Merge remote-tracking branch 'XRPLF/pratik/Fix_asan_lsan_flagged_issues' into ximinez/number_asan

* XRPLF/pratik/Fix_asan_lsan_flagged_issues: fixed asan escape macro before return type added comments and haltonerror=false remove suppressions fix memory leak in LocalValue run parallel tests Don't copy the Json::StaticString fixes to static variable destruction issue. fix: Deletes expired NFToken offers from ledger (5707) chore: Add .zed editor config directory to .gitignore (6317) clang-format updates ssl context cleanup. docs: Update API changelog, add APIv2+APIv3 version documentation (6308) fix: Restore config changes that broke standalone mode (6301) chore: Add upper-case match for ARM64 in CompilationEnv (6315) ci: Update hashes of XRPLF/actions (6316) chore: Format all cmake files without comments (6294) chore: Add cmake-format pre-commit hook (6279) chore: Remove unnecessary `boost::system` requirement from conanfile (6290) chore: Set ColumnLimit to 120 in clang-format (6288) run tests in serial
fixed asan escape macro before return type
2026-02-06 15:05:31 +00:00 · 2026-02-04 16:37:15 -05:00 · 2026-02-04 15:54:50 +00:00 · 2026-02-04 15:45:03 +00:00 · 2026-02-04 14:31:03 +00:00 · 2026-02-04 13:17:31 +00:00
38 changed files with 1777 additions and 623 deletions
--- a/.config/cspell.config.yaml
+++ b/.config/cspell.config.yaml
@@ -89,6 +89,7 @@ words:
  - endmacro
  - exceptioned
  - Falco
+  - fcontext
  - finalizers
  - firewalled
  - fmtdur
@@ -101,6 +102,7 @@ words:
  - gpgcheck
  - gpgkey
  - hotwallet
+  - hwaddress
  - hwrap
  - ifndef
  - inequation
@@ -217,6 +219,7 @@ words:
  - soci
  - socidb
  - sslws
+  - stackful
  - statsd
  - STATSDCOLLECTOR
  - stissue
--- a/.github/scripts/strategy-matrix/generate.py
+++ b/.github/scripts/strategy-matrix/generate.py
@@ -242,10 +242,12 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
        # names get truncated.
        # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros.
        # GCC-Asan rippled-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
-        if (
-            os["distro_version"] == "bookworm"
-            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20"
-        ):
+        if os[
+            "distro_version"
+        ] == "bookworm" and f"{os['compiler_name']}-{os['compiler_version']}" in [
+            "clang-20",
+            "gcc-13",
+        ]:
            # Add ASAN + UBSAN configuration.
            configurations.append(
                {
--- a/.github/workflows/reusable-build-test-config.yml
+++ b/.github/workflows/reusable-build-test-config.yml
@@ -205,14 +205,18 @@ jobs:
      - name: Set sanitizer options
        if: ${{ !inputs.build_only && env.SANITIZERS_ENABLED == 'true' }}
        run: |
-          echo "ASAN_OPTIONS=print_stacktrace=1:detect_container_overflow=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
-          echo "TSAN_OPTIONS=second_deadlock_stack=1:halt_on_error=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
-          echo "UBSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
-          echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
+          echo "ASAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-asan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
+          echo "TSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-tsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
+          echo "UBSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
+          echo "LSAN_OPTIONS=include=${GITHUB_WORKSPACE}/sanitizers/suppressions/runtime-lsan-options.txt:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}

      - name: Run the separate tests
+        # We continue on error here because we want to try the Embedded tests before
+        # failing. This will give us details on all the failures at once.
+        continue-on-error: true
        if: ${{ !inputs.build_only }}
        working-directory: ${{ env.BUILD_DIR }}
+        id: separate_tests
        # Windows locks some of the build files while running tests, and parallel jobs can collide
        env:
          BUILD_TYPE: ${{ inputs.build_type }}
@@ -228,8 +232,14 @@ jobs:
        working-directory: ${{ runner.os == 'Windows' && format('{0}/{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
        env:
          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+          PARALLELISM: ${{ env.SANITIZERS_ENABLED == 'true' && '1' || steps.nproc.outputs.nproc }}
        run: |
-          ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}"
+          ./xrpld --unittest --unittest-jobs "${PARALLELISM}"
+
+        # Pipeline should fail if the separate tests failed.
+      - name: Check results of the SeparateTests
+        if: ${{ !inputs.build_only && steps.separate_tests.outcome == 'failure' }}
+        run: exit 1

      - name: Debug failure (Linux)
        if: ${{ failure() && runner.os == 'Linux' && !inputs.build_only }}
--- a/cmake/deps/Boost.cmake
+++ b/cmake/deps/Boost.cmake
@@ -32,13 +32,13 @@ target_link_libraries(
 if (Boost_COMPILER)
    target_link_libraries(xrpl_boost INTERFACE Boost::disable_autolinking)
 endif ()
-if (SANITIZERS_ENABLED AND is_clang)
-    # TODO: gcc does not support -fsanitize-blacklist...can we do something else for gcc ?
-    if (NOT Boost_INCLUDE_DIRS AND TARGET Boost::headers)
-        get_target_property(Boost_INCLUDE_DIRS Boost::headers INTERFACE_INCLUDE_DIRECTORIES)
-    endif ()
-    message(STATUS "Adding [${Boost_INCLUDE_DIRS}] to sanitizer blacklist")
-    file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt "src:${Boost_INCLUDE_DIRS}/*")
-    target_compile_options(opts INTERFACE # ignore boost headers for sanitizing
-                                          -fsanitize-blacklist=${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt)
-endif ()
+# if (SANITIZERS_ENABLED AND is_clang)
+#     # TODO: gcc does not support -fsanitize-blacklist...can we do something else for gcc ?
+#     if (NOT Boost_INCLUDE_DIRS AND TARGET Boost::headers)
+#         get_target_property(Boost_INCLUDE_DIRS Boost::headers INTERFACE_INCLUDE_DIRECTORIES)
+#     endif ()
+#     message(STATUS "Adding [${Boost_INCLUDE_DIRS}] to sanitizer blacklist")
+#     file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt "src:${Boost_INCLUDE_DIRS}/*")
+#     target_compile_options(opts INTERFACE # ignore boost headers for sanitizing
+#                                           -fsanitize-blacklist=${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt)
+# endif ()
--- a/conanfile.py
+++ b/conanfile.py
@@ -1,4 +1,5 @@
 import re
+import os

 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout

@@ -126,6 +127,12 @@ class Xrpl(ConanFile):
        if self.settings.compiler in ["clang", "gcc"]:
            self.options["boost"].without_cobalt = True

+        # Check if environment variable exists
+        if "SANITIZERS" in os.environ:
+            sanitizers = os.environ["SANITIZERS"]
+            if "Address" in sanitizers:
+                self.default_options["fPIC"] = False
+
    def requirements(self):
        # Conan 2 requires transitive headers to be specified
        transitive_headers_opt = (
--- a/docs/build/sanitizers.md
+++ b/docs/build/sanitizers.md
@@ -89,8 +89,8 @@ cmake --build . --parallel 4
 **IMPORTANT**: ASAN with Boost produces many false positives. Use these options:

 ```bash
-export ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=path/to/asan.supp:halt_on_error=0:log_path=asan.log"
-export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsan.log"
+export ASAN_OPTIONS="include=sanitizers/suppressions/runtime-asan-options.txt:suppressions=sanitizers/suppressions/asan.supp"
+export LSAN_OPTIONS="include=sanitizers/suppressions/runtime-lsan-options.txt:suppressions=sanitizers/suppressions/lsan.supp"

 # Run tests
 ./xrpld --unittest --unittest-jobs=5
@@ -108,7 +108,7 @@ export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsa
 ### ThreadSanitizer (TSan)

 ```bash
-export TSAN_OPTIONS="suppressions=path/to/tsan.supp halt_on_error=0 log_path=tsan.log"
+export TSAN_OPTIONS="include=sanitizers/suppressions/runtime-tsan-options.txt:suppressions=sanitizers/suppressions/tsan.supp"

 # Run tests
 ./xrpld --unittest --unittest-jobs=5
@@ -129,7 +129,7 @@ More details [here](https://github.com/google/sanitizers/wiki/AddressSanitizerLe
 ### UndefinedBehaviorSanitizer (UBSan)

 ```bash
-export UBSAN_OPTIONS="suppressions=path/to/ubsan.supp:print_stacktrace=1:halt_on_error=0:log_path=ubsan.log"
+export UBSAN_OPTIONS="include=sanitizers/suppressions/runtime-ubsan-options.txt:suppressions=sanitizers/suppressions/ubsan.supp"

 # Run tests
 ./xrpld --unittest --unittest-jobs=5
--- a/include/xrpl/basics/LocalValue.h
+++ b/include/xrpl/basics/LocalValue.h
@@ -1,8 +1,6 @@
 #ifndef XRPL_BASICS_LOCALVALUE_H_INCLUDED
 #define XRPL_BASICS_LOCALVALUE_H_INCLUDED

-#include <boost/thread/tss.hpp>
-
 #include <memory>
 #include <unordered_map>

@@ -42,21 +40,63 @@ struct LocalValues

    // Keys are the address of a LocalValue.
    std::unordered_map<void const*, std::unique_ptr<BasicValue>> values;
+};

-    static inline void
-    cleanup(LocalValues* lvs)
+// Wrapper to ensure proper cleanup when thread exits
+struct LocalValuesHolder
+{
+    LocalValues* ptr = nullptr;
+
+    ~LocalValuesHolder()
    {
-        if (lvs && !lvs->onCoro)
-            delete lvs;
+        if (ptr && !ptr->onCoro)
+            delete ptr;
    }
 };

-template <class = void>
-boost::thread_specific_ptr<detail::LocalValues>&
-getLocalValues()
+inline LocalValuesHolder&
+getLocalValuesHolder()
 {
-    static boost::thread_specific_ptr<detail::LocalValues> tsp(&detail::LocalValues::cleanup);
-    return tsp;
+    thread_local LocalValuesHolder holder;
+    return holder;
+}
+
+inline LocalValues*&
+getLocalValuesPtr()
+{
+    return getLocalValuesHolder().ptr;
+}
+
+inline LocalValues*
+getOrCreateLocalValues()
+{
+    auto& ptr = getLocalValuesPtr();
+    if (!ptr)
+    {
+        ptr = new LocalValues();
+        ptr->onCoro = false;
+    }
+    return ptr;
+}
+
+// For coroutine support, we need explicit swap functions
+inline LocalValues*
+releaseLocalValues()
+{
+    auto& ptr = getLocalValuesPtr();
+    auto* result = ptr;
+    ptr = nullptr;
+    return result;
+}
+
+inline void
+resetLocalValues(LocalValues* lvs)
+{
+    auto& ptr = getLocalValuesPtr();
+    // Clean up old value if it's not a coroutine's LocalValues
+    if (ptr && !ptr->onCoro)
+        delete ptr;
+    ptr = lvs;
 }

 }  // namespace detail
@@ -89,19 +129,10 @@ template <class T>
 T&
 LocalValue<T>::operator*()
 {
-    auto lvs = detail::getLocalValues().get();
-    if (!lvs)
-    {
-        lvs = new detail::LocalValues();
-        lvs->onCoro = false;
-        detail::getLocalValues().reset(lvs);
-    }
-    else
-    {
-        auto const iter = lvs->values.find(this);
-        if (iter != lvs->values.end())
-            return *reinterpret_cast<T*>(iter->second->get());
-    }
+    auto lvs = detail::getOrCreateLocalValues();
+    auto const iter = lvs->values.find(this);
+    if (iter != lvs->values.end())
+        return *reinterpret_cast<T*>(iter->second->get());

    return *reinterpret_cast<T*>(
        lvs->values.emplace(this, std::make_unique<detail::LocalValues::Value<T>>(t_)).first->second->get());
--- a/include/xrpl/basics/Number.h
+++ b/include/xrpl/basics/Number.h
@@ -10,6 +10,10 @@
 #include <ostream>
 #include <string>

+#ifdef _MSC_VER
+#include <boost/multiprecision/cpp_int.hpp>
+#endif  // !defined(_MSC_VER)
+
 namespace xrpl {

 class Number;
@@ -17,18 +21,37 @@ class Number;
 std::string
 to_string(Number const& amount);

+/** Returns a rough estimate of log10(value).
+ *
+ * The return value is a pair (log, rem), where log is the estimated log10,
+ * and rem is value divided by 10^log. If rem is 1, then value is an exact
+ * power of ten, and log is the exact log10(value).
+ *
+ * This function only works for positive values.
+ */
+template <typename T>
+constexpr std::pair<int, T>
+logTenEstimate(T value)
+{
+    int log = 0;
+    T remainder = value;
+    while (value >= 10)
+    {
+        if (value % 10 == 0)
+            remainder = remainder / 10;
+        value /= 10;
+        ++log;
+    }
+    return {log, remainder};
+}
+
 template <typename T>
 constexpr std::optional<int>
 logTen(T value)
 {
-    int log = 0;
-    while (value >= 10 && value % 10 == 0)
-    {
-        value /= 10;
-        ++log;
-    }
-    if (value == 1)
-        return log;
+    auto const est = logTenEstimate(value);
+    if (est.second == 1)
+        return est.first;
    return std::nullopt;
 }

@@ -42,12 +65,10 @@ isPowerOfTen(T value)
 /** MantissaRange defines a range for the mantissa of a normalized Number.
 *
 * The mantissa is in the range [min, max], where
- * * min is a power of 10, and
- * * max = min * 10 - 1.
 *
 * The mantissa_scale enum indicates whether the range is "small" or "large".
 * This intentionally restricts the number of MantissaRanges that can be
- * instantiated to two: one for each scale.
+ * used to two: one for each scale.
 *
 * The "small" scale is based on the behavior of STAmount for IOUs. It has a min
 * value of 10^15, and a max value of 10^16-1. This was sufficient for
@@ -61,8 +82,8 @@ isPowerOfTen(T value)
 * "large" scale.
 *
 * The "large" scale is intended to represent all values that can be represented
- * by an STAmount - IOUs, XRP, and MPTs. It has a min value of 10^18, and a max
- * value of 10^19-1.
+ * by an STAmount - IOUs, XRP, and MPTs. It has a min value of 2^63/10+1
+ * (truncated), and a max value of 2^63-1.
 *
 * Note that if the mentioned amendments are eventually retired, this class
 * should be left in place, but the "small" scale option should be removed. This
@@ -74,25 +95,50 @@ struct MantissaRange
    enum mantissa_scale { small, large };

    explicit constexpr MantissaRange(mantissa_scale scale_)
-        : min(getMin(scale_)), max(min * 10 - 1), log(logTen(min).value_or(-1)), scale(scale_)
+        : max(getMax(scale_))
+        , min(computeMin(max))
+        , referenceMin(getReferenceMin(scale_, min))
+        , log(computeLog(min))
+        , scale(scale_)
    {
+        // Since this is constexpr, if any of these throw, it won't compile
+        if (min * 10 <= max)
+            throw std::out_of_range("min * 10 <= max");
+        if (max / 10 >= min)
+            throw std::out_of_range("max / 10 >= min");
+        if ((min - 1) * 10 > max)
+            throw std::out_of_range("(min - 1) * 10 > max");
+        // This is a little hacky
+        if ((max + 10) / 10 < min)
+            throw std::out_of_range("(max + 10) / 10 < min");
    }

-    rep min;
+    // Explicitly delete copy and move operations
+    MantissaRange(MantissaRange const&) = delete;
+    MantissaRange(MantissaRange&&) = delete;
+    MantissaRange&
+    operator=(MantissaRange const&) = delete;
+    MantissaRange&
+    operator=(MantissaRange&&) = delete;
+
    rep max;
+    rep min;
+    // This is not a great name. Used to determine if mantissas are in range,
+    // but have fewer digits than max
+    rep referenceMin;
    int log;
    mantissa_scale scale;

 private:
    static constexpr rep
-    getMin(mantissa_scale scale_)
+    getMax(mantissa_scale scale)
    {
-        switch (scale_)
+        switch (scale)
        {
            case small:
-                return 1'000'000'000'000'000ULL;
+                return 9'999'999'999'999'999ULL;
            case large:
-                return 1'000'000'000'000'000'000ULL;
+                return std::numeric_limits<std::int64_t>::max();
            default:
                // Since this can never be called outside a non-constexpr
                // context, this throw assures that the build fails if an
@@ -100,12 +146,53 @@ private:
                throw std::runtime_error("Unknown mantissa scale");
        }
    }
+
+    static constexpr rep
+    computeMin(rep max)
+    {
+        return max / 10 + 1;
+    }
+
+    static constexpr rep
+    getReferenceMin(mantissa_scale scale, rep min)
+    {
+        switch (scale)
+        {
+            case large:
+                return 1'000'000'000'000'000'000ULL;
+            default:
+                if (isPowerOfTen(min))
+                    return min;
+                throw std::runtime_error("Unknown/bad mantissa scale");
+        }
+    }
+
+    static constexpr rep
+    computeLog(rep min)
+    {
+        auto const estimate = logTenEstimate(min);
+        return estimate.first + (estimate.second == 1 ? 0 : 1);
+    }
 };

 // Like std::integral, but only 64-bit integral types.
 template <class T>
 concept Integral64 = std::is_same_v<T, std::int64_t> || std::is_same_v<T, std::uint64_t>;

+namespace detail {
+#ifdef _MSC_VER
+using uint128_t = boost::multiprecision::uint128_t;
+using int128_t = boost::multiprecision::int128_t;
+#else   // !defined(_MSC_VER)
+using uint128_t = __uint128_t;
+using int128_t = __int128_t;
+#endif  // !defined(_MSC_VER)
+
+template <class T>
+concept UnsignedMantissa =
+    std::is_unsigned_v<T> || std::is_same_v<T, uint128_t>;
+}  // namespace detail
+
 /** Number is a floating point type that can represent a wide range of values.
 *
 * It can represent all values that can be represented by an STAmount -
@@ -133,9 +220,7 @@ concept Integral64 = std::is_same_v<T, std::int64_t> || std::is_same_v<T, std::u
 *   1. Normalization can be disabled by using the "unchecked" ctor tag. This
 *      should only be used at specific conversion points, some constexpr
 *      values, and in unit tests.
- *   2. The max of the "large" range, 10^19-1, is the largest 10^X-1 value that
- *      fits in an unsigned 64-bit number. (10^19-1 < 2^64-1 and
- *      10^20-1 > 2^64-1). This avoids under- and overflows.
+ *   2. The max of the "large" range, 2^63-1, TODO: explain the large range.
 *
 * ---- External Interface ----
 *
@@ -149,7 +234,7 @@ concept Integral64 = std::is_same_v<T, std::int64_t> || std::is_same_v<T, std::u
 *
 * Note:
 *   1. 2^63-1 is between 10^18 and 10^19-1, which are the limits of the "large"
- *      mantissa range.
+ *      mantissa range. TODO: update this explanation.
 *   2. The functions mantissa() and exponent() return the external view of the
 *      Number value, specifically using a signed 63-bit mantissa. This may
 *      require altering the internal representation to fit into that range
@@ -209,8 +294,7 @@ class Number
    using rep = std::int64_t;
    using internalrep = MantissaRange::rep;

-    bool negative_{false};
-    internalrep mantissa_{0};
+    rep mantissa_{0};
    int exponent_{std::numeric_limits<int>::lowest()};

 public:
@@ -218,9 +302,11 @@ public:
    constexpr static int minExponent = -32768;
    constexpr static int maxExponent = 32768;

+#if MAXREP
    constexpr static internalrep maxRep = std::numeric_limits<rep>::max();
    static_assert(maxRep == 9'223'372'036'854'775'807);
    static_assert(-maxRep == std::numeric_limits<rep>::min() + 1);
+#endif

    // May need to make unchecked private
    struct unchecked
@@ -295,7 +381,7 @@ public:
    friend constexpr bool
    operator==(Number const& x, Number const& y) noexcept
    {
-        return x.negative_ == y.negative_ && x.mantissa_ == y.mantissa_ && x.exponent_ == y.exponent_;
+        return x.mantissa_ == y.mantissa_ && x.exponent_ == y.exponent_;
    }

    friend constexpr bool
@@ -309,8 +395,8 @@ public:
    {
        // If the two amounts have different signs (zero is treated as positive)
        // then the comparison is true iff the left is negative.
