AI: Fix failure output in src/test/basics/base_uint_test.cpp

Co-authored-by: xrplf-ai-reviewer[bot] <266832837+xrplf-ai-reviewer[bot]@users.noreply.github.com>

.github/actions/setup-conan/action.yml

@@ -9,7 +9,7 @@ inputs:
   remote_url:
     description: "The URL of the Conan endpoint to use."
     required: false
-    default: https://conan.xrplf.org/repository/conan/
+    default: https://conan.ripplex.io
 
 runs:
   using: composite

.github/scripts/levelization/results/ordering.txt

@@ -160,6 +160,7 @@ test.peerfinder > xrpl.protocol
 test.protocol > test.jtx
 test.protocol > test.unit_test
 test.protocol > xrpl.basics
+test.protocol > xrpld.core
 test.protocol > xrpl.json
 test.protocol > xrpl.protocol
 test.resource > test.unit_test

.github/workflows/on-pr.yml

@@ -154,8 +154,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' && needs.should-run.outputs.go == 'true' && github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release') }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
 
   notify-clio:
     needs: upload-recipe

.github/workflows/on-tag.yml

@@ -20,8 +20,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
 
   build-test:
     if: ${{ github.repository == 'XRPLF/rippled' }}

.github/workflows/on-trigger.yml

@@ -98,8 +98,8 @@ jobs:
     if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
-      remote_username: ${{ secrets.NEXUS_REMOTE_USERNAME }}
-      remote_password: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
+      remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}
+      remote_password: ${{ secrets.CONAN_REMOTE_PASSWORD }}
 
   package:
     needs: build-test

.github/workflows/reusable-upload-recipe.yml

@@ -14,7 +14,7 @@ on:
         description: "The URL of the Conan endpoint to use."
         required: false
         type: string
-        default: https://conan.xrplf.org/repository/conan/
+        default: https://conan.ripplex.io
 
     secrets:
       remote_username:
@@ -41,10 +41,6 @@ jobs:
   upload:
     runs-on: ubuntu-latest
     container: ghcr.io/xrplf/xrpld/nix-ubuntu:sha-e29b523
-    env:
-      REMOTE_NAME: ${{ inputs.remote_name }}
-      CONAN_LOGIN_USERNAME_XRPLF: ${{ secrets.remote_username }}
-      CONAN_PASSWORD_XRPLF: ${{ secrets.remote_password }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
@@ -60,9 +56,15 @@ jobs:
           remote_url: ${{ inputs.remote_url }}
 
       - name: Log into Conan remote
-        run: conan remote login "${REMOTE_NAME}" "${CONAN_LOGIN_USERNAME_XRPLF}" --password "${CONAN_PASSWORD_XRPLF}"
+        env:
+          REMOTE_NAME: ${{ inputs.remote_name }}
+          REMOTE_USERNAME: ${{ secrets.remote_username }}
+          REMOTE_PASSWORD: ${{ secrets.remote_password }}
+        run: conan remote login "${REMOTE_NAME}" "${REMOTE_USERNAME}" --password "${REMOTE_PASSWORD}"
 
       - name: Upload Conan recipe (version)
+        env:
+          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=${{ steps.version.outputs.version }}
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/${{ steps.version.outputs.version }}
@@ -71,6 +73,8 @@ jobs:
       # 'develop' branch, see on-trigger.yml.
       - name: Upload Conan recipe (develop)
         if: ${{ github.event_name == 'push' }}
+        env:
+          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=develop
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/develop
@@ -79,6 +83,8 @@ jobs:
       # one of the 'release' branches, see on-pr.yml.
       - name: Upload Conan recipe (rc)
         if: ${{ github.event_name == 'pull_request' }}
+        env:
+          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=rc
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/rc
@@ -87,6 +93,8 @@ jobs:
       # release, see on-tag.yml.
       - name: Upload Conan recipe (release)
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        env:
+          REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=release
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/release

