Merge branch 'develop' into ximinez/lending-sendmulti

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/reusable-package.yml

@@ -58,6 +58,7 @@ jobs:
 
   package:
     needs: [generate-matrix, generate-version]
+    if: ${{ github.event.repository.visibility == 'public' }}
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -88,8 +89,7 @@ jobs:
         run: ./package/build_pkg.sh
 
       - name: Upload package artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        if: ${{ github.event.repository.visibility == 'public' }}
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: ${{ matrix.artifact_name }}-pkg-${{ needs.generate-version.outputs.version }}
           path: |

cmake/scripts/codegen/requirements.txt

@@ -2,122 +2,12 @@
 #
 # These packages are required to run the code generation scripts that
 # parse macro files and generate C++ wrapper classes.
-#
-# To update a package to the latest version (hashin will rewrite the
-# entry in this file with the new version and hashes):
-#   pip install hashin
-#   hashin <package> cmake/scripts/codegen/requirements.txt
-# Or to pin a specific version:
-#   hashin <package>==<version> cmake/scripts/codegen/requirements.txt
-#
-# Then install the updated packages:
-#   pip install --require-hashes -r cmake/scripts/codegen/requirements.txt
-#
-# If pip install fails because a transitive dependency is missing hashes,
-# use hashin to pin that dependency with hashes here as well:
-#   hashin <dependency> cmake/scripts/codegen/requirements.txt
 
 # C preprocessor for Python - used to preprocess macro files
-pcpp==1.30 \
-    --hash=sha256:05fe08292b6da57f385001c891a87f40d6aa7f46787b03e8ba326d20a3297c6e \
-    --hash=sha256:5af9fbce55f136d7931ae915fae03c34030a3b36c496e72d9636cedc8e2543a1
+pcpp>=1.30
 
 # Parser combinator library - used to parse the macro DSL
-pyparsing==3.3.2 \
-    --hash=sha256:850ba148bd908d7e2411587e247a1e4f0327839c40e2e5e6d05a007ecc69911d \
-    --hash=sha256:c777f4d763f140633dcb6d8a3eda953bf7a214dc4eff598413c070bcdc117cbc
+pyparsing>=3.0.0
 
