- The previous fix removed the guarantee that addition mantissas were
less than maxRep. Without that guaranee, and with large enough
mantissas, the total can be greater than max uint64_t, causing an
overflow. - Please please please let this be the last bug!
* XRPLF/ximinez/lending-XLS-66-ongoing:
Fix test failures from interaction between 6120 and 6133
fix: Inner batch transactions never have valid signatures (6069)
chore: Change `/Zi` to `/Z7` for ccache, remove debug symbols in CI (6198)
VaultClawback: Burn shares of an empty vault (6120)
fix: Truncate thread name to 15 chars on Linux (5758)
docs: Fix minor spelling issues in comments (6194)
- Add minimum grace period validation (#6133)
- VaultClawback: Burn shares of an empty vault (#6120)
- LoanSet transaction added in #6120 failed the minimum grace period
added by #6133.
- Directly access member variables instead of "external view" mantissa()
and exponent() in computations.
- Remove some overly restrictive asserts.
- Update the testLoanBrokerSetDebtMaximum test to use an MPT asset
(otherwise, large limits get truncated), and more operationally safe
math.
- Introduces amendment `fixBatchInnerSigs`
- Update Batch unit tests
- Fix all the Env instantiations to _use_ the "features" parameter.
- testInnerSubmitRPC runs with Batch enabled and disabled.
- Add a test to testInnerSubmitRPC for a correctly signed tx incorrectly
using the tfInnerBatchTxn flag.
- Generalize the submitAndValidate lambda in testInnerSubmitRPC.
- With the fix amendment, a transaction never reaches the transaction
engine (Transactor and derived classes.)
- Test submitting a pseudo-transaction. Stopped before reaching the
transaction engine, but with different errors.
- The tests verify that without the amendment, a transaction with
tfInnerBatchTxn is immediately rejected. Without the amendment, things
are safe. The amendment just makes things safer and more future-proof.
- Adds a mechanism for the vault owner to burn user shares when the vault is stuck. If the Vault has 0 AssetsAvailable and Total, the owner may submit a VaultClawback to reclaim the worthless fees, and thus allow the Vault to be deleted. The Amount must be left off (unless the owner is the asset issuer), specified as 0 Shares, or specified as the number of Shares held.
This change:
* Truncates thread names if more than 15 chars with `snprintf`.
* Adds warnings for truncated thread names if `-DTRUNCATED_THREAD_NAME_LOGS=ON`.
* Add a static assert for string literals to stop compiling if > 15 chars.
* Shortens `Resource::Manager` to `Resource::Mngr` to fix the static assert failure.
* Updates `CurrentThreadName_test` unit test specifically for Linux to verify truncation.
- Remove redundant "else" because of early return.
- Add a concept "Integral64" to use in the template parameter for
normalizeToRange.
- Add documentation to STTakesAsset, associateAsset, and add explanation
for how `STNumber` uses it.
- Assert that `numberToJson` is always outside of a Transaction context.
- Remove copy of `InitialFibSeqPct` and the assert in
`Number::operator*=` that prompted me to add it.
- Add amendment gating to `STAmount::operator=`
- Fixes LoanManage tfBAD_LEDGER case by capping the amount of FLC to use to cover a loss at the amount of cover available.
- Check if the Vault pseudo-account is frozen in LoanBrokerSet
This change updates the XRPLF pre-commit workflow and prepare-runner action to their latest versions. For naming consistency the prepare-runner action changed the disable_ccache variable into enable_ccache, which matches our naming.
This change fixes the last of the spelling issues, and enables the pre-commit (and CI) check for spelling. There are no functionality changes, but it does rename some enum values.
* Make `maxRep` public.
* Document why template normalize takes min/max params.
* Add a check to normalizeToRange to ensure there are no signed/unsigned
conversion issues.
* static_assert that maxRep is >= maxMPTokenAmount and INITIAL_XRP at
their definition points. If something ever changes so that it's not,
we'll know immediately.
Right now, each pipeline invocation builds the source code from scratch. Although compiled Conan dependencies are cached in a remote server, the source build objects are not. We are able to further speed up our builds by leveraging `ccache`. This change enables caching of build objects using `ccache` on Linux, macOS, and Windows.
- Prompted by review feedback from @gregtatcam.
- Should be pretty thorough.
- Tweaked how the MantissaRange class is instantiated, and added
a couple more static_asserts.
This change adds some basic tests for all the `ledger_entry` helper functions, so each ledger entry type is covered. There are further some minor refactors in `parseAMM` to provide better error messages. Finally, to improve readability, alphabetization was applied in the helper functions.
This change renames all occurrences of `rippled.cfg` to `xrpld.cfg`. It also provides a script to allow developers to replicate the changes in their local branch or fork to avoid conflicts. For the time being it maintains support for `rippled.cfg` as config file, if `xrpld.cfg` does not exist.
- Updates or fixes a couple of things I noticed while reviewing changes
to the spec.
- Rename sfPreviousPaymentDate to sfPreviousPaymentDueDate.
- Make the vault asset cap check added in #6124 a little more robust:
1. Check in preflight if the vault is _already_ over the limit.
2. Prevent overflow when checking with the loan value. (Subtract
instead of adding, in case the values are near maxint. Both return
the same result. Also add a unit test so each case is covered.
This change modifies the build directory structure from `build/build/xxx` or `.build/build/xxx` to just `build/xxx`. Namely, the `conanfile.py` has the CMake generators build directory hardcoded to `build/generators`. We may as well leverage the top-level build directory without introducing another layer of directory nesting.
* XRPLF/ximinez/lending-XLS-66-ongoing:
Fix Overpayment ValueChange calculation in Lending Protocol (6114)
Ensure vault asset cap is not exceeded (6124)
Disallow pseudo accounts to be Destination for LoanBrokerCoverWithdraw (6106)
Check permissions in LoanSet and LoanPay (6108)
Fix some minor bugs in Lending Protocol (6101)
Fix LoanBrokerSet debtMaximum limits (6116)
- add nodiscard to unimpairLoan, and check result in LoanPay
- add a check to verify that issuer exists
- improve LoanManage error code for dust amounts
`Json::Object` and related objects are not used at all, so this change removes `include/xrpl/json/Object.h` and all downstream files. There are a number of minor downstream changes as well.
