ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixReducedOffersV2: prevent offers from blocking order books: (#5032)

Browse Source 
Fixes issue #4937.

The fixReducedOffersV1 amendment fixed certain forms of offer
modification that could lead to blocked order books.  Reduced
offers can block order books if the effective quality of the
reduced offer is worse than the quality of the original offer
(from the perspective of the taker). It turns out that, for
small values, the quality of the reduced offer can be
significantly affected by the rounding mode used during
scaling computations.

Issue #4937 identified an additional code path that modified
offers in a way that could lead to blocked order books.  This
commit changes the rounding in that newly located code path so
the quality of the modified offer is never worse than the
quality of the offer as it was originally placed.

It is possible that additional ways of producing blocking
offers will come to light.  Therefore there may be a future
need for a V3 amendment.
This commit is contained in:
Scott Schurr
2024-06-13 14:57:12 -07:00
committed by GitHub
parent 263e984bf4
commit ae7ea33b75
12 changed files with 532 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ripple/app/paths/AMMOffer.h
View File

@@ -103,7 +103,6 @@ public:
limitOut(
TAmounts<TIn, TOut> const& offrAmt,
TOut const& limit,
bool fixReducedOffers,
bool roundUp) const;
/** Limit in of the provided offer. If one-path then swapIn
@@ -111,7 +110,8 @@ public:
* current quality.
*/
TAmounts<TIn, TOut>
limitIn(TAmounts<TIn, TOut> const& offrAmt, TIn const& limit) const;
limitIn(TAmounts<TIn, TOut> const& offrAmt, TIn const& limit, bool roundUp)
const;
QualityFunction
getQualityFunc() const;

13
src/ripple/app/paths/impl/AMMOffer.cpp
View File

@@ -81,7 +81,6 @@ TAmounts<TIn, TOut>
AMMOffer<TIn, TOut>::limitOut(
TAmounts<TIn, TOut> const& offrAmt,
TOut const& limit,
bool fixReducedOffers,
bool roundUp) const
{
// Change the offer size proportionally to the original offer quality
@@ -92,7 +91,8 @@ AMMOffer<TIn, TOut>::limitOut(
// poolPays * poolGets < (poolPays - assetOut) * (poolGets + assetIn)
if (ammLiquidity_.multiPath())
{
if (fixReducedOffers)
if (auto const& rules = getCurrentTransactionRules();
rules && rules->enabled(fixReducedOffersV1))
// It turns out that the ceil_out implementation has some slop in
// it. ceil_out_strict removes that slop. But removing that slop
// affects transaction outcomes, so the change must be made using
@@ -110,11 +110,18 @@ template <typename TIn, typename TOut>
TAmounts<TIn, TOut>
AMMOffer<TIn, TOut>::limitIn(
TAmounts<TIn, TOut> const& offrAmt,
TIn const& limit) const
TIn const& limit,
bool roundUp) const
{
// See the comments above in limitOut().
if (ammLiquidity_.multiPath())
{
if (auto const& rules = getCurrentTransactionRules();
rules && rules->enabled(fixReducedOffersV2))
return quality().ceil_in_strict(offrAmt, limit, roundUp);
return quality().ceil_in(offrAmt, limit);
}
return {limit, swapAssetIn(balances_, limit, ammLiquidity_.tradingFee())};
}