 # Template engine - used to generate C++ code from templates
-Mako==1.3.12 \
-    --hash=sha256:8f61569480282dbf557145ce441e4ba888be453c30989f879f0d652e39f53ea9 \
-    --hash=sha256:9f778e93289bd410bb35daadeb4fc66d95a746f0b75777b942088b7fd7af550a
-MarkupSafe==3.0.3 \
-    --hash=sha256:0303439a41979d9e74d18ff5e2dd8c43ed6c6001fd40e5bf2e43f7bd9bbc523f \
-    --hash=sha256:068f375c472b3e7acbe2d5318dea141359e6900156b5b2ba06a30b169086b91a \
-    --hash=sha256:0bf2a864d67e76e5c9a34dc26ec616a66b9888e25e7b9460e1c76d3293bd9dbf \
-    --hash=sha256:0db14f5dafddbb6d9208827849fad01f1a2609380add406671a26386cdf15a19 \
-    --hash=sha256:0eb9ff8191e8498cca014656ae6b8d61f39da5f95b488805da4bb029cccbfbaf \
-    --hash=sha256:0f4b68347f8c5eab4a13419215bdfd7f8c9b19f2b25520968adfad23eb0ce60c \
-    --hash=sha256:1085e7fbddd3be5f89cc898938f42c0b3c711fdcb37d75221de2666af647c175 \
-    --hash=sha256:116bb52f642a37c115f517494ea5feb03889e04df47eeff5b130b1808ce7c219 \
-    --hash=sha256:12c63dfb4a98206f045aa9563db46507995f7ef6d83b2f68eda65c307c6829eb \
-    --hash=sha256:133a43e73a802c5562be9bbcd03d090aa5a1fe899db609c29e8c8d815c5f6de6 \
-    --hash=sha256:1353ef0c1b138e1907ae78e2f6c63ff67501122006b0f9abad68fda5f4ffc6ab \
-    --hash=sha256:15d939a21d546304880945ca1ecb8a039db6b4dc49b2c5a400387cdae6a62e26 \
-    --hash=sha256:177b5253b2834fe3678cb4a5f0059808258584c559193998be2601324fdeafb1 \
-    --hash=sha256:1872df69a4de6aead3491198eaf13810b565bdbeec3ae2dc8780f14458ec73ce \
-    --hash=sha256:1b4b79e8ebf6b55351f0d91fe80f893b4743f104bff22e90697db1590e47a218 \
-    --hash=sha256:1b52b4fb9df4eb9ae465f8d0c228a00624de2334f216f178a995ccdcf82c4634 \
-    --hash=sha256:1ba88449deb3de88bd40044603fafffb7bc2b055d626a330323a9ed736661695 \
-    --hash=sha256:1cc7ea17a6824959616c525620e387f6dd30fec8cb44f649e31712db02123dad \
-    --hash=sha256:218551f6df4868a8d527e3062d0fb968682fe92054e89978594c28e642c43a73 \
-    --hash=sha256:26a5784ded40c9e318cfc2bdb30fe164bdb8665ded9cd64d500a34fb42067b1c \
-    --hash=sha256:2713baf880df847f2bece4230d4d094280f4e67b1e813eec43b4c0e144a34ffe \
-    --hash=sha256:2a15a08b17dd94c53a1da0438822d70ebcd13f8c3a95abe3a9ef9f11a94830aa \
-    --hash=sha256:2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559 \
-    --hash=sha256:32001d6a8fc98c8cb5c947787c5d08b0a50663d139f1305bac5885d98d9b40fa \
-    --hash=sha256:3524b778fe5cfb3452a09d31e7b5adefeea8c5be1d43c4f810ba09f2ceb29d37 \
-    --hash=sha256:3537e01efc9d4dccdf77221fb1cb3b8e1a38d5428920e0657ce299b20324d758 \
-    --hash=sha256:35add3b638a5d900e807944a078b51922212fb3dedb01633a8defc4b01a3c85f \
-    --hash=sha256:38664109c14ffc9e7437e86b4dceb442b0096dfe3541d7864d9cbe1da4cf36c8 \
-    --hash=sha256:3a7e8ae81ae39e62a41ec302f972ba6ae23a5c5396c8e60113e9066ef893da0d \
-    --hash=sha256:3b562dd9e9ea93f13d53989d23a7e775fdfd1066c33494ff43f5418bc8c58a5c \
-    --hash=sha256:457a69a9577064c05a97c41f4e65148652db078a3a509039e64d3467b9e7ef97 \
-    --hash=sha256:4bd4cd07944443f5a265608cc6aab442e4f74dff8088b0dfc8238647b8f6ae9a \
-    --hash=sha256:4e885a3d1efa2eadc93c894a21770e4bc67899e3543680313b09f139e149ab19 \
-    --hash=sha256:4faffd047e07c38848ce017e8725090413cd80cbc23d86e55c587bf979e579c9 \
-    --hash=sha256:509fa21c6deb7a7a273d629cf5ec029bc209d1a51178615ddf718f5918992ab9 \
-    --hash=sha256:5678211cb9333a6468fb8d8be0305520aa073f50d17f089b5b4b477ea6e67fdc \
-    --hash=sha256:591ae9f2a647529ca990bc681daebdd52c8791ff06c2bfa05b65163e28102ef2 \
-    --hash=sha256:5a7d5dc5140555cf21a6fefbdbf8723f06fcd2f63ef108f2854de715e4422cb4 \
-    --hash=sha256:69c0b73548bc525c8cb9a251cddf1931d1db4d2258e9599c28c07ef3580ef354 \
-    --hash=sha256:6b5420a1d9450023228968e7e6a9ce57f65d148ab56d2313fcd589eee96a7a50 \
-    --hash=sha256:722695808f4b6457b320fdc131280796bdceb04ab50fe1795cd540799ebe1698 \
-    --hash=sha256:729586769a26dbceff69f7a7dbbf59ab6572b99d94576a5592625d5b411576b9 \
-    --hash=sha256:77f0643abe7495da77fb436f50f8dab76dbc6e5fd25d39589a0f1fe6548bfa2b \