Full list of deleted classes and functions:
* `Json::Collections`
* `Json::Object`
* `Json::Array`
* `Json::WriterObject`
* `Json::setArray`
* `Json::addObject`
* `Json::appendArray`
* `Json::appendObject`
The last helper function, `copyFrom`, seemed a bit more complex and was actually used in a few places, so it was moved to `LedgerToJson.h` instead of deleting it.
The latest update to `cleanup-workspace`, `get-nproc`, and `prepare-runner` moved the action to the repository root directory, and also includes some ccache changes. In response, this change updates the various shared actions to the latest commit hash.
* XRPLF/ximinez/lending-XLS-66-ongoing:
Update rippled to xrpl
Change some instances of View info() to header()
Update rippled to xrpl
refactor: Rename `ripple` namespace to `xrpl` (5982)
refactor: Move JobQueue and related classes into xrpl.core module (6121)
refactor: Rename `rippled` binary to `xrpld` (5983)
refactor: rename info() to header() (6138)
refactor: rename `LedgerInfo` to `LedgerHeader` (6136)
refactor: clean up `RPCHelpers` (5684)
chore: Fix docs readme and cmake (6122)
chore: Clean up .gitignore and .gitattributes (6001)
chore: Use updated secp256k1 recipe (6118)
* XRPLF/ximinez/lending-XLS-66-2:
Change some instances of View info() to header()
Update rippled to xrpl
refactor: Rename `ripple` namespace to `xrpl` (5982)
refactor: Move JobQueue and related classes into xrpl.core module (6121)
refactor: Rename `rippled` binary to `xrpld` (5983)
refactor: rename info() to header() (6138)
refactor: rename `LedgerInfo` to `LedgerHeader` (6136)
refactor: clean up `RPCHelpers` (5684)
chore: Fix docs readme and cmake (6122)
chore: Clean up .gitignore and .gitattributes (6001)
chore: Use updated secp256k1 recipe (6118)
This change renames all occurrences of `namespace ripple` and `ripple::` to `namespace xrpl` and `xrpl::`, respectively, as well as the names of test suites. It also provides a script to allow developers to replicate the changes in their local branch or fork to avoid conflicts.
- Use a single worker function that does all the work and explicit
template instantiation for the class function. If this gives me any
more trouble, I'm just going to move normalize into the header, but
I was hoping to avoid that.
- Create a new SField metadata enum, sMD_NeedsAsset, which indicates
the field should be associated with an Asset so it can be rounded.
- Add a new STTakesAsset intermediate class to handle the Asset
association to a derived ST class. Currently only used in STNumber,
but could be used by other types in the future.
- Add "associateAsset" which takes an SLE and an Asset, finds the
sMD_NeedsAsset fields, and associates the Asset to them. In the case
of STNumber, that both stores the Asset, and rounds the value
immediately.
- Transactors only need to add a call to associateAsset _after_ all of
the STNumbers have been set. Unfortunately, the inner workings of
STObject do not do the association correctly with uninitialized
fields.
- When serializing an STNumber that has an Asset, round it before
serializing.
- Add an override of roundToAsset, which rounds a Number value in place
to an Asset, but without any additional scale.
- Update and fix a bunch of Loan-related tests to accommodate the
expanded Number class.
- (Not all tests are fixed yet.)
- Round the initial total value computation upward, unless there is
0-interest.
- Rename getVaultScale to getAssetsTotalScale, and convert one incorrect
computation to use it.
- Use adjustImpreciseNumber for LossUnrealized.
- Add some logging to computeLoanProperties.
- In overpayment results, the management fee was being calculated twice:
once as part of the value change, and as part of the fees paid.
Exclude it from the value change.
- Originally defined as uint64_t, but the testIssuerLoan() test called
it with a negative number, causing an overflow to a very large number
that in some circumstances could be silently cast back to an int64_t,
but might not be. I believe this is UB, and we don't want to rely on
that.
- Exclude LogicError lines in ApplyView.cpp (specifically directory
operations) from code coverage.
- Replace the ability to set the next page on a new directory page with
an assert, because nothing uses it right now.
- Early return with success for batch inner transactions in preflight2.
- Originally defined as uint64_t, but the testIssuerLoan() test called
it with a negative number, causing an overflow to a very large number
that in some circumstances could be silently cast back to an int64_t,
but might not be. I believe this is UB, and we don't want to rely on
that.
- Update tests. This has the happy side effect of making some of the string
representations _more_ consistent between the small and large
mantissa ranges.
- ctors and accessors return `rep`. Very few things expose
`internalrep`.
- An exception is "unchecked" and the new "normalized", which explicitly
take an internalrep. But with those special control flags, it's easier
to distinguish and control when they are used.
- The goal is to get as much of the non-number code back to the previous
state as possible.
- The class didn't actually change much, if at all, but somehow got
relocated.
- This should make the review easier, and reduce the footprint of the
PR.
- Created a common doWithdraw function for VaultWithdraw and
LoanBrokerCoverWithdraw. Added verifyDepositPreauth to it, so that
both transactions will get the check.
- Add a missing null check to LoanBrokerSet, and add log messages to the
existing checks.
- Call verifyDepositAuth in VaultWithdraw and LoanBrokerCoverWithdraw to
a destination.
- Update a couple of impossible error returns to log a message, but
exclude from coverage.
- Fail if the LoanBroker.LoanSequence overflows to 0.
- removeEmptyHolding will succeed if the account is the issuer
- If it encounters a trust line in that state, the line will always be
deleted.
- If it encounters an MPTToken in that state, which should be
impossible, the token will be deleted if it doesn't have a balance.
- Revert Payment transactor (Payment.*) back to what is in "develop".
- Change LoanBrokerCoverWithdraw to do a direct transfer, whether it's
too the account or the destination. Similar to VaultWithdraw, and as
specified
- https://github.com/XRPLF/rippled/pull/5270#discussion_r2554560222
- Rename the overload of constructRoundedLoanState that takes components
as inputs to constructLoanState. The original function did no rounding
or enforcement of the inputs being rounded.