.github/workflows/upload-conan-deps.yml

@@ -34,7 +34,7 @@ on:
 
 env:
   CONAN_REMOTE_NAME: xrplf
-  CONAN_REMOTE_URL: https://conan.xrplf.org/repository/conan/
+  CONAN_REMOTE_URL: https://conan.ripplex.io
   NPROC_SUBTRACT: 2
 
 concurrency:
@@ -108,12 +108,10 @@ jobs:
 
       - name: Log into Conan remote
         if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
-        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.NEXUS_REMOTE_USERNAME }}" --password "${{ secrets.NEXUS_REMOTE_PASSWORD }}"
+        run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
 
       - name: Upload Conan packages
         if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         env:
           FORCE_OPTION: ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
-          CONAN_LOGIN_USERNAME_XRPLF: ${{ secrets.NEXUS_REMOTE_USERNAME }}
-          CONAN_PASSWORD_XRPLF: ${{ secrets.NEXUS_REMOTE_PASSWORD }}
         run: conan upload "*" --remote="${CONAN_REMOTE_NAME}" --confirm ${FORCE_OPTION}

BUILD.md

@@ -101,7 +101,7 @@ More information on customizing Conan can be found in the [Advanced Conan config
 Run the following command to add the `xrplf` remote, which hosts some of our dependencies:
 
 ```bash
-conan remote add --index 0 --force xrplf https://conan.xrplf.org/repository/conan/
+conan remote add --index 0 --force xrplf https://conan.ripplex.io
 ```
 
 ### Set Up Ccache

conan.lock

@@ -1,43 +1,43 @@
 {
     "version": "0.5",
     "requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
-        "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1743678659.187",
-        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1776096494.149",
-        "soci/4.0.3#e726491a03468795453f7c83fc924a96%1751554127.172",
-        "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1782307151.633168",
-        "secp256k1/0.7.1#b1f450b7f78a36fff75bb6934a356f3a%1782338841.3729",
-        "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1759820024.194",
-        "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1772560729.95",
-        "protobuf/6.33.5#ff253ead763bd8d9904a52979cd21e81%1778763145.334",
-        "openssl/3.6.3#1163d4ddc603907084d08a6a0c6e580f%1782307150.583886",
-        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1774883011.384",
-        "lz4/1.10.0#982d9b673900f665a1da109e09c17cab%1775037240.923",
-        "libiconv/1.17#9923bc6dc6f106646d6967e0039a5ada%1774021608.288",
-        "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1722218217.276",
-        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1776147552.838",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1778091116.056",
+        "xxhash/0.8.3#681d36a0a6111fc56e5e45ea182c19cc%1765850149.987",
+        "sqlite3/3.53.0#324ada52333108388a9a6108bfa96734%1778091117.311",
+        "soci/4.0.3#fe32b9ad5eb47e79ab9e45a68f363945%1774450067.231",
+        "snappy/1.1.10#968fef506ff261592ec30c574d4a7809%1765850147.878",
+        "secp256k1/0.7.1#481881709eb0bdd0185a12b912bbe8ad%1770910500.329",
+        "rocksdb/10.5.1#4a197eca381a3e5ae8adf8cffa5aacd0%1765850186.86",
+        "re2/20251105#8579cfd0bda4daf0683f9e3898f964b4%1774398111.888",
+        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
+        "openssl/3.6.2#4789bbf131b77d0515d15e094c8f697f%1778071755.506",
+        "nudb/2.0.9#11149c73f8f2baff9a0198fe25971fc7%1775040983.408",
+        "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1765850143.914",
+        "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1765842973.492",
+        "libbacktrace/cci.20210118#a7691bfccd8caaf66309df196790a5a1%1765842973.03",
+        "libarchive/3.8.7#c446109bd1f1d8ba7936c94189bc50e6%1778091117.848",
         "jemalloc/5.3.1#1fc58d55316041f10fbc1e8a2eae632a%1776700028.228",
-        "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1755784855.585",
-        "grpc/1.81.1#5217e6ef0544c42b46f4af35d5e7f649%1782307148.845616",
-        "ed25519/2015.03#ae761bdc52730a843f0809bdf6c1b1f6%1782307148.15562",
-        "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1754573467.979",
-        "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1766500685.317",
-        "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1762886692.465",
-        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778050991.9",
-        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1782307147.395833"
+        "gtest/1.17.0#5224b3b3ff3b4ce1133cbdd27d53ee7d%1768312129.152",
+        "grpc/1.81.0#2fb144aeb47e7f35c6ebb0e5f35bed31%1781620605.685",
+        "ed25519/2015.03#ae761bdc52730a843f0809bdf6c1b1f6%1765850143.772",
+        "date/3.0.4#862e11e80030356b53c2c38599ceb32b%1765850143.772",
+        "c-ares/1.34.6#545240bb1c40e2cacd4362d6b8967650%1774439234.681",
+        "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1765850143.837",
+        "boost/1.91.0#ea540ca2133d831b560036aa24dece3c%1778091165.282",
+        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
     ],
     "build_requires": [
-        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
-        "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1751971032.423",
-        "protobuf/6.33.5#ff253ead763bd8d9904a52979cd21e81%1778763145.334",
-        "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1745483323.489",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1778091116.056",
+        "strawberryperl/5.32.1.1#8d114504d172cfea8ea1662d09b6333e%1774447376.964",
+        "protobuf/6.33.5#d96d52ba5baaaa532f47bda866ad87a5%1774467363.12",
+        "nasm/2.16.01#31e26f2ee3c4346ecd347911bd126904%1765850144.707",
         "msys2/cci.latest#d22fe7b2808f5fd34d0a7923ace9c54f%1770657326.649",
-        "m4/1.4.19#34c4bbc3eeebe98ca6edf2f52d602e7d%1777282960.259",
-        "cmake/4.3.3#840cf00ea09777e05c2050a50a82c722%1781521538.233",
-        "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1766594659.866",
+        "m4/1.4.19#4523e4347b55cd26ae918bd5770cab9a%1778062762.471",
+        "cmake/4.3.0#b939a42e98f593fb34d3a8c5cc860359%1774439249.183",
+        "b2/5.4.2#ffd6084a119587e70f11cd45d1a386e2%1774439233.447",
         "automake/1.16.5#b91b7c384c3deaa9d535be02da14d04f%1755524470.56",
         "autoconf/2.71#51077f068e61700d65bb05541ea1e4b0%1731054366.86",
-        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1782307147.395833"
+        "abseil/20250127.0#bb0baf1f362bc4a725a24eddd419b8f7%1774365460.196"
     ],
     "python_requires": [],
     "overrides": {
@@ -57,7 +57,7 @@
             "boost/1.91.0"
         ],
         "lz4/[>=1.9.4 <2]": [
-            "lz4/1.10.0#982d9b673900f665a1da109e09c17cab"
+            "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504"
         ]
     },
     "config_requires": []