-    --hash=sha256:795e7751525cae078558e679d646ae45574b47ed6e7771863fcc079a6171a0fc \
-    --hash=sha256:7be7b61bb172e1ed687f1754f8e7484f1c8019780f6f6b0786e76bb01c2ae115 \
-    --hash=sha256:7c3fb7d25180895632e5d3148dbdc29ea38ccb7fd210aa27acbd1201a1902c6e \
-    --hash=sha256:7e68f88e5b8799aa49c85cd116c932a1ac15caaa3f5db09087854d218359e485 \
-    --hash=sha256:83891d0e9fb81a825d9a6d61e3f07550ca70a076484292a70fde82c4b807286f \
-    --hash=sha256:8485f406a96febb5140bfeca44a73e3ce5116b2501ac54fe953e488fb1d03b12 \
-    --hash=sha256:8709b08f4a89aa7586de0aadc8da56180242ee0ada3999749b183aa23df95025 \
-    --hash=sha256:8f71bc33915be5186016f675cd83a1e08523649b0e33efdb898db577ef5bb009 \
-    --hash=sha256:915c04ba3851909ce68ccc2b8e2cd691618c4dc4c4232fb7982bca3f41fd8c3d \
-    --hash=sha256:949b8d66bc381ee8b007cd945914c721d9aba8e27f71959d750a46f7c282b20b \
-    --hash=sha256:94c6f0bb423f739146aec64595853541634bde58b2135f27f61c1ffd1cd4d16a \
-    --hash=sha256:9a1abfdc021a164803f4d485104931fb8f8c1efd55bc6b748d2f5774e78b62c5 \
-    --hash=sha256:9b79b7a16f7fedff2495d684f2b59b0457c3b493778c9eed31111be64d58279f \
-    --hash=sha256:a320721ab5a1aba0a233739394eb907f8c8da5c98c9181d1161e77a0c8e36f2d \
-    --hash=sha256:a4afe79fb3de0b7097d81da19090f4df4f8d3a2b3adaa8764138aac2e44f3af1 \
-    --hash=sha256:ad2cf8aa28b8c020ab2fc8287b0f823d0a7d8630784c31e9ee5edea20f406287 \
-    --hash=sha256:b8512a91625c9b3da6f127803b166b629725e68af71f8184ae7e7d54686a56d6 \
-    --hash=sha256:bc51efed119bc9cfdf792cdeaa4d67e8f6fcccab66ed4bfdd6bde3e59bfcbb2f \
-    --hash=sha256:bdc919ead48f234740ad807933cdf545180bfbe9342c2bb451556db2ed958581 \
-    --hash=sha256:bdd37121970bfd8be76c5fb069c7751683bdf373db1ed6c010162b2a130248ed \
-    --hash=sha256:be8813b57049a7dc738189df53d69395eba14fb99345e0a5994914a3864c8a4b \
-    --hash=sha256:c0c0b3ade1c0b13b936d7970b1d37a57acde9199dc2aecc4c336773e1d86049c \
-    --hash=sha256:c47a551199eb8eb2121d4f0f15ae0f923d31350ab9280078d1e5f12b249e0026 \
-    --hash=sha256:c4ffb7ebf07cfe8931028e3e4c85f0357459a3f9f9490886198848f4fa002ec8 \
-    --hash=sha256:ccfcd093f13f0f0b7fdd0f198b90053bf7b2f02a3927a30e63f3ccc9df56b676 \
-    --hash=sha256:d2ee202e79d8ed691ceebae8e0486bd9a2cd4794cec4824e1c99b6f5009502f6 \
-    --hash=sha256:d53197da72cc091b024dd97249dfc7794d6a56530370992a5e1a08983ad9230e \
-    --hash=sha256:d6dd0be5b5b189d31db7cda48b91d7e0a9795f31430b7f271219ab30f1d3ac9d \
-    --hash=sha256:d88b440e37a16e651bda4c7c2b930eb586fd15ca7406cb39e211fcff3bf3017d \
-    --hash=sha256:de8a88e63464af587c950061a5e6a67d3632e36df62b986892331d4620a35c01 \
-    --hash=sha256:df2449253ef108a379b8b5d6b43f4b1a8e81a061d6537becd5582fba5f9196d7 \
-    --hash=sha256:e1c1493fb6e50ab01d20a22826e57520f1284df32f2d8601fdd90b6304601419 \
-    --hash=sha256:e1cf1972137e83c5d4c136c43ced9ac51d0e124706ee1c8aa8532c1287fa8795 \
-    --hash=sha256:e2103a929dfa2fcaf9bb4e7c091983a49c9ac3b19c9061b6d5427dd7d14d81a1 \
-    --hash=sha256:e56b7d45a839a697b5eb268c82a71bd8c7f6c94d6fd50c3d577fa39a9f1409f5 \
-    --hash=sha256:e8afc3f2ccfa24215f8cb28dcf43f0113ac3c37c2f0f0806d8c70e4228c5cf4d \
-    --hash=sha256:e8fc20152abba6b83724d7ff268c249fa196d8259ff481f3b1476383f8f24e42 \
-    --hash=sha256:eaa9599de571d72e2daf60164784109f19978b327a3910d3e9de8c97b5b70cfe \
-    --hash=sha256:ec15a59cf5af7be74194f7ab02d0f59a62bdcf1a537677ce67a2537c9b87fcda \
-    --hash=sha256:f190daf01f13c72eac4efd5c430a8de82489d9cff23c364c3ea822545032993e \
-    --hash=sha256:f34c41761022dd093b4b6896d4810782ffbabe30f2d443ff5f083e0cbbb8c737 \
-    --hash=sha256:f3e98bb3798ead92273dc0e5fd0f31ade220f59a266ffd8a4f6065e0a3ce0523 \
-    --hash=sha256:f42d0984e947b8adf7dd6dde396e720934d12c506ce84eea8476409563607591 \
-    --hash=sha256:f71a396b3bf33ecaa1626c255855702aca4d3d9fea5e051b41ac59a9c1c41edc \
-    --hash=sha256:f9e130248f4462aaa8e2552d547f36ddadbeaa573879158d721bbd33dfe4743a \
-    --hash=sha256:fed51ac40f757d41b7c48425901843666a6677e3e8eb0abcff09e4ba6e664f50
+Mako>=1.2.2