- Left the overload constructRoundedLoanState(SLE::const_ref loan)
alone, because Loan objects are assumed to be rounded.
- Optimize final payment by checking and returning that case before
doing any other computations. Removes some asserts that weren't really
adding value.
- Rewrite "Asset::native()" and "integral()" to use std::visit.
- Improve documentation for the LoanPay transaction flags:
tfLoanFullPayment, tfLoanLatePayment
- Use a lambda to defensively guarantee that "tx" can not affect the
"signerCount" in "LoanSet::calculateBaseFee" # Please enter the commit
message for your changes. Lines starting
- Add some test cases to improve coverage, and exclude some lines from
coverage.
- Rounds the Broker.DebtTotal to the Vault scale any time it is
modified. This should reduce rounding errors.
- Ensure that no debt is left for the Broker after the last loan is
deleted. This ensures that any accumulated rounding errors are
resolved.
- Shortcut on issuer match in canTransfer.
- An asset can transfer if either trustline enabled rippling, so both
must have it disabled for the transfer to fail with terNO_RIPPLE.
- Remove unnecessary asfDefaultRipple sets in unit tests.
- Add a new unit test helper class: testline, and a macro: THISLINE.
When included as a parameter to Env::operator(), will include the line
number of the transaction that didn't get the expected result. Works
similarly to BEAST_EXPECT. I didn't do the same for the file name,
because that can be deduced from the testcase name.
- Includes unit tests for terNO_RIPPLE.
- Switch auth mode to weak when submitter is destination.
- Require rippling enabled for vault deposits or withdrawals.
* XRPLF/develop:
chore: Set version 3.1.0-b0 (5986)
ci: Clean workspace on Windows self-hosted runners (6024)
docs: fix spelling in comments (6002)
fix: floating point representation errors in vault (5997)
ci: Specify bash as the default shell in workflows (6021)
refactor: Add `XRPL_RETIRE_FIX` and `XRPL_RETIRE_FEATURE` macros (6014)
refactor: Retire DepositPreAuth and DepositAuth amendments (5978)
chore: Move running of unit tests out of coverage target (6018)
refactor: Retire PayChanRecipientOwnerDir amendment (5946)
- Since all the special cases are now specified with flags, the order is
less important.
- Avoids computing the periodic payment parts that are not needed for
full payment computation.
- A late payment without the late payment flag will override everything
else, though.
- A regular payment that is late, or a tfLoanLatePayment that is not
late will fail.
- Flags are mutually exclusive.
- Add a few interest computation shortcuts and overflow prevention
checks that return 0 if there's no time to compute for.
- Assert requires that an overpayment reduces the value of a loan. If
the overall loan interest is low enough, it could leave it unchanged.
Update the assert to require that the overpayment does not increase
the value of the loan.
- Adds a unit test provided by @gregtatcam to demonstrate this issue.
* mywork/ximinez/lending-number:
Add a distinction between a "valid" and a "representable" Number
chore: Point xrpld symlink to rippled (6012)
Catch up the consequences of Number changes
Fix build error - avoid copy
Add integer enforcement when converting to XRP/MPTAmount to Number
Make all STNumber fields "soeDEFAULT"
Add optional enforcement of valid integer range to Number
- "valid" means the value is <= Number::maxIntValue, which has been
changed to maxMantissa / 100. A valid number could get bigger and be
ok - such as when paying late interest on a loan.
- "representable" means the value is <= Number::maxMantissa. An
unrepresentable number WILL be rounded or truncated.
- Adds a fourth level of enforcement: "compatible". It is used for
converting XRP to Number (for AMM), and when doing explicit checks.
- "weak" will now throw if the number is unrepresentable.
- Vault and LoanBroker pseudo-accounts can hold MPTs, regardless of MPTRequireAuth setting.
- Add requireAuth check in LoanBrokerCoverDeposit and LoanPay.
- Fail attempts to unauthorize pseudo-accounts by MPT issuers.
- Change the Number::maxIntValue to all 9's.
- Add integral() to Asset (copied from Lending)
- Add toNumber() functions to STAmount, MPTAmount, XRPAmount to allow
explicit conversions with enforcement options.
- Add optional Number::EnforceInteger options to STAmount and STNumber
ctors, conversions, etc. IOUs are never checked.
- Update Vault transactors, and helper functions, to check restrictions.
- Fix and add Vault tests.
- Turns out that "Proxy::operator->" is not a safe substitute for
"Proxy::value()." if the field is not required. The implementation
is different such that "operator->" will return a null ptr if the
field is not present. This includes default fields with a value of
zero!
- Scale the loan to the Vault, so that amounts moving to the vault are
less likely to have rounding errors.
- Similar to LoanPay, when LoanManage defaults a loan, round the amounts
to the Vault scale (because the Vault scale can change) before
applying them to the Vault.
* mywork/ximinez/lending-number:
Catch up the consequences of Number changes
Fix build error - avoid copy
Add integer enforcement when converting to XRP/MPTAmount to Number
Make all STNumber fields "soeDEFAULT"
Add optional enforcement of valid integer range to Number
fix: domain order book insertion #5998
refactor: Retire fixTrustLinesToSelf amendment (#5989)
- Change the Number::maxIntValue to all 9's.
- Add integral() to Asset (copied from Lending)
- Add toNumber() functions to STAmount, MPTAmount, XRPAmount to allow
explicit conversions with enforcement options.
- Add optional Number::EnforceInteger options to STAmount and STNumber
ctors, conversions, etc. IOUs are never checked.
- Update Vault transactors, and helper functions, to check restrictions.
- Fix and add Vault tests.
- Ensures a consistent fixed payment amount for the entire life of the
loan, except the final payment, which is guaranteed to be the same or
smaller.
- Convert some Loan structs to compute values that had need manual
updates to stay consistent.
- Fail the transaction in `LoanPay` if it violates the Vault `assetsAvailable <=
assetsTotal` invariant.
- Use constexpr to check that min mantissa value for Number and STAmount
is a power of 10, and compute the max in terms of the min.
- Improve unit tests:
- Use BrokerParameters and Loan Parameters instead of semi-global
class values
- In tests, check that the expected number of loan payments are made.