25
src/ripple/app/paths/impl/BookStep.cpp
View File

@@ -668,7 +668,14 @@ limitStepIn(
stpAmt.in = limit;
auto const inLmt =
mulRatio(stpAmt.in, QUALITY_ONE, transferRateIn, /*roundUp*/ false);
ofrAmt = offer.limitIn(ofrAmt, inLmt);
// It turns out we can prevent order book blocking by (strictly)
// rounding down the ceil_in() result. By rounding down we guarantee
// that the quality of an offer left in the ledger is as good or
// better than the quality of the containing order book page.
//
// This adjustment changes transaction outcomes, so it must be made
// under an amendment.
ofrAmt = offer.limitIn(ofrAmt, inLmt, /* roundUp */ false);
stpAmt.out = ofrAmt.out;
ownerGives = mulRatio(
ofrAmt.out, transferRateOut, QUALITY_ONE, /*roundUp*/ false);
@@ -685,8 +692,7 @@ limitStepOut(
TOut& ownerGives,
std::uint32_t transferRateIn,
std::uint32_t transferRateOut,
TOut const& limit,
Rules const& rules)
TOut const& limit)
{
if (limit < stpAmt.out)
{
@@ -696,7 +702,6 @@ limitStepOut(
ofrAmt = offer.limitOut(
ofrAmt,
stpAmt.out,
rules.enabled(fixReducedOffersV1),
/*roundUp*/ true);
stpAmt.in =
mulRatio(ofrAmt.in, transferRateIn, QUALITY_ONE, /*roundUp*/ true);
@@ -736,7 +741,6 @@ BookStep<TIn, TOut, TDerived>::forEachOffer(
sb, afView, book_, sb.parentCloseTime(), counter, j_);
bool const flowCross = afView.rules().enabled(featureFlowCross);
bool const fixReduced = afView.rules().enabled(fixReducedOffersV1);
bool offerAttempted = false;
std::optional<Quality> ofrQ;
auto execOffer = [&](auto& offer) {
@@ -817,8 +821,7 @@ BookStep<TIn, TOut, TDerived>::forEachOffer(
// It turns out we can prevent order book blocking by (strictly)
// rounding down the ceil_out() result. This adjustment changes
// transaction outcomes, so it must be made under an amendment.
ofrAmt = offer.limitOut(
ofrAmt, stpAmt.out, fixReduced, /*roundUp*/ false);
ofrAmt = offer.limitOut(ofrAmt, stpAmt.out, /*roundUp*/ false);
stpAmt.in =
mulRatio(ofrAmt.in, ofrInRate, QUALITY_ONE, /*roundUp*/ true);
@@ -1055,8 +1058,7 @@ BookStep<TIn, TOut, TDerived>::revImp(
ownerGivesAdj,
transferRateIn,
transferRateOut,
remainingOut,
afView.rules());
remainingOut);
remainingOut = beast::zero;
savedIns.insert(stpAdjAmt.in);
savedOuts.insert(remainingOut);
@@ -1208,8 +1210,7 @@ BookStep<TIn, TOut, TDerived>::fwdImp(
ownerGivesAdjRev,
transferRateIn,
transferRateOut,
remainingOut,
afView.rules());
remainingOut);
if (stpAdjAmtRev.in == remainingIn)
{
@@ -1228,7 +1229,7 @@ BookStep<TIn, TOut, TDerived>::fwdImp(
}
else
{
// This is (likely) a problem case, and wil be caught
// This is (likely) a problem case, and will be caught
// with later checks
savedOuts.insert(lastOutAmt);
}

22
src/ripple/app/tx/impl/Offer.h
View File

@@ -23,6 +23,7 @@
#include <ripple/basics/contract.h>
#include <ripple/ledger/View.h>
#include <ripple/protocol/Quality.h>
#include <ripple/protocol/Rules.h>
#include <ripple/protocol/SField.h>
#include <ripple/protocol/STLedgerEntry.h>
#include <ostream>
@@ -140,11 +141,11 @@ public:
limitOut(
TAmounts<TIn, TOut> const& offrAmt,
TOut const& limit,
bool fixReducedOffers,
bool roundUp) const;
TAmounts<TIn, TOut>
limitIn(TAmounts<TIn, TOut> const& offrAmt, TIn const& limit) const;
limitIn(TAmounts<TIn, TOut> const& offrAmt, TIn const& limit, bool roundUp)
const;
template <typename... Args>
static TER
@@ -219,10 +220,10 @@ TAmounts<TIn, TOut>
TOffer<TIn, TOut>::limitOut(
TAmounts<TIn, TOut> const& offrAmt,
TOut const& limit,
bool fixReducedOffers,
bool roundUp) const
{
if (fixReducedOffers)
if (auto const& rules = getCurrentTransactionRules();
rules && rules->enabled(fixReducedOffersV1))
// It turns out that the ceil_out implementation has some slop in
// it. ceil_out_strict removes that slop. But removing that slop
// affects transaction outcomes, so the change must be made using
@@ -233,9 +234,18 @@ TOffer<TIn, TOut>::limitOut(
template <class TIn, class TOut>
TAmounts<TIn, TOut>
TOffer<TIn, TOut>::limitIn(TAmounts<TIn, TOut> const& offrAmt, TIn const& limit)
const
TOffer<TIn, TOut>::limitIn(
TAmounts<TIn, TOut> const& offrAmt,
TIn const& limit,
bool roundUp) const
{
if (auto const& rules = getCurrentTransactionRules();
rules && rules->enabled(fixReducedOffersV2))
// It turns out that the ceil_in implementation has some slop in
// it. ceil_in_strict removes that slop. But removing that slop
// affects transaction outcomes, so the change must be made using
// an amendment.
return quality().ceil_in_strict(offrAmt, limit, roundUp);
return m_quality.ceil_in(offrAmt, limit);
}

3
src/ripple/protocol/Feature.h
View File

@@ -74,7 +74,7 @@ namespace detail {
// Feature.cpp. Because it's only used to reserve storage, and determine how
// large to make the FeatureBitset, it MAY be larger. It MUST NOT be less than
// the actual number of amendments. A LogicError on startup will verify this.
static constexpr std::size_t numFeatures = 73;
static constexpr std::size_t numFeatures = 74;
/** Amendments that this server supports and the default voting behavior.
Whether they are enabled depends on the Rules defined in the validated
@@ -360,6 +360,7 @@ extern uint256 const fixEmptyDID;
extern uint256 const fixXChainRewardRounding;
extern uint256 const fixPreviousTxnID;
extern uint256 const fixAMMv1_1;
extern uint256 const fixReducedOffersV2;
} // namespace ripple