src/libxrpl/ledger/View.cpp

@@ -452,6 +452,489 @@ doWithdraw(
     return accountSend(view, sourceAcct, dstAcct, amount, j, WaiveTransferFee::Yes);
 }
 
+// Direct send w/o fees:
+// - Redeeming IOUs and/or sending sender's own IOUs.
+// - Create trust line if needed.
+// --> bCheckIssuer : normally require issuer to be involved.
+static TER
+rippleCreditIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    bool bCheckIssuer,
+    beast::Journal j)
+{
+    AccountID const& issuer = saAmount.getIssuer();
+    Currency const& currency = saAmount.getCurrency();
+
+    // Make sure issuer is involved.
+    XRPL_ASSERT(
+        !bCheckIssuer || uSenderID == issuer || uReceiverID == issuer,
+        "xrpl::rippleCreditIOU : matching issuer or don't care");
+    (void)issuer;
+
+    // Disallow sending to self.
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleCreditIOU : sender is not receiver");
+
+    bool const bSenderHigh = uSenderID > uReceiverID;
+    auto const index = keylet::line(uSenderID, uReceiverID, currency);
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && uSenderID != noAccount(), "xrpl::rippleCreditIOU : sender is not XRP");
+    XRPL_ASSERT(
+        !isXRP(uReceiverID) && uReceiverID != noAccount(),
+        "xrpl::rippleCreditIOU : receiver is not XRP");
+
+    // If the line exists, modify it accordingly.
+    if (auto const sleRippleState = view.peek(index))
+    {
+        STAmount saBalance = sleRippleState->getFieldAmount(sfBalance);
+
+        if (bSenderHigh)
+            saBalance.negate();  // Put balance in sender terms.
+
+        view.creditHook(uSenderID, uReceiverID, saAmount, saBalance);
+
+        STAmount const saBefore = saBalance;
+
+        saBalance -= saAmount;
+
+        JLOG(j.trace()) << "rippleCreditIOU: " << to_string(uSenderID) << " -> "
+                        << to_string(uReceiverID) << " : before=" << saBefore.getFullText()
+                        << " amount=" << saAmount.getFullText()
+                        << " after=" << saBalance.getFullText();
+
+        std::uint32_t const uFlags(sleRippleState->getFieldU32(sfFlags));
+        bool bDelete = false;
+
+        // FIXME This NEEDS to be cleaned up and simplified. It's impossible
+        //       for anyone to understand.
+        if (saBefore > beast::zero
+            // Sender balance was positive.
+            && saBalance <= beast::zero
+            // Sender is zero or negative.
+            && (uFlags & (!bSenderHigh ? lsfLowReserve : lsfHighReserve))
+            // Sender reserve is set.
+            && static_cast<bool>(uFlags & (!bSenderHigh ? lsfLowNoRipple : lsfHighNoRipple)) !=
+                static_cast<bool>(
+                    view.read(keylet::account(uSenderID))->getFlags() & lsfDefaultRipple) &&
+            !(uFlags & (!bSenderHigh ? lsfLowFreeze : lsfHighFreeze)) &&
+            !sleRippleState->getFieldAmount(!bSenderHigh ? sfLowLimit : sfHighLimit)
+            // Sender trust limit is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityIn : sfHighQualityIn)
+            // Sender quality in is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityOut : sfHighQualityOut))
+        // Sender quality out is 0.
+        {
+            // Clear the reserve of the sender, possibly delete the line!
+            adjustOwnerCount(view, view.peek(keylet::account(uSenderID)), -1, j);
+
+            // Clear reserve flag.
+            sleRippleState->setFieldU32(
+                sfFlags, uFlags & (!bSenderHigh ? ~lsfLowReserve : ~lsfHighReserve));
+
+            // Balance is zero, receiver reserve is clear.
+            bDelete = !saBalance  // Balance is zero.
+                && !(uFlags & (bSenderHigh ? lsfLowReserve : lsfHighReserve));
+            // Receiver reserve is clear.
+        }
+
+        if (bSenderHigh)
+            saBalance.negate();
+
+        // Want to reflect balance to zero even if we are deleting line.
+        sleRippleState->setFieldAmount(sfBalance, saBalance);
+        // ONLY: Adjust ripple balance.
+
+        if (bDelete)
+        {
+            return trustDelete(
+                view,
+                sleRippleState,
+                bSenderHigh ? uReceiverID : uSenderID,
+                !bSenderHigh ? uReceiverID : uSenderID,
+                j);
+        }
+
+        view.update(sleRippleState);
+        return tesSUCCESS;
+    }
+
+    STAmount const saReceiverLimit(Issue{currency, uReceiverID});
+    STAmount saBalance{saAmount};
+
+    saBalance.setIssuer(noAccount());
+
+    JLOG(j.debug()) << "rippleCreditIOU: "
+                       "create line: "
+                    << to_string(uSenderID) << " -> " << to_string(uReceiverID) << " : "
+                    << saAmount.getFullText();
+
+    auto const sleAccount = view.peek(keylet::account(uReceiverID));
+    if (!sleAccount)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    bool const noRipple = (sleAccount->getFlags() & lsfDefaultRipple) == 0;