- Add LoanBatch manual test to generate a set number of random loans,
set them up, and pay them off.
- Add LoanArbitrary manual test to run a single test with specific
(hard-coded for now) parameters.
- Add Number support to XRP_t.
- sfCoverRateMinimum and sfCoverRateLiquidation must be both zero or
both non-zero, because both are used in the default amount
calculations, which is the only place they're really meaningful.
* XRPLF/develop:
ci: Use commit hash so workflows are not canceled when merging multiple PRs (5950)
ci: Only upload codecov reports in the original repo, not in forks (5953)
ci: Only log into Conan when uploading packages (5952)
fix: invariant error in fee-sized `VaultWithdraw` (5876)
fix: account_tx limit parameter validation for malformed values (5891)
refactor: Retire fix1543 amendment (5926)
ci: Only run .exe files during test phase on Windows (5947)
refactor: Migrate json unit tests to use doctest (5533)
Change `fixMPTDeliveredAmount` to `Supported::yes` (5833)
fix: Upload all test binaries (5932)
chore: Better pre-commit failure message (5940)
- Compute the next "true" state, round the values off, then compute the
deltas needed to get the current state to that state. Plus some data
integrity checks.
- Add `Number::zero`, which is longer to type, but more readable than
`Number{}`.
- Prepare to improve Loan unit tests: track managementFeeRate in
BrokerInfo, define a LoanParameters object for creation options and
start adding support for it, track and verify loan state while making
payments.
- Addresses FIND-013 from audit.
- Bases the limit on the current ledger time, and ensures that
"payments * interval <= limit". This allows a loan to potentially run through
"the end of time" successfully, but not go a second over.
- Wrote several test cases, including a few that go right to "the end of
time".
- FIND-005, FIND-009, and FIND-010.
- Add the finding number to existing tests - FIND-001, FIND-003,
FIND-012, FIND-007.
- Tweak the interest rate failure log messages in LoanSet.
- Addresses FIND-005 from audit.
- Tuning values defined in Protocol.h. Optimal values TBD.
- loanPaymentsPerFeeIncrement: calculateBaseFee estimates the number
of payments included in the Amount and charges
"baseFee * number / loanPaymentsPerFeeIncrement".
- loanMaximumPaymentsPerTransaction: If the number of payments
(including overpayments if applicable) hits this limit, stop
processing more payments, but DO NOT FAIL.
- Fix the rounding in LoanSet for Guard 4 (sufficient computed payments)
- Tweak several test parameters to account for the new limits.
- Change payment component rounding for IOUs to "towards_zero".
- Add some safety limits to loan calculations to prevent nonsensical
values.
- Addresses FIND-006 from audit.
- Removes the "minimum" check for sfLoanOriginationFee, and replaces it
with a "valid range" check with the max value being
sfPrincipalRequested.
- Reuses the test from the report, with some modifications.
- Also adds some more test cases for existing interest rate tests.
- Changes:
1. Removed the `AssetType` template parameter from all functions in
favor of just using the `Asset` class.
2. Fully moved all `ripple::detail` functions from .h to .cpp.
3. Moved all definitions of non `detail` functions from .h to .cpp,
except roundPeriodicPayment, just because it's small and I want it
to be visible. Left declarations in .h
4. Moved `PaymentSpecialCase`, `PaymentComponents` and
`computePaymentComponents` into `detail` and updated references.
- This is an intermediate commit. It leaves the old variables in place,
so I can do verifications that the new computations are correct. They
will be removed in the next commit.
- PaymentComponents is an class used internally to break a payment value
into principal, interest, and fees.
- Adds a check to the MPToken creation invariant to ensure none are created for the issuer.
- `addEmptyHolding()` will return success without doing anything for these scenarios. There is nothing to do, as with XRP.
---------
Co-authored-by: Ed Hennis <ed@ripple.com>
- Renamed canSendToAccount to canWithdraw, because the semantics are
a little different from a payment. Notably, if withdrawing to self,
you can still include a destination tag.
- Simplified the interface to canWithdraw to just pass in the
STTx.
- preflightDestinationAndTag is pretty pointless now, so removed it.
- canSendToAccount will check if a destination tag is required _before_
checking if the sender is the destination. This is the original
VaultWithdraw behavior, and I want to stay consistent.
- Correct interest rounding calculation
- Fix some comments
- Don't explicitly break out of the multiple payment loop for the final
payment. Assert that it will exit by the loop condition.
- Fix LoanSet.calculateBaseFee with multisign.
- Cleanups.
- Add View helper functions for Loan and Vault transactions
- preflightDestinationAndTag
- checkDestinationAndTag
- canSendToAccount
- Used the helpers in appropriate Loan and Vault transactions.
- They could also be used in older transactions, I'll save that for
later.
- Implement a new helper accountCanSend, which is like accountHolds, but
returns a meaningful value for issuers, and will include the available
credit on the other side of a trust line. (The sfHighLimit or
sfLowLimit as appropriate.)
- Use this new helper when checking the available balance in LoanPay.
- Loan scale is completely irrelevant to integral types (XRP, MPT), and
the field is "soeDEFAULT", so when set to 0, it won't be stored on
ledger, saving a little bit of space.
- Move management fee calculations out of transactors an into the
appropriate functions in LendingHelpers.h.
- Rewrite how overpayments are handled. May changed based on numerical
analysis.
- Update, fix, and clean up unit tests. Includes adding tolerances for
some checks where an exact match is unlikely.
- Add "integral()" function to Asset to simplify a common check.
- Rename some of the helper functions / lambdas.
- Update tracked interestOwed field better at final payoff.
- Add checks in LoanSet that the fields can be represented in the asset
type, and update test that fails those checks
(testLoanPayComputePeriodicPaymentValidRateInvariant)
- Also check that the computed periodic payment can be represented as
the asset type, and doesn't round _UP_ to 0.
- Update asserts to account for more scenarios, including initial loan
computation.
- Implement AccountSendMulti
- Document the derivations of loan components.
- Add "loanPrincipalFromPeriodicPayment" helper.
- Removed sfReferencePrincipal
- LoanSet and LoanPay can create MPTokens as a side effect
- LoanPay will send the fee to cover if the broker owner is deep frozen,
and fail if both of them are deep frozen.