conan/lockfile/regenerate.sh

@@ -14,7 +14,7 @@ export CONAN_HOME="$TEMP_DIR"
 # Ensure that the xrplf remote is the first to be consulted, so any recipes we
 # patched are used. We also add it there to not created huge diff when the
 # official Conan Center Index is updated.
-conan remote add --force --index 0 xrplf https://conan.xrplf.org/repository/conan/
+conan remote add --force --index 0 xrplf https://conan.ripplex.io
 
 # Delete any existing lockfile.
 rm -f conan.lock

conanfile.py

@@ -28,10 +28,10 @@ class Xrpl(ConanFile):
 
     requires = [
         "ed25519/2015.03",
-        "grpc/1.81.1",
+        "grpc/1.81.0",
         "libarchive/3.8.7",
         "nudb/2.0.9",
-        "openssl/3.6.3",
+        "openssl/3.6.2",
         "secp256k1/0.7.1",
         "soci/4.0.3",
         "zlib/1.3.2",

docs/build/advanced_conan.md

@@ -34,7 +34,7 @@ higher index than the default Conan Center remote, so it is consulted first. You
 can do this by running:
 
 ```bash
-conan remote add --index 0 --force xrplf https://conan.xrplf.org/repository/conan/
+conan remote add --index 0 --force xrplf https://conan.ripplex.io
 ```
 