-        bool const lneg = x.negative_;
-        bool const rneg = y.negative_;
+        bool const lneg = x.mantissa_ < 0;
+        bool const rneg = y.mantissa_ < 0;

        if (lneg != rneg)
            return lneg;
@@ -338,7 +424,7 @@ public:
    constexpr int
    signum() const noexcept
    {
-        return negative_ ? -1 : (mantissa_ ? 1 : 0);
+        return mantissa_ < 0 ? -1 : (mantissa_ ? 1 : 0);
    }

    Number
@@ -377,6 +463,9 @@ public:
    friend Number
    root2(Number f);

+    friend Number
+    power(Number const& f, unsigned n, unsigned d);
+
    // Thread local rounding control.  Default is to_nearest
    enum rounding_mode { to_nearest, towards_zero, downward, upward };
    static rounding_mode
@@ -441,22 +530,48 @@ private:
    static_assert(isPowerOfTen(smallRange.min));
    static_assert(smallRange.min == 1'000'000'000'000'000LL);
    static_assert(smallRange.max == 9'999'999'999'999'999LL);
+    static_assert(smallRange.referenceMin == smallRange.min);
    static_assert(smallRange.log == 15);
+#if MAXREP
    static_assert(smallRange.min < maxRep);
    static_assert(smallRange.max < maxRep);
+#endif
    constexpr static MantissaRange largeRange{MantissaRange::large};
-    static_assert(isPowerOfTen(largeRange.min));
-    static_assert(largeRange.min == 1'000'000'000'000'000'000ULL);
-    static_assert(largeRange.max == internalrep(9'999'999'999'999'999'999ULL));
+    static_assert(!isPowerOfTen(largeRange.min));
+    static_assert(largeRange.min == 922'337'203'685'477'581ULL);
+    static_assert(largeRange.max == internalrep(9'223'372'036'854'775'807ULL));
+    static_assert(largeRange.max == std::numeric_limits<rep>::max());
+    static_assert(largeRange.referenceMin == 1'000'000'000'000'000'000ULL);
    static_assert(largeRange.log == 18);
+    // There are 2 values that will not fit in largeRange without some extra
+    // work
+    // * 9223372036854775808
+    // * 9223372036854775809
+    // They both end up < min, but with a leftover. If they round up, everything
+    // will be fine. If they don't, well need to bring them up into range.
+    // Guard::bringIntoRange handles this situation.
+
+#if MAXREP
    static_assert(largeRange.min < maxRep);
    static_assert(largeRange.max > maxRep);
+#endif

    // The range for the mantissa when normalized.
    // Use reference_wrapper to avoid making copies, and prevent accidentally
    // changing the values inside the range.
    static thread_local std::reference_wrapper<MantissaRange const> range_;

+    // And one is needed because it needs to choose between oneSmall and
+    // oneLarge based on the current range
+    static Number
+    one(MantissaRange const& range);
+
+    static Number
+    root(MantissaRange const& range, Number f, unsigned d);
+
+    void
+    normalize(MantissaRange const& range);
+
    void
    normalize();

@@ -479,11 +594,14 @@ private:
    friend void
    doNormalize(
        bool& negative,
-        T& mantissa_,
-        int& exponent_,
+        T& mantissa,
+        int& exponent,
        MantissaRange::rep const& minMantissa,
        MantissaRange::rep const& maxMantissa);

+    bool
+    isnormal(MantissaRange const& range) const noexcept;
+
    bool
    isnormal() const noexcept;

@@ -500,11 +618,73 @@ private:
    static internalrep
    externalToInternal(rep mantissa);

+    /** Breaks down the number into components, potentially de-normalizing it.
+     *
+     * Ensures that the mantissa always has range_.log + 1 digits.
+     *
+     */
+    template <detail::UnsignedMantissa Rep = internalrep>
+    std::tuple<bool, Rep, int>
+    toInternal(MantissaRange const& range) const;
+
+    /** Breaks down the number into components, potentially de-normalizing it.
+     *
+     * Ensures that the mantissa always has range_.log + 1 digits.
+     *
+     */
+    template <detail::UnsignedMantissa Rep = internalrep>
+    std::tuple<bool, Rep, int>
+    toInternal() const;
+
+    /** Rebuilds the number from components.
+     *
+     * If "normalized" is true, the values are expected to be normalized - all
+     * in their valid ranges.
+     *
+     * If "normalized" is false, the values are expected to be "near
+     * normalized", meaning that the mantissa has to be modified at most once to
+     * bring it back into range.
+     *
+     */
+    template <
+        bool expectNormal = true,
+        detail::UnsignedMantissa Rep = internalrep>
+    void
+    fromInternal(
+        bool negative,
+        Rep mantissa,
+        int exponent,
+        MantissaRange const* pRange);
+
+    /** Rebuilds the number from components.
+     *
+     * If "normalized" is true, the values are expected to be normalized - all
+     * in their valid ranges.
+     *
+     * If "normalized" is false, the values are expected to be "near
+     * normalized", meaning that the mantissa has to be modified at most once to
+     * bring it back into range.
+     *
+     */
+    template <
+        bool expectNormal = true,
+        detail::UnsignedMantissa Rep = internalrep>
+    void
+    fromInternal(bool negative, Rep mantissa, int exponent);
+
    class Guard;
+
+public:
+    constexpr static internalrep largestMantissa = largeRange.max;
 };

-inline constexpr Number::Number(bool negative, internalrep mantissa, int exponent, unchecked) noexcept
-    : negative_(negative), mantissa_{mantissa}, exponent_{exponent}
+inline constexpr Number::Number(
+    bool negative,
+    internalrep mantissa,
+    int exponent,
+    unchecked) noexcept
+    : mantissa_{(negative ? -1 : 1) * static_cast<rep>(mantissa)}
+    , exponent_{exponent}
 {
 }

@@ -515,13 +695,8 @@ inline constexpr Number::Number(internalrep mantissa, int exponent, unchecked) n

 constexpr static Number numZero{};

-inline Number::Number(bool negative, internalrep mantissa, int exponent, normalized)
-    : Number(negative, mantissa, exponent, unchecked{})
-{
-    normalize();
-}
-
-inline Number::Number(internalrep mantissa, int exponent, normalized) : Number(false, mantissa, exponent, normalized{})
+inline Number::Number(internalrep mantissa, int exponent, normalized)
+    : Number(false, mantissa, exponent, normalized{})
 {
 }

@@ -542,17 +717,7 @@ inline Number::Number(rep mantissa) : Number{mantissa, 0}
 inline constexpr Number::rep
 Number::mantissa() const noexcept
 {
-    auto m = mantissa_;
-    if (m > maxRep)
-    {
-        XRPL_ASSERT_PARTS(
-            !isnormal() || (m % 10 == 0 && m / 10 <= maxRep),
-            "xrpl::Number::mantissa",
-            "large normalized mantissa has no remainder");
-        m /= 10;
-    }
-    auto const sign = negative_ ? -1 : 1;
-    return sign * static_cast<Number::rep>(m);
+    return mantissa_;
 }

 /** Returns the exponent of the external view of the Number.
@@ -563,16 +728,7 @@ Number::mantissa() const noexcept
 inline constexpr int
 Number::exponent() const noexcept
 {
-    auto e = exponent_;
-    if (mantissa_ > maxRep)
-    {
-        XRPL_ASSERT_PARTS(
-            !isnormal() || (mantissa_ % 10 == 0 && mantissa_ / 10 <= maxRep),
-            "xrpl::Number::exponent",
-            "large normalized mantissa has no remainder");
-        ++e;
-    }
-    return e;
+    return exponent_;
 }

 inline constexpr Number
@@ -587,7 +743,7 @@ Number::operator-() const noexcept
    if (mantissa_ == 0)
        return Number{};
    auto x = *this;
-    x.negative_ = !x.negative_;
+    x.mantissa_ = -1 * x.mantissa_;
    return x;
 }

@@ -668,39 +824,61 @@ Number::min() noexcept
 inline Number
 Number::max() noexcept
 {
-    return Number{false, std::min(range_.get().max, maxRep), maxExponent, unchecked{}};
+    return Number{false, range_.get().max, maxExponent, unchecked{}};
 }

 inline Number
 Number::lowest() noexcept
 {
-    return Number{true, std::min(range_.get().max, maxRep), maxExponent, unchecked{}};
+    return Number{true, range_.get().max, maxExponent, unchecked{}};
+}
+
+inline bool
+Number::isnormal(MantissaRange const& range) const noexcept
+{
+    auto const abs_m = mantissa_ < 0 ? -mantissa_ : mantissa_;
+
+    return *this == Number{} ||
+        (range.min <= abs_m && abs_m <= range.max &&  //
+         minExponent <= exponent_ && exponent_ <= maxExponent);
 }

 inline bool
 Number::isnormal() const noexcept
 {
-    MantissaRange const& range = range_;
-    auto const abs_m = mantissa_;
-    return *this == Number{} ||
-        (range.min <= abs_m && abs_m <= range.max && (abs_m <= maxRep || abs_m % 10 == 0) && minExponent <= exponent_ &&
-         exponent_ <= maxExponent);
+    return isnormal(range_);
 }

 template <Integral64 T>
 std::pair<T, int>
 Number::normalizeToRange(T minMantissa, T maxMantissa) const
 {
-    bool negative = negative_;
-    internalrep mantissa = mantissa_;
+    bool negative = mantissa_ < 0;
+    auto const sign = negative ? -1 : 1;
+    internalrep mantissa = sign * mantissa_;
    int exponent = exponent_;

    if constexpr (std::is_unsigned_v<T>)
-        XRPL_ASSERT_PARTS(!negative, "xrpl::Number::normalizeToRange", "Number is non-negative for unsigned range.");
+    {
+        XRPL_ASSERT_PARTS(
+            !negative,
+            "xrpl::Number::normalizeToRange",
+            "Number is non-negative for unsigned range.");
+        // To avoid logical errors in release builds, throw if the Number is
+        // negative for an unsigned range.
+        if (negative)
+            throw std::runtime_error(
+                "Number::normalizeToRange: Number is negative for "
+                "unsigned range.");
+    }
    Number::normalize(negative, mantissa, exponent, minMantissa, maxMantissa);

-    auto const sign = negative ? -1 : 1;
-    return std::make_pair(static_cast<T>(sign * mantissa), exponent);
+    // Cast mantissa to signed type first (if T is a signed type) to avoid
+    // unsigned integer overflow when multiplying by negative sign
+    T signedMantissa = static_cast<T>(mantissa);
+    if (negative)
+        signedMantissa = -signedMantissa;
+    return std::make_pair(signedMantissa, exponent);
 }

 inline constexpr Number
--- a/include/xrpl/basics/base_uint.h
+++ b/include/xrpl/basics/base_uint.h
@@ -358,6 +358,7 @@ public:
    base_uint&
    operator&=(base_uint const& b)
    {
+        XRPL_ASSERT(WIDTH == b.WIDTH, "input size mismatch");
        for (int i = 0; i < WIDTH; i++)
            data_[i] &= b.data_[i];

--- a/include/xrpl/basics/contract.h
+++ b/include/xrpl/basics/contract.h
@@ -1,6 +1,7 @@
 #ifndef XRPL_BASICS_CONTRACT_H_INCLUDED
 #define XRPL_BASICS_CONTRACT_H_INCLUDED

+#include <xrpl/basics/sanitizers.h>
 #include <xrpl/beast/type_name.h>

 #include <exception>
@@ -25,7 +26,7 @@ LogThrow(std::string const& title);
    control to the next matching exception handler, if any.
    Otherwise, std::terminate will be called.
 */
-[[noreturn]] inline void
+[[noreturn]] XRPL_NO_SANITIZE_ADDRESS inline void
 Rethrow()
 {
    LogThrow("Re-throwing exception");
@@ -33,7 +34,7 @@ Rethrow()
 }

 template <class E, class... Args>
-[[noreturn]] inline void
+[[noreturn]] XRPL_NO_SANITIZE_ADDRESS inline void
 Throw(Args&&... args)
 {
    static_assert(std::is_convertible<E*, std::exception*>::value, "Exception must derive from std::exception.");
--- a/include/xrpl/basics/sanitizers.h
+++ b/include/xrpl/basics/sanitizers.h
@@ -0,0 +1,6 @@
+// Helper to disable ASan/HwASan for specific functions
+#if defined(__GNUC__) || defined(__clang__)
+#define XRPL_NO_SANITIZE_ADDRESS __attribute__((no_sanitize("address", "hwaddress")))
+#else
+#define XRPL_NO_SANITIZE_ADDRESS
+#endif
--- a/include/xrpl/core/Coro.ipp
+++ b/include/xrpl/core/Coro.ipp
@@ -73,13 +73,16 @@ JobQueue::Coro::resume()
        std::lock_guard lock(jq_.m_mutex);
        --jq_.nSuspend_;
    }
-    auto saved = detail::getLocalValues().release();
-    detail::getLocalValues().reset(&lvs_);
+    auto saved = detail::releaseLocalValues();
+    detail::resetLocalValues(&lvs_);
    std::lock_guard lock(mutex_);
    XRPL_ASSERT(static_cast<bool>(coro_), "xrpl::JobQueue::Coro::resume : is runnable");
    coro_();
-    detail::getLocalValues().release();
-    detail::getLocalValues().reset(saved);
+
+    // Restore the thread's original LocalValues
+    detail::releaseLocalValues();
+    detail::resetLocalValues(saved);
+
    std::lock_guard lk(mutex_run_);
    running_ = false;
    cv_.notify_all();
--- a/include/xrpl/net/HTTPClient.h
+++ b/include/xrpl/net/HTTPClient.h
@@ -30,6 +30,9 @@ public:
        bool sslVerify,
        beast::Journal j);

+    static void
+    cleanupSSLContext();
+
    static void
    get(bool bSSL,
        boost::asio::io_context& io_context,
--- a/include/xrpl/protocol/ErrorCodes.h
+++ b/include/xrpl/protocol/ErrorCodes.h
@@ -230,7 +230,7 @@ missing_field_error(std::string const& name)
 }

 inline Json::Value
-missing_field_error(Json::StaticString name)
+missing_field_error(Json::StaticString const& name)
 {
    return missing_field_error(std::string(name));
 }
@@ -248,7 +248,7 @@ object_field_error(std::string const& name)
 }

 inline Json::Value
-object_field_error(Json::StaticString name)
+object_field_error(Json::StaticString const& name)
 {
    return object_field_error(std::string(name));
 }
@@ -260,7 +260,7 @@ invalid_field_message(std::string const& name)
 }

 inline std::string
-invalid_field_message(Json::StaticString name)
+invalid_field_message(Json::StaticString const& name)
 {
    return invalid_field_message(std::string(name));
 }
@@ -272,7 +272,7 @@ invalid_field_error(std::string const& name)
 }

 inline Json::Value
-invalid_field_error(Json::StaticString name)
+invalid_field_error(Json::StaticString const& name)
 {
    return invalid_field_error(std::string(name));
 }
@@ -284,7 +284,7 @@ expected_field_message(std::string const& name, std::string const& type)
 }

 inline std::string
-expected_field_message(Json::StaticString name, std::string const& type)
+expected_field_message(Json::StaticString const& name, std::string const& type)
 {
    return expected_field_message(std::string(name), type);
 }
@@ -296,7 +296,7 @@ expected_field_error(std::string const& name, std::string const& type)
 }

 inline Json::Value
-expected_field_error(Json::StaticString name, std::string const& type)
+expected_field_error(Json::StaticString const& name, std::string const& type)
 {
    return expected_field_error(std::string(name), type);
 }
--- a/include/xrpl/protocol/Protocol.h
+++ b/include/xrpl/protocol/Protocol.h
@@ -232,7 +232,7 @@ std::size_t constexpr maxMPTokenMetadataLength = 1024;

 /** The maximum amount of MPTokenIssuance */
 std::uint64_t constexpr maxMPTokenAmount = 0x7FFF'FFFF'FFFF'FFFFull;
-static_assert(Number::maxRep >= maxMPTokenAmount);
+static_assert(Number::largestMantissa >= maxMPTokenAmount);

 /** The maximum length of Data payload */
 std::size_t constexpr maxDataPayloadLength = 256;
--- a/include/xrpl/protocol/STAmount.h
+++ b/include/xrpl/protocol/STAmount.h
@@ -522,7 +522,12 @@ STAmount::fromNumber(A const& a, Number const& number)
        return STAmount{asset, intValue, 0, negative};
    }

-    auto const [mantissa, exponent] = working.normalizeToRange(cMinValue, cMaxValue);
+    XRPL_ASSERT_PARTS(
+        working.signum() >= 0,
+        "xrpl::STAmount::fromNumber",
+        "non-negative Number to normalize");
+    auto const [mantissa, exponent] =
+        working.normalizeToRange(cMinValue, cMaxValue);

    return STAmount{asset, mantissa, exponent, negative};
 }
--- a/include/xrpl/protocol/SystemParameters.h
+++ b/include/xrpl/protocol/SystemParameters.h
@@ -24,7 +24,7 @@ systemName()
 /** Number of drops in the genesis account. */
 constexpr XRPAmount INITIAL_XRP{100'000'000'000 * DROPS_PER_XRP};
 static_assert(INITIAL_XRP.drops() == 100'000'000'000'000'000);
-static_assert(Number::maxRep >= INITIAL_XRP.drops());
+static_assert(Number::largestMantissa >= INITIAL_XRP.drops());

 /** Returns true if the amount does not exceed the initial XRP in existence. */
 inline bool
--- a/include/xrpl/protocol/detail/features.macro
+++ b/include/xrpl/protocol/detail/features.macro
@@ -16,6 +16,7 @@
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.

+XRPL_FIX    (ExpiredNFTokenOfferRemoval, Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (BatchInnerSigs,             Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(LendingProtocol,            Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(PermissionDelegationV1_1,   Supported::no,  VoteBehavior::DefaultNo)
--- a/include/xrpl/protocol/detail/ledger_entries.macro
+++ b/include/xrpl/protocol/detail/ledger_entries.macro
@@ -578,7 +578,7 @@ LEDGER_ENTRY(ltLOAN, 0x0089, Loan, loan, ({
    //   The unrounded true total value of the loan.
    //
    // - TrueTotalPrincipalOutstanding can be computed using the algorithm
-    //   in the ripple::detail::loanPrincipalFromPeriodicPayment function.
+    //   in the xrpl::detail::loanPrincipalFromPeriodicPayment function.
    //
    // - TrueTotalInterestOutstanding = TrueTotalLoanValue -
    //      TrueTotalPrincipalOutstanding
--- a/include/xrpl/shamap/SHAMapNodeID.h
+++ b/include/xrpl/shamap/SHAMapNodeID.h
@@ -47,6 +47,17 @@ public:
        return id_;
    }

+    /**
+     * Get the SHAMapNodeID of a child node at the specified branch.
+     *
+     * @param m  The branch number (0-15) indicating which child to descend to.
+     *           In the SHAMap's 16-way radix tree, each inner node has up to
+     *           16 children, indexed by the corresponding nibble (4 bits) of
+     *           the key at the current depth.
+     * @return SHAMapNodeID of the child node at branch m.
+     * @throws std::logic_error if this node is at the maximum leaf depth (64)
+     *         or if the node's id doesn't match its depth mask.