+
+    return trustCreate(
+        view,
+        bSenderHigh,
+        uSenderID,
+        uReceiverID,
+        index.key,
+        sleAccount,
+        false,
+        noRipple,
+        false,
+        false,
+        saBalance,
+        saReceiverLimit,
+        0,
+        0,
+        j);
+}
+
+// Send regardless of limits.
+// --> saAmount: Amount/currency/issuer to deliver to receiver.
+// <-- saActual: Amount actually cost.  Sender pays fees.
+static TER
+rippleSendIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const& issuer = saAmount.getIssuer();
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && !isXRP(uReceiverID),
+        "xrpl::rippleSendIOU : neither sender nor receiver is XRP");
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendIOU : sender is not receiver");
+
+    if (uSenderID == issuer || uReceiverID == issuer || issuer == noAccount())
+    {
+        // Direct send: redeeming IOUs and/or sending own IOUs.
+        auto const ter = rippleCreditIOU(view, uSenderID, uReceiverID, saAmount, false, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party IOUs: transit.
+
+    // Calculate the amount to transfer accounting
+    // for any transfer fees if the fee is not waived:
+    saActual = (waiveFee == WaiveTransferFee::Yes) ? saAmount
+                                                   : multiply(saAmount, transferRate(view, issuer));
+
+    JLOG(j.debug()) << "rippleSendIOU> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    TER terResult = rippleCreditIOU(view, issuer, uReceiverID, saAmount, true, j);
+
+    if (tesSUCCESS == terResult)
+        terResult = rippleCreditIOU(view, uSenderID, issuer, saActual, true, j);
+
+    return terResult;
+}
+
+template <class TAsset>
+static TER
+doSendMulti(
+    std::string const& name,
+    ApplyView& view,
+    AccountID const& senderID,
+    TAsset const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee,
+    // Don't pass back parameters that the caller already has
+    std::function<
+        TER(AccountID const& senderID,
+            AccountID const& receiverID,
+            STAmount const& amount,
+            bool checkIssuer)> doCredit,
+    std::function<
+        TER(AccountID const& issuer, STAmount const& takeFromSender, STAmount const& amount)>
+        preMint = {})
+{
+    // Use the same pattern for all the SendMulti functions to help avoid
+    // divergence and copy/paste errors.
+    auto const& issuer = issue.getIssuer();
+
+    // These values may not stay in sync
+    STAmount takeFromSender{issue};
+    actual = takeFromSender;
+
+    // Failures return immediately.
+    for (auto const& r : receivers)
+    {
+        auto const& receiverID = r.first;
+        STAmount amount{issue, r.second};
+
+        if (amount < beast::zero)
+        {
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+        }
+
+        /* If we aren't sending anything or if the sender is the same as the
+         * receiver then we don't need to do anything.
+         */
+        if (!amount || (senderID == receiverID))
+            continue;
+
+        using namespace std::string_literals;
+        XRPL_ASSERT(!isXRP(receiverID), ("xrpl::"s + name + " : receiver is not XRP").c_str());
+
+        if (senderID == issuer || receiverID == issuer || issuer == noAccount())
+        {
+            if (preMint)
+            {
+                if (auto const ter = preMint(issuer, takeFromSender, amount))
+                    return ter;
+            }
+            // Direct send: redeeming IOUs and/or sending own IOUs.
+            if (auto const ter = doCredit(senderID, receiverID, amount, false))
+                return ter;
+            actual += amount;
+            // Do not add amount to takeFromSender, because doCredit took
+            // it.
+
+            continue;
+        }
+
+        // Sending 3rd party: transit.
+
+        // Calculate the amount to transfer accounting
+        // for any transfer fees if the fee is not waived:
+        STAmount actualSend = (waiveFee == WaiveTransferFee::Yes || issue.native())
+            ? amount
+            : multiply(amount, transferRate(view, amount));
+        actual += actualSend;
+        takeFromSender += actualSend;
+
+        JLOG(j.debug()) << name << "> " << to_string(senderID) << " - > " << to_string(receiverID)
+                        << " : deliver=" << amount.getFullText()
+                        << " cost=" << actualSend.getFullText();
+
+        if (TER const terResult = doCredit(issuer, receiverID, amount, true))
+            return terResult;
+    }
+
+    if (senderID != issuer && takeFromSender)
+    {
+        if (TER const terResult = doCredit(senderID, issuer, takeFromSender, true))
+            return terResult;
+    }
+
+    return tesSUCCESS;
+}
+
+// Send regardless of limits.
+// --> receivers: Amount/currency/issuer to deliver to receivers.