 Alternatively, you can pull our recipes from the repository and export them locally:

src/test/app/LedgerReplay_test.cpp

@@ -939,6 +939,46 @@ struct LedgerReplayer_test : public beast::unit_test::Suite
             BEAST_EXPECT(!reply->has_error());
             BEAST_EXPECT(server.msgHandler.processProofPathResponse(reply));
 
+            {
+                // bad reply: invalid hash/key sizes
+                {
+                    // reply with undersized ledgerhash (31 bytes)
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_ledgerhash(std::string(31, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+                {
+                    // reply with oversized ledgerhash (33 bytes)
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_ledgerhash(std::string(33, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+                {
+                    // reply with empty ledgerhash
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_ledgerhash(std::string());
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+                {
+                    // reply with undersized key (31 bytes)
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_key(std::string(31, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+                {
+                    // reply with oversized key (33 bytes)
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_key(std::string(33, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+                {
+                    // reply with empty key
+                    auto bad = std::make_shared<protocol::TMProofPathResponse>(*reply);
+                    bad->set_key(std::string());
+                    BEAST_EXPECT(!server.msgHandler.processProofPathResponse(bad));
+                }
+            }
+
             {
                 // bad reply
                 // bad header
@@ -988,6 +1028,28 @@ struct LedgerReplayer_test : public beast::unit_test::Suite
             BEAST_EXPECT(!reply->has_error());
             BEAST_EXPECT(server.msgHandler.processReplayDeltaResponse(reply));
 
+            {
+                // bad reply: invalid hash sizes
+                {
+                    // reply with undersized ledgerhash (31 bytes)
+                    auto bad = std::make_shared<protocol::TMReplayDeltaResponse>(*reply);
+                    bad->set_ledgerhash(std::string(31, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processReplayDeltaResponse(bad));
+                }
+                {
+                    // reply with oversized ledgerhash (33 bytes)
+                    auto bad = std::make_shared<protocol::TMReplayDeltaResponse>(*reply);
+                    bad->set_ledgerhash(std::string(33, '\x01'));
+                    BEAST_EXPECT(!server.msgHandler.processReplayDeltaResponse(bad));
+                }
+                {
+                    // reply with empty ledgerhash
+                    auto bad = std::make_shared<protocol::TMReplayDeltaResponse>(*reply);
+                    bad->set_ledgerhash(std::string());
+                    BEAST_EXPECT(!server.msgHandler.processReplayDeltaResponse(bad));
+                }
+            }
+
             {
                 // bad reply
                 // bad header

src/test/basics/base_uint_test.cpp

@@ -117,6 +117,24 @@ struct base_uint_test : beast::unit_test::Suite
         }
     }
 
+#ifdef NDEBUG
+    void
+    testFromRawSizeMismatch()
+    {
+        testcase("base_uint: fromRaw size mismatch");
+
+        // Container larger than the base_uint (16 bytes vs 12 bytes for
+        // test96). Only the first 12 bytes are copied; the extra bytes are
+        // ignored.
+        {
+            Blob const tooBig{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
+            test96 const result = test96::fromRaw(tooBig);
+            auto const resultText = to_string(result);
+            BEAST_EXPECTS(resultText == "0102030405060708090A0B0C", resultText);
+        }
+    }
+#endif
+
     void
     run() override
     {
@@ -125,6 +143,10 @@ struct base_uint_test : beast::unit_test::Suite
         static_assert(!std::is_constructible_v<test96, std::complex<double>>);
         static_assert(!std::is_assignable_v<test96&, std::complex<double>>);
 
+#ifdef NDEBUG
+        testFromRawSizeMismatch();
+#endif
+
         testComparisons();
 
         // used to verify set insertion (hashing required)
@@ -194,6 +216,19 @@ struct base_uint_test : beast::unit_test::Suite
             BEAST_EXPECT(d == 0);
         }
 