+     */
    SHAMapNodeID
    getChildNodeID(unsigned int m) const;

--- a/sanitizers/suppressions/asan.supp
+++ b/sanitizers/suppressions/asan.supp
@@ -1,29 +1,25 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppressions.
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
 #
-# ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
+# ASAN_OPTIONS="suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0:detect_stack_use_after_return=0"
 #
-# The detect_container_overflow=0 option disables false positives from:
-# - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
-# - Boost context/coroutine stack switching (Workers.cpp, thread.h)
+# Boost coroutines cause multiple ASAN false positives due to swapcontext/fiber stack switching.
+# ASAN cannot correctly track stack memory across coroutine context switches, leading to:
+# - stack-use-after-return errors
+# - stack-use-after-scope errors
+# - stack-buffer-overflow errors in seemingly unrelated code (e.g., std::chrono::steady_clock::now())
+# - stack-buffer-underflow errors in seemingly unrelated code (e.g., xxhasher::retrieveHash(), clock_gettime)
 #
-# See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
+# These are suppressed via:
+# 1. Runtime option: detect_stack_use_after_return=0 (in ASAN_OPTIONS in CI workflow)
+# 2. Compile-time flag: -fno-sanitize-address-use-after-scope (in cmake/XrplSanitizers.cmake)
+#
+# Note: stack-buffer-overflow false positives from coroutines cannot be fully suppressed
+# without disabling ASAN entirely for Boost. Clang builds use -fsanitize-blacklist to
+# exclude Boost headers, but GCC does not support this feature.
+#
+# See: https://github.com/google/sanitizers/issues/189

-# Boost
-interceptor_name:boost/asio
-
-# Leaks in Doctest tests: xrpl.test.*
-interceptor_name:src/libxrpl/net/HTTPClient.cpp
-interceptor_name:src/libxrpl/net/RegisterSSLCerts.cpp
-interceptor_name:src/tests/libxrpl/net/HTTPClient.cpp
-interceptor_name:xrpl/net/AutoSocket.h
-interceptor_name:xrpl/net/HTTPClient.h
-interceptor_name:xrpl/net/HTTPClientSSLContext.h
-interceptor_name:xrpl/net/RegisterSSLCerts.h
-
-# Suppress false positive stack-buffer errors in thread stack allocation
-# Related to ASan's __asan_handle_no_return warnings (github.com/google/sanitizers/issues/189)
-# These occur during multi-threaded test initialization on macOS
-interceptor_name:memcpy
+# Boost - false positives from stackful coroutines
+interceptor_name:clock_gettime
 interceptor_name:__bzero
-interceptor_name:__asan_memset
-interceptor_name:__asan_memcpy
+interceptor_name:nudb
--- a/sanitizers/suppressions/lsan.supp
+++ b/sanitizers/suppressions/lsan.supp
@@ -1,16 +1,13 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.

-# Suppress leaks detected by asan in rippled code.
-leak:src/libxrpl/net/HTTPClient.cpp
-leak:src/libxrpl/net/RegisterSSLCerts.cpp
-leak:src/tests/libxrpl/net/HTTPClient.cpp
-leak:xrpl/net/AutoSocket.h
-leak:xrpl/net/HTTPClient.h
-leak:xrpl/net/HTTPClientSSLContext.h
-leak:xrpl/net/RegisterSSLCerts.h
-leak:ripple::HTTPClient
-leak:ripple::HTTPClientImp
-
 # Suppress leaks detected by asan in boost code.
-leak:boost::asio
-leak:boost/asio
+# These are false positives from Boost.Asio SSL internals that use OpenSSL BIO structures.
+# The BIO structures are managed by OpenSSL's internal reference counting and freed at process exit.
+
+#leak:boost::asio
+#leak:boost/asio
+
+# OpenSSL BIO memory is managed internally and freed at process exit
+leak:CRYPTO_malloc
+leak:bio_make_pair
+leak:BIO_new_bio_pair
--- a/sanitizers/suppressions/runtime-asan-options.txt
+++ b/sanitizers/suppressions/runtime-asan-options.txt
@@ -0,0 +1,4 @@
+detect_container_overflow=0
+detect_stack_use_after_return=0
+debug=true
+halt_on_error=false
--- a/sanitizers/suppressions/runtime-lsan-options.txt
+++ b/sanitizers/suppressions/runtime-lsan-options.txt
@@ -0,0 +1 @@
+halt_on_error=false
--- a/sanitizers/suppressions/runtime-tsan-options.txt
+++ b/sanitizers/suppressions/runtime-tsan-options.txt
@@ -0,0 +1,3 @@
+halt_on_error=false
+verbosity=1
+second_deadlock_stack=1
--- a/sanitizers/suppressions/runtime-ubsan-options.txt
+++ b/sanitizers/suppressions/runtime-ubsan-options.txt
@@ -0,0 +1 @@
+halt_on_error=false
--- a/sanitizers/suppressions/sanitizer-ignorelist.txt
+++ b/sanitizers/suppressions/sanitizer-ignorelist.txt
@@ -27,3 +27,8 @@ src:core/JobQueue.cpp
 src:libxrpl/beast/utility/beast_Journal.cpp
 src:test/beast/beast_PropertyStream_test.cpp
 src:src/test/app/Invariants_test.cpp
+
+# Boost coroutines cause false positive stack-buffer-underflow in xxhasher
+# This is a known ASAN limitation with stackful coroutines
+# See: https://github.com/google/sanitizers/issues/189
+src:beast/hash/xxhasher.h
--- a/sanitizers/suppressions/ubsan.supp
+++ b/sanitizers/suppressions/ubsan.supp
@@ -140,6 +140,7 @@ unsigned-integer-overflow:src/libxrpl/protocol/tokens.cpp
 unsigned-integer-overflow:src/libxrpl/shamap/SHAMap.cpp
 unsigned-integer-overflow:src/test/app/Batch_test.cpp
 unsigned-integer-overflow:src/test/app/Invariants_test.cpp
+unsigned-integer-overflow:src/test/app/Loan_test.cpp
 unsigned-integer-overflow:src/test/app/NFToken_test.cpp
 unsigned-integer-overflow:src/test/app/Offer_test.cpp
 unsigned-integer-overflow:src/test/app/Path_test.cpp
--- a/src/libxrpl/basics/Number.cpp
+++ b/src/libxrpl/basics/Number.cpp
@@ -11,18 +11,16 @@
 #include <numeric>
 #include <stdexcept>
 #include <string>
+#include <string_view>
 #include <type_traits>
 #include <utility>

 #ifdef _MSC_VER
 #pragma message("Using boost::multiprecision::uint128_t and int128_t")
-#include <boost/multiprecision/cpp_int.hpp>
-using uint128_t = boost::multiprecision::uint128_t;
-using int128_t = boost::multiprecision::int128_t;
-#else   // !defined(_MSC_VER)
-using uint128_t = __uint128_t;
-using int128_t = __int128_t;
-#endif  // !defined(_MSC_VER)
+#endif
+
+using uint128_t = xrpl::detail::uint128_t;
+using int128_t = xrpl::detail::int128_t;

 namespace xrpl {

@@ -61,9 +59,6 @@ Number::setMantissaScale(MantissaRange::mantissa_scale scale)
 // precision to an operation.  This enables the final result
 // to be correctly rounded to the internal precision of Number.

-template <class T>
-concept UnsignedMantissa = std::is_unsigned_v<T> || std::is_same_v<T, uint128_t>;
-
 class Number::Guard
 {
    std::uint64_t digits_;   // 16 decimal guard digits
@@ -99,7 +94,7 @@ public:
    round() noexcept;

    // Modify the result to the correctly rounded value
-    template <UnsignedMantissa T>
+    template <detail::UnsignedMantissa T>
    void
    doRoundUp(
        bool& negative,
@@ -107,22 +102,22 @@ public:
        int& exponent,
        internalrep const& minMantissa,
        internalrep const& maxMantissa,
-        std::string location);
+        std::string_view location);

    // Modify the result to the correctly rounded value
-    template <UnsignedMantissa T>
+    template <detail::UnsignedMantissa T>
    void
    doRoundDown(bool& negative, T& mantissa, int& exponent, internalrep const& minMantissa);

    // Modify the result to the correctly rounded value
    void
-    doRound(rep& drops, std::string location);
+    doRound(rep& drops, std::string_view location);

 private:
    void
    doPush(unsigned d) noexcept;

-    template <UnsignedMantissa T>
+    template <detail::UnsignedMantissa T>
    void
    bringIntoRange(bool& negative, T& mantissa, int& exponent, internalrep const& minMantissa);
 };
@@ -209,7 +204,7 @@ Number::Guard::round() noexcept
    return 0;
 }

-template <UnsignedMantissa T>
+template <detail::UnsignedMantissa T>
 void
 Number::Guard::bringIntoRange(bool& negative, T& mantissa, int& exponent, internalrep const& minMantissa)
 {
@@ -224,13 +219,13 @@ Number::Guard::bringIntoRange(bool& negative, T& mantissa, int& exponent, intern
    {
        constexpr Number zero = Number{};

-        negative = zero.negative_;
+        negative = false;
        mantissa = zero.mantissa_;
        exponent = zero.exponent_;
    }
 }

-template <UnsignedMantissa T>
+template <detail::UnsignedMantissa T>
 void
 Number::Guard::doRoundUp(
    bool& negative,
@@ -238,7 +233,7 @@ Number::Guard::doRoundUp(
    int& exponent,
    internalrep const& minMantissa,
    internalrep const& maxMantissa,
-    std::string location)
+    std::string_view location)
 {
    auto r = round();
    if (r == 1 || (r == 0 && (mantissa & 1) == 1))
@@ -246,7 +241,7 @@ Number::Guard::doRoundUp(
        ++mantissa;
        // Ensure mantissa after incrementing fits within both the
        // min/maxMantissa range and is a valid "rep".
-        if (mantissa > maxMantissa || mantissa > maxRep)
+        if (mantissa > maxMantissa)
        {
            mantissa /= 10;
            ++exponent;
@@ -254,10 +249,10 @@ Number::Guard::doRoundUp(
    }
    bringIntoRange(negative, mantissa, exponent, minMantissa);
    if (exponent > maxExponent)
-        throw std::overflow_error(location);
+        Throw<std::overflow_error>(std::string{location});
 }

-template <UnsignedMantissa T>
+template <detail::UnsignedMantissa T>
 void
 Number::Guard::doRoundDown(bool& negative, T& mantissa, int& exponent, internalrep const& minMantissa)
 {
@@ -276,12 +271,13 @@ Number::Guard::doRoundDown(bool& negative, T& mantissa, int& exponent, internalr

 // Modify the result to the correctly rounded value
 void
-Number::Guard::doRound(rep& drops, std::string location)
+Number::Guard::doRound(rep& drops, std::string_view location)
 {
    auto r = round();
    if (r == 1 || (r == 0 && (drops & 1) == 1))
    {
-        if (drops >= maxRep)
+        auto const& range = range_.get();
+        if (drops >= range.max)
        {
            static_assert(sizeof(internalrep) == sizeof(rep));
            // This should be impossible, because it's impossible to represent
@@ -290,7 +286,8 @@ Number::Guard::doRound(rep& drops, std::string location)
            // or "(maxRep + 1) / 10", neither of which will round up when
            // converting to rep, though the latter might overflow _before_
            // rounding.
-            throw std::overflow_error(location);  // LCOV_EXCL_LINE
+            Throw<std::overflow_error>(
+                std::string{location});  // LCOV_EXCL_LINE
        }
        ++drops;
    }
@@ -310,23 +307,144 @@ Number::externalToInternal(rep mantissa)
    // If the mantissa is already positive, just return it
    if (mantissa >= 0)
        return mantissa;
-    // If the mantissa is negative, but fits within the positive range of rep,
-    // return it negated
-    if (mantissa >= -std::numeric_limits<rep>::max())
-        return -mantissa;

-    // If the mantissa doesn't fit within the positive range, convert to
-    // int128_t, negate that, and cast it back down to the internalrep
-    // In practice, this is only going to cover the case of
-    // std::numeric_limits<rep>::min().
-    int128_t temp = mantissa;
-    return static_cast<internalrep>(-temp);
+    // Cast to unsigned before negating to avoid undefined behavior
+    // when v == INT64_MIN (negating INT64_MIN in signed is UB)
+    return -static_cast<internalrep>(mantissa);
+}
+
+/** Breaks down the number into components, potentially de-normalizing it.
+ *
+ * Ensures that the mantissa always has range_.log digits.
+ *
+ */
+template <detail::UnsignedMantissa Rep>
+std::tuple<bool, Rep, int>
+Number::toInternal(MantissaRange const& range) const
+{
+    auto exponent = exponent_;
+    bool const negative = mantissa_ < 0;
+    auto const sign = negative ? -1 : 1;
+    Rep mantissa = static_cast<Rep>(sign * mantissa_);
+
+    auto const referenceMin = range.referenceMin;
+    auto const minMantissa = range.min;
+
+    if (mantissa != 0 && mantissa >= minMantissa && mantissa < referenceMin)
+    {
+        // Ensure the mantissa has the correct number of digits
+        mantissa *= 10;
+        --exponent;
+        XRPL_ASSERT_PARTS(
+            mantissa >= referenceMin && mantissa < referenceMin * 10,
+            "xrpl::Number::toInternal()",
+            "Number is within reference range and has 'log' digits");
+    }
+
+    return {negative, mantissa, exponent};
+}
+
+/** Breaks down the number into components, potentially de-normalizing it.
+ *
+ * Ensures that the mantissa always has range_.log digits.
+ *
+ */
+template <detail::UnsignedMantissa Rep>
+std::tuple<bool, Rep, int>
+Number::toInternal() const
+{
+    return toInternal(range_);
+}
+
+/** Rebuilds the number from components.
+ *
+ * If "normalized" is true, the values are expected to be normalized - all
+ * in their valid ranges.
+ *
+ * If "normalized" is false, the values are expected to be "near
+ * normalized", meaning that the mantissa has to be modified at most once to
+ * bring it back into range.
+ *
+ */
+template <bool expectNormal, detail::UnsignedMantissa Rep>
+void
+Number::fromInternal(
+    bool negative,
+    Rep mantissa,
+    int exponent,
+    MantissaRange const* pRange)
+{
+    if constexpr (std::is_same_v<
+                      std::bool_constant<expectNormal>,
+                      std::false_type>)
+    {
+        if (!pRange)
+            throw std::runtime_error("Missing range to Number::fromInternal!");
+        auto const& range = *pRange;
+
+        auto const maxMantissa = range.max;
+        auto const minMantissa = range.min;
+
+        XRPL_ASSERT_PARTS(
+            mantissa >= minMantissa,
+            "xrpl::Number::fromInternal",
+            "mantissa large enough");
+
+        if (mantissa > maxMantissa || mantissa < minMantissa)
+        {
+            normalize(negative, mantissa, exponent, range.min, maxMantissa);
+        }
+
+        XRPL_ASSERT_PARTS(
+            mantissa >= minMantissa && mantissa <= maxMantissa,
+            "xrpl::Number::fromInternal",
+            "mantissa in range");
+    }
+
+    auto const sign = negative ? -1 : 1;
+
+    mantissa_ = sign * static_cast<rep>(mantissa);
+    exponent_ = exponent;
+
+    XRPL_ASSERT_PARTS(
+        (pRange && isnormal(*pRange)) || isnormal(),
+        "xrpl::Number::fromInternal",
+        "Number is normalized");
+}
+
+/** Rebuilds the number from components.
+ *
+ * If "normalized" is true, the values are expected to be normalized - all in
+ * their valid ranges.
+ *
+ * If "normalized" is false, the values are expected to be "near normalized",
+ * meaning that the mantissa has to be modified at most once to bring it back
+ * into range.
+ *
+ */
+template <bool expectNormal, detail::UnsignedMantissa Rep>
+void
+Number::fromInternal(bool negative, Rep mantissa, int exponent)
+{
+    MantissaRange const* pRange = nullptr;
+    if constexpr (std::is_same_v<
+                      std::bool_constant<expectNormal>,
+                      std::false_type>)
+    {
+        pRange = &Number::range_.get();
+    }
+
+    fromInternal(negative, mantissa, exponent, pRange);
 }

 constexpr Number
 Number::oneSmall()
 {
-    return Number{false, Number::smallRange.min, -Number::smallRange.log, Number::unchecked{}};
+    return Number{
+        false,
+        Number::smallRange.referenceMin,
+        -Number::smallRange.log,
+        Number::unchecked{}};
 };

 constexpr Number oneSml = Number::oneSmall();
@@ -334,101 +452,101 @@ constexpr Number oneSml = Number::oneSmall();
 constexpr Number
 Number::oneLarge()
 {
-    return Number{false, Number::largeRange.min, -Number::largeRange.log, Number::unchecked{}};
+    return Number{
+        false,
+        Number::largeRange.referenceMin,
+        -Number::largeRange.log,
+        Number::unchecked{}};
 };

 constexpr Number oneLrg = Number::oneLarge();

 Number
-Number::one()
+Number::one(MantissaRange const& range)
 {
-    if (&range_.get() == &smallRange)
+    if (&range == &smallRange)
        return oneSml;
-    XRPL_ASSERT(&range_.get() == &largeRange, "Number::one() : valid range_");
+    XRPL_ASSERT(&range == &largeRange, "Number::one() : valid range");
    return oneLrg;
 }

+Number
+Number::one()
+{
+    return one(range_);
+}
+
 // Use the member names in this static function for now so the diff is cleaner
-// TODO: Rename the function parameters to get rid of the "_" suffix
 template <class T>
 void
 doNormalize(
    bool& negative,
-    T& mantissa_,
-    int& exponent_,
+    T& mantissa,
+    int& exponent,
    MantissaRange::rep const& minMantissa,
    MantissaRange::rep const& maxMantissa)
 {
    auto constexpr minExponent = Number::minExponent;
    auto constexpr maxExponent = Number::maxExponent;
-    auto constexpr maxRep = Number::maxRep;

    using Guard = Number::Guard;

    constexpr Number zero = Number{};
-    if (mantissa_ == 0)
+    if (mantissa == 0 || (mantissa < minMantissa && exponent <= minExponent))
    {
-        mantissa_ = zero.mantissa_;
-        exponent_ = zero.exponent_;
-        negative = zero.negative_;
+        mantissa = zero.mantissa_;
+        exponent = zero.exponent_;
+        negative = false;
        return;
    }
-    auto m = mantissa_;
-    while ((m < minMantissa) && (exponent_ > minExponent))
+
+    auto m = mantissa;
+    while ((m < minMantissa) && (exponent > minExponent))
    {
        m *= 10;
-        --exponent_;
+        --exponent;
    }
    Guard g;
    if (negative)
        g.set_negative();
    while (m > maxMantissa)
    {
-        if (exponent_ >= maxExponent)
+        if (exponent >= maxExponent)
            throw std::overflow_error("Number::normalize 1");
        g.push(m % 10);
        m /= 10;
-        ++exponent_;
+        ++exponent;
    }
-    if ((exponent_ < minExponent) || (m < minMantissa))
+    if ((exponent < minExponent) || (m == 0))
    {
-        mantissa_ = zero.mantissa_;
-        exponent_ = zero.exponent_;
-        negative = zero.negative_;
+        mantissa = zero.mantissa_;
+        exponent = zero.exponent_;
+        negative = false;
        return;
    }

-    // When using the largeRange, "m" needs fit within an int64, even if
-    // the final mantissa_ is going to end up larger to fit within the
-    // MantissaRange. Cut it down here so that the rounding will be done while
-    // it's smaller.
-    //
-    // Example: 9,900,000,000,000,123,456 > 9,223,372,036,854,775,807,
-    //      so "m" will be modified to 990,000,000,000,012,345. Then that value
-    //      will be rounded to 990,000,000,000,012,345 or
-    //      990,000,000,000,012,346, depending on the rounding mode. Finally,
-    //      mantissa_ will be "m*10" so it fits within the range, and end up as
-    //      9,900,000,000,000,123,450 or 9,900,000,000,000,123,460.