164
src/ripple/protocol/Quality.h
View File

@@ -181,71 +181,71 @@ public:
Math is avoided if the result is exact. The output is clamped
to prevent money creation.
*/
Amounts
[[nodiscard]] Amounts
ceil_in(Amounts const& amount, STAmount const& limit) const;
template <class In, class Out>
TAmounts<In, Out>
ceil_in(TAmounts<In, Out> const& amount, In const& limit) const
{
if (amount.in <= limit)
return amount;
[[nodiscard]] TAmounts<In, Out>
ceil_in(TAmounts<In, Out> const& amount, In const& limit) const;
// Use the existing STAmount implementation for now, but consider
// replacing with code specific to IOUAMount and XRPAmount
Amounts stAmt(toSTAmount(amount.in), toSTAmount(amount.out));
STAmount stLim(toSTAmount(limit));
auto const stRes = ceil_in(stAmt, stLim);
return TAmounts<In, Out>(
toAmount<In>(stRes.in), toAmount<Out>(stRes.out));
}
// Some of the underlying rounding functions called by ceil_in() ignored
// low order bits that could influence rounding decisions. This "strict"
// method uses underlying functions that pay attention to all the bits.
[[nodiscard]] Amounts
ceil_in_strict(Amounts const& amount, STAmount const& limit, bool roundUp)
const;
template <class In, class Out>
[[nodiscard]] TAmounts<In, Out>
ceil_in_strict(
TAmounts<In, Out> const& amount,
In const& limit,
bool roundUp) const;
/** Returns the scaled amount with out capped.
Math is avoided if the result is exact. The input is clamped
to prevent money creation.
*/
Amounts
[[nodiscard]] Amounts
ceil_out(Amounts const& amount, STAmount const& limit) const;
template <class In, class Out>
TAmounts<In, Out>
ceil_out(TAmounts<In, Out> const& amount, Out const& limit) const
{
if (amount.out <= limit)
return amount;
[[nodiscard]] TAmounts<In, Out>
ceil_out(TAmounts<In, Out> const& amount, Out const& limit) const;
// Use the existing STAmount implementation for now, but consider
// replacing with code specific to IOUAMount and XRPAmount
Amounts stAmt(toSTAmount(amount.in), toSTAmount(amount.out));
STAmount stLim(toSTAmount(limit));
auto const stRes = ceil_out(stAmt, stLim);
return TAmounts<In, Out>(
toAmount<In>(stRes.in), toAmount<Out>(stRes.out));
}
Amounts
// Some of the underlying rounding functions called by ceil_out() ignored
// low order bits that could influence rounding decisions. This "strict"
// method uses underlying functions that pay attention to all the bits.
[[nodiscard]] Amounts
ceil_out_strict(Amounts const& amount, STAmount const& limit, bool roundUp)
const;
template <class In, class Out>
TAmounts<In, Out>
[[nodiscard]] TAmounts<In, Out>
ceil_out_strict(
TAmounts<In, Out> const& amount,
Out const& limit,
bool roundUp) const
{
if (amount.out <= limit)
return amount;
bool roundUp) const;
// Use the existing STAmount implementation for now, but consider
// replacing with code specific to IOUAMount and XRPAmount
Amounts stAmt(toSTAmount(amount.in), toSTAmount(amount.out));
STAmount stLim(toSTAmount(limit));
auto const stRes = ceil_out_strict(stAmt, stLim, roundUp);
return TAmounts<In, Out>(
toAmount<In>(stRes.in), toAmount<Out>(stRes.out));
}
private:
// The ceil_in and ceil_out methods that deal in TAmount all convert
// their arguments to STAoumout and convert the result back to TAmount.
// This helper function takes care of all the conversion operations.
template <
class In,
class Out,
class Lim,
typename FnPtr,
std::same_as<bool>... Round>
[[nodiscard]] TAmounts<In, Out>
ceil_TAmounts_helper(
TAmounts<In, Out> const& amount,
Lim const& limit,
Lim const& limit_cmp,
FnPtr ceil_function,
Round... round) const;
public:
/** Returns `true` if lhs is lower quality than `rhs`.
Lower quality means the taker receives a worse deal.
Higher quality is better for the taker.
@@ -327,6 +327,84 @@ public:
}
};
template <
class In,
class Out,
class Lim,
typename FnPtr,
std::same_as<bool>... Round>
TAmounts<In, Out>
Quality::ceil_TAmounts_helper(
TAmounts<In, Out> const& amount,
Lim const& limit,
Lim const& limit_cmp,
FnPtr ceil_function,
Round... roundUp) const
{
if (limit_cmp <= limit)
return amount;
// Use the existing STAmount implementation for now, but consider
// replacing with code specific to IOUAMount and XRPAmount
Amounts stAmt(toSTAmount(amount.in), toSTAmount(amount.out));
STAmount stLim(toSTAmount(limit));
Amounts const stRes = ((*this).*ceil_function)(stAmt, stLim, roundUp...);
return TAmounts<In, Out>(toAmount<In>(stRes.in), toAmount<Out>(stRes.out));
}
template <class In, class Out>
TAmounts<In, Out>
Quality::ceil_in(TAmounts<In, Out> const& amount, In const& limit) const
{
// Construct a function pointer to the function we want to call.
static constexpr Amounts (Quality::*ceil_in_fn_ptr)(
Amounts const&, STAmount const&) const = &Quality::ceil_in;
return ceil_TAmounts_helper(amount, limit, amount.in, ceil_in_fn_ptr);
}
template <class In, class Out>
TAmounts<In, Out>
Quality::ceil_in_strict(
TAmounts<In, Out> const& amount,
In const& limit,
bool roundUp) const
{
// Construct a function pointer to the function we want to call.
static constexpr Amounts (Quality::*ceil_in_fn_ptr)(
Amounts const&, STAmount const&, bool) const = &Quality::ceil_in_strict;
return ceil_TAmounts_helper(
amount, limit, amount.in, ceil_in_fn_ptr, roundUp);
}
template <class In, class Out>
TAmounts<In, Out>
Quality::ceil_out(TAmounts<In, Out> const& amount, Out const& limit) const
{
// Construct a function pointer to the function we want to call.
static constexpr Amounts (Quality::*ceil_out_fn_ptr)(
Amounts const&, STAmount const&) const = &Quality::ceil_out;
return ceil_TAmounts_helper(amount, limit, amount.out, ceil_out_fn_ptr);
}
template <class In, class Out>
TAmounts<In, Out>
Quality::ceil_out_strict(
TAmounts<In, Out> const& amount,
Out const& limit,
bool roundUp) const
{
// Construct a function pointer to the function we want to call.
static constexpr Amounts (Quality::*ceil_out_fn_ptr)(
Amounts const&, STAmount const&, bool) const =
&Quality::ceil_out_strict;
return ceil_TAmounts_helper(
amount, limit, amount.out, ceil_out_fn_ptr, roundUp);
}
/** Calculate the quality of a two-hop path given the two hops.
@param lhs The first leg of the path: input to intermediate.
@param rhs The second leg of the path: intermediate to output.

