.
+        // 3. Ensure that Fee, Reserve, and Signing are correctly handled.
+        //
+        // DO NOT modify expectedDelegableCount unless all scenarios, including
+        // edge cases, have been fully tested and verified.
+        // ====================================================================
+        std::size_t const expectedDelegableCount = 75;
+
+        BEAST_EXPECTS(
+            delegableCount == expectedDelegableCount,
+            "\n[SECURITY] New delegable transaction detected!"
+            "\n  Expected: " +
+                std::to_string(expectedDelegableCount) +
+                "\n  Actual:   " + std::to_string(delegableCount) +
+                "\n  Action: Verify security requirements to interact with Delegation feature");
+    }
+
    void
    run() override
    {
@@ -1684,6 +1728,7 @@ class Delegate_test : public beast::unit_test::suite
        testMultiSignQuorumNotMet();
        testPermissionValue(all);
        testTxRequireFeatures(all);
+        testTxDelegableCount();
    }
 };
 BEAST_DEFINE_TESTSUITE(Delegate, app, xrpl);