+        {
+            // There are several ways to create a zero. beast::kZero is tested above. Test some
+            // others.
+            test96 const z1;
+            BEAST_EXPECTS(z1 == z, to_string(z1));
+
+            test96 const z2{};
+            BEAST_EXPECTS(z2 == z, to_string(z2));
+
+            test96 const z3{0u};
+            BEAST_EXPECTS(z3 == z, to_string(z3));
+        }
+
         test96 n{z};
         n++;
         BEAST_EXPECT(n == test96(1));

src/test/protocol/Issue_test.cpp

@@ -1,10 +1,12 @@
 #include <xrpl/basics/UnorderedContainers.h>
 #include <xrpl/basics/base_uint.h>
 #include <xrpl/beast/unit_test/suite.h>
+#include <xrpl/json/json_value.h>
 #include <xrpl/protocol/AccountID.h>
 #include <xrpl/protocol/Book.h>
 #include <xrpl/protocol/Issue.h>
 #include <xrpl/protocol/UintTypes.h>
+#include <xrpl/protocol/jss.h>
 
 #include <functional>
 #include <map>
@@ -863,6 +865,101 @@ public:
 
     //--------------------------------------------------------------------------
 
+    void
+    testIssueFromJson()
+    {
+        testcase("issueFromJson");
+
+        // Valid XRP — no issuer field
+        {
+            json::Value jv;
+            jv[jss::currency] = "XRP";
+            auto const issue = issueFromJson(jv);
+            BEAST_EXPECT(isXRP(issue));
+        }
+
+        // Valid IOU — legitimate issuer
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh";
+            auto const issue = issueFromJson(jv);
+            BEAST_EXPECT(!isXRP(issue));
+            BEAST_EXPECT(issue.account != noAccount());
+        }
+
+        // noAccount() is the MPT sentinel in binary serialization - must be
+        // rejected
+        try
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = to_string(noAccount());
+            issueFromJson(jv);
+            fail("noAccount() accepted as IOU issuer");
+        }
+        catch (...)
+        {
+            pass();
+        }
+
+        // xrpAccount() is the XRP sentinel (all zeros) - must be rejected
+        // as IOU issuer
+        try
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = to_string(xrpAccount());
+            issueFromJson(jv);
+            fail("xrpAccount() accepted as IOU issuer");
+        }
+        catch (...)
+        {
+            pass();
+        }
+
+        // Invalid base58 — must be rejected
+        try
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = "not_a_valid_address";
+            issueFromJson(jv);
+            fail("invalid base58 accepted as IOU issuer");
+        }
+        catch (...)
+        {
+            pass();
+        }
+
+        // Non-XRP currency with no issuer field — must be rejected
+        try
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            issueFromJson(jv);
+            fail("missing issuer accepted");
+        }
+        catch (...)
+        {
+            pass();
+        }
+
+        // XRP with an issuer field — must be rejected
+        try
+        {
+            json::Value jv;
+            jv[jss::currency] = "XRP";
+            jv[jss::issuer] = "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh";
+            issueFromJson(jv);
+            fail("XRP with issuer accepted");
+        }
+        catch (...)
+        {
+            pass();
+        }
+    }
+
     void
     run() override
     {
@@ -897,6 +994,9 @@ public:
         // ---
         testIssueDomainSets();
         testIssueDomainMaps();
+
+        // ---
+        testIssueFromJson();
     }
 };
 

src/test/protocol/STIssue_test.cpp

@@ -1,15 +1,24 @@
 
 #include <test/jtx/Account.h>
+#include <test/jtx/Env.h>
 #include <test/jtx/amount.h>  // IWYU pragma: keep
+#include <test/jtx/envconfig.h>
+
+#include <xrpld/core/Config.h>
 
 #include <xrpl/basics/base_uint.h>
 #include <xrpl/beast/unit_test/suite.h>
+#include <xrpl/json/json_value.h>
+#include <xrpl/json/to_string.h>
 #include <xrpl/protocol/AccountID.h>
 #include <xrpl/protocol/Issue.h>
 #include <xrpl/protocol/SField.h>
 #include <xrpl/protocol/STIssue.h>
 #include <xrpl/protocol/Serializer.h>
 #include <xrpl/protocol/UintTypes.h>
+#include <xrpl/protocol/jss.h>
+
+#include <memory>
 
 namespace xrpl::test {
 
@@ -137,12 +146,143 @@ public:
             "000000000000000000000000000000000000000000000002");
     }
 