- LoanPay will check auth for the receivers, or create holdings for the
submitting account if needed.
- LoanSet will fail if principal requested is not positive
- Handle overpayment in a separate function
- Add a test helper to check that balance changes went as expected
- Fix more tests
- Tests not expected to pass.
- Check in LoanSet if a loan with interest actually has interest.
tecPRECISION_LOSS if not.
- Add checks in LoanPay for deep froze broker owner and pseudoaccount.
- Fix management fee calculations in LoanPay and associated LoanBroker
and Vault data updates.
- Make state tracking next payment due date optional.
- Add a test case showing multiple payments combined.
- Update more tests to work with the new fields.
- Primarily updating tests, and fixing stuff that didn't work.
- Tests still not expected to pass.
- Add Json::Value::isMember(StaticString) so SFields can be used.
- Validate more fields in ValidLoan Invariant
- Loan tests are not expected to pass.
- Refactor Number to put rounding logic into reusable functions.
- Add Number tests to explicitly test rounding - may be redundant, but
easy to reason about. Verifies that the default rounding matches
banker's rounding.
- Enable LoanManage. Apparently any remaining issues were fixed by the
previous commit's cleanups.
- Partially enabled LoanPay.
* mywork/ximinez/lending-sttx-checksign:
Review feedback from @a1q123456
Add jtx, STObject, and RPC support for sig object fields
Add support for extra transaction signature validation
- Convert STTx::getSignature to be static.
- Make the STTx::checkSign that takes a signature object private, and
change it and all the other relevant functions to take the signature
object as a `const&`.
- Change `getBatchTransactionIDs` to return a `const&` to reduce the
number of vector copies. Rename `batchTxnIds_` to CamelCase. Update
the text of the internal comment.
- Making a payment on an impaired loan will unimpair the loan, which
changes Vault.LossUnrealized.
- Add a step in unit tests to impair a loan before making a payment, to
verify, and prevent future similar regressions.
- Resolves regression RIPD-3650
* XRPLF/develop:
refactor: Update Conan dependencies: OpenSSL (5873)
Add vault invariants (5518)
test: Add more tests for Simulate RPC metadata (5827)
chore: Fix release build error (5864)
refactor: Update CI strategy matrix to use new RHEL 9 and RHEL 10 images (5856)
chore: exclude all `UNREACHABLE` blocks from codecov (5846)
Set version to 3.0.0-b1 (5859)
** Vault Invariants for Loan txs need to be fleshed out. **
- Give the appropriate Loan transactions vault modification privileges.
- Give the appropriate Loan transactions the ability to authorize
(create in this case) MPTokens.
- Check that LoanManage does not leave Vault in an inconsistent state
(AssetsAvailable > AssetsTotal). For IOU vaults, if the difference is
dust, "round up".
- Restructures `STTx` signature checking code to be able to handle
a `sigObject`, which may be the full transaction, or may be an object
field containing a separate signature. Either way, the `sigObject` can
be a single- or multi-sign signature.
- This is distinct from 550f90a75e (#5594), which changed the check in
Transactor, which validates whether a given account is allowed to sign
for the given transaction. This cryptographically checks the signature
validity.
- All current items are done
- Mostly comments
- Restructured PaymentParts (formerly PeriodicPaymentParts) to bring
along fees, and removed the computed / combined PeriodicPayment from
places that should be using PaymentParts instead.
* mywork/ximinez/lending-tx-fix:
fix: Transaction sig checking functions do not get a full context
ci: Upload artifacts during build and test in a separate job (5817)
- Fixes a bug introduced by PR #5594, commit 550f90a75e, which
introduced the concept of a "sigObject", in which the signature is
checked without necessarily being the transaction.
- Fortunately, no code uses the "sigObject" as anything other than the
transactor yet, so the bug is harmless for now.
- This fix removes the "PreclaimContext" from the parameter list, and
adds only the individual parts needed by the function, none of which
are the transaction.
* XRPLF/develop:
refactor: Add support for extra transaction signatures (5594)
refactor: Restructure Transactor::preflight to reduce boilerplate (5592)
- Fix a moved assert message
- Rename `Transactor::isEnabled` to `checkExtraFeatures`, and finish
cleaning up a few classes I missed on the first pass (Vault*
& XChainBridge*).
* XRPLF/ximinez/lending-refactoring-4:
refactor: Modularise ledger (5493)
chore: Add unit tests dir to code coverage excludes (5803)
chore: Build and test all configs for daily scheduled run (5801)
chore: Limits CI build and test parallelism to reduce resource contention (5799)
fix(amendment): Add missing fields for keylets to ledger objects (5646)
Rename mutable flags (5797)
Set version to 2.6.1-rc1
Downgrade to boost 1.83
Set version to 2.5.1
Fix: Don't flag consensus as stalled prematurely (5658)
* XRPLF/develop:
refactor: Modularise ledger (5493)
chore: Add unit tests dir to code coverage excludes (5803)
chore: Build and test all configs for daily scheduled run (5801)
chore: Limits CI build and test parallelism to reduce resource contention (5799)
fix(amendment): Add missing fields for keylets to ledger objects (5646)
Rename mutable flags (5797)
Set version to 2.5.1
Fix: Don't flag consensus as stalled prematurely (5658)
- Remove a redundant struct LoanPaymentParts declaration.
- Add pointers to the XLS-66 spec for all of the LendingHeler formulas.
- Changed if/else if in LoanManage.
- Rewrite all of the templates in Units.h to use concepts.
- Restrict to_short_string to reasonably sized values.
- Rephrase some comments, and fix some typos.
- Remove the ones where the only condition was the required amendment
specified in transactor.macro.
- Simplify the one that had other conditions, removing the required
amendment from the conditions.
* XRPLF/ximinez/lending-refactoring-4:
Bugfix: Adds graceful peer disconnection (5669)
Support DynamicMPT XLS-94d (5705)
Only notify clio for PRs targeting the release and master branches (5794)
refactor: Wrap GitHub CI conditionals in curly braces (5796)
* XRPLF/ximinez/lending-refactoring-2:
Bugfix: Adds graceful peer disconnection (5669)
Support DynamicMPT XLS-94d (5705)
Only notify clio for PRs targeting the release and master branches (5794)
refactor: Wrap GitHub CI conditionals in curly braces (5796)
- Adds a Permission::getTxFeature lookup function to find the
controlling amendment for a Transactor, if any.