-    // mantissa() will return mantissa_ / 10, and exponent() will return
-    // exponent_ + 1.
-    if (m > maxRep)
-    {
-        if (exponent_ >= maxExponent)
-            throw std::overflow_error("Number::normalize 1.5");
-        g.push(m % 10);
-        m /= 10;
-        ++exponent_;
-    }
-    // Before modification, m should be within the min/max range. After
-    // modification, it must be less than maxRep. In other words, the original
-    // value should have been no more than maxRep * 10.
-    // (maxRep * 10 > maxMantissa)
-    XRPL_ASSERT_PARTS(m <= maxRep, "xrpl::doNormalize", "intermediate mantissa fits in int64");
-    mantissa_ = m;
-
-    g.doRoundUp(negative, mantissa_, exponent_, minMantissa, maxMantissa, "Number::normalize 2");
    XRPL_ASSERT_PARTS(
-        mantissa_ >= minMantissa && mantissa_ <= maxMantissa, "xrpl::doNormalize", "final mantissa fits in range");
+        m <= maxMantissa,
+        "xrpl::doNormalize",
+        "intermediate mantissa fits in int64");
+    mantissa = m;
+
+    g.doRoundUp(
+        negative,
+        mantissa,
+        exponent,
+        minMantissa,
+        maxMantissa,
+        "Number::normalize 2");
+
+    XRPL_ASSERT_PARTS(
+        mantissa >= minMantissa && mantissa <= maxMantissa,
+        "xrpl::doNormalize",
+        "final mantissa fits in range");
+    XRPL_ASSERT_PARTS(
+        exponent >= minExponent && exponent <= maxExponent,
+        "xrpl::doNormalize",
+        "final exponent fits in range");
 }

 template <>
@@ -467,11 +585,20 @@ Number::normalize<unsigned long>(
    doNormalize(negative, mantissa, exponent, minMantissa, maxMantissa);
 }

+void
+Number::normalize(MantissaRange const& range)
+{
+    auto [negative, mantissa, exponent] = toInternal(range);
+
+    normalize(negative, mantissa, exponent, range.min, range.max);
+
+    fromInternal(negative, mantissa, exponent, &range);
+}
+
 void
 Number::normalize()
 {
-    auto const& range = range_.get();
-    normalize(negative_, mantissa_, exponent_, range.min, range.max);
+    normalize(range_);
 }

 // Copy the number, but set a new exponent. Because the mantissa doesn't change,
@@ -481,21 +608,33 @@ Number
 Number::shiftExponent(int exponentDelta) const
 {
    XRPL_ASSERT_PARTS(isnormal(), "xrpl::Number::shiftExponent", "normalized");
-    auto const newExponent = exponent_ + exponentDelta;
-    if (newExponent >= maxExponent)
+
+    Number result = *this;
+
+    result.exponent_ += exponentDelta;
+
+    if (result.exponent_ >= maxExponent)
        throw std::overflow_error("Number::shiftExponent");
-    if (newExponent < minExponent)
+    if (result.exponent_ < minExponent)
    {
        return Number{};
    }
-    Number const result{negative_, mantissa_, newExponent, unchecked{}};
-    XRPL_ASSERT_PARTS(result.isnormal(), "xrpl::Number::shiftExponent", "result is normalized");
+
    return result;
 }

+Number::Number(bool negative, internalrep mantissa, int exponent, normalized)
+{
+    auto const& range = range_.get();
+    normalize(negative, mantissa, exponent, range.min, range.max);
+    fromInternal(negative, mantissa, exponent, &range);
+}
+
 Number&
 Number::operator+=(Number const& y)
 {
+    auto const& range = range_.get();
+
    constexpr Number zero = Number{};
    if (y == zero)
        return *this;
@@ -510,7 +649,9 @@ Number::operator+=(Number const& y)
        return *this;
    }

-    XRPL_ASSERT(isnormal() && y.isnormal(), "xrpl::Number::operator+=(Number) : is normal");
+    XRPL_ASSERT(
+        isnormal(range) && y.isnormal(range),
+        "xrpl::Number::operator+=(Number) : is normal");
    // *n = negative
    // *s = sign
    // *m = mantissa
@@ -518,13 +659,10 @@ Number::operator+=(Number const& y)

    // Need to use uint128_t, because large mantissas can overflow when added
    // together.
-    bool xn = negative_;
-    uint128_t xm = mantissa_;
-    auto xe = exponent_;
+    auto [xn, xm, xe] = toInternal<uint128_t>(range);
+
+    auto [yn, ym, ye] = y.toInternal<uint128_t>(range);

-    bool yn = y.negative_;
-    uint128_t ym = y.mantissa_;
-    auto ye = y.exponent_;
    Guard g;
    if (xe < ye)
    {
@@ -549,14 +687,13 @@ Number::operator+=(Number const& y)
        } while (xe > ye);
    }

-    auto const& range = range_.get();
    auto const& minMantissa = range.min;
    auto const& maxMantissa = range.max;

    if (xn == yn)
    {
        xm += ym;
-        if (xm > maxMantissa || xm > maxRep)
+        if (xm > maxMantissa)
        {
            g.push(xm % 10);
            xm /= 10;
@@ -576,7 +713,7 @@ Number::operator+=(Number const& y)
            xe = ye;
            xn = yn;
        }
-        while (xm < minMantissa && xm * 10 <= maxRep)
+        while (xm < minMantissa)
        {
            xm *= 10;
            xm -= g.pop();
@@ -585,10 +722,8 @@ Number::operator+=(Number const& y)
        g.doRoundDown(xn, xm, xe, minMantissa);
    }

-    negative_ = xn;
-    mantissa_ = static_cast<internalrep>(xm);
-    exponent_ = xe;
-    normalize();
+    normalize(xn, xm, xe, minMantissa, maxMantissa);
+    fromInternal(xn, xm, xe, &range);
    return *this;
 }

@@ -623,6 +758,8 @@ divu10(uint128_t& u)
 Number&
 Number::operator*=(Number const& y)
 {
+    auto const& range = range_.get();
+
    constexpr Number zero = Number{};
    if (*this == zero)
        return *this;
@@ -636,15 +773,11 @@ Number::operator*=(Number const& y)
    // *m = mantissa
    // *e = exponent

-    bool xn = negative_;
+    auto [xn, xm, xe] = toInternal(range);
    int xs = xn ? -1 : 1;
-    internalrep xm = mantissa_;
-    auto xe = exponent_;

-    bool yn = y.negative_;
+    auto [yn, ym, ye] = y.toInternal(range);
    int ys = yn ? -1 : 1;
-    internalrep ym = y.mantissa_;
-    auto ye = y.exponent_;

    auto zm = uint128_t(xm) * uint128_t(ym);
    auto ze = xe + ye;
@@ -654,11 +787,10 @@ Number::operator*=(Number const& y)
    if (zn)
        g.set_negative();

-    auto const& range = range_.get();
    auto const& minMantissa = range.min;
    auto const& maxMantissa = range.max;

-    while (zm > maxMantissa || zm > maxRep)
+    while (zm > maxMantissa)
    {
        // The following is optimization for:
        // g.push(static_cast<unsigned>(zm % 10));
@@ -669,18 +801,23 @@ Number::operator*=(Number const& y)
    xm = static_cast<internalrep>(zm);
    xe = ze;
    g.doRoundUp(
-        zn, xm, xe, minMantissa, maxMantissa, "Number::multiplication overflow : exponent is " + std::to_string(xe));
-    negative_ = zn;
-    mantissa_ = xm;
-    exponent_ = xe;
+        zn,
+        xm,
+        xe,
+        minMantissa,
+        maxMantissa,
+        "Number::multiplication overflow : exponent is " + std::to_string(xe));

-    normalize();
+    normalize(zn, xm, xe, minMantissa, maxMantissa);
+    fromInternal(zn, xm, xe, &range);
    return *this;
 }

 Number&
 Number::operator/=(Number const& y)
 {
+    auto const& range = range_.get();
+
    constexpr Number zero = Number{};
    if (y == zero)
        throw std::overflow_error("Number: divide by 0");
@@ -693,17 +830,12 @@ Number::operator/=(Number const& y)
    // *m = mantissa
    // *e = exponent

-    bool np = negative_;
+    auto [np, nm, ne] = toInternal(range);
    int ns = (np ? -1 : 1);
-    auto nm = mantissa_;
-    auto ne = exponent_;

-    bool dp = y.negative_;
+    auto [dp, dm, de] = y.toInternal(range);
    int ds = (dp ? -1 : 1);
-    auto dm = y.mantissa_;
-    auto de = y.exponent_;

-    auto const& range = range_.get();
    auto const& minMantissa = range.min;
    auto const& maxMantissa = range.max;

@@ -715,9 +847,11 @@ Number::operator/=(Number const& y)
    // f can be up to 10^(38-19) = 10^19 safely
    static_assert(smallRange.log == 15);
    static_assert(largeRange.log == 18);
-    bool small = Number::getMantissaScale() == MantissaRange::small;
-    uint128_t const f = small ? 100'000'000'000'000'000 : 10'000'000'000'000'000'000ULL;
-    XRPL_ASSERT_PARTS(f >= minMantissa * 10, "Number::operator/=", "factor expected size");
+    bool small = range.scale == MantissaRange::small;
+    uint128_t const f =
+        small ? 100'000'000'000'000'000 : 10'000'000'000'000'000'000ULL;
+    XRPL_ASSERT_PARTS(
+        f >= minMantissa * 10, "Number::operator/=", "factor expected size");

    // unsigned denominator
    auto const dmu = static_cast<uint128_t>(dm);
@@ -765,10 +899,9 @@ Number::operator/=(Number const& y)
        }
    }
    normalize(zn, zm, ze, minMantissa, maxMantissa);
-    negative_ = zn;
-    mantissa_ = static_cast<internalrep>(zm);
-    exponent_ = ze;
-    XRPL_ASSERT_PARTS(isnormal(), "xrpl::Number::operator/=", "result is normalized");
+    fromInternal(zn, zm, ze, &range);
+    XRPL_ASSERT_PARTS(
+        isnormal(range), "xrpl::Number::operator/=", "result is normalized");

    return *this;
 }
@@ -780,7 +913,7 @@ Number::operator rep() const
    Guard g;
    if (drops != 0)
    {
-        if (negative_)
+        if (drops < 0)
        {
            g.set_negative();
            drops = -drops;
@@ -792,7 +925,7 @@ Number::operator rep() const
        }
        for (; offset > 0; --offset)
        {
-            if (drops > maxRep / 10)
+            if (drops >= largeRange.min)
                throw std::overflow_error("Number::operator rep() overflow");
            drops *= 10;
        }
@@ -822,28 +955,35 @@ Number::truncate() const noexcept
 std::string
 to_string(Number const& amount)
 {
+    auto const& range = Number::range_.get();
+
    // keep full internal accuracy, but make more human friendly if possible
    constexpr Number zero = Number{};
    if (amount == zero)
        return "0";

-    auto exponent = amount.exponent_;
-    auto mantissa = amount.mantissa_;
-    bool const negative = amount.negative_;
+    // The mantissa must have a set number of decimal places for this to work
+    auto [negative, mantissa, exponent] = amount.toInternal(range);

    // Use scientific notation for exponents that are too small or too large
-    auto const rangeLog = Number::mantissaLog();
-    if (((exponent != 0) && ((exponent < -(rangeLog + 10)) || (exponent > -(rangeLog - 10)))))
+    auto const rangeLog = range.log;
+    if (((exponent != 0 && amount.exponent() != 0) &&
+         ((exponent < -(rangeLog + 10)) || (exponent > -(rangeLog - 10)))))
    {
-        while (mantissa != 0 && mantissa % 10 == 0 && exponent < Number::maxExponent)
+        // Remove trailing zeroes from the mantissa.
+        while (mantissa != 0 && mantissa % 10 == 0 &&
+               exponent < Number::maxExponent)
        {
            mantissa /= 10;
            ++exponent;
        }
        std::string ret = negative ? "-" : "";
        ret.append(std::to_string(mantissa));
-        ret.append(1, 'e');
-        ret.append(std::to_string(exponent));
+        if (exponent != 0)
+        {
+            ret.append(1, 'e');
+            ret.append(std::to_string(exponent));
+        }
        return ret;
    }

@@ -925,20 +1065,11 @@ power(Number const& f, unsigned n)
    return r;
 }

-// Returns f^(1/d)
-// Uses Newton–Raphson iterations until the result stops changing
-// to find the non-negative root of the polynomial g(x) = x^d - f
-
-// This function, and power(Number f, unsigned n, unsigned d)
-// treat corner cases such as 0 roots as advised by Annex F of
-// the C standard, which itself is consistent with the IEEE
-// floating point standards.
-
 Number
-root(Number f, unsigned d)
+Number::root(MantissaRange const& range, Number f, unsigned d)
 {
    constexpr Number zero = Number{};
-    auto const one = Number::one();
+    auto const one = Number::one(range);

    if (f == one || d == 1)
        return f;
@@ -955,21 +1086,30 @@ root(Number f, unsigned d)
    if (f == zero)
        return f;

-    // Scale f into the range (0, 1) such that f's exponent is a multiple of d
-    auto e = f.exponent_ + Number::mantissaLog() + 1;
-    auto const di = static_cast<int>(d);
-    auto ex = [e = e, di = di]()  // Euclidean remainder of e/d
-    {
-        int k = (e >= 0 ? e : e - (di - 1)) / di;
-        int k2 = e - k * di;
-        if (k2 == 0)
-            return 0;
-        return di - k2;
-    }();
-    e += ex;
-    f = f.shiftExponent(-e);  // f /= 10^e;
+    auto const [e, di] = [&]() {
+        auto const [negative, mantissa, exponent] = f.toInternal(range);

-    XRPL_ASSERT_PARTS(f.isnormal(), "xrpl::root(Number, unsigned)", "f is normalized");
+        // Scale f into the range (0, 1) such that the scale change (e) is a
+        // multiple of the root (d)
+        auto e = exponent + range.log + 1;
+        auto const di = static_cast<int>(d);
+        auto ex = [e = e, di = di]()  // Euclidean remainder of e/d
+        {
+            int k = (e >= 0 ? e : e - (di - 1)) / di;
+            int k2 = e - k * di;
+            if (k2 == 0)
+                return 0;
+            return di - k2;
+        }();
+        e += ex;
+        f = f.shiftExponent(-e);  // f /= 10^e;
+        return std::make_tuple(e, di);
+    }();
+
+    XRPL_ASSERT_PARTS(
+        e % di == 0, "xrpl::root(Number, unsigned)", "e is divisible by d");
+    XRPL_ASSERT_PARTS(
+        f.isnormal(range), "xrpl::root(Number, unsigned)", "f is normalized");
    bool neg = false;
    if (f < zero)
    {
@@ -1002,15 +1142,35 @@ root(Number f, unsigned d)

    //  return r * 10^(e/d) to reverse scaling
    auto const result = r.shiftExponent(e / di);
-    XRPL_ASSERT_PARTS(result.isnormal(), "xrpl::root(Number, unsigned)", "result is normalized");
+    XRPL_ASSERT_PARTS(
+        result.isnormal(range),
+        "xrpl::root(Number, unsigned)",
+        "result is normalized");
    return result;
 }

+// Returns f^(1/d)
+// Uses Newton–Raphson iterations until the result stops changing
+// to find the non-negative root of the polynomial g(x) = x^d - f
+
+// This function, and power(Number f, unsigned n, unsigned d)
+// treat corner cases such as 0 roots as advised by Annex F of
+// the C standard, which itself is consistent with the IEEE
+// floating point standards.
+
+Number
+root(Number f, unsigned d)
+{
+    auto const& range = Number::range_.get();
+    return Number::root(range, f, d);
+}
+
 Number
 root2(Number f)
 {
+    auto const& range = Number::range_.get();
    constexpr Number zero = Number{};
-    auto const one = Number::one();
+    auto const one = Number::one(range);

    if (f == one)
        return f;
@@ -1019,12 +1179,19 @@ root2(Number f)
    if (f == zero)
        return f;

-    // Scale f into the range (0, 1) such that f's exponent is a multiple of d
-    auto e = f.exponent_ + Number::mantissaLog() + 1;
-    if (e % 2 != 0)
-        ++e;
-    f = f.shiftExponent(-e);  // f /= 10^e;
-    XRPL_ASSERT_PARTS(f.isnormal(), "xrpl::root2(Number)", "f is normalized");
+    auto const e = [&]() {
+        auto const [negative, mantissa, exponent] = f.toInternal(range);
+
+        // Scale f into the range (0, 1) such that f's exponent is a
+        // multiple of d
+        auto e = exponent + range.log + 1;
+        if (e % 2 != 0)
+            ++e;
+        f = f.shiftExponent(-e);  // f /= 10^e;
+        return e;
+    }();
+    XRPL_ASSERT_PARTS(
+        f.isnormal(range), "xrpl::root2(Number)", "f is normalized");

    // Quadratic least squares curve fit of f^(1/d) in the range [0, 1]
    auto const D = 105;
@@ -1046,7 +1213,8 @@ root2(Number f)

    //  return r * 10^(e/2) to reverse scaling
    auto const result = r.shiftExponent(e / 2);
-    XRPL_ASSERT_PARTS(result.isnormal(), "xrpl::root2(Number)", "result is normalized");
+    XRPL_ASSERT_PARTS(
+        result.isnormal(range), "xrpl::root2(Number)", "result is normalized");

    return result;
 }
@@ -1056,8 +1224,10 @@ root2(Number f)
 Number
 power(Number const& f, unsigned n, unsigned d)
 {
+    auto const& range = Number::range_.get();
+
    constexpr Number zero = Number{};
-    auto const one = Number::one();
+    auto const one = Number::one(range);

    if (f == one)
        return f;
@@ -1079,7 +1249,7 @@ power(Number const& f, unsigned n, unsigned d)
    d /= g;
    if ((n % 2) == 1 && (d % 2) == 0 && f < zero)
        throw std::overflow_error("Number::power nan");
-    return root(power(f, n), d);
+    return Number::root(range, power(f, n), d);
 }

 }  // namespace xrpl
--- a/src/libxrpl/json/json_value.cpp
+++ b/src/libxrpl/json/json_value.cpp
@@ -191,17 +191,17 @@ Value::Value(ValueType type) : type_(type), allocated_(0)
    }
 }

-Value::Value(Int value) : type_(intValue)
+Value::Value(Int value) : type_(intValue), allocated_(0)
 {
    value_.int_ = value;
 }

-Value::Value(UInt value) : type_(uintValue)
+Value::Value(UInt value) : type_(uintValue), allocated_(0)
 {
    value_.uint_ = value;
 }

-Value::Value(double value) : type_(realValue)
+Value::Value(double value) : type_(realValue), allocated_(0)
 {
    value_.real_ = value;
 }
@@ -227,7 +227,7 @@ Value::Value(StaticString const& value) : type_(stringValue), allocated_(false)
    value_.string_ = const_cast<char*>(value.c_str());
 }

-Value::Value(bool value) : type_(booleanValue)
+Value::Value(bool value) : type_(booleanValue), allocated_(0)
 {
    value_.bool_ = value;
 }
--- a/src/libxrpl/net/HTTPClient.cpp
+++ b/src/libxrpl/net/HTTPClient.cpp
@@ -26,6 +26,12 @@ HTTPClient::initializeSSLContext(
    httpClientSSLContext.emplace(sslVerifyDir, sslVerifyFile, sslVerify, j);
 }

+void
+HTTPClient::cleanupSSLContext()
+{
+    httpClientSSLContext.reset();
+}
+
 //------------------------------------------------------------------------------
 //
 // Fetch a web page via http or https.
