Expand the description of Number::isInteger_

- Anything above 13 is _nearly_ unusable, but there might be some edge
  use cases where it is.
- Added unit tests to show this.

include/xrpl/basics/Number.h

@@ -13,16 +13,37 @@ class Number;
 std::string
 to_string(Number const& amount);
 
+template <typename T>
+constexpr bool
+isPowerOfTen(T value)
+{
+    while (value >= 10 && value % 10 == 0)
+        value /= 10;
+    return value == 1;
+}
+
 class Number
 {
     using rep = std::int64_t;
     rep mantissa_{0};
     int exponent_{std::numeric_limits<int>::lowest()};
 
+    // isInteger_ is informational only. It is not serialized, transmitted, or
+    // used in calculations in any way. It is used only for internal validation
+    // of integer types, usually in transactions. It is a one-way switch. Once
+    // it's on, it stays on. It is also transmissible in that any operation
+    // involving a Number with this flag will have a result with this flag.
+    bool isInteger_ = false;
+
 public:
     // The range for the mantissa when normalized
-    constexpr static std::int64_t minMantissa = 1'000'000'000'000'000LL;
-    constexpr static std::int64_t maxMantissa = 9'999'999'999'999'999LL;
+    constexpr static rep minMantissa = 1'000'000'000'000'000LL;
+    static_assert(isPowerOfTen(minMantissa));
+    constexpr static rep maxMantissa = minMantissa * 10 - 1;
+    static_assert(maxMantissa == 9'999'999'999'999'999LL);
+
+    constexpr static rep maxIntValue = maxMantissa / 100;
+    static_assert(maxIntValue == 99'999'999'999'999LL);
 
     // The range for the exponent when normalized
     constexpr static int minExponent = -32768;
@@ -35,15 +56,42 @@ public:
 
     explicit constexpr Number() = default;
 
-    Number(rep mantissa);
-    explicit Number(rep mantissa, int exponent);
+    Number(rep mantissa, bool isInteger = false);
+    explicit Number(rep mantissa, int exponent, bool isInteger = false);
     explicit constexpr Number(rep mantissa, int exponent, unchecked) noexcept;
+    constexpr Number(Number const& other) = default;
+    constexpr Number(Number&& other) = default;
+
+    ~Number() = default;
+
+    constexpr Number&
+    operator=(Number const& other);
+    constexpr Number&
+    operator=(Number&& other);
 
     constexpr rep
     mantissa() const noexcept;
     constexpr int
     exponent() const noexcept;
 
+    void
+    setIsInteger(bool isInteger);
+
+    bool
+    isInteger() const noexcept;
+
+    bool
+    valid() const noexcept;
+    bool
+    representable() const noexcept;
+    /// Combines setIsInteger(bool) and valid()
+    bool
+    valid(bool isInteger);
+    /// Because this function is const, it should only be used for one-off
+    /// checks
+    bool
+    valid(bool isInteger) const;
+
     constexpr Number
     operator+() const noexcept;
     constexpr Number
@@ -197,16 +245,47 @@ inline constexpr Number::Number(rep mantissa, int exponent, unchecked) noexcept
 {
 }
 
-inline Number::Number(rep mantissa, int exponent)
-    : mantissa_{mantissa}, exponent_{exponent}
+inline Number::Number(rep mantissa, int exponent, bool isInteger)
+    : mantissa_{mantissa}, exponent_{exponent}, isInteger_(isInteger)
 {
     normalize();
 }
 
-inline Number::Number(rep mantissa) : Number{mantissa, 0}
+inline Number::Number(rep mantissa, bool isInteger)
+    : Number{mantissa, 0, isInteger}
 {
 }
 