+// <-- saActual: Amount actually cost to sender.  Sender pays fees.
+static TER
+rippleSendMultiIOU(
+    ApplyView& view,
+    AccountID const& senderID,
+    Issue const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(!isXRP(senderID), "xrpl::rippleSendMultiIOU : sender is not XRP");
+
+    auto doCredit = [&view, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool checkIssuer) {
+        return rippleCreditIOU(view, senderID, receiverID, amount, checkIssuer, j);
+    };
+
+    return doSendMulti(
+        "rippleSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+}
+
+static TER
+rippleCreditMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    beast::Journal j)
+{
+    // Do not check MPT authorization here - it must have been checked earlier
+    auto const mptID = keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID());
+    auto const& issuer = saAmount.getIssuer();
+    auto sleIssuance = view.peek(mptID);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+    if (uSenderID == issuer)
+    {
+        (*sleIssuance)[sfOutstandingAmount] += saAmount.mpt().value();
+        view.update(sleIssuance);
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uSenderID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            auto const amt = sle->getFieldU64(sfMPTAmount);
+            auto const pay = saAmount.mpt().value();
+            if (amt < pay)
+                return tecINSUFFICIENT_FUNDS;
+            (*sle)[sfMPTAmount] = amt - pay;
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    if (uReceiverID == issuer)
+    {
+        auto const outstanding = sleIssuance->getFieldU64(sfOutstandingAmount);
+        auto const redeem = saAmount.mpt().value();
+        if (outstanding >= redeem)
+        {
+            sleIssuance->setFieldU64(sfOutstandingAmount, outstanding - redeem);
+            view.update(sleIssuance);
+        }
+        else
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uReceiverID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            (*sle)[sfMPTAmount] += saAmount.mpt().value();
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    return tesSUCCESS;
+}
+
+static TER
+rippleSendMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendMPT : sender is not receiver");
+
+    // Safe to get MPT since rippleSendMPT is only called by accountSendMPT
+    auto const& issuer = saAmount.getIssuer();
+
+    auto const sle = view.read(keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    if (uSenderID == issuer || uReceiverID == issuer)
+    {
+        // if sender is issuer, check that the new OutstandingAmount will not
+        // exceed MaximumAmount
+        if (uSenderID == issuer)
+        {
+            auto const sendAmount = saAmount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        // Direct send: redeeming MPTs and/or sending own MPTs.
+        auto const ter = rippleCreditMPT(view, uSenderID, uReceiverID, saAmount, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party MPTs: transit.
+    saActual = (waiveFee == WaiveTransferFee::Yes)
+        ? saAmount
+        : multiply(saAmount, transferRate(view, saAmount.get<MPTIssue>().getMptID()));
+
+    JLOG(j.debug()) << "rippleSendMPT> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    if (auto const terResult = rippleCreditMPT(view, issuer, uReceiverID, saAmount, j);
+        terResult != tesSUCCESS)
+        return terResult;
+
+    return rippleCreditMPT(view, uSenderID, issuer, saActual, j);
+}
+
+static TER
+rippleSendMultiMPT(
+    ApplyView& view,
+    AccountID const& senderID,
+    MPTIssue const& mptIssue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const sle = view.read(keylet::mptIssuance(mptIssue.getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    auto preMint = [&](AccountID const& issuer,
+                       STAmount const& takeFromSender,
+                       STAmount const& amount) -> TER {
+        // if sender is issuer, check that the new OutstandingAmount will
+        // not exceed MaximumAmount
+        if (senderID == issuer)
+        {
+            XRPL_ASSERT_PARTS(
+                takeFromSender == beast::zero,
+                "rippler::rippleSendMultiMPT",
+                "sender == issuer, takeFromSender == zero");
+            auto const sendAmount = amount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        return tesSUCCESS;
+    };
+    auto doCredit =
+        [&view, j](
+            AccountID const& senderID, AccountID const& receiverID, STAmount const& amount, bool) {
+            return rippleCreditMPT(view, senderID, receiverID, amount, j);
+        };
+
+    return doSendMulti(
+        "rippleSendMultiMPT",
+        view,
+        senderID,
+        mptIssue,
+        receivers,
+        actual,
+        j,
+        waiveFee,
+        doCredit,
+        preMint);
+}
+
 TER
 cleanupOnAccountDelete(
     ApplyView& view,