--- a/src/libxrpl/protocol/STParsedJSON.cpp
+++ b/src/libxrpl/protocol/STParsedJSON.cpp
@@ -69,7 +69,7 @@ make_name(std::string const& object, std::string const& field)
    if (field.empty())
        return object;

-    return object + "." + field;
+    return {object + "." + field};
 }

 static inline Json::Value
--- a/src/libxrpl/shamap/SHAMapNodeID.cpp
+++ b/src/libxrpl/shamap/SHAMapNodeID.cpp
@@ -67,7 +67,8 @@ SHAMapNodeID::getChildNodeID(unsigned int m) const
    if (depth_ >= SHAMap::leafDepth)
        Throw<std::logic_error>("Request for child node ID of " + to_string(*this));

-    if (id_ != (id_ & depthMask(depth_)))
+    auto const idAtDepth = id_ & depthMask(depth_);
+    if (id_ != idAtDepth)
        Throw<std::logic_error>("Incorrect mask for " + to_string(*this));

    SHAMapNodeID node{depth_ + 1, id_};
--- a/src/test/app/NFToken_test.cpp
+++ b/src/test/app/NFToken_test.cpp
@@ -876,42 +876,48 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
        env.fund(XRP(1000), alice, buyer, gw);
        env.close();
        BEAST_EXPECT(ownerCount(env, alice) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == 0);

        uint256 const nftAlice0ID = token::getNextID(env, alice, 0, tfTransferable);
        env(token::mint(alice, 0u), txflags(tfTransferable));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 1);
+        uint8_t aliceCount = 1;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        uint256 const nftXrpOnlyID = token::getNextID(env, alice, 0, tfOnlyXRP | tfTransferable);
        env(token::mint(alice, 0), txflags(tfOnlyXRP | tfTransferable));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 1);
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        uint256 nftNoXferID = token::getNextID(env, alice, 0);
        env(token::mint(alice, 0));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 1);
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        // alice creates sell offers for her nfts.
        uint256 const plainOfferIndex = keylet::nftoffer(alice, env.seq(alice)).key;
        env(token::createOffer(alice, nftAlice0ID, XRP(10)), txflags(tfSellNFToken));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 2);
+        aliceCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        uint256 const audOfferIndex = keylet::nftoffer(alice, env.seq(alice)).key;
        env(token::createOffer(alice, nftAlice0ID, gwAUD(30)), txflags(tfSellNFToken));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 3);
+        aliceCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        uint256 const xrpOnlyOfferIndex = keylet::nftoffer(alice, env.seq(alice)).key;
        env(token::createOffer(alice, nftXrpOnlyID, XRP(20)), txflags(tfSellNFToken));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 4);
+        aliceCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        uint256 const noXferOfferIndex = keylet::nftoffer(alice, env.seq(alice)).key;
        env(token::createOffer(alice, nftNoXferID, XRP(30)), txflags(tfSellNFToken));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 5);
+        aliceCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

        // alice creates a sell offer that will expire soon.
        uint256 const aliceExpOfferIndex = keylet::nftoffer(alice, env.seq(alice)).key;
@@ -919,7 +925,17 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            txflags(tfSellNFToken),
            token::expiration(lastClose(env) + 5));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 6);
+        aliceCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
+
+        // buyer creates a Buy offer that will expire soon.
+        uint256 const buyerExpOfferIndex = keylet::nftoffer(buyer, env.seq(buyer)).key;
+        env(token::createOffer(buyer, nftAlice0ID, XRP(40)),
+            token::owner(alice),
+            token::expiration(lastClose(env) + 5));
+        env.close();
+        uint8_t buyerCount = 1;
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        //----------------------------------------------------------------------
        // preflight
@@ -927,12 +943,12 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
        // Set a negative fee.
        env(token::acceptSellOffer(buyer, noXferOfferIndex), fee(STAmount(10ull, true)), ter(temBAD_FEE));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // Set an invalid flag.
        env(token::acceptSellOffer(buyer, noXferOfferIndex), txflags(0x00008000), ter(temINVALID_FLAG));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // Supply nether an sfNFTokenBuyOffer nor an sfNFTokenSellOffer field.
        {
@@ -940,7 +956,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            jv.removeMember(sfNFTokenSellOffer.jsonName);
            env(jv, ter(temMALFORMED));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }

        // A buy offer may not contain a sfNFTokenBrokerFee field.
@@ -949,7 +965,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            jv[sfNFTokenBrokerFee.jsonName] = STAmount(500000).getJson(JsonOptions::none);
            env(jv, ter(temMALFORMED));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }

        // A sell offer may not contain a sfNFTokenBrokerFee field.
@@ -958,7 +974,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            jv[sfNFTokenBrokerFee.jsonName] = STAmount(500000).getJson(JsonOptions::none);
            env(jv, ter(temMALFORMED));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }

        // A brokered offer may not contain a negative or zero brokerFee.
@@ -966,7 +982,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            token::brokerFee(gwAUD(0)),
            ter(temMALFORMED));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        //----------------------------------------------------------------------
        // preclaim
@@ -974,33 +990,48 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
        // The buy offer must be non-zero.
        env(token::acceptBuyOffer(buyer, beast::zero), ter(tecOBJECT_NOT_FOUND));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // The buy offer must be present in the ledger.
        uint256 const missingOfferIndex = keylet::nftoffer(alice, 1).key;
        env(token::acceptBuyOffer(buyer, missingOfferIndex), ter(tecOBJECT_NOT_FOUND));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // The buy offer must not have expired.
-        env(token::acceptBuyOffer(buyer, aliceExpOfferIndex), ter(tecEXPIRED));
+        // NOTE: this is only a preclaim check with the
+        // fixExpiredNFTokenOfferRemoval amendment disabled.
+        env(token::acceptBuyOffer(alice, buyerExpOfferIndex), ter(tecEXPIRED));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        if (features[fixExpiredNFTokenOfferRemoval])
+        {
+            buyerCount--;
+        }
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // The sell offer must be non-zero.
        env(token::acceptSellOffer(buyer, beast::zero), ter(tecOBJECT_NOT_FOUND));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // The sell offer must be present in the ledger.
        env(token::acceptSellOffer(buyer, missingOfferIndex), ter(tecOBJECT_NOT_FOUND));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // The sell offer must not have expired.
+        // NOTE: this is only a preclaim check with the
+        // fixExpiredNFTokenOfferRemoval amendment disabled.
        env(token::acceptSellOffer(buyer, aliceExpOfferIndex), ter(tecEXPIRED));
        env.close();
-        BEAST_EXPECT(ownerCount(env, buyer) == 0);
+        // Alice's count is decremented by one when the expired offer is
+        // removed.
+        if (features[fixExpiredNFTokenOfferRemoval])
+        {
+            aliceCount--;
+        }
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        //----------------------------------------------------------------------
        // preclaim brokered
@@ -1012,8 +1043,13 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
        env.close();
        env(pay(gw, buyer, gwAUD(30)));
        env.close();
-        BEAST_EXPECT(ownerCount(env, alice) == 7);
-        BEAST_EXPECT(ownerCount(env, buyer) == 1);
+        aliceCount++;
+        buyerCount++;
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
+
+        BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
+        BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

        // We're about to exercise offer brokering, so we need
        // corresponding buy and sell offers.
@@ -1022,35 +1058,38 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            uint256 const buyerOfferIndex = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftAlice0ID, gwAUD(29)), token::owner(alice));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            buyerCount++;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // gw attempts to broker offers that are not for the same token.
            env(token::brokerOffers(gw, buyerOfferIndex, xrpOnlyOfferIndex), ter(tecNFTOKEN_BUY_SELL_MISMATCH));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // gw attempts to broker offers that are not for the same currency.
            env(token::brokerOffers(gw, buyerOfferIndex, plainOfferIndex), ter(tecNFTOKEN_BUY_SELL_MISMATCH));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // In a brokered offer, the buyer must offer greater than or
            // equal to the selling price.
            env(token::brokerOffers(gw, buyerOfferIndex, audOfferIndex), ter(tecINSUFFICIENT_PAYMENT));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Remove buyer's offer.
            env(token::cancelOffer(buyer, {buyerOfferIndex}));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            buyerCount--;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        {
            // buyer creates a buy offer for one of alice's nfts.
            uint256 const buyerOfferIndex = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftAlice0ID, gwAUD(31)), token::owner(alice));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            buyerCount++;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Broker sets their fee in a denomination other than the one
            // used by the offers
@@ -1058,14 +1097,14 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
                token::brokerFee(XRP(40)),
                ter(tecNFTOKEN_BUY_SELL_MISMATCH));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Broker fee way too big.
            env(token::brokerOffers(gw, buyerOfferIndex, audOfferIndex),
                token::brokerFee(gwAUD(31)),
                ter(tecINSUFFICIENT_PAYMENT));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Broker fee is smaller, but still too big once the offer
            // seller's minimum is taken into account.
@@ -1073,12 +1112,13 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
                token::brokerFee(gwAUD(1.5)),
                ter(tecINSUFFICIENT_PAYMENT));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Remove buyer's offer.
            env(token::cancelOffer(buyer, {buyerOfferIndex}));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            buyerCount--;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        //----------------------------------------------------------------------
        // preclaim buy
@@ -1087,17 +1127,18 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            uint256 const buyerOfferIndex = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftAlice0ID, gwAUD(30)), token::owner(alice));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            buyerCount++;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Don't accept a buy offer if the sell flag is set.
            env(token::acceptBuyOffer(buyer, plainOfferIndex), ter(tecNFTOKEN_OFFER_TYPE_MISMATCH));
            env.close();
-            BEAST_EXPECT(ownerCount(env, alice) == 7);
+            BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

            // An account can't accept its own offer.
            env(token::acceptBuyOffer(buyer, buyerOfferIndex), ter(tecCANT_ACCEPT_OWN_NFTOKEN_OFFER));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // An offer acceptor must have enough funds to pay for the offer.
            env(pay(buyer, gw, gwAUD(30)));
@@ -1105,7 +1146,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            BEAST_EXPECT(env.balance(buyer, gwAUD) == gwAUD(0));
            env(token::acceptBuyOffer(alice, buyerOfferIndex), ter(tecINSUFFICIENT_FUNDS));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // alice gives her NFT to gw, so alice no longer owns nftAlice0.
            {
@@ -1114,7 +1155,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
                env.close();
                env(token::acceptSellOffer(gw, offerIndex));
                env.close();
-                BEAST_EXPECT(ownerCount(env, alice) == 7);
+                BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
            }
            env(pay(gw, buyer, gwAUD(30)));
            env.close();
@@ -1122,12 +1163,13 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            // alice can't accept a buy offer for an NFT she no longer owns.
            env(token::acceptBuyOffer(alice, buyerOfferIndex), ter(tecNO_PERMISSION));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Remove buyer's offer.
            env(token::cancelOffer(buyer, {buyerOfferIndex}));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            buyerCount--;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        //----------------------------------------------------------------------
        // preclaim sell
@@ -1136,23 +1178,24 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            uint256 const buyerOfferIndex = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftXrpOnlyID, XRP(30)), token::owner(alice));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            buyerCount++;
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Don't accept a sell offer without the sell flag set.
            env(token::acceptSellOffer(alice, buyerOfferIndex), ter(tecNFTOKEN_OFFER_TYPE_MISMATCH));
            env.close();
-            BEAST_EXPECT(ownerCount(env, alice) == 7);
+            BEAST_EXPECT(ownerCount(env, alice) == aliceCount);

            // An account can't accept its own offer.
            env(token::acceptSellOffer(alice, plainOfferIndex), ter(tecCANT_ACCEPT_OWN_NFTOKEN_OFFER));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // The seller must currently be in possession of the token they
            // are selling.  alice gave nftAlice0ID to gw.
            env(token::acceptSellOffer(buyer, plainOfferIndex), ter(tecNO_PERMISSION));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // gw gives nftAlice0ID back to alice.  That allows us to check
            // buyer attempting to accept one of alice's offers with
@@ -1163,14 +1206,14 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
                env.close();
                env(token::acceptSellOffer(alice, offerIndex));
                env.close();
-                BEAST_EXPECT(ownerCount(env, alice) == 7);
+                BEAST_EXPECT(ownerCount(env, alice) == aliceCount);
            }
            env(pay(buyer, gw, gwAUD(30)));
            env.close();
            BEAST_EXPECT(env.balance(buyer, gwAUD) == gwAUD(0));
            env(token::acceptSellOffer(buyer, audOfferIndex), ter(tecINSUFFICIENT_FUNDS));
            env.close();
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }

        //----------------------------------------------------------------------
@@ -2769,6 +2812,7 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
        uint256 const nftokenID1 = token::getNextID(env, issuer, 0, tfTransferable);
        env(token::mint(minter, 0), token::issuer(issuer), txflags(tfTransferable));
        env.close();
+        uint8_t issuerCount, minterCount, buyerCount;

        // Test how adding an Expiration field to an offer affects permissions
        // for cancelling offers.
@@ -2792,9 +2836,12 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            uint256 const offerBuyerToMinter = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftokenID0, drops(1)), token::owner(minter), token::expiration(expiration));
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 1);
-            BEAST_EXPECT(ownerCount(env, minter) == 3);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            issuerCount = 1;
+            minterCount = 3;
+            buyerCount = 1;
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Test who gets to cancel the offers.  Anyone outside of the
            // offer-owner/destination pair should not be able to cancel
@@ -2806,32 +2853,36 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env(token::cancelOffer(buyer, {offerIssuerToMinter}), ter(tecNO_PERMISSION));
            env.close();
            BEAST_EXPECT(lastClose(env) < expiration);
-            BEAST_EXPECT(ownerCount(env, issuer) == 1);
-            BEAST_EXPECT(ownerCount(env, minter) == 3);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // The offer creator can cancel their own unexpired offer.
            env(token::cancelOffer(minter, {offerMinterToAnyone}));
+            minterCount--;

            // The destination of a sell offer can cancel the NFT owner's
            // unexpired offer.
            env(token::cancelOffer(issuer, {offerMinterToIssuer}));
+            minterCount--;

            // Close enough ledgers to get past the expiration.
            while (lastClose(env) < expiration)
                env.close();

-            BEAST_EXPECT(ownerCount(env, issuer) == 1);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Anyone can cancel expired offers.
            env(token::cancelOffer(issuer, {offerBuyerToMinter}));
+            buyerCount--;
            env(token::cancelOffer(buyer, {offerIssuerToMinter}));
+            issuerCount--;
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        // Show that:
        //  1. An unexpired sell offer with an expiration can be accepted.
@@ -2844,44 +2895,70 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env(token::createOffer(minter, nftokenID0, drops(1)),
                token::expiration(expiration),
                txflags(tfSellNFToken));
+            minterCount++;

            uint256 const offer1 = keylet::nftoffer(minter, env.seq(minter)).key;
            env(token::createOffer(minter, nftokenID1, drops(1)),
                token::expiration(expiration),
                txflags(tfSellNFToken));
+            minterCount++;
            env.close();
            BEAST_EXPECT(lastClose(env) < expiration);
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 3);
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // Anyone can accept an unexpired sell offer.
            env(token::acceptSellOffer(buyer, offer0));
+            minterCount--;
+            buyerCount++;

            // Close enough ledgers to get past the expiration.
            while (lastClose(env) < expiration)
                env.close();

-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // No one can accept an expired sell offer.
            env(token::acceptSellOffer(buyer, offer1), ter(tecEXPIRED));
-            env(token::acceptSellOffer(issuer, offer1), ter(tecEXPIRED));
+
+            // With fixExpiredNFTokenOfferRemoval amendment, the first accept
+            // attempt deletes the expired offer. Without the amendment,
+            // the offer remains and we can try to accept it again.
+            if (features[fixExpiredNFTokenOfferRemoval])
+            {
+                // After amendment: offer was deleted by first accept attempt
+                minterCount--;
+                env(token::acceptSellOffer(issuer, offer1), ter(tecOBJECT_NOT_FOUND));
+            }
+            else
+            {
+                // Before amendment: offer still exists, second accept also
+                // fails
+                env(token::acceptSellOffer(issuer, offer1), ter(tecEXPIRED));
+            }
            env.close();

-            // The expired sell offer is still in the ledger.
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            // Check if the expired sell offer behavior matches amendment status
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

-            // Anyone can cancel the expired sell offer.
-            env(token::cancelOffer(issuer, {offer1}));
-            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            if (!features[fixExpiredNFTokenOfferRemoval])
+            {
+                // Before amendment: expired offer still exists and needs to be
+                // cancelled
+                env(token::cancelOffer(issuer, {offer1}));
+                env.close();
+                minterCount--;
+            }
+            // Ensure that owner counts are correct with and without the
+            // amendment
+            BEAST_EXPECT(ownerCount(env, issuer) == 0 && issuerCount == 0);
+            BEAST_EXPECT(ownerCount(env, minter) == 1 && minterCount == 1);
+            BEAST_EXPECT(ownerCount(env, buyer) == 1 && buyerCount == 1);

            // Transfer nftokenID0 back to minter so we start the next test in
            // a simple place.
@@ -2889,10 +2966,11 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env(token::createOffer(buyer, nftokenID0, XRP(0)), txflags(tfSellNFToken), token::destination(minter));
            env.close();
            env(token::acceptSellOffer(minter, offerSellBack));
+            buyerCount--;
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        // Show that:
        //  1. An unexpired buy offer with an expiration can be accepted.
@@ -2903,14 +2981,16 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite

            uint256 const offer0 = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftokenID0, drops(1)), token::owner(minter), token::expiration(expiration));
+            buyerCount++;

            uint256 const offer1 = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftokenID1, drops(1)), token::owner(minter), token::expiration(expiration));
+            buyerCount++;
            env.close();
            BEAST_EXPECT(lastClose(env) < expiration);
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // An unexpired buy offer can be accepted.
            env(token::acceptBuyOffer(minter, offer0));
@@ -2919,26 +2999,48 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            while (lastClose(env) < expiration)
                env.close();

-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // An expired buy offer cannot be accepted.
            env(token::acceptBuyOffer(minter, offer1), ter(tecEXPIRED));
-            env(token::acceptBuyOffer(issuer, offer1), ter(tecEXPIRED));
+
+            // With fixExpiredNFTokenOfferRemoval amendment, the first accept
+            // attempt deletes the expired offer. Without the amendment,
+            // the offer remains and we can try to accept it again.
+            if (features[fixExpiredNFTokenOfferRemoval])
+            {
+                // After amendment: offer was deleted by first accept attempt
+                buyerCount--;
+                env(token::acceptBuyOffer(issuer, offer1), ter(tecOBJECT_NOT_FOUND));
+            }
+            else
+            {
+                // Before amendment: offer still exists, second accept also
+                // fails
+                env(token::acceptBuyOffer(issuer, offer1), ter(tecEXPIRED));
+            }
            env.close();

-            // The expired buy offer is still in the ledger.
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            // Check if the expired buy offer behavior matches amendment status
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

-            // Anyone can cancel the expired buy offer.
-            env(token::cancelOffer(issuer, {offer1}));
-            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            if (!features[fixExpiredNFTokenOfferRemoval])
+            {
+                // Before amendment: expired offer still exists and can be
+                // cancelled
+                env(token::cancelOffer(issuer, {offer1}));
+                env.close();
+                buyerCount--;
+            }
+            // Ensure that owner counts are the same with and without the
+            // amendment
+            BEAST_EXPECT(ownerCount(env, issuer) == 0 && issuerCount == 0);
+            BEAST_EXPECT(ownerCount(env, minter) == 1 && minterCount == 1);
+            BEAST_EXPECT(ownerCount(env, buyer) == 1 && buyerCount == 1);

            // Transfer nftokenID0 back to minter so we start the next test in
            // a simple place.