+    void
+    testNoAccountIssuerRpc()
+    {
+        testcase("noAccount issuer rejected via RPC sign");
+
+        using namespace jtx;
+        Env env{*this, envconfig([](std::unique_ptr<Config> cfg) {
+                    cfg->loadFromString("[signing_support]\ntrue");
+                    return cfg;
+                })};
+
+        Account const alice{"alice"};
+        env.fund(XRP(10000), alice);
+        env.close();
+
+        json::Value txJson;
+        txJson[jss::TransactionType] = "AMMDelete";
+        txJson[jss::Account] = alice.human();
+        txJson[jss::Asset][jss::currency] = "USD";
+        txJson[jss::Asset][jss::issuer] = to_string(noAccount());
+        txJson[jss::Asset2][jss::currency] = "XRP";
+
+        json::Value req;
+        req[jss::tx_json] = txJson;
+        req[jss::secret] = alice.name();
+
+        auto const result = env.rpc("json", "sign", to_string(req))[jss::result];
+
+        BEAST_EXPECT(result[jss::status] == "error");
+        BEAST_EXPECT(result.isMember(jss::error));
+    }
+
+    void
+    testNoAccountIssuer()
+    {
+        testcase("noAccount issuer rejection");
+
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = to_string(noAccount());
+
+            try
+            {
+                issueFromJson(sfAsset, jv);
+                fail("issueFromJson accepted noAccount() as IOU issuer");
+            }
+            catch (...)
+            {
+                pass();
+            }
+        }
+
+        {
+            Serializer s;
+            s.addBitString(toCurrency("USD"));
+            s.addBitString(noAccount());
+            SerialIter iter(s.slice());
+
+            try
+            {
+                STIssue const stissue(iter, sfAsset);
+                fail(
+                    "STIssue deserialization of [USD][noAccount()] should "
+                    "throw");
+            }
+            catch (...)
+            {
+                pass();
+            }
+        }
+    }
+
+    void
+    testXrpAccountIssuerRpc()
+    {
+        testcase("xrpAccount issuer rejected via RPC sign");
+
+        using namespace jtx;
+        Env env{*this, envconfig([](std::unique_ptr<Config> cfg) {
+                    cfg->loadFromString("[signing_support]\ntrue");
+                    return cfg;
+                })};
+
+        Account const alice{"alice"};
+        env.fund(XRP(10000), alice);
+        env.close();
+
+        json::Value txJson;
+        txJson[jss::TransactionType] = "AMMDelete";
+        txJson[jss::Account] = alice.human();
+        txJson[jss::Asset][jss::currency] = "USD";
+        txJson[jss::Asset][jss::issuer] = to_string(xrpAccount());
+        txJson[jss::Asset2][jss::currency] = "XRP";
+
+        json::Value req;
+        req[jss::tx_json] = txJson;
+        req[jss::secret] = alice.name();
+
+        auto const result = env.rpc("json", "sign", to_string(req))[jss::result];
+
+        BEAST_EXPECT(result[jss::status] == "error");
+        BEAST_EXPECT(result.isMember(jss::error));
+    }
+
+    void
+    testXrpAccountIssuer()
+    {
+        testcase("xrpAccount issuer rejection");
+
+        {
+            json::Value jv;
+            jv[jss::currency] = "USD";
+            jv[jss::issuer] = to_string(xrpAccount());
+
+            try
+            {
+                issueFromJson(sfAsset, jv);
+                fail("issueFromJson accepted xrpAccount() as IOU issuer");
+            }
+            catch (...)
+            {
+                pass();
+            }
+        }
+    }
+
     void
     run() override
     {
         // compliments other unit tests to ensure complete coverage
         testConstructor();
         testCompare();
+        testNoAccountIssuerRpc();
+        testNoAccountIssuer();
+        testXrpAccountIssuerRpc();
+        testXrpAccountIssuer();
     }
 };
 

src/test/rpc/AccountObjects_test.cpp

@@ -23,6 +23,7 @@
 #include <xrpl/protocol/AccountID.h>
 #include <xrpl/protocol/Feature.h>
 #include <xrpl/protocol/SField.h>
+#include <xrpl/protocol/Seed.h>
 #include <xrpl/protocol/TxFlags.h>
 #include <xrpl/protocol/jss.h>
 #include <xrpl/protocol/nft.h>
@@ -32,6 +33,7 @@
 #include <cstdint>
 #include <iterator>
 #include <optional>
+#include <ranges>
 #include <vector>
 