src/libxrpl/ledger/helpers/OfferHelpers.cpp

@@ -22,7 +22,7 @@ offerDelete(ApplyView& view, std::shared_ptr<SLE> const& sle, beast::Journal j)
     if (!sle)
         return tesSUCCESS;
     auto offerIndex = sle->key();
-    auto owner = sle->getAccountID(sfAccount);
+    auto const owner = sle->getAccountID(sfAccount);
 
     // Detect legacy directories.
     uint256 const uDirectory = sle->getFieldH256(sfBookDirectory);

src/libxrpl/ledger/helpers/RippleStateHelpers.cpp

@@ -580,7 +580,7 @@ requireAuth(ReadView const& view, Issue const& issue, AccountID const& account,
     return tesSUCCESS;
 }
 
-TER
+[[nodiscard]] TER
 canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, AccountID const& to)
 {
     if (issue.native())
@@ -618,7 +618,7 @@ canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, Acc
 //
 //------------------------------------------------------------------------------
 
-TER
+[[nodiscard]] TER
 addEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,
@@ -672,7 +672,7 @@ addEmptyHolding(
         journal);
 }
 
-TER
+[[nodiscard]] TER
 removeEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,

src/libxrpl/ledger/helpers/TokenHelpers.cpp

@@ -944,6 +944,85 @@ accountSendMultiIOU(
                << receivers.size() << " receivers.";
     }
 
+    auto doCredit = [&view, &sender, &receivers, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool /*checkIssuer*/) -> TER {
+        if (!senderID)
+        {
+            SLE::pointer receiver =
+                receiverID != beast::zero ? view.peek(keylet::account(receiverID)) : SLE::pointer();
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU> " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+
+            if (receiver)
+            {
+                // Increment XRP balance.
+                auto const rcvBal = receiver->getFieldAmount(sfBalance);
+                receiver->setFieldAmount(sfBalance, rcvBal + amount);
+                view.creditHook(xrpAccount(), receiverID, amount, -rcvBal);
+
+                view.update(receiver);
+            }
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU< " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+            return tesSUCCESS;
+        }
+        // Sender
+        if (sender)
+        {
+            if (sender->getFieldAmount(sfBalance) < amount)
+            {
+                return TER{tecFAILED_PROCESSING};
+            }
+            else
+            {
+                auto const sndBal = sender->getFieldAmount(sfBalance);
+                view.creditHook(senderID, xrpAccount(), amount, sndBal);
+
+                // Decrement XRP balance.
+                sender->setFieldAmount(sfBalance, sndBal - amount);
+                view.update(sender);
+            }
+        }
+
+        if (auto stream = j.trace())
+        {
+            std::string sender_bal("-");
+
+            if (sender)
+                sender_bal = sender->getFieldAmount(sfBalance).getFullText();
+
+            stream << "accountSendMultiIOU< " << to_string(senderID) << " (" << sender_bal
+                   << ") -> " << receivers.size() << " receivers.";
+        }
+
+        return tesSUCCESS;
+    };
+    return doSendMulti(
+        "accountSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+
     // Failures return immediately.
     STAmount takeFromSender{issue};
     for (auto const& r : receivers)

src/libxrpl/tx/transactors/vault/VaultDeposit.cpp

@@ -7,6 +7,7 @@
 #include <xrpl/ledger/helpers/MPTokenHelpers.h>
 #include <xrpl/ledger/helpers/TokenHelpers.h>
 #include <xrpl/ledger/helpers/VaultHelpers.h>
+#include <xrpl/protocol/Feature.h>
 #include <xrpl/protocol/Indexes.h>
 #include <xrpl/protocol/Issue.h>
 #include <xrpl/protocol/LedgerFormats.h>
@@ -252,19 +253,26 @@ VaultDeposit::doApply()
         !isTesSuccess(ter))
         return ter;
 