@@ -2947,9 +3049,10 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env.close();
            env(token::acceptSellOffer(minter, offerSellBack));
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            buyerCount--;
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        // Show that in brokered mode:
        //  1. An unexpired sell offer with an expiration can be accepted.
@@ -2962,50 +3065,74 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env(token::createOffer(minter, nftokenID0, drops(1)),
                token::expiration(expiration),
                txflags(tfSellNFToken));
+            minterCount++;

            uint256 const sellOffer1 = keylet::nftoffer(minter, env.seq(minter)).key;
            env(token::createOffer(minter, nftokenID1, drops(1)),
                token::expiration(expiration),
                txflags(tfSellNFToken));
+            minterCount++;

            uint256 const buyOffer0 = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftokenID0, drops(1)), token::owner(minter));
+            buyerCount++;

            uint256 const buyOffer1 = keylet::nftoffer(buyer, env.seq(buyer)).key;
            env(token::createOffer(buyer, nftokenID1, drops(1)), token::owner(minter));
+            buyerCount++;

            env.close();
            BEAST_EXPECT(lastClose(env) < expiration);
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 3);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // An unexpired offer can be brokered.
            env(token::brokerOffers(issuer, buyOffer0, sellOffer0));
+            minterCount--;

            // Close enough ledgers to get past the expiration.
            while (lastClose(env) < expiration)
                env.close();

-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);

            // If the sell offer is expired it cannot be brokered.
            env(token::brokerOffers(issuer, buyOffer1, sellOffer1), ter(tecEXPIRED));
            env.close();

-            // The expired sell offer is still in the ledger.
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
+            if (features[fixExpiredNFTokenOfferRemoval])
+            {
+                // With amendment: expired offers are deleted
+                minterCount--;
+            }

-            // Anyone can cancel the expired sell offer.
-            env(token::cancelOffer(buyer, {buyOffer1, sellOffer1}));
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
+
+            if (features[fixExpiredNFTokenOfferRemoval])
+            {
+                // The buy offer was deleted, so no need to cancel it
+                // The sell offer still exists, so we can cancel it
+                env(token::cancelOffer(buyer, {buyOffer1}));
+                buyerCount--;
+            }
+            else
+            {
+                // Anyone can cancel the expired offers
+                env(token::cancelOffer(buyer, {buyOffer1, sellOffer1}));
+                minterCount--;
+                buyerCount--;
+            }
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 1);
+            // Ensure that owner counts are the same with and without the
+            // amendment
+            BEAST_EXPECT(ownerCount(env, issuer) == 0 && issuerCount == 0);
+            BEAST_EXPECT(ownerCount(env, minter) == 1 && minterCount == 1);
+            BEAST_EXPECT(ownerCount(env, buyer) == 1 && buyerCount == 1);

            // Transfer nftokenID0 back to minter so we start the next test in
            // a simple place.
@@ -3014,9 +3141,10 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            env.close();
            env(token::acceptSellOffer(minter, offerSellBack));
            env.close();
-            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 1);
-            BEAST_EXPECT(ownerCount(env, buyer) == 0);
+            buyerCount--;
+            BEAST_EXPECT(ownerCount(env, issuer) == issuerCount);
+            BEAST_EXPECT(ownerCount(env, minter) == minterCount);
+            BEAST_EXPECT(ownerCount(env, buyer) == buyerCount);
        }
        // Show that in brokered mode:
        //  1. An unexpired buy offer with an expiration can be accepted.
@@ -3054,17 +3182,28 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            BEAST_EXPECT(ownerCount(env, minter) == 2);
            BEAST_EXPECT(ownerCount(env, buyer) == 2);

-            // If the buy offer is expired it cannot be brokered.
            env(token::brokerOffers(issuer, buyOffer1, sellOffer1), ter(tecEXPIRED));
            env.close();

-            // The expired buy offer is still in the ledger.
            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
-
-            // Anyone can cancel the expired buy offer.
-            env(token::cancelOffer(minter, {buyOffer1, sellOffer1}));
+            if (features[fixExpiredNFTokenOfferRemoval])
+            {
+                // After amendment: expired offers were deleted during broker
+                // attempt
+                BEAST_EXPECT(ownerCount(env, minter) == 2);
+                BEAST_EXPECT(ownerCount(env, buyer) == 1);
+                // The buy offer was deleted, so no need to cancel it
+                // The sell offer still exists, so we can cancel it
+                env(token::cancelOffer(minter, {sellOffer1}));
+            }
+            else
+            {
+                // Before amendment: expired offers still exist in ledger
+                BEAST_EXPECT(ownerCount(env, minter) == 2);
+                BEAST_EXPECT(ownerCount(env, buyer) == 2);
+                // Anyone can cancel the expired offers
+                env(token::cancelOffer(minter, {buyOffer1, sellOffer1}));
+            }
            env.close();
            BEAST_EXPECT(ownerCount(env, issuer) == 0);
            BEAST_EXPECT(ownerCount(env, minter) == 1);
@@ -3122,17 +3261,19 @@ class NFTokenBaseUtil_test : public beast::unit_test::suite
            BEAST_EXPECT(ownerCount(env, minter) == 2);
            BEAST_EXPECT(ownerCount(env, buyer) == 2);

-            // If the offers are expired they cannot be brokered.
            env(token::brokerOffers(issuer, buyOffer1, sellOffer1), ter(tecEXPIRED));
            env.close();

            // The expired offers are still in the ledger.
            BEAST_EXPECT(ownerCount(env, issuer) == 0);
-            BEAST_EXPECT(ownerCount(env, minter) == 2);
-            BEAST_EXPECT(ownerCount(env, buyer) == 2);
-
-            // Anyone can cancel the expired offers.
-            env(token::cancelOffer(issuer, {buyOffer1, sellOffer1}));
+            if (!features[fixExpiredNFTokenOfferRemoval])
+            {
+                // Before amendment: expired offers still exist in ledger
+                BEAST_EXPECT(ownerCount(env, minter) == 2);
+                BEAST_EXPECT(ownerCount(env, buyer) == 2);
+                // Anyone can cancel the expired offers
+                env(token::cancelOffer(issuer, {buyOffer1, sellOffer1}));
+            }
            env.close();
            BEAST_EXPECT(ownerCount(env, issuer) == 0);
            BEAST_EXPECT(ownerCount(env, minter) == 1);
@@ -6736,7 +6877,9 @@ public:
    void
    run() override
    {
-        testWithFeats(allFeatures - fixNFTokenReserve - featureNFTokenMintOffer - featureDynamicNFT);
+        testWithFeats(
+            allFeatures - fixNFTokenReserve - featureNFTokenMintOffer - featureDynamicNFT -
+            fixExpiredNFTokenOfferRemoval);
    }
 };

@@ -6767,6 +6910,15 @@ class NFTokenWOModify_test : public NFTokenBaseUtil_test
    }
 };

+class NFTokenWOExpiredOfferRemoval_test : public NFTokenBaseUtil_test
+{
+    void
+    run() override
+    {
+        testWithFeats(allFeatures - fixExpiredNFTokenOfferRemoval);
+    }
+};
+
 class NFTokenAllFeatures_test : public NFTokenBaseUtil_test
 {
    void
--- a/src/test/app/ValidatorSite_test.cpp
+++ b/src/test/app/ValidatorSite_test.cpp
@@ -148,7 +148,7 @@ private:
        std::vector<std::string> emptyCfgKeys;
        struct publisher
        {
-            publisher(FetchListConfig const& c) : cfg{c}
+            publisher(FetchListConfig const& c) : cfg{c}, isRetry{false}
            {
            }
            std::shared_ptr<TrustedPublisherServer> server;
--- a/src/test/basics/Number_test.cpp
+++ b/src/test/basics/Number_test.cpp
@@ -32,9 +32,10 @@ public:
    test_limits()
    {
        auto const scale = Number::getMantissaScale();
-        testcase << "test_limits " << to_string(scale);
-        bool caught = false;
        auto const minMantissa = Number::minMantissa();
+
+        testcase << "test_limits " << to_string(scale) << ", " << minMantissa;
+        bool caught = false;
        try
        {
            Number x = Number{false, minMantissa * 10, 32768, Number::normalized{}};
@@ -58,8 +59,9 @@ public:
            __LINE__);
        test(Number{false, minMantissa, -32769, Number::normalized{}}, Number{}, __LINE__);
        test(
+            // Use 1501 to force rounding up
            Number{false, minMantissa, 32000, Number::normalized{}} * 1'000 +
-                Number{false, 1'500, 32000, Number::normalized{}},
+                Number{false, 1'501, 32000, Number::normalized{}},
            Number{false, minMantissa + 2, 32003, Number::normalized{}},
            __LINE__);
        // 9,223,372,036,854,775,808
@@ -159,8 +161,8 @@ public:
                {Number{true, 9'999'999'999'999'999'999ULL, -37, Number::normalized{}},
                 Number{1'000'000'000'000'000'000, -18},
                 Number{false, 9'999'999'999'999'999'990ULL, -19, Number::normalized{}}},
-                {Number{Number::maxRep}, Number{6, -1}, Number{Number::maxRep / 10, 1}},
-                {Number{Number::maxRep - 1}, Number{1, 0}, Number{Number::maxRep}},
+                {Number{Number::largestMantissa}, Number{6, -1}, Number{Number::largestMantissa / 10, 1}},
+                {Number{Number::largestMantissa - 1}, Number{1, 0}, Number{Number::largestMantissa}},
                // Test extremes
                {
                    // Each Number operand rounds up, so the actual mantissa is
@@ -170,11 +172,18 @@ public:
                    Number{2, 19},
                },
                {
-                    // Does not round. Mantissas are going to be > maxRep, so if
-                    // added together as uint64_t's, the result will overflow.
-                    // With addition using uint128_t, there's no problem. After
-                    // normalizing, the resulting mantissa ends up less than
-                    // maxRep.
+                    // Does not round. Mantissas are going to be >
+                    // largestMantissa, so if added together as uint64_t's, the
+                    // result will overflow. With addition using uint128_t,
+                    // there's no problem. After normalizing, the resulting
+                    // mantissa ends up less than largestMantissa.
+                    Number{false, Number::largestMantissa, 0, Number::normalized{}},
+                    Number{false, Number::largestMantissa, 0, Number::normalized{}},
+                    Number{false, Number::largestMantissa * 2, 0, Number::normalized{}},
+                },
+                {
+                    // These mantissas round down, so adding them together won't
+                    // have any consequences.
                    Number{false, 9'999'999'999'999'999'990ULL, 0, Number::normalized{}},
                    Number{false, 9'999'999'999'999'999'990ULL, 0, Number::normalized{}},
                    Number{false, 1'999'999'999'999'999'998ULL, 1, Number::normalized{}},
@@ -261,12 +270,14 @@ public:
                {Number{1'000'000'000'000'000'001, -18},
                 Number{1'000'000'000'000'000'000, -18},
                 Number{1'000'000'000'000'000'000, -36}},
-                {Number{Number::maxRep}, Number{6, -1}, Number{Number::maxRep - 1}},
-                {Number{false, Number::maxRep + 1, 0, Number::normalized{}},
+                {Number{Number::largestMantissa}, Number{6, -1}, Number{Number::largestMantissa - 1}},
+                {Number{false, Number::largestMantissa + 1, 0, Number::normalized{}},
                 Number{1, 0},
-                 Number{Number::maxRep / 10 + 1, 1}},
-                {Number{false, Number::maxRep + 1, 0, Number::normalized{}}, Number{3, 0}, Number{Number::maxRep}},
-                {power(2, 63), Number{3, 0}, Number{Number::maxRep}},
+                 Number{Number::largestMantissa / 10 + 1, 1}},
+                {Number{false, Number::largestMantissa + 1, 0, Number::normalized{}},
+                 Number{3, 0},
+                 Number{Number::largestMantissa}},
+                {power(2, 63), Number{3, 0}, Number{Number::largestMantissa}},
            });
        auto test = [this](auto const& c) {
            for (auto const& [x, y, z] : c)
@@ -289,14 +300,16 @@ public:
        auto const scale = Number::getMantissaScale();
        testcase << "test_mul " << to_string(scale);

-        using Case = std::tuple<Number, Number, Number>;
+        // Case: Factor 1, Factor 2, Expected product, Line number
+        using Case = std::tuple<Number, Number, Number, int>;
        auto test = [this](auto const& c) {
-            for (auto const& [x, y, z] : c)
+            for (auto const& [x, y, z, line] : c)
            {
                auto const result = x * y;
                std::stringstream ss;
                ss << x << " * " << y << " = " << result << ". Expected: " << z;
-                BEAST_EXPECTS(result == z, ss.str());
+                BEAST_EXPECTS(
+                    result == z, ss.str() + " line: " + std::to_string(line));
            }
        };
        auto tests = [&](auto const& cSmall, auto const& cLarge) {
@@ -306,48 +319,105 @@ public:
                test(cLarge);
        };
        auto const maxMantissa = Number::maxMantissa();
+        auto const maxInternalMantissa =
+            static_cast<std::uint64_t>(
+                static_cast<std::int64_t>(power(10, Number::mantissaLog()))) *
+                10 -
+            1;

        saveNumberRoundMode save{Number::setround(Number::to_nearest)};
        {
            auto const cSmall = std::to_array<Case>({
-                {Number{7}, Number{8}, Number{56}},
-                {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{2000000000000000, -15}},
-                {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-2000000000000000, -15}},
-                {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{2000000000000000, -15}},
-                {Number{3214285714285706, -15}, Number{3111111111111119, -15}, Number{1000000000000000, -14}},
-                {Number{1000000000000000, -32768}, Number{1000000000000000, -32768}, Number{0}},
+                {Number{7}, Number{8}, Number{56}, __LINE__},
+                {Number{1414213562373095, -15},
+                 Number{1414213562373095, -15},
+                 Number{2000000000000000, -15},
+                 __LINE__},
+                {Number{-1414213562373095, -15},
+                 Number{1414213562373095, -15},
+                 Number{-2000000000000000, -15},
+                 __LINE__},
+                {Number{-1414213562373095, -15},
+                 Number{-1414213562373095, -15},
+                 Number{2000000000000000, -15},
+                 __LINE__},
+                {Number{3214285714285706, -15},
+                 Number{3111111111111119, -15},
+                 Number{1000000000000000, -14},
+                 __LINE__},
+                {Number{1000000000000000, -32768},
+                 Number{1000000000000000, -32768},
+                 Number{0},
+                 __LINE__},
                // Maximum mantissa range
-                {Number{9'999'999'999'999'999, 0}, Number{9'999'999'999'999'999, 0}, Number{9'999'999'999'999'998, 16}},
+                {Number{9'999'999'999'999'999, 0},
+                 Number{9'999'999'999'999'999, 0},
+                 Number{9'999'999'999'999'998, 16},
+                 __LINE__},
            });
            auto const cLarge = std::to_array<Case>({
                // Note that items with extremely large mantissas need to be
                // calculated, because otherwise they overflow uint64. Items
                // from C with larger mantissa
-                {Number{7}, Number{8}, Number{56}},
-                {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999862, -18}},
-                {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999862, -18}},
-                {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999862, -18}},
+                {Number{7}, Number{8}, Number{56}, __LINE__},
+                {Number{1414213562373095, -15},
+                 Number{1414213562373095, -15},
+                 Number{1999999999999999862, -18},
+                 __LINE__},
+                {Number{-1414213562373095, -15},
+                 Number{1414213562373095, -15},
+                 Number{-1999999999999999862, -18},
+                 __LINE__},
+                {Number{-1414213562373095, -15},
+                 Number{-1414213562373095, -15},
+                 Number{1999999999999999862, -18},
+                 __LINE__},
                {Number{3214285714285706, -15},
                 Number{3111111111111119, -15},
-                 Number{false, 9'999'999'999'999'999'579ULL, -18, Number::normalized{}}},
-                {Number{1000000000000000000, -32768}, Number{1000000000000000000, -32768}, Number{0}},
+                 Number{
+                     false,
+                     9'999'999'999'999'999'579ULL,
+                     -18,
+                     Number::normalized{}},
+                 __LINE__},
+                {Number{1000000000000000000, -32768},
+                 Number{1000000000000000000, -32768},
+                 Number{0},
+                 __LINE__},
                // Items from cSmall expanded for the larger mantissa,
                // except duplicates. Sadly, it looks like sqrt(2)^2 != 2
                // with higher precision
-                {Number{1414213562373095049, -18}, Number{1414213562373095049, -18}, Number{2000000000000000001, -18}},
+                {Number{1414213562373095049, -18},
+                 Number{1414213562373095049, -18},
+                 Number{2000000000000000001, -18},
+                 __LINE__},
                {Number{-1414213562373095048, -18},
                 Number{1414213562373095048, -18},
-                 Number{-1999999999999999998, -18}},
+                 Number{-1999999999999999998, -18},
+                 __LINE__},
                {Number{-1414213562373095048, -18},
                 Number{-1414213562373095049, -18},
-                 Number{1999999999999999999, -18}},
-                {Number{3214285714285714278, -18}, Number{3111111111111111119, -18}, Number{10, 0}},
-                // Maximum mantissa range - rounds up to 1e19
+                 Number{1999999999999999999, -18},
+                 __LINE__},
+                {Number{3214285714285714278, -18},
+                 Number{3111111111111111119, -18},
+                 Number{10, 0},
+                 __LINE__},
+                // Maximum internal mantissa range - rounds up to 1e19
+                {Number{false, maxInternalMantissa, 0, Number::normalized{}},
+                 Number{false, maxInternalMantissa, 0, Number::normalized{}},
+                 Number{1, 38},
+                 __LINE__},
+                // Maximum actual mantissa range - same as int64 range
                {Number{false, maxMantissa, 0, Number::normalized{}},
                 Number{false, maxMantissa, 0, Number::normalized{}},
-                 Number{1, 38}},
+                 Number{85'070'591'730'234'615'85, 19},
+                 __LINE__},
                // Maximum int64 range
-                {Number{Number::maxRep, 0}, Number{Number::maxRep, 0}, Number{85'070'591'730'234'615'85, 19}},
+                {Number{Number::largestMantissa, 0},
+                 Number{Number::largestMantissa, 0},
+                 Number{85'070'591'730'234'615'85, 19},
+                 __LINE__},
            });
            tests(cSmall, cLarge);
        }
@@ -355,44 +425,100 @@ public:
        testcase << "test_mul " << to_string(Number::getMantissaScale()) << " towards_zero";
        {
            auto const cSmall = std::to_array<Case>(
-                {{Number{7}, Number{8}, Number{56}},
-                 {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999, -15}},
-                 {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999, -15}},
-                 {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999, -15}},
-                 {Number{3214285714285706, -15}, Number{3111111111111119, -15}, Number{9999999999999999, -15}},
-                 {Number{1000000000000000, -32768}, Number{1000000000000000, -32768}, Number{0}}});
+                {{Number{7}, Number{8}, Number{56}, __LINE__},
+                 {Number{1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{1999999999999999, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{-1999999999999999, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{-1414213562373095, -15},
+                  Number{1999999999999999, -15},
+                  __LINE__},
+                 {Number{3214285714285706, -15},
+                  Number{3111111111111119, -15},
+                  Number{9999999999999999, -15},
+                  __LINE__},
+                 {Number{1000000000000000, -32768},
+                  Number{1000000000000000, -32768},
+                  Number{0},
+                  __LINE__}});
            auto const cLarge = std::to_array<Case>(
                // Note that items with extremely large mantissas need to be
                // calculated, because otherwise they overflow uint64. Items
                // from C with larger mantissa
                {
-                    {Number{7}, Number{8}, Number{56}},
-                    {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999861, -18}},
-                    {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999861, -18}},
-                    {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999861, -18}},
+                    {Number{7}, Number{8}, Number{56}, __LINE__},
+                    {Number{1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{1999999999999999861, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{-1999999999999999861, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{-1414213562373095, -15},
+                     Number{1999999999999999861, -18},
+                     __LINE__},
                    {Number{3214285714285706, -15},
                     Number{3111111111111119, -15},
-                     Number{false, 9999999999999999579ULL, -18, Number::normalized{}}},
-                    {Number{1000000000000000000, -32768}, Number{1000000000000000000, -32768}, Number{0}},
+                     Number{
+                         false,
+                         9999999999999999579ULL,
+                         -18,
+                         Number::normalized{}},
+                     __LINE__},
+                    {Number{1000000000000000000, -32768},
+                     Number{1000000000000000000, -32768},
+                     Number{0},
+                     __LINE__},
                    // Items from cSmall expanded for the larger mantissa,
                    // except duplicates. Sadly, it looks like sqrt(2)^2 != 2
                    // with higher precision
-                    {Number{1414213562373095049, -18}, Number{1414213562373095049, -18}, Number{2, 0}},
+                    {Number{1414213562373095049, -18},
+                     Number{1414213562373095049, -18},
+                     Number{2, 0},
+                     __LINE__},
                    {Number{-1414213562373095048, -18},
                     Number{1414213562373095048, -18},