 namespace xrpl::test {
@@ -1350,6 +1352,86 @@ public:
         }
     }
 
+    void
+    testAccountObjectDoesntShowCancelledOffers()
+    {
+        testcase("AccountObjectDoesntShowCancelledOffers");
+
+        using namespace jtx;
+        Env env(*this);
+
+        Account const alice{"alice"};
+        Account const bob{"bob"};
+        auto const eur = bob["EUR"];
+        env.fund(XRP(10000), alice, bob);
+        env.close();
+
+        auto const rpcAccountObjects = [&](std::optional<uint32_t> limit = std::nullopt) {
+            json::Value params;
+            params[jss::account] = alice.human();
+            if (limit.has_value())
+            {
+                params[jss::limit] = *limit;
+            }
+            return env.rpc("json", "account_objects", to_string(params));
+        };
+
+        auto const numEntries = 33;
+        std::vector<uint32_t> seqs;
+        seqs.reserve(numEntries);
+        for ([[maybe_unused]] auto _ : std::ranges::iota_view{0, numEntries})
+        {
+            json::Value params;
+            params[jss::secret] = toBase58(generateSeed("alice"));
+            params[jss::tx_json] = offer(alice, eur(1), XRP(2));
+            auto const res = env.rpc("json", "submit", to_string(params))[jss::result];
+            BEAST_EXPECT(res[jss::status].asString() == "success");
+            seqs.push_back(env.seq(alice));
+        }
+
+        auto res = rpcAccountObjects();
+        BEAST_EXPECT(res[jss::result][jss::account_objects].size() == numEntries);
+        BEAST_EXPECT(not res[jss::result].isMember(jss::limit));
+        BEAST_EXPECT(not res[jss::result].isMember(jss::marker));
+
+        for (auto const s : std::views::all(seqs) | std::views::take(numEntries - 1))
+        {
+            json::Value params;
+            params[jss::secret] = toBase58(generateSeed("alice"));
+            params[jss::tx_json] = offerCancel(alice, s - 1);
+            auto const res = env.rpc("json", "submit", to_string(params))[jss::result];
+            BEAST_EXPECT(res[jss::status].asString() == "success");
+        }
+
+        res = rpcAccountObjects();
+        BEAST_EXPECT(res[jss::result][jss::account_objects].size() == 1);
+        BEAST_EXPECT(not res[jss::result].isMember(jss::limit));
+        BEAST_EXPECT(not res[jss::result].isMember(jss::marker));
+
+        {
+            json::Value params;
+            params[jss::secret] = toBase58(generateSeed("alice"));
+            json::Value txJson;
+            txJson[jss::TransactionType] = jss::NFTokenMint;
+            txJson[jss::Account] = to_string(alice.id());
+            txJson["NFTokenTaxon"] = 1;
+            params[jss::tx_json] = txJson;
+            auto const res = env.rpc("json", "submit", to_string(params))[jss::result];
+            BEAST_EXPECT(res[jss::status].asString() == "success");
+        }
+        env.close();
+
+        res = rpcAccountObjects();
+        BEAST_EXPECT(res[jss::result][jss::account_objects].size() == 2);
+        BEAST_EXPECT(not res[jss::result].isMember(jss::limit));
+        BEAST_EXPECT(not res[jss::result].isMember(jss::marker));
+
+        res = rpcAccountObjects(1);
+        BEAST_EXPECT(res[jss::result][jss::account_objects].size() == 1);
+        BEAST_EXPECT(res[jss::result][jss::limit].asUInt() == 1);
+        BEAST_EXPECT(res[jss::result].isMember(jss::marker));
+    }
+
     void
     run() override
     {
@@ -1360,6 +1442,7 @@ public:
         testNFTsMarker();
         testAccountNFTs();
         testAccountObjectMarker();
+        testAccountObjectDoesntShowCancelledOffers();
     }
 };
 

src/test/rpc/Transaction_test.cpp

@@ -2,6 +2,7 @@
 #include <test/jtx/Env.h>
 #include <test/jtx/amount.h>
 #include <test/jtx/envconfig.h>
+#include <test/jtx/multisign.h>
 #include <test/jtx/noop.h>
 #include <test/jtx/pay.h>
 #include <test/jtx/seq.h>
@@ -881,6 +882,125 @@ class Transaction_test : public beast::unit_test::Suite
         }
     }
 