-    // Sanity check
-    if (accountHolds(
-            view(),
-            accountID_,
-            assetsDeposited.asset(),
-            FreezeHandling::IgnoreFreeze,
-            AuthHandling::IgnoreAuth,
-            j_) < beast::kZero)
+    // This check is wrong. Disable it with fixCleanup3_2_0.
+    // For XRP and MPT the predicate is structurally unsatisfiable: xrpLiquid clamps at zero, and
+    // MPT balances are unsigned. For IOUs it only fires when the deposit drove the depositor's
+    // trust line into debt the exact case preclaim authorizes via SpendableHandling::FullBalance.
+    // The check thus converts a preclaim- authorized deposit into tefINTERNAL after the asset
+    // transfer.
+    if (!view().rules().enabled(fixCleanup3_2_0))
     {
-        // LCOV_EXCL_START
-        JLOG(j_.error()) << "VaultDeposit: negative balance of account assets.";
-        return tefINTERNAL;
-        // LCOV_EXCL_STOP
+        // Sanity check
+        if (accountHolds(
+                view(),
+                accountID_,
+                assetsDeposited.asset(),
+                FreezeHandling::IgnoreFreeze,
+                AuthHandling::IgnoreAuth,
+                j_) < beast::kZero)
+        {
+            JLOG(j_.error()) << "VaultDeposit: negative balance of account assets.";
+            return tefINTERNAL;
+        }
     }
 
     // Transfer shares from vault to depositor.

src/test/app/Vault_test.cpp

@@ -6140,10 +6140,90 @@ class Vault_test : public beast::unit_test::Suite
         runTest(amendments);
     }
 
+    // VaultDeposit::preclaim uses accountHolds(..., SpendableHandling::
+    // shFULL_BALANCE), which for an IOU asset adds the counterparty's
+    // LowLimit/HighLimit to the depositor's raw balance (TokenHelpers.cpp:
+    // getTrustLineBalance with includeOppositeLimit=true). When the
+    // depositor's raw balance < deposit amount but raw + opposite limit >=
+    // amount, preclaim is satisfied. doApply then calls
+    // directSendNoFeeIOU, which unconditionally subtracts saAmount from
+    // saBalance — driving the trust line negative — and returns tesSUCCESS.
+    // The post-send sanity check uses the default shSIMPLE_BALANCE (no
+    // opposite-limit add), sees a negative balance, and returns tefINTERNAL.
+    void
+    testVaultDepositNegativeBalanceFromOppositeLimit()
+    {
+        auto runTest = [&](FeatureBitset f, TER expected) {
+            using namespace test::jtx;
+            using namespace std::literals;
+
+            Env env{*this, f};
+            Account const gw{"gateway"};
+            Account const owner{"owner"};
+            Account const depositor{"depositor"};
+
+            env.fund(XRP(10000), gw, owner, depositor);
+            env.close();
+
+            // Gateway with DefaultRipple so vault creation on its IOU works.
+            env(fset(gw, asfDefaultRipple));
+            env.close();
+
+            // Depositor opens a trust line to gateway and receives a small
+            // balance.
+            PrettyAsset const usd = gw["USD"];
+            env.trust(usd(1000), depositor);
+            env(pay(gw, depositor, usd(100)));  // raw trust-line balance: 100
+            env.close();
+
+            // Key precondition: gateway sets a non-zero limit on the same
+            // RippleState — the "opposite field" from depositor's perspective.
+            // This is what inflates shFULL_BALANCE in preclaim above the raw
+            // balance.
+            env(trust(gw, depositor["USD"](1000)));
+            env.close();
+
+            // Create the IOU vault.
+            Vault const vault{env};
+            auto [vaultTx, keylet] = vault.create({.owner = owner, .asset = usd});
+            env(vaultTx);
+            env.close();
+
+            // Submit a deposit of 500 USD:
+            //   - raw balance:                100 USD
+            //   - opposite limit (gw's side): 1000 USD
+            //   - preclaim sees 100 + 1000 = 1100, passes (>= 500)
+            //   - doApply transfers 500, depositor's trust-line balance
+            //     becomes -400
+            //   - sanity check at VaultDeposit.cpp:256 fires
+            //   - tx returns tefINTERNAL (BUG — should be tesSUCCESS.
+            auto depositTx =
+                vault.deposit({.depositor = depositor, .id = keylet.key, .amount = usd(500)});
+            env(depositTx, Ter(expected));
+            env.close();
+        };
+
+        {
+            testcase(
+                "IOU vault deposit exceeding depositor's balance but "
+                "within counterparty's trust limit, pre-fixCleanup3_2_0 "
+                "(tefINTERNAL)");
+            runTest(test::jtx::testableAmendments() - fixCleanup3_2_0, tefINTERNAL);
+        }
+        {
+            testcase(
+                "IOU vault deposit exceeding depositor's balance but "
+                "within counterparty's trust limit, post-fixCleanup3_2_0 "
+                "(tesSUCCESS)");
+            runTest(test::jtx::testableAmendments(), tesSUCCESS);
+        }
+    }
+
 public:
     void
     run() override
     {
+        testVaultDepositNegativeBalanceFromOppositeLimit();
         testSequences();
         testPreflight();
         testCreateFailXRP();