1
src/ripple/protocol/impl/Feature.cpp
View File

@@ -467,6 +467,7 @@ REGISTER_FIX (fixEmptyDID, Supported::yes, VoteBehavior::De
REGISTER_FIX (fixXChainRewardRounding, Supported::yes, VoteBehavior::DefaultNo);
REGISTER_FIX (fixPreviousTxnID, Supported::yes, VoteBehavior::DefaultNo);
REGISTER_FIX (fixAMMv1_1, Supported::yes, VoteBehavior::DefaultNo);
REGISTER_FIX (fixReducedOffersV2, Supported::yes, VoteBehavior::DefaultNo);
// The following amendments are obsolete, but must remain supported
// because they could potentially get enabled.

28
src/ripple/protocol/impl/Quality.cpp
View File

@@ -64,13 +64,20 @@ Quality::operator--(int)
return prev;
}
Amounts
Quality::ceil_in(Amounts const& amount, STAmount const& limit) const
template <STAmount (
*DivRoundFunc)(STAmount const&, STAmount const&, Issue const&, bool)>
static Amounts
ceil_in_impl(
Amounts const& amount,
STAmount const& limit,
bool roundUp,
Quality const& quality)
{
if (amount.in > limit)
{
Amounts result(
limit, divRound(limit, rate(), amount.out.issue(), true));
limit,
DivRoundFunc(limit, quality.rate(), amount.out.issue(), roundUp));
// Clamp out
if (result.out > amount.out)
result.out = amount.out;
@@ -81,6 +88,21 @@ Quality::ceil_in(Amounts const& amount, STAmount const& limit) const
return amount;
}
Amounts
Quality::ceil_in(Amounts const& amount, STAmount const& limit) const
{
return ceil_in_impl<divRound>(amount, limit, /* roundUp */ true, *this);
}
Amounts
Quality::ceil_in_strict(
Amounts const& amount,
STAmount const& limit,
bool roundUp) const
{
return ceil_in_impl<divRoundStrict>(amount, limit, roundUp, *this);
}
template <STAmount (
*MulRoundFunc)(STAmount const&, STAmount const&, Issue const&, bool)>
static Amounts