-                     Number{-1999999999999999997, -18}},
+                     Number{-1999999999999999997, -18},
+                     __LINE__},
                    {Number{-1414213562373095048, -18},
                     Number{-1414213562373095049, -18},
-                     Number{1999999999999999999, -18}},
-                    {Number{3214285714285714278, -18}, Number{3111111111111111119, -18}, Number{10, 0}},
-                    // Maximum mantissa range - rounds down to maxMantissa/10e1
+                     Number{1999999999999999999, -18},
+                     __LINE__},
+                    {Number{3214285714285714278, -18},
+                     Number{3111111111111111119, -18},
+                     Number{10, 0},
+                     __LINE__},
+                    // Maximum internal mantissa range - rounds down to
+                    // maxMantissa/10e1
                    // 99'999'999'999'999'999'800'000'000'000'000'000'100
+                    {Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{
+                         false,
+                         maxInternalMantissa / 10 - 1,
+                         20,
+                         Number::normalized{}},
+                     __LINE__},
+                    // Maximum actual mantissa range - same as int64
                    {Number{false, maxMantissa, 0, Number::normalized{}},
                     Number{false, maxMantissa, 0, Number::normalized{}},
-                     Number{false, maxMantissa / 10 - 1, 20, Number::normalized{}}},
+                     Number{85'070'591'730'234'615'84, 19},
+                     __LINE__},
                    // Maximum int64 range
                    // 85'070'591'730'234'615'847'396'907'784'232'501'249
-                    {Number{Number::maxRep, 0}, Number{Number::maxRep, 0}, Number{85'070'591'730'234'615'84, 19}},
+                    {Number{Number::largestMantissa, 0},
+                     Number{Number::largestMantissa, 0},
+                     Number{85'070'591'730'234'615'84, 19},
+                     __LINE__},
                });
            tests(cSmall, cLarge);
        }
@@ -400,44 +526,100 @@ public:
        testcase << "test_mul " << to_string(Number::getMantissaScale()) << " downward";
        {
            auto const cSmall = std::to_array<Case>(
-                {{Number{7}, Number{8}, Number{56}},
-                 {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999, -15}},
-                 {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-2000000000000000, -15}},
-                 {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999, -15}},
-                 {Number{3214285714285706, -15}, Number{3111111111111119, -15}, Number{9999999999999999, -15}},
-                 {Number{1000000000000000, -32768}, Number{1000000000000000, -32768}, Number{0}}});
+                {{Number{7}, Number{8}, Number{56}, __LINE__},
+                 {Number{1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{1999999999999999, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{-2000000000000000, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{-1414213562373095, -15},
+                  Number{1999999999999999, -15},
+                  __LINE__},
+                 {Number{3214285714285706, -15},
+                  Number{3111111111111119, -15},
+                  Number{9999999999999999, -15},
+                  __LINE__},
+                 {Number{1000000000000000, -32768},
+                  Number{1000000000000000, -32768},
+                  Number{0},
+                  __LINE__}});
            auto const cLarge = std::to_array<Case>(
                // Note that items with extremely large mantissas need to be
                // calculated, because otherwise they overflow uint64. Items
                // from C with larger mantissa
                {
-                    {Number{7}, Number{8}, Number{56}},
-                    {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999861, -18}},
-                    {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999862, -18}},
-                    {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999861, -18}},
+                    {Number{7}, Number{8}, Number{56}, __LINE__},
+                    {Number{1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{1999999999999999861, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{-1999999999999999862, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{-1414213562373095, -15},
+                     Number{1999999999999999861, -18},
+                     __LINE__},
                    {Number{3214285714285706, -15},
                     Number{3111111111111119, -15},
-                     Number{false, 9'999'999'999'999'999'579ULL, -18, Number::normalized{}}},
-                    {Number{1000000000000000000, -32768}, Number{1000000000000000000, -32768}, Number{0}},
+                     Number{
+                         false,
+                         9'999'999'999'999'999'579ULL,
+                         -18,
+                         Number::normalized{}},
+                     __LINE__},
+                    {Number{1000000000000000000, -32768},
+                     Number{1000000000000000000, -32768},
+                     Number{0},
+                     __LINE__},
                    // Items from cSmall expanded for the larger mantissa,
                    // except duplicates. Sadly, it looks like sqrt(2)^2 != 2
                    // with higher precision
-                    {Number{1414213562373095049, -18}, Number{1414213562373095049, -18}, Number{2, 0}},
+                    {Number{1414213562373095049, -18},
+                     Number{1414213562373095049, -18},
+                     Number{2, 0},
+                     __LINE__},
                    {Number{-1414213562373095048, -18},
                     Number{1414213562373095048, -18},
-                     Number{-1999999999999999998, -18}},
+                     Number{-1999999999999999998, -18},
+                     __LINE__},
                    {Number{-1414213562373095048, -18},
                     Number{-1414213562373095049, -18},
-                     Number{1999999999999999999, -18}},
-                    {Number{3214285714285714278, -18}, Number{3111111111111111119, -18}, Number{10, 0}},
-                    // Maximum mantissa range - rounds down to maxMantissa/10e1
+                     Number{1999999999999999999, -18},
+                     __LINE__},
+                    {Number{3214285714285714278, -18},
+                     Number{3111111111111111119, -18},
+                     Number{10, 0},
+                     __LINE__},
+                    // Maximum internal mantissa range - rounds down to
+                    // maxMantissa/10-1
                    // 99'999'999'999'999'999'800'000'000'000'000'000'100
+                    {Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{
+                         false,
+                         maxInternalMantissa / 10 - 1,
+                         20,
+                         Number::normalized{}},
+                     __LINE__},
+                    // Maximum mantissa range - same as int64
                    {Number{false, maxMantissa, 0, Number::normalized{}},
                     Number{false, maxMantissa, 0, Number::normalized{}},
-                     Number{false, maxMantissa / 10 - 1, 20, Number::normalized{}}},
+                     Number{85'070'591'730'234'615'84, 19},
+                     __LINE__},
                    // Maximum int64 range
                    // 85'070'591'730'234'615'847'396'907'784'232'501'249
-                    {Number{Number::maxRep, 0}, Number{Number::maxRep, 0}, Number{85'070'591'730'234'615'84, 19}},
+                    {Number{Number::largestMantissa, 0},
+                     Number{Number::largestMantissa, 0},
+                     Number{85'070'591'730'234'615'84, 19},
+                     __LINE__},
                });
            tests(cSmall, cLarge);
        }
@@ -445,44 +627,91 @@ public:
        testcase << "test_mul " << to_string(Number::getMantissaScale()) << " upward";
        {
            auto const cSmall = std::to_array<Case>(
-                {{Number{7}, Number{8}, Number{56}},
-                 {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{2000000000000000, -15}},
-                 {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999, -15}},
-                 {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{2000000000000000, -15}},
-                 {Number{3214285714285706, -15}, Number{3111111111111119, -15}, Number{1000000000000000, -14}},
-                 {Number{1000000000000000, -32768}, Number{1000000000000000, -32768}, Number{0}}});
+                {{Number{7}, Number{8}, Number{56}, __LINE__},
+                 {Number{1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{2000000000000000, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{1414213562373095, -15},
+                  Number{-1999999999999999, -15},
+                  __LINE__},
+                 {Number{-1414213562373095, -15},
+                  Number{-1414213562373095, -15},
+                  Number{2000000000000000, -15},
+                  __LINE__},
+                 {Number{3214285714285706, -15},
+                  Number{3111111111111119, -15},
+                  Number{1000000000000000, -14},
+                  __LINE__},
+                 {Number{1000000000000000, -32768},
+                  Number{1000000000000000, -32768},
+                  Number{0},
+                  __LINE__}});
            auto const cLarge = std::to_array<Case>(
                // Note that items with extremely large mantissas need to be
                // calculated, because otherwise they overflow uint64. Items
                // from C with larger mantissa
                {
-                    {Number{7}, Number{8}, Number{56}},
-                    {Number{1414213562373095, -15}, Number{1414213562373095, -15}, Number{1999999999999999862, -18}},
-                    {Number{-1414213562373095, -15}, Number{1414213562373095, -15}, Number{-1999999999999999861, -18}},
-                    {Number{-1414213562373095, -15}, Number{-1414213562373095, -15}, Number{1999999999999999862, -18}},
-                    {Number{3214285714285706, -15}, Number{3111111111111119, -15}, Number{999999999999999958, -17}},
-                    {Number{1000000000000000000, -32768}, Number{1000000000000000000, -32768}, Number{0}},
+                    {Number{7}, Number{8}, Number{56}, __LINE__},
+                    {Number{1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{1999999999999999862, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{1414213562373095, -15},
+                     Number{-1999999999999999861, -18},
+                     __LINE__},
+                    {Number{-1414213562373095, -15},
+                     Number{-1414213562373095, -15},
+                     Number{1999999999999999862, -18},
+                     __LINE__},
+                    {Number{3214285714285706, -15},
+                     Number{3111111111111119, -15},
+                     Number{999999999999999958, -17},
+                     __LINE__},
+                    {Number{1000000000000000000, -32768},
+                     Number{1000000000000000000, -32768},
+                     Number{0},
+                     __LINE__},
                    // Items from cSmall expanded for the larger mantissa,
                    // except duplicates. Sadly, it looks like sqrt(2)^2 != 2
                    // with higher precision
                    {Number{1414213562373095049, -18},
                     Number{1414213562373095049, -18},
-                     Number{2000000000000000001, -18}},
+                     Number{2000000000000000001, -18},
+                     __LINE__},
                    {Number{-1414213562373095048, -18},
                     Number{1414213562373095048, -18},
-                     Number{-1999999999999999997, -18}},
-                    {Number{-1414213562373095048, -18}, Number{-1414213562373095049, -18}, Number{2, 0}},
+                     Number{-1999999999999999997, -18},
+                     __LINE__},
+                    {Number{-1414213562373095048, -18},
+                     Number{-1414213562373095049, -18},
+                     Number{2, 0},
+                     __LINE__},
                    {Number{3214285714285714278, -18},
                     Number{3111111111111111119, -18},
-                     Number{1000000000000000001, -17}},
-                    // Maximum mantissa range - rounds up to minMantissa*10
-                    // 1e19*1e19=1e38
+                     Number{1000000000000000001, -17},
+                     __LINE__},
+                    // Maximum internal mantissa range - rounds up to
+                    // minMantissa*10 1e19*1e19=1e38
+                    {Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{
+                         false, maxInternalMantissa, 0, Number::normalized{}},
+                     Number{1, 38},
+                     __LINE__},
+                    // Maximum mantissa range - same as int64
                    {Number{false, maxMantissa, 0, Number::normalized{}},
                     Number{false, maxMantissa, 0, Number::normalized{}},
-                     Number{1, 38}},
+                     Number{85'070'591'730'234'615'85, 19},
+                     __LINE__},
                    // Maximum int64 range
                    // 85'070'591'730'234'615'847'396'907'784'232'501'249
-                    {Number{Number::maxRep, 0}, Number{Number::maxRep, 0}, Number{85'070'591'730'234'615'85, 19}},
+                    {Number{Number::largestMantissa, 0},
+                     Number{Number::largestMantissa, 0},
+                     Number{85'070'591'730'234'615'85, 19},
+                     __LINE__},
                });
            tests(cSmall, cLarge);
        }
@@ -697,6 +926,12 @@ public:
        };
        */

+        auto const maxInternalMantissa =
+            static_cast<std::uint64_t>(
+                static_cast<std::int64_t>(power(10, Number::mantissaLog()))) *
+                10 -
+            1;
+
        auto const cSmall = std::to_array<Case>(
            {{Number{2}, 2, Number{1414213562373095049, -18}},
             {Number{2'000'000}, 2, Number{1414213562373095049, -15}},
@@ -708,14 +943,19 @@ public:
             {Number{0}, 5, Number{0}},
             {Number{5625, -4}, 2, Number{75, -2}}});
        auto const cLarge = std::to_array<Case>({
-            {Number{false, Number::maxMantissa() - 9, -1, Number::normalized{}},
+            {Number{false, maxInternalMantissa - 9, -1, Number::normalized{}},
             2,
             Number{false, 999'999'999'999'999'999, -9, Number::normalized{}}},
-            {Number{false, Number::maxMantissa() - 9, 0, Number::normalized{}},
+            {Number{false, maxInternalMantissa - 9, 0, Number::normalized{}},
             2,
-             Number{false, 3'162'277'660'168'379'330, -9, Number::normalized{}}},
-            {Number{Number::maxRep}, 2, Number{false, 3'037'000'499'976049692, -9, Number::normalized{}}},
-            {Number{Number::maxRep}, 4, Number{false, 55'108'98747006743627, -14, Number::normalized{}}},
+             Number{
+                 false, 3'162'277'660'168'379'330, -9, Number::normalized{}}},
+            {Number{Number::largestMantissa},
+             2,
+             Number{false, 3'037'000'499'976049692, -9, Number::normalized{}}},
+            {Number{Number::largestMantissa},
+             4,
+             Number{false, 55'108'98747006743627, -14, Number::normalized{}}},
        });
        test(cSmall);
        if (Number::getMantissaScale() != MantissaRange::small)
@@ -762,6 +1002,9 @@ public:
            }
        };

+        auto const maxInternalMantissa =
+            power(10, Number::mantissaLog()) * 10 - 1;
+
        auto const cSmall = std::to_array<Number>({
            Number{2},
            Number{2'000'000},
@@ -771,7 +1014,10 @@ public:
            Number{5, -1},
            Number{0},
            Number{5625, -4},
-            Number{Number::maxRep},
+            Number{Number::largestMantissa},
+            maxInternalMantissa,
+            Number{Number::minMantissa(), 0, Number::unchecked{}},
+            Number{Number::maxMantissa(), 0, Number::unchecked{}},
        });
        test(cSmall);
        bool caught = false;
@@ -1113,16 +1359,20 @@ public:
            case MantissaRange::large:
                // Test the edges
                // ((exponent < -(28)) || (exponent > -(8)))))
-                test(Number::min(), "1e-32750");
+                test(Number::min(), "922337203685477581e-32768");
                test(Number::max(), "9223372036854775807e32768");
                test(Number::lowest(), "-9223372036854775807e32768");
                {
                    NumberRoundModeGuard mg(Number::towards_zero);

                    auto const maxMantissa = Number::maxMantissa();
-                    BEAST_EXPECT(maxMantissa == 9'999'999'999'999'999'999ULL);
-                    test(Number{false, maxMantissa, 0, Number::normalized{}}, "9999999999999999990");
-                    test(Number{true, maxMantissa, 0, Number::normalized{}}, "-9999999999999999990");
+                    BEAST_EXPECT(maxMantissa == 9'223'372'036'854'775'807ULL);
+                    test(
+                        Number{false, maxMantissa, 0, Number::normalized{}},
+                        "9223372036854775807");
+                    test(
+                        Number{true, maxMantissa, 0, Number::normalized{}},
+                        "-9223372036854775807");

                    test(Number{std::numeric_limits<std::int64_t>::max(), 0}, "9223372036854775807");
                    test(-(Number{std::numeric_limits<std::int64_t>::max(), 0}), "-9223372036854775807");
@@ -1300,7 +1550,7 @@ public:
            Number const initalXrp{INITIAL_XRP};
            BEAST_EXPECT(initalXrp.exponent() > 0);

-            Number const maxInt64{Number::maxRep};
+            Number const maxInt64{Number::largestMantissa};
            BEAST_EXPECT(maxInt64.exponent() > 0);
            // 85'070'591'730'234'615'865'843'651'857'942'052'864 - 38 digits
            BEAST_EXPECT((power(maxInt64, 2) == Number{85'070'591'730'234'62, 22}));
@@ -1317,20 +1567,254 @@ public:
            Number const initalXrp{INITIAL_XRP};
            BEAST_EXPECT(initalXrp.exponent() <= 0);

-            Number const maxInt64{Number::maxRep};
+            Number const maxInt64{Number::largestMantissa};
            BEAST_EXPECT(maxInt64.exponent() <= 0);
            // 85'070'591'730'234'615'847'396'907'784'232'501'249 - 38 digits
            BEAST_EXPECT((power(maxInt64, 2) == Number{85'070'591'730'234'615'85, 19}));

            NumberRoundModeGuard mg(Number::towards_zero);

-            auto const maxMantissa = Number::maxMantissa();
-            Number const max = Number{false, maxMantissa, 0, Number::normalized{}};
-            BEAST_EXPECT(max.mantissa() == maxMantissa / 10);
-            BEAST_EXPECT(max.exponent() == 1);
-            // 99'999'999'999'999'999'800'000'000'000'000'000'100 - also 38
-            // digits
-            BEAST_EXPECT((power(max, 2) == Number{false, maxMantissa / 10 - 1, 20, Number::normalized{}}));
+            {
+                auto const maxInternalMantissa =
+                    static_cast<std::uint64_t>(static_cast<std::int64_t>(
+                        power(10, Number::mantissaLog()))) *
+                        10 -
+                    1;
+
+                // Rounds down to fit under 2^63
+                Number const max =
+                    Number{false, maxInternalMantissa, 0, Number::normalized{}};
+                // No alterations by the accessors
+                BEAST_EXPECT(max.mantissa() == maxInternalMantissa / 10);
+                BEAST_EXPECT(max.exponent() == 1);
+                // 99'999'999'999'999'999'800'000'000'000'000'000'100 - also 38
+                // digits
+                BEAST_EXPECT(
+                    (power(max, 2) ==
+                     Number{
+                         false,
+                         maxInternalMantissa / 10 - 1,
+                         20,
+                         Number::normalized{}}));
+            }
+
+            {
+                auto const maxMantissa = Number::maxMantissa();
+                Number const max =
+                    Number{false, maxMantissa, 0, Number::normalized{}};
+                // No alterations by the accessors
+                BEAST_EXPECT(max.mantissa() == maxMantissa);
+                BEAST_EXPECT(max.exponent() == 0);
+                // 85'070'591'730'234'615'847'396'907'784'232'501'249 - also 38
+                // digits
+                BEAST_EXPECT(
+                    (power(max, 2) ==
+                     Number{
+                         false,
+                         85'070'591'730'234'615'84,
+                         19,
+                         Number::normalized{}}));
+            }
+        }
+    }
+
+    void
+    testNormalizeToRange()
+    {
+        // Test edge-cases of normalizeToRange
+        auto const scale = Number::getMantissaScale();
+        testcase << "normalizeToRange " << to_string(scale);
+
+        auto test = [this](
+                        Number const& n,
+                        auto const rangeMin,
+                        auto const rangeMax,
+                        auto const expectedMantissa,
+                        auto const expectedExponent,
+                        auto const line) {
+            auto const normalized = n.normalizeToRange(rangeMin, rangeMax);
+            BEAST_EXPECTS(
+                normalized.first == expectedMantissa,
+                "Number " + to_string(n) + " scaled to " +
+                    std::to_string(rangeMax) +
+                    ". Expected mantissa:" + std::to_string(expectedMantissa) +
+                    ", got: " + std::to_string(normalized.first) + " @ " +
+                    std::to_string(line));
+            BEAST_EXPECTS(
+                normalized.second == expectedExponent,
+                "Number " + to_string(n) + " scaled to " +
+                    std::to_string(rangeMax) +
+                    ". Expected exponent:" + std::to_string(expectedExponent) +
+                    ", got: " + std::to_string(normalized.second) + " @ " +
+                    std::to_string(line));
+        };
+
+        std::int64_t constexpr iRangeMin = 100;
+        std::int64_t constexpr iRangeMax = 999;
+
+        std::uint64_t constexpr uRangeMin = 100;
+        std::uint64_t constexpr uRangeMax = 999;
+
+        constexpr static MantissaRange largeRange{MantissaRange::large};
+
+        std::int64_t constexpr iBigMin = largeRange.min;
+        std::int64_t constexpr iBigMax = largeRange.max;
+
+        auto const testSuite = [&](Number const& n,
+                                   auto const expectedSmallMantissa,
+                                   auto const expectedSmallExponent,
+                                   auto const expectedLargeMantissa,
+                                   auto const expectedLargeExponent,
+                                   auto const line) {
+            test(
+                n,
+                iRangeMin,
+                iRangeMax,
+                expectedSmallMantissa,
+                expectedSmallExponent,
+                line);
+            test(
+                n,
+                iBigMin,
+                iBigMax,
+                expectedLargeMantissa,
+                expectedLargeExponent,
+                line);
+
+            // Only test non-negative. testing a negative number with an
+            // unsigned range will assert, and asserts can't be tested.