+constexpr Number&
+Number::operator=(Number const& other)
+{
+    if (this != &other)
+    {
+        mantissa_ = other.mantissa_;
+        exponent_ = other.exponent_;
+        if (!isInteger_)
+            isInteger_ = other.isInteger_;
+    }
+
+    return *this;
+}
+
+constexpr Number&
+Number::operator=(Number&& other)
+{
+    if (this != &other)
+    {
+        // std::move doesn't really do anything for these types, but
+        // this is future-proof in case the types ever change
+        mantissa_ = std::move(other.mantissa_);
+        exponent_ = std::move(other.exponent_);
+        if (!isInteger_)
+            isInteger_ = std::move(other.isInteger_);
+    }
+
+    return *this;
+}
+
 inline constexpr Number::rep
 Number::mantissa() const noexcept
 {
@@ -219,6 +298,20 @@ Number::exponent() const noexcept
     return exponent_;
 }
 
+inline void
+Number::setIsInteger(bool isInteger)
+{
+    if (isInteger_)
+        return;
+    isInteger_ = isInteger;
+}
+
+inline bool
+Number::isInteger() const noexcept
+{
+    return isInteger_;
+}
+
 inline constexpr Number
 Number::operator+() const noexcept
 {

include/xrpl/protocol/Asset.h

@@ -81,7 +81,27 @@ public:
     bool
     native() const
     {
-        return holds<Issue>() && get<Issue>().native();
+        return std::visit(
+            [&]<ValidIssueType TIss>(TIss const& issue) {
+                if constexpr (std::is_same_v<TIss, Issue>)
+                    return issue.native();
+                if constexpr (std::is_same_v<TIss, MPTIssue>)
+                    return false;
+            },
+            issue_);
+    }
+
+    bool
+    integral() const
+    {
+        return std::visit(
+            [&]<ValidIssueType TIss>(TIss const& issue) {
+                if constexpr (std::is_same_v<TIss, Issue>)
+                    return issue.native();
+                if constexpr (std::is_same_v<TIss, MPTIssue>)
+                    return true;
+            },
+            issue_);
     }
 
     friend constexpr bool

include/xrpl/protocol/MPTAmount.h

@@ -64,7 +64,7 @@ public:
 
     operator Number() const noexcept
     {
-        return value();
+        return {value(), true};
     }
 
     /** Return the sign of the amount */

include/xrpl/protocol/Protocol.h

@@ -108,9 +108,11 @@ std::uint8_t constexpr vaultStrategyFirstComeFirstServe = 1;
 /** Default IOU scale factor for a Vault */
 std::uint8_t constexpr vaultDefaultIOUScale = 6;
 /** Maximum scale factor for a Vault. The number is chosen to ensure that
-1 IOU can be always converted to shares.
+1 IOU can be always converted to shares and will fit into Number.
+10^16 > Number::maxMantissa
+In the future, this should be increased to 18.
 10^19 > maxMPTokenAmount (2^64-1) > 10^18 */
-std::uint8_t constexpr vaultMaximumIOUScale = 18;
+std::uint8_t constexpr vaultMaximumIOUScale = 15;
 
 /** Maximum recursion depth for vault shares being put as an asset inside
  * another vault; counted from 0 */

include/xrpl/protocol/STAmount.h

@@ -146,6 +146,11 @@ public:
     STAmount(MPTAmount const& amount, MPTIssue const& mptIssue);
     operator Number() const;
 
+    bool
+    validNumber() const noexcept;
+    bool
+    representableNumber() const noexcept;
+
     //--------------------------------------------------------------------------
     //
     // Observers
@@ -155,6 +160,9 @@ public:
     int
     exponent() const noexcept;
 
+    bool
+    integral() const noexcept;
+
     bool
     native() const noexcept;
 
@@ -435,6 +443,12 @@ STAmount::exponent() const noexcept
     return mOffset;
 }
 
+inline bool
+STAmount::integral() const noexcept
+{
+    return mAsset.integral();
+}
+
 inline bool
 STAmount::native() const noexcept
 {
@@ -553,7 +567,7 @@ STAmount::clear()
 {
     // The -100 is used to allow 0 to sort less than a small positive values
     // which have a negative exponent.
-    mOffset = native() ? 0 : -100;
+    mOffset = integral() ? 0 : -100;
     mValue = 0;
     mIsNegative = false;
 }

include/xrpl/protocol/STObject.h

@@ -482,6 +482,8 @@ public:
     value_type
     operator*() const;
 