- Returns temDISABLED from preflight if there is an amendment and it's
not enabled.
- Still need to go through and remove all the now-redundant isEnabled
functions.
* XRPLF/ximinez/lending-refactoring-4:
fixup! Make a few tweaks to the changes in 43fe49e7
Fix Vault tests broken by negative MPT issuer balance
Make a few tweaks to the changes in 43fe49e7
fix: Add restrictions to Permission Delegation: fixDelegateV1_1 (5650)
ci: Add missing dependencies to workflows (5783)
ci: Use default conan install format (5784)
Switch CI pipeline bookworm:gcc-13 from arm64 to amd64 (5779)
* XRPLF/develop:
fix: Add restrictions to Permission Delegation: fixDelegateV1_1 (5650)
ci: Add missing dependencies to workflows (5783)
ci: Use default conan install format (5784)
Switch CI pipeline bookworm:gcc-13 from arm64 to amd64 (5779)
- This was the first merge after I got back from sabbatical. I made
these same changes in "ximinez/lending-XLS-66" commit 9d052dc, but
after seeing some test failures, I think they belong here.
- Also fix a few build errors that I missed earlier.
- Updated freeze check rules for LoanSet.
- Fixed the debt total calculation and check in LoanSet.
- Removed _some_ unnecessary includes.
- Rewrite to_short_string to call strHex directly instead of building
the whole hex string first.
- Change PrettyAsset::scale_ back to a uint32 since the Number
conversion elides any potential multiplication overflow.
- Clean ups.
- Mostly adding comments.
- Fixed some function parameter names that weren't updated after
a copy/paste.
- LoanBrokerCoverWithdraw does not need to check for freeze when sending
to the issuer.
- Reorder the fund transfer cases in LoanBrokerCoverWithdraw to make it
clearer that some transfers are direct, and some use the payment
engine.
- Only look up the vault ID once in LoanBrokerSet
- Rewrite isTesSuccess to use TERSubset::operator bool
- Add Transactor::preflightSigValidated for expensive operations that
should be done after signature validation. These things would have
been done after preflight2 before this refactor.
- Split Batch and EscrowFinish preflight to use preflightSigValidated, too.
* XRPLF/ximinez/lending-refactoring-4:
Review feedback from @Bronek
Rewrite Units.h and same safe_cast.h restrictions to use concepts
* Also add required support for LoanBroker and Loan ledger entries
- Remove unnecessary #include
- Explanatory comments
- Make the MPT InvariantCheck related to EscrowFinish amendment safe
- Convert SField maps to unordered_maps
- Make jtx::fee::operator() clearer
- Rename checkMyPrivilege to hasPrivilege
* XRPLF/develop:
chore: Update clang-format and prettier with pre-commit (5709)
fix(test): handle null metadata for unvalidated tx in Env::meta (5715)
chore: Workaround for CI build errors on arm64 (5717)
chore: Fix file formatting (5718)
fix: Skip notify-clio when running in a fork, reorder config fields (5712)
chore: Reverts formatting changes to external files, adds formatting changes to proto files (5711)
- Cleaned up some of the `LEDGER_ENTRY` macros by eliding unnecessary
parameters.
- Define the transaction privileges in one place (InvariantCheck.cpp).
- Give `EscrowFinish` the `mayAuthorizeMPT` privilege.
- Rename the test helper `expectLine` to `expectHolding` since
it handles both trust lines and MPTs.
- Restructure the ""pseudo-account has 2 pseudo-account fields set"
invariant test to loop over all defined pseudo-account fields.
- Fix `operator<<` for `PrettyAmount` to handle `MPTIssue`s.
- Add enforcement of the `AccountRootsDeletedClean` invariant if SAV is
enabled, and clarify the comment for the pseudo-account field check.
- Delete the 100% redundant `ttMPTOKEN_ISSUANCE_SET` check in
`ValidMPTIssuance`.
* XRPLF/ximinez/lending-refactoring-4:
fix: Modify jobs to use '>>' instead of 'tee' for GITHUB_OUTPUT (5699)
refactor: Revamp CI workflows (5661)
refactor: Decouple net from xrpld and move rpc-related classes to the rpc folder (5477)
Set version to 2.6.0-rc2
docs: Updates list of maintainers and reviewers (5687)
fix: Change log to debug level for AMM offer retrieval and IOU payment check (5686)
fix: Add -Wno-deprecated-declarations for Clang only (5680)
Update .git-blame-ignore-revs for 5657 (5675)
Fix BUILD.md instruction (5676)
Set version to 2.6.0-rc1
fix: Improve logging of the reason to refuse a peer connection (5664)
fix: Make test suite names match the directory name (5597)
chore: Run prettier on all files (5657)
chore: Set CONAN_REMOTE_URL also for forks (5662)
chore: Cleanup bin/ directory (5660)
perf: Optimize hash performance by avoiding allocating hash state object (5469)
* XRPLF/develop:
fix: Modify jobs to use '>>' instead of 'tee' for GITHUB_OUTPUT (#5699)
refactor: Revamp CI workflows (#5661)
refactor: Decouple net from xrpld and move rpc-related classes to the rpc folder (#5477)
Set version to 2.6.0-rc2
docs: Updates list of maintainers and reviewers (#5687)
fix: Change log to debug level for AMM offer retrieval and IOU payment check (#5686)
fix: Add -Wno-deprecated-declarations for Clang only (#5680)
Update .git-blame-ignore-revs for #5657 (#5675)
Fix BUILD.md instruction (#5676)
Set version to 2.6.0-rc1
fix: Improve logging of the reason to refuse a peer connection (#5664)
fix: Make test suite names match the directory name (#5597)
chore: Run prettier on all files (#5657)
chore: Set CONAN_REMOTE_URL also for forks (#5662)
chore: Cleanup bin/ directory (#5660)
perf: Optimize hash performance by avoiding allocating hash state object (#5469)
- Add a new parameter "signature_target" to "sign". Supports single and
multisign, but I haven't written tests for multisign yet.