+    void
+    testSignForNetworkIDValidation()
+    {
+        testcase("SignFor NetworkID validation");
+        using namespace test::jtx;
+
+        Account const owner{"owner"};
+        Account const signer{"signer"};
+
+        auto makeConfig = [](std::uint32_t networkID) {
+            return envconfig([networkID](std::unique_ptr<Config> cfg) {
+                cfg->networkId = networkID;
+                return cfg;
+            });
+        };
+
+        auto setupEnv = [&](Env& env) {
+            env.fund(XRP(10'000), owner, signer);
+            env.close();
+            env(signers(owner, 1, {{signer, 1}}));
+            env.close();
+        };
+
+        auto makeTx = [&](Env& env) {
+            json::Value tx;
+            tx[jss::TransactionType] = jss::AccountSet;
+            tx[jss::Account] = owner.human();
+            tx[jss::Sequence] = env.seq(owner);
+            tx[jss::Fee] = "100";
+            tx[jss::SigningPubKey] = "";
+            return tx;
+        };
+
+        auto signFor = [&](Env& env, json::Value const& tx) {
+            json::Value signReq;
+            signReq[jss::tx_json] = tx;
+            signReq[jss::account] = signer.human();
+            signReq[jss::secret] = signer.name();
+            return env.rpc("json", "sign_for", to_string(signReq))[jss::result];
+        };
+
+        // Test case: NetworkID < 1024 - field is not required
+        {
+            Env env{*this, makeConfig(500)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::status] == "success");
+            BEAST_EXPECT(!result[jss::tx_json].isMember(jss::NetworkID));
+        }
+
+        // Test case: NetworkID > 1024 - missing NetworkID field
+        {
+            Env env{*this, makeConfig(2040)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::error] == "invalidParams");
+            BEAST_EXPECT(result[jss::error_message] == "Missing field 'tx_json.NetworkID'.");
+        }
+
+        // Test case: NetworkID > 1024 - NetworkID field is not a number
+        {
+            Env env{*this, makeConfig(2040)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            tx[jss::NetworkID] = "not_a_number";
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::error] == "invalidParams");
+            BEAST_EXPECT(result[jss::error_message] == "Invalid field 'tx_json.NetworkID'.");
+        }
+
+        // Test case: NetworkID > 1024 - NetworkID field is not integral
+        {
+            Env env{*this, makeConfig(2040)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            tx[jss::NetworkID] = 2040.1;
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::error] == "invalidParams");
+            BEAST_EXPECT(result[jss::error_message] == "Invalid field 'tx_json.NetworkID'.");
+        }
+
+        // Test case: NetworkID > 1024 - NetworkID field is different from
+        // actual NetworkID
+        {
+            Env env{*this, makeConfig(2040)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            tx[jss::NetworkID] = 9999;
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::error] == "invalidParams");
+            BEAST_EXPECT(result[jss::error_message] == "Invalid field 'tx_json.NetworkID'.");
+        }
+
+        // Test case: NetworkID > 1024 - NetworkID field is correct
+        {
+            Env env{*this, makeConfig(2040)};
+            setupEnv(env);
+
+            auto tx = makeTx(env);
+            tx[jss::NetworkID] = 2040;
+            auto result = signFor(env, tx);
+
+            BEAST_EXPECT(result[jss::status] == "success");
+            BEAST_EXPECT(result[jss::tx_json][jss::NetworkID].asUInt() == 2040);
+        }
+    }
+
 public:
     void
     run() override
@@ -890,6 +1010,8 @@ public:
 
         FeatureBitset const all{testableAmendments()};
         testWithFeats(all);
+
+        testSignForNetworkIDValidation();
     }
 
     void