+    /// Do not use operator->() unless the field is required, or you've checked
+    /// that it's set.
     T const*
     operator->() const;
 
@@ -718,6 +720,8 @@ STObject::Proxy<T>::operator*() const -> value_type
     return this->value();
 }
 
+/// Do not use operator->() unless the field is required, or you've checked that
+/// it's set.
 template <class T>
 T const*
 STObject::Proxy<T>::operator->() const

include/xrpl/protocol/SystemParameters.h

@@ -23,6 +23,7 @@ systemName()
 
 /** Number of drops in the genesis account. */
 constexpr XRPAmount INITIAL_XRP{100'000'000'000 * DROPS_PER_XRP};
+static_assert(INITIAL_XRP.drops() == 100'000'000'000'000'000);
 
 /** Returns true if the amount does not exceed the initial XRP in existence. */
 inline bool

include/xrpl/protocol/XRPAmount.h

@@ -143,7 +143,7 @@ public:
 
     operator Number() const noexcept
     {
-        return drops();
+        return {drops(), true};
     }
 
     /** Return the sign of the amount */

include/xrpl/protocol/detail/ledger_entries.macro

@@ -479,10 +479,10 @@ LEDGER_ENTRY(ltVAULT, 0x0084, Vault, vault, ({
     {sfAccount,              soeREQUIRED},
     {sfData,                 soeOPTIONAL},
     {sfAsset,                soeREQUIRED},
-    {sfAssetsTotal,          soeREQUIRED},
-    {sfAssetsAvailable,      soeREQUIRED},
+    {sfAssetsTotal,          soeDEFAULT},
+    {sfAssetsAvailable,      soeDEFAULT},
     {sfAssetsMaximum,        soeDEFAULT},
-    {sfLossUnrealized,       soeREQUIRED},
+    {sfLossUnrealized,       soeDEFAULT},
     {sfShareMPTID,           soeREQUIRED},
     {sfWithdrawalPolicy,     soeREQUIRED},
     {sfScale,                soeDEFAULT},

src/libxrpl/basics/Number.cpp

@@ -164,9 +164,8 @@ Number::normalize()
         return;
     }
     bool const negative = (mantissa_ < 0);
-    auto m = static_cast<std::make_unsigned_t<rep>>(mantissa_);
-    if (negative)
-        m = -m;
+    auto m = static_cast<std::make_unsigned_t<rep>>(
+        negative ? -mantissa_ : mantissa_);
     while ((m < minMantissa) && (exponent_ > minExponent))
     {
         m *= 10;
@@ -207,9 +206,52 @@ Number::normalize()
         mantissa_ = -mantissa_;
 }
 
+bool
+Number::valid() const noexcept
+{
+    return valid(isInteger_);
+}
+
+bool
+Number::valid(bool isInteger)
+{
+    setIsInteger(isInteger);
+    return valid();
+}
+
+bool
+Number::valid(bool isInteger) const
+{
+    if (!isInteger)
+        return true;
+    static Number const max = maxIntValue;
+    static Number const maxNeg = -max;
+    // Avoid making a copy
+    if (mantissa_ < 0)
+        return *this >= maxNeg;
+    return *this <= max;
+}
+
+bool
+Number::representable() const noexcept
+{
+    if (!isInteger_)
+        return true;
+    static Number const max = maxMantissa;
+    static Number const maxNeg = -max;
+    // Avoid making a copy
+    if (mantissa_ < 0)
+        return *this >= maxNeg;
+    return *this <= max;
+}
+
 Number&
 Number::operator+=(Number const& y)
 {
+    // The strictest setting prevails
+    if (!isInteger_)
+        isInteger_ = y.isInteger_;
+
     if (y == Number{})
         return *this;
     if (*this == Number{})
@@ -356,6 +398,10 @@ divu10(uint128_t& u)
 Number&
 Number::operator*=(Number const& y)
 {
+    // The strictest setting prevails
+    if (!isInteger_)
+        isInteger_ = y.isInteger_;
+
     if (*this == Number{})
         return *this;
     if (y == Number{})
@@ -428,6 +474,10 @@ Number::operator*=(Number const& y)
 Number&
 Number::operator/=(Number const& y)
 {
+    // The strictest setting prevails
+    if (!isInteger_)
+        isInteger_ = y.isInteger_;
+
     if (y == Number{})
         throw std::overflow_error("Number: divide by 0");
     if (*this == Number{})