- Skip account validation if this field is set, like multisigning.
- Unit tests demonstrating examples.
* XRPLF/develop:
Switch Conan 1 commands to Conan 2 and fix credentials (#5655)
perf: Move mutex to the partition level (#5486)
Upload Conan dependencies upon merge into develop (#5654)
- Still required for the transaction to succeed (except inside a Batch,
because the batch signers take care of that).
- Started adding tests for Loan-related RPC and low-level math checks.
Currently only implemented "sign" on a LoanSet to verify it can be
done.
- Addresses FIND-012 from audit.
- If computePeriodicPaymentParts rounds the principal part to 0, add
a small amount so that some principal is paid regardless of how
extreme the loan parameters are. For XRP and MPTs, this just adds 1.
For IOUs, compute an epsilon based on the scale of the original loan.
(IOUs untested.)
- Also move this function out of the detail namespace so direct unit
tests can be written. (Pending.)
- Adds the testLoanPayComputePeriodicPaymentValidRateInvariant from
auditors with some minor modifications.
- Fixes an assert that the periodic rate > 0, which won't be true if the
loan interest rate is 0.
- Move several tests from `STObject_test` to new `STParsedJSON_test`
unchanged.
- Add 3 test cases to cover edge cases for UInt16 values.
Co-authored-by: Denis Angell <dangell@transia.co>
- Addresses FIND-003 from audit.
- Behavior changed to treat a DebtMaximum value of 0 to mean "no limit",
as defined in spec.
- No need to add unit tests, because the previous commit covers 0, and
tests already exist for non-zero limits.
- Addresses FIND-001 from audit
- LoanSet::preflight will require Counterparty to be set (it's normally
optional) for an inner batch transaction, because the checks are done
before the LoanBroker object can be accessed.
- Adjust LoanSet::calculateBaseFee to not charge extra if an inner
transaction.
- Adds a Loan-specific test to Batch_test.
- Mark variable only used in asserts as [[maybe_unused]].
- Restore commented out line that I think I resolved wrong in an earlier
merge to fix Vault tests.
* XRPLF/ximinez/lending-refactoring-2:
refactor: Update rocksdb (#5568)
Switch instrumentation workflow to use dependencies (#5607)
chore: Rename conan profile to `default` (#5599)
Include `network_id` in validations and subscription stream responses (#5579)
Add support for `DomainID` in `MPTokenIssuance` transactions (#5509)
chore: Remove unused code after flow cross retirement (#5575)
Remove obsolete owner pays fee feature and XRPL_ABANDON stanza (#5550)
refactor: Makes HashRouter flags more type-safe (#5371)
Fix clang-format CI job (#5598)
- Rename Transactor::preflight to invokePreflight.
- Rename doPreflight back to preflight.
- Update instructions.
- With preflight1 & 2 now uncallable, in-flight code in other
branches should be easier to convert.
* upstream/develop: (56 commits)
Remove `include(default)` from libxrpl profile (#5587)
refactor: Change boost::shared_mutex to std::shared_mutex (#5576)
Fix macos runner (#5585)
Remove the type filter from "ledger" RPC command (#4934)
refactor: Update date, libarchive, nudb, openssl, sqlite3, xxhash packages (#5567)
test: Run unit tests regardless of 'Supported' amendment status (#5537)
Retire Flow Cross amendment (#5562)
chore: Update CI to use Conan 2 (#5556)
fixAMMClawbackRounding: adjust last holder's LPToken balance (#5513)
chore: Add gcc-12 workaround (#5554)
Add MPT related txns into issuer's account history (#5530)
chore: Remove unused headers (#5526)
fix: add allowTrustLineLocking flag for account_info (#5525)
Downgrade required CMake version for Antithesis SDK (#5548)
fix: Link with boost libraries explicitly (#5546)
chore: Fix compilation error with clang-20 and cleanup (#5543)
test: Remove circular jtx.h dependencies (#5544)
Decouple CredentialHelpers from xrpld/app/tx (#5487)
fix: crash when trace-logging in tests (#5529)
test: switch some unit tests to doctest (#5383)
...
- Refactor the IOU payment code out of the Payment transactor and use it
for different destinations. This should enforce all of the trust line
rules without having to reinvent a dozen wheels.
- TODO: Same for MPTs.
- Add an override of isDeepFrozen that can take an Asset, and thus an
MPTIssue. The MPT version just calls isFrozen, since they're
equivalent for MPTs.
- Add wrappers checkFrozen and checkDeepFrozen that return the
appropriate TER code, so the Asset type doesn't have to be checked
at every #*%@ing caller.
- Convert the Loan* transactors to use these functions.
- Rename Transactor::preflight to invokePreflight.
- Rename doPreflight back to preflight.
- Update instructions.
- With preflight1 & 2 now uncallable, in-flight code in other
branches should be easier to convert.
- Not necessarily wrong, just not how I want it.
- Fixes a build error in LoanBroker_test
- In CreateOffer, fixes a logic error where _no_ offers will work if
PermissionedDex amendment is enabled, and FlowCross is not
- Add the LendingProtocol amendment
- Add Loan Broker and Loan ledger objects:
- Also add new SFields, Keylet functions, and an Invariant to verify no
illegal field modification
- Update list of "constant" fields from spec
- Also add a general check for all object types for the type and index
fields
- refactor: Check transaction flags in preflight0
- Adds a flagMask parameter to preflight1 so that it's impossible to
forget to check flags.
- Also adds a short hash prefix to all Transactor log messages.
- refactor: Generalize Transactor preflight:
- Derived classes no longer need to explicitly check amendments, nor
call into preflight1 or preflight2.
- implemeng LoanBrokerSet
- Transactions: LoanDelete, LoanManage, LoanDraw, LoanPay
- LoanBrokerSet creation mostly done. Need update.
- Also added a lookup table for pseudo account fields.
- Update changed field name.
- Modify modifiable fields in an update. Note there are only two.
- Add a node field to dirLink, defaulting sfOwnerNode, so other
relationships can be updated.