+            if (n.signum() >= 0)
+            {
+                test(
+                    n,
+                    uRangeMin,
+                    uRangeMax,
+                    expectedSmallMantissa,
+                    expectedSmallExponent,
+                    line);
+                test(
+                    n,
+                    largeRange.min,
+                    largeRange.max,
+                    expectedLargeMantissa,
+                    expectedLargeExponent,
+                    line);
+            }
+        };
+
+        {
+            // zero
+            Number const n{0};
+
+            testSuite(
+                n,
+                0,
+                std::numeric_limits<int>::lowest(),
+                0,
+                std::numeric_limits<int>::lowest(),
+                __LINE__);
+        }
+        {
+            // Small positive number
+            Number const n{2};
+
+            testSuite(n, 200, -2, 2'000'000'000'000'000'000, -18, __LINE__);
+        }
+        {
+            // Negative number
+            Number const n{-2};
+
+            testSuite(n, -200, -2, -2'000'000'000'000'000'000, -18, __LINE__);
+        }
+        {
+            // Biggest valid mantissa
+            Number const n{Number::largestMantissa, 0, Number::normalized{}};
+
+            if (scale == MantissaRange::small)
+                // With the small mantissa range, the value rounds up. Because
+                // it rounds up, when scaling up to the full int64 range, it
+                // can't go over the max, so it is one digit smaller than the
+                // full value.
+                testSuite(n, 922, 16, 922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, 922, 16, Number::largestMantissa, 0, __LINE__);
+        }
+        {
+            // Biggest valid mantissa + 1
+            Number const n{
+                Number::largestMantissa + 1, 0, Number::normalized{}};
+
+            if (scale == MantissaRange::small)
+                // With the small mantissa range, the value rounds up. Because
+                // it rounds up, when scaling up to the full int64 range, it
+                // can't go over the max, so it is one digit smaller than the
+                // full value.
+                testSuite(n, 922, 16, 922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, 922, 16, 922'337'203'685'477'581, 1, __LINE__);
+        }
+        {
+            // Biggest valid mantissa + 2
+            Number const n{
+                Number::largestMantissa + 2, 0, Number::normalized{}};
+
+            if (scale == MantissaRange::small)
+                // With the small mantissa range, the value rounds up. Because
+                // it rounds up, when scaling up to the full int64 range, it
+                // can't go over the max, so it is one digit smaller than the
+                // full value.
+                testSuite(n, 922, 16, 922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, 922, 16, 922'337'203'685'477'581, 1, __LINE__);
+        }
+        {
+            // Biggest valid mantissa + 3
+            Number const n{
+                Number::largestMantissa + 3, 0, Number::normalized{}};
+
+            if (scale == MantissaRange::small)
+                // With the small mantissa range, the value rounds up. Because
+                // it rounds up, when scaling up to the full int64 range, it
+                // can't go over the max, so it is one digit smaller than the
+                // full value.
+                testSuite(n, 922, 16, 922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, 922, 16, 922'337'203'685'477'581, 1, __LINE__);
+        }
+        {
+            // int64 min
+            Number const n{std::numeric_limits<std::int64_t>::min(), 0};
+
+            if (scale == MantissaRange::small)
+                testSuite(n, -922, 16, -922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, -922, 16, -922'337'203'685'477'581, 1, __LINE__);
+        }
+        {
+            // int64 min + 1
+            Number const n{std::numeric_limits<std::int64_t>::min() + 1, 0};
+
+            if (scale == MantissaRange::small)
+                testSuite(n, -922, 16, -922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, -922, 16, -9'223'372'036'854'775'807, 0, __LINE__);
+        }
+        {
+            // int64 min - 1
+            // Need to cast to uint, even though we're dealing with a negative
+            // number to avoid overflow and UB
+            Number const n{
+                true,
+                static_cast<std::uint64_t>(
+                    std::numeric_limits<std::int64_t>::min()) +
+                    1,
+                0,
+                Number::normalized{}};
+
+            if (scale == MantissaRange::small)
+                testSuite(n, -922, 16, -922'337'203'685'477'600, 1, __LINE__);
+            else
+                testSuite(n, -922, 16, -922'337'203'685'477'581, 1, __LINE__);
        }
    }

@@ -1361,6 +1845,7 @@ public:
            test_truncate();
            testRounding();
            testInt64();
+            testNormalizeToRange();
        }
    }
 };
--- a/src/tests/libxrpl/net/HTTPClient.cpp
+++ b/src/tests/libxrpl/net/HTTPClient.cpp
@@ -183,6 +183,9 @@ private:
 };

 // Helper function to run HTTP client test
+// Note: Caller must ensure HTTPClient::initializeSSLContext has been called
+// before this function, and HTTPClient::cleanupSSLContext is called after
+// all tests are completed.
 bool
 runHTTPTest(
    TestHTTPServer& server,
@@ -190,14 +193,9 @@ runHTTPTest(
    bool& completed,
    int& resultStatus,
    std::string& resultData,
-    boost::system::error_code& resultError)
+    boost::system::error_code& resultError,
+    beast::Journal& j)
 {
-    // Create a null journal for testing
-    beast::Journal j{TestSink::instance()};
-
-    // Initialize HTTPClient SSL context
-    HTTPClient::initializeSSLContext("", "", false, j);
-
    HTTPClient::get(
        false,  // no SSL
        server.ioc(),
@@ -230,6 +228,9 @@ runHTTPTest(
        }
    }

+    // Drain any remaining handlers to ensure proper cleanup of HTTPClientImp
+    server.ioc().poll();
+
    return completed;
 }

@@ -258,18 +259,27 @@ TEST(HTTPClient, case_insensitive_content_length)
        std::string resultData;
        boost::system::error_code resultError;

-        bool testCompleted = runHTTPTest(server, "/test", completed, resultStatus, resultData, resultError);
+        beast::Journal j{TestSink::instance()};
+        HTTPClient::initializeSSLContext("", "", false, j);

+        bool testCompleted = runHTTPTest(server, "/test", completed, resultStatus, resultData, resultError, j);
        // Verify results
        EXPECT_TRUE(testCompleted);
        EXPECT_FALSE(resultError);
        EXPECT_EQ(resultStatus, 200);
        EXPECT_EQ(resultData, testBody);
    }
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }

 TEST(HTTPClient, basic_http_request)
 {
+    // Initialize SSL context once for the entire test
+    beast::Journal j{TestSink::instance()};
+    HTTPClient::initializeSSLContext("", "", false, j);
+
    TestHTTPServer server;
    std::string testBody = "Test response body";
    server.setResponseBody(testBody);
@@ -280,16 +290,23 @@ TEST(HTTPClient, basic_http_request)
    std::string resultData;
    boost::system::error_code resultError;

-    bool testCompleted = runHTTPTest(server, "/basic", completed, resultStatus, resultData, resultError);
+    bool testCompleted = runHTTPTest(server, "/basic", completed, resultStatus, resultData, resultError, j);

    EXPECT_TRUE(testCompleted);
    EXPECT_FALSE(resultError);
    EXPECT_EQ(resultStatus, 200);
    EXPECT_EQ(resultData, testBody);
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }

 TEST(HTTPClient, empty_response)
 {
+    // Initialize SSL context once for the entire test
+    beast::Journal j{TestSink::instance()};
+    HTTPClient::initializeSSLContext("", "", false, j);
+
    TestHTTPServer server;
    server.setResponseBody("");  // Empty body
    server.setHeader("Content-Length", "0");
@@ -299,16 +316,23 @@ TEST(HTTPClient, empty_response)
    std::string resultData;
    boost::system::error_code resultError;

-    bool testCompleted = runHTTPTest(server, "/empty", completed, resultStatus, resultData, resultError);
+    bool testCompleted = runHTTPTest(server, "/empty", completed, resultStatus, resultData, resultError, j);

    EXPECT_TRUE(testCompleted);
    EXPECT_FALSE(resultError);
    EXPECT_EQ(resultStatus, 200);
    EXPECT_TRUE(resultData.empty());
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }

 TEST(HTTPClient, different_status_codes)
 {
+    // Initialize SSL context once for the entire test
+    beast::Journal j{TestSink::instance()};
+    HTTPClient::initializeSSLContext("", "", false, j);
+
    std::vector<unsigned int> statusCodes = {200, 404, 500};

    for (auto status : statusCodes)
@@ -322,10 +346,13 @@ TEST(HTTPClient, different_status_codes)
        std::string resultData;
        boost::system::error_code resultError;

-        bool testCompleted = runHTTPTest(server, "/status", completed, resultStatus, resultData, resultError);
+        bool testCompleted = runHTTPTest(server, "/status", completed, resultStatus, resultData, resultError, j);

        EXPECT_TRUE(testCompleted);
        EXPECT_FALSE(resultError);
        EXPECT_EQ(resultStatus, static_cast<int>(status));
    }
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }
--- a/src/xrpld/app/tx/detail/NFTokenAcceptOffer.cpp
+++ b/src/xrpld/app/tx/detail/NFTokenAcceptOffer.cpp
@@ -53,7 +53,17 @@ NFTokenAcceptOffer::preclaim(PreclaimContext const& ctx)
                return {nullptr, tecOBJECT_NOT_FOUND};

            if (hasExpired(ctx.view, (*offerSLE)[~sfExpiration]))
-                return {nullptr, tecEXPIRED};
+            {
+                // Before fixExpiredNFTokenOfferRemoval amendment, expired
+                // offers caused tecEXPIRED in preclaim, leaving them on ledger
+                // forever. After the amendment, we allow expired offers to
+                // reach doApply() where they get deleted and tecEXPIRED is
+                // returned.
+                if (!ctx.view.rules().enabled(fixExpiredNFTokenOfferRemoval))
+                    return {nullptr, tecEXPIRED};
+                // Amendment enabled: return the expired offer to be handled in
+                // doApply
+            }

            if ((*offerSLE)[sfAmount].negative())
                return {nullptr, temBAD_OFFER};
@@ -299,7 +309,7 @@ NFTokenAcceptOffer::pay(AccountID const& from, AccountID const& to, STAmount con
 {
    // This should never happen, but it's easy and quick to check.
    if (amount < beast::zero)
-        return tecINTERNAL;
+        return tecINTERNAL;  // LCOV_EXCL_LINE

    auto const result = accountSend(view(), from, to, amount, j_);

@@ -410,6 +420,39 @@ NFTokenAcceptOffer::doApply()
    auto bo = loadToken(ctx_.tx[~sfNFTokenBuyOffer]);
    auto so = loadToken(ctx_.tx[~sfNFTokenSellOffer]);

+    // With fixExpiredNFTokenOfferRemoval amendment, check for expired offers
+    // and delete them, returning tecEXPIRED. This ensures expired offers
+    // are properly cleaned up from the ledger.
+    if (view().rules().enabled(fixExpiredNFTokenOfferRemoval))
+    {
+        bool foundExpired = false;
+
+        auto const deleteOfferIfExpired = [this, &foundExpired](std::shared_ptr<SLE> const& offer) -> TER {
+            if (offer && hasExpired(view(), (*offer)[~sfExpiration]))
+            {
+                JLOG(j_.trace()) << "Offer is expired, deleting: " << offer->key();
+                if (!nft::deleteTokenOffer(view(), offer))
+                {
+                    // LCOV_EXCL_START
+                    JLOG(j_.fatal()) << "Unable to delete expired offer '" << offer->key() << "': ignoring";
+                    return tecINTERNAL;
+                    // LCOV_EXCL_STOP
+                }
+                JLOG(j_.trace()) << "Deleted offer " << offer->key();
+                foundExpired = true;
+            }
+            return tesSUCCESS;
+        };
+
+        if (auto const r = deleteOfferIfExpired(bo); !isTesSuccess(r))
+            return r;
+        if (auto const r = deleteOfferIfExpired(so); !isTesSuccess(r))
+            return r;
+
+        if (foundExpired)
+            return tecEXPIRED;
+    }
+
    if (bo && !nft::deleteTokenOffer(view(), bo))
    {
        // LCOV_EXCL_START
Author	SHA1	Message	Date
Ed Hennis	e762b0ce6d	Merge remote-tracking branch 'XRPLF/pratik/Fix_asan_lsan_flagged_issues' into ximinez/number_asan * XRPLF/pratik/Fix_asan_lsan_flagged_issues: fixed asan escape macro before return type added comments and haltonerror=false remove suppressions fix memory leak in LocalValue run parallel tests Don't copy the Json::StaticString fixes to static variable destruction issue. fix: Deletes expired NFToken offers from ledger (5707) chore: Add .zed editor config directory to .gitignore (6317) clang-format updates ssl context cleanup. docs: Update API changelog, add APIv2+APIv3 version documentation (6308) fix: Restore config changes that broke standalone mode (6301) chore: Add upper-case match for ARM64 in CompilationEnv (6315) ci: Update hashes of XRPLF/actions (6316) chore: Format all cmake files without comments (6294) chore: Add cmake-format pre-commit hook (6279) chore: Remove unnecessary `boost::system` requirement from conanfile (6290) chore: Set ColumnLimit to 120 in clang-format (6288) run tests in serial	2026-02-04 16:37:15 -05:00
Pratik Mankawde	bbb03e153e	fixed asan escape macro before return type Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 15:54:50 +00:00
Pratik Mankawde	63b6ec98ea	added comments and haltonerror=false Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 15:45:03 +00:00
Pratik Mankawde	7ef9fb4290	remove suppressions Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 14:31:03 +00:00
Pratik Mankawde	49dcb6b60b	fix memory leak in LocalValue Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 13:17:31 +00:00
Pratik Mankawde	26dd1fafe3	run parallel tests Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 11:28:24 +00:00
Pratik Mankawde	4b99771021	Don't copy the Json::StaticString Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-04 11:24:54 +00:00
Pratik Mankawde	e6664fe4cf	Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues	2026-02-03 18:27:52 +00:00
Pratik Mankawde	b5001bc258	fixes to static variable destruction issue. Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-03 18:27:00 +00:00
Copilot	7813683091	fix: Deletes expired NFToken offers from ledger (#5707 ) This change introduces the `fixExpiredNFTokenOfferRemoval` amendment that allows expired offers to pass through `preclaim()` and be deleted in `doApply()`, following the same pattern used for expired credentials.	2026-02-03 16:37:24 +00:00
Pratik Mankawde	5dacfa1938	clang-format updates Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-03 15:04:16 +00:00
Pratik Mankawde	394b256f02	Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-03 15:03:34 +00:00
Pratik Mankawde	5bfa38f6c5	ssl context cleanup. Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-02-03 15:00:37 +00:00
Ed Hennis	44e87b8277	Fix double negative	2026-01-29 20:07:09 -05:00
Ed Hennis	ddbd78c67a	Fix namespaces	2026-01-29 12:48:57 -05:00
Ed Hennis	822023d8a4	Add unit tests for normalizeToRange - Steal changes from @pratik's #6150 to avoid UB	2026-01-28 20:16:07 -05:00
Ed Hennis	5ab62f4422	Clean-ups and tweaks	2026-01-28 20:10:42 -05:00
Ed Hennis	5d9011084c	Reduce expensive(?) accesses to thread_local MantissaRange	2026-01-28 20:10:42 -05:00
Ed Hennis	060feb4e37	Fix bugs - Simplify shiftExponent(). - Clean up to_string() to prevent integers from including "e0". - Fix root() and root2() computations by ensuring the mantissas have a consistent length.	2026-01-28 20:10:31 -05:00
Ed Hennis	295816f21d	Convert "bool negative_ & uint64_t mantissa_" combo back to "rep mantissa_"	2026-01-28 20:09:08 -05:00
Ed Hennis	bf8db0555e	Remove the _ suffixes from doNormalize function parameters	2026-01-28 17:36:31 -05:00
Ed Hennis	c8c5207675	Use 2^63-1 as maxMantissa for large range - That makes minMantissa 2^63/10+1. - Simplifies many of the existing operations, and removes the need for the accessors (mantissa() & exponent()) to do any math.	2026-01-28 17:36:12 -05:00
Pratik Mankawde	7c6c49bf98	run tests in serial Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 16:35:45 +00:00
Pratik Mankawde	6334be1ff0	Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 15:33:49 +00:00
Pratik Mankawde	a9c3bb84ba	fixes to Number. run et even when st fails Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 15:30:05 +00:00
Pratik Mankawde	ca99e40290	fix memory leak. Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 14:49:40 +00:00
Pratik Mankawde	7612c1af0c	suppress leaks in boost Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 14:39:43 +00:00
Pratik Mankawde	67e40be1ab	run embedded test even if separate tests fails. Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 13:56:24 +00:00
Pratik Mankawde	0132174a7b	remove boost from supps. Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-28 13:42:36 +00:00
Pratik Mankawde	8773cc4bbf	Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues	2026-01-28 13:21:47 +00:00
Pratik Mankawde	dabdadfff5	Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues	2026-01-27 15:20:10 +00:00
Pratik Mankawde	bfe2cd7893	comment out assert Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 15:17:48 +00:00
Pratik Mankawde	0584c20f36	updated flags Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 13:43:03 +00:00
Pratik Mankawde	3ced0b27b7	not using -fsanitize-recover Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 13:20:46 +00:00
Pratik Mankawde	f83b27f7dd	putting assert back since this is the cause of asan issue Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 12:27:11 +00:00
Pratik Mankawde	cdb41b5376	comment out assert in Number.cpp to verify if asan is strugling with asserts Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 11:54:26 +00:00
Pratik Mankawde	f223c89a9f	replaced throw with Throw and supp static_assert Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-27 10:50:38 +00:00
Pratik Mankawde	efe07c09f3	assert supp Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-26 19:14:58 +00:00
Pratik Mankawde	79cde8b199	skip assert Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-26 17:40:04 +00:00
Pratik Mankawde	2078ce01cf	try shamap fix Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-26 15:50:47 +00:00
Pratik Mankawde	2770a9cdf3	fixes to asan errors Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-26 14:55:18 +00:00
Pratik Mankawde	05ef3b1ad8	more fixes Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-23 18:28:09 +00:00
Pratik Mankawde	7dd4dbe285	fixes Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-23 17:13:03 +00:00
Pratik Mankawde	b32a5f2c08	supressions and jsonvalue fixes Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-23 16:20:50 +00:00
Pratik Mankawde	df76002a44	fixed asan issues Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>	2026-01-23 15:39:21 +00:00