src/libxrpl/ledger/View.cpp

@@ -2927,7 +2927,7 @@ assetsToSharesWithdraw(
 {
     XRPL_ASSERT(
         !assets.negative(),
-        "ripple::assetsToSharesDeposit : non-negative assets");
+        "ripple::assetsToSharesWithdraw : non-negative assets");
     XRPL_ASSERT(
         assets.asset() == vault->at(sfAsset),
         "ripple::assetsToSharesWithdraw : assets and vault match");

src/libxrpl/protocol/STAmount.cpp

@@ -255,6 +255,20 @@ STAmount::move(std::size_t n, void* buf)
     return emplace(n, buf, std::move(*this));
 }
 
+bool
+STAmount::validNumber() const noexcept
+{
+    Number n = *this;
+    return n.valid();
+}
+
+bool
+STAmount::representableNumber() const noexcept
+{
+    Number n = *this;
+    return n.representable();
+}
+
 //------------------------------------------------------------------------------
 //
 // Conversion

src/test/app/AMM_test.cpp

@@ -1384,7 +1384,7 @@ private:
         // equal asset deposit: unit test to exercise the rounding-down of
         // LPTokens in the AMMHelpers.cpp: adjustLPTokens calculations
         // The LPTokens need to have 16 significant digits and a fractional part
-        for (Number const deltaLPTokens :
+        for (Number const& deltaLPTokens :
              {Number{UINT64_C(100000'0000000009), -10},
               Number{UINT64_C(100000'0000000001), -10}})
         {

src/test/app/Vault_test.cpp

@@ -962,16 +962,25 @@ class Vault_test : public beast::unit_test::suite
                 env(tx, ter(temMALFORMED));
             }
 
-            // accepted range from 0 to 18
+            // the prior acceptable upper limit
             {
                 auto [tx, keylet] =
                     vault.create({.owner = owner, .asset = asset});
                 tx[sfScale] = 18;
+                env(tx, ter(temMALFORMED));
+            }
+
+            // accepted range from 0 to 13
+            {
+                auto [tx, keylet] =
+                    vault.create({.owner = owner, .asset = asset});
+                tx[sfScale] = 13;
                 env(tx);
                 env.close();
                 auto const sleVault = env.le(keylet);
-                BEAST_EXPECT(sleVault);
-                BEAST_EXPECT((*sleVault)[sfScale] == 18);
+                if (BEAST_EXPECT(sleVault))
+                    ;
+                BEAST_EXPECT((*sleVault)[sfScale] == 13);
             }
 
             {
@@ -3625,13 +3634,18 @@ class Vault_test : public beast::unit_test::suite
             tx[sfScale] = scale;
             env(tx);
 
-            auto const [vaultAccount, issuanceId] =
-                [&env](ripple::Keylet keylet) -> std::tuple<Account, MPTID> {
+            auto const vaultInfo = [&env](ripple::Keylet keylet)
+                -> std::optional<std::tuple<Account, MPTID>> {
                 auto const vault = env.le(keylet);
-                return {
+                if (!vault)
+                    return std::nullopt;
+                return std::make_tuple(
                     Account("vault", vault->at(sfAccount)),
-                    vault->at(sfShareMPTID)};
+                    vault->at(sfShareMPTID));
             }(keylet);
+            if (!BEAST_EXPECT(vaultInfo))
+                return;
+            auto const [vaultAccount, issuanceId] = *vaultInfo;
             MPTIssue shares(issuanceId);
             env.memoize(vaultAccount);
 
