From ddc419daaf59514d034515d83ba37bbe36b7eb71 Mon Sep 17 00:00:00 2001
From: Gregory Tsipenyuk <gtsipenyuk@ripple.com>
Date: Thu, 23 Apr 2026 13:13:17 -0400
Subject: [PATCH] Add MPTAmount overflow check in directSendNoFeeMPT().

---
 src/libxrpl/ledger/helpers/TokenHelpers.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/libxrpl/ledger/helpers/TokenHelpers.cpp b/src/libxrpl/ledger/helpers/TokenHelpers.cpp
index 574df16011..c48b2c1940 100644
--- a/src/libxrpl/ledger/helpers/TokenHelpers.cpp
+++ b/src/libxrpl/ledger/helpers/TokenHelpers.cpp
@@ -1106,6 +1106,13 @@ directSendNoFeeMPT(
         if (auto sle = view.peek(mptokenID))
         {
             view.creditHookMPT(uSenderID, uReceiverID, saAmount, (*sle)[sfMPTAmount], available);
+            if (view.rules().enabled(featureMPTokensV2))
+            {
+                if ((*sle)[sfMPTAmount] > (std::numeric_limits<std::uint64_t>::max() - amt))
+                {
+                    return tecINTERNAL;  // LCOV_EXCL_LINE
+                }
+            }
             (*sle)[sfMPTAmount] += amt;
             view.update(sle);
         }