- Create some helper classes for transaction fields
- Test that they work by converting some of the existing classes
- Finish creating helper classes for JTx fields
- Also change the pseudo account field lookup to a function that uses
a switch
- Update tests, update pseudo-account checking
- Generalize some of the Invariant checks using macro files
- Valid ledger entry type
- Valid new account root and pseudo account check
- Enumerate transaction privileges for invariants
- Allows them to be defined in transactions.macro instead of needing to
scrutinize every existing Invariant class.
- List is not necessarily comprehensive, but does cover every check
where more than one transaction type is involved.
- Reserve a few values between Vault and Lending for future use
- Pseudo-account improvements
- Define pseudo-account fields with an sfield flag
- Pseudo-account invariant checks rules whenever a pseudo-account is
created or modified.
- Move some helper functions.
- Check the regular key in the pseudo-transaction invariant check.
- Transactor::checkSign will always fail for a pseudo-account, so even
if someone figures out how to get a good signature, it won't work.
- Fix account creation to check both amendments
- Add a validity range for sfDebtMaximum
- Change more "failed" messages. The goal here is to be able to search
the log for "failed" and ONLY get test failures.
- NoModifiedUnmodifiableFields and ValidPseudoAccounts
- Move the Invariants_test class into the test namespace
- Clang wants an explicit ctor to emplace in a vector
- Refactor: Add a Transactor base function to make it easier to get the
owner reserve increment as a fee.
- Refactor: Add an overload jtx::fee(increment) to pay an owner reserve.
- Initial implementation of LoanBrokerDelete
- Generalize the LoanBroker lifecycle test
- Refactor ApplyView::dirAdd to give access to low-level operations
- Takes a page from #5362, which may turn out to be useful!
- Start writing Loan Broker invariants and tests
- Specifically those mentioned for LoanBrokerDelete
- Move all detail namespaces to be under ripple
- Avoids problems with namespace collisions / ambiguous symbol issues
with unity builds, especially when adding or removing files.
- Add LoanBrokerCoverDeposit transaction
- Add LoanBrokerCoverWithdraw transaction
- Start writing tests for LoanBrokerCover*
- Add support for `Asset` and `MPTIssue` to some `jtx` helper classes
and functions (`balance`, `expectLine`)
- Add support for pseudo-accounts to `jtx::Account` by allowing directly
setting the AccountID without a matching key.
- Add Asset and MPTIssue support to more jtx objects / functions
- Unfortunately, to work around some ambiguous symbol compilation
errors, I had to change the implicit conversion from IOU to Asset to
a conversion from IOU to PrettyAsset, and add a more explicit
`asset()` function. This workaround only required changing two
existing tests, so seems acceptable.
- Ensure that an account is not deleted with an XRP balance
- Updates the AccountRootsDeletedClean invariant
- Finish up the Loan Broker tests
- Move inclusion of Transactor headers to transactions.macro
- Only need to update in one place when adding a new transaction.
- Start implementing LoanSet transactor
- Add some more values and functions to make it easier to work with
basis point values / bips.
- Fix several earlier mistakes.
- Generalize the check*Sign functions to support CounterParty
- checkSign, checkSingleSign, and checkMultiSign in STTx and Transactor
- Start writing Loan tests
- Required adding support for counterparty signature to jtx framework:
arbitrary signature field destination, multiple signer callbacks
- Get Counterparty signing working
- Add more LoanSet unit tests, added LoanBroker LoanSequence field
- LoanSequence will prevent loan key collisions
- Change Loan object indexing, fix several broken LoanSet unit tests
- Loan objects will now only be indexed by LoanBrokerID and
LoanSequence, which is a new field in LoanBroker. Also changes
Loan.Sequence to Loan.LoanSequence to match up.
- Several tests weren't working because of `PrettyAsset` scaling. Also,
`PrettyAsset` calculations could overflow. Made that less likely by
changing the type of `scale_`.
- LoanSet will fail if an account tries to loan to itself.
- Ensure that an account is not deleted with a non-zero owner count
- Updates the AccountRootsDeletedClean invariant
- Add unit tests to create a Loan successfully
- Fix a few field initializations in LoanSet
- Refactor issuance validity check in VaultCreate
- Utility function: canAddHolding
- Call canAddHolding from any transactor that call addEmptyHolding
(LoanBrokerSet, LoanSet)
- Start implementing LoanManage transaction
- Also add a ValidLoan invariant
- Finish `LoanManage` functionality and tests, modulo LoanDraw/Pay
- Allow existing trust lines to loan brokers to be managed (by issuer)
- Implement LoanDelete, and fix a bunch of math errors in LoanManage
- Update to match latest spec: compute interest, LoanBroker reserves
- refactor: Define getFlagsMask in the base Transactor class
- Returns tfUniversalMask for most transactors
- Only transactors that use other flags need to override
- Implement LoanDraw, and made good progress on related tests
- Start implementing LoanPay transaction
- Implement LoanPay & most tests
- Also add an XRPL_ASSERT_PARTS, which splits the parts of the assert message
so I don't have to remember the proper formatting.
Start writing LoanPay transaction tests
@@ -42,7 +42,7 @@ For more information on responsible disclosure, please read this [Wikipedia arti
## Report Handling Process
Please report the bug directly to us and limit further disclosure. If you want to prove that you knew the bug as of a given time, consider using a cryptographic precommitment: hash the content of your report and publish the hash on a medium of your choice (e.g. on Twitter or as a memo in a transaction) as "proof" that you had written the text at a given point in time.
Please report the bug directly to us and limit further disclosure. If you want to prove that you knew the bug as of a given time, consider using a cryptographic pre-commitment: hash the content of your report and publish the hash on a medium of your choice (e.g. on Twitter or as a memo in a transaction) as "proof" that you had written the text at a given point in time.
CA -[#green]> RM: <font color=green>getValidations
CA -[#green]> CA: <font color=green>create UNLModify Tx
hnote over CA#lightgreen: use validatations of the last 256 ledgers\nto figure out UNLModify Tx candidates.\nIf any, create UNLModify Tx, and add to TxSet.
hnote over CA#lightgreen: use validations of the last 256 ledgers\nto figure out UNLModify Tx candidates.\nIf any, create UNLModify Tx, and add to TxSet.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