@@ -3673,18 +3687,92 @@ class Vault_test : public beast::unit_test::suite
                  .peek = peek});
         };
 
-        testCase(18, [&, this](Env& env, Data d) {
-            testcase("Scale deposit overflow on first deposit");
+        // The scale can go to 15, which will allow the total assets to
+        // go that high, but single deposits are not allowed over 10^13.
+        // There probably aren't too many use cases that will be able to
+        // use this, but it does work.
+        testCase(15, [&, this](Env& env, Data d) {
+            testcase("MPT fractional deposits are supported");
+
+            // Deposits large than Number::maxIntValue are invalid
+            {
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = d.asset(10)});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+            {
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = d.asset(5)});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+            {
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = d.asset(Number{1, -1})});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+
+            auto const smallDeposit = d.asset(Number{5, -2});
+            {
+                // Individual deposits that fit within
+                // Number::maxIntValue are valid
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = smallDeposit});
+                env(tx);
+            }
+            env.close();
+            {
+                // The total shares can not go over Number::maxIntValue
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = smallDeposit});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+
+            {
+                auto tx = d.vault.withdraw(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = d.asset(Number(10, 0))});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+
+            {
+                // A withdraw can take any representable amount, even one
+                // that can't be deposited
+                auto tx = d.vault.withdraw(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = d.asset(Number{10, -2})});
+                env(tx, ter{tecINSUFFICIENT_FUNDS});
+            }
+        });
+
+        testCase(13, [&, this](Env& env, Data d) {
+            testcase("MPT scale deposit over maxIntValue on first deposit");
             auto tx = d.vault.deposit(
                 {.depositor = d.depositor,
                  .id = d.keylet.key,
                  .amount = d.asset(10)});
-            env(tx, ter{tecPATH_DRY});
+            env(tx, ter{tecPRECISION_LOSS});
             env.close();
         });
 
-        testCase(18, [&, this](Env& env, Data d) {
-            testcase("Scale deposit overflow on second deposit");
+        testCase(13, [&, this](Env& env, Data d) {
+            testcase("MPT scale deposit over maxIntValue on second deposit");
 
             {
                 auto tx = d.vault.deposit(
@@ -3700,13 +3788,13 @@ class Vault_test : public beast::unit_test::suite
                     {.depositor = d.depositor,
                      .id = d.keylet.key,
                      .amount = d.asset(10)});
-                env(tx, ter{tecPATH_DRY});
+                env(tx, ter{tecPRECISION_LOSS});
                 env.close();
             }
         });
 
-        testCase(18, [&, this](Env& env, Data d) {
-            testcase("Scale deposit overflow on total shares");
+        testCase(13, [&, this](Env& env, Data d) {
+            testcase("MPT scale deposit over maxIntValue on total shares");
 
             {
                 auto tx = d.vault.deposit(
@@ -3722,7 +3810,7 @@ class Vault_test : public beast::unit_test::suite
                     {.depositor = d.depositor,
                      .id = d.keylet.key,
                      .amount = d.asset(5)});
-                env(tx, ter{tecPATH_DRY});
+                env(tx, ter(tecPRECISION_LOSS));
                 env.close();
             }
         });
@@ -4003,8 +4091,8 @@ class Vault_test : public beast::unit_test::suite
             }
         });
 
-        testCase(18, [&, this](Env& env, Data d) {
-            testcase("Scale withdraw overflow");
+        testCase(13, [&, this](Env& env, Data d) {
+            testcase("MPT scale withdraw over maxIntValue");
 
             {
                 auto tx = d.vault.deposit(
@@ -4016,11 +4104,22 @@ class Vault_test : public beast::unit_test::suite
             }
 
             {
+                // withdraws are allowed to be invalid...
                 auto tx = d.vault.withdraw(
                     {.depositor = d.depositor,
                      .id = d.keylet.key,
                      .amount = STAmount(d.asset, Number(10, 0))});
-                env(tx, ter{tecPATH_DRY});
+                env(tx, ter{tecINSUFFICIENT_FUNDS});
+                env.close();
+            }
+
+            {
+                // ...but they are not allowed to be unrepresentable
+                auto tx = d.vault.withdraw(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = STAmount(d.asset, Number(1000, 0))});
+                env(tx, ter{tecPRECISION_LOSS});
                 env.close();
             }
         });
@@ -4221,9 +4320,51 @@ class Vault_test : public beast::unit_test::suite
             }
         });
 
-        testCase(18, [&, this](Env& env, Data d) {
+        // The scale can go to 15, which will allow the total assets to
+        // go that high, but single deposits are not allowed over 10^13.
+        // There probably aren't too many use cases that will be able to
+        // use this, but it does work.
+        testCase(15, [&, this](Env& env, Data d) {
             testcase("Scale clawback overflow");
 
+            auto const smallDeposit = d.asset(Number{5, -2});
+            {
+                // Individual deposits that fit within
+                // Number::maxIntValue are valid
+                auto tx = d.vault.deposit(
+                    {.depositor = d.depositor,
+                     .id = d.keylet.key,
+                     .amount = smallDeposit});
+                env(tx);
+            }
+            env.close();
+
+            {
+                auto tx = d.vault.clawback(
+                    {.issuer = d.issuer,
+                     .id = d.keylet.key,
+                     .holder = d.depositor,
+                     .amount = d.asset(10)});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+
+            {
+                // A clawback can take any representable amount, even one
+                // that can't be deposited
+                auto tx = d.vault.clawback(
+                    {.issuer = d.issuer,
+                     .id = d.keylet.key,
+                     .holder = d.depositor,
+                     .amount = d.asset(Number(10, -2))});
+                env(tx);
+                env.close();
+            }
+        });
+
+        testCase(13, [&, this](Env& env, Data d) {
+            testcase("MPT Scale clawback overflow");
+
             {
                 auto tx = d.vault.deposit(
                     {.depositor = d.depositor,
@@ -4234,14 +4375,27 @@ class Vault_test : public beast::unit_test::suite
             }
 
             {
+                // clawbacks are allowed to be invalid...
                 auto tx = d.vault.clawback(
                     {.issuer = d.issuer,
                      .id = d.keylet.key,
                      .holder = d.depositor,
                      .amount = STAmount(d.asset, Number(10, 0))});
-                env(tx, ter{tecPATH_DRY});
+                env(tx);
                 env.close();
             }
+
+            {
+                // ...but they are not allowed to be unrepresentable
+                auto tx = d.vault.clawback(
+                    {.issuer = d.issuer,
+                     .id = d.keylet.key,
+                     .holder = d.depositor,
+                     .amount = STAmount(d.asset, Number(1000, 0))});
+                env(tx, ter{tecPRECISION_LOSS});
+                env.close();
+            }
+
         });
 
         testCase(1, [&, this](Env& env, Data d) {
@@ -4525,7 +4679,8 @@ class Vault_test : public beast::unit_test::suite
             BEAST_EXPECT(checkString(vault, sfAssetsAvailable, "50"));
             BEAST_EXPECT(checkString(vault, sfAssetsMaximum, "1000"));
             BEAST_EXPECT(checkString(vault, sfAssetsTotal, "50"));
-            BEAST_EXPECT(checkString(vault, sfLossUnrealized, "0"));
+            // Since this field is default, it is not returned.
+            BEAST_EXPECT(!vault.isMember(sfLossUnrealized.getJsonName()));
 
             auto const strShareID = strHex(sle->at(sfShareMPTID));
             BEAST_EXPECT(checkString(vault, sfShareMPTID, strShareID));

src/test/basics/Number_test.cpp

@@ -725,6 +725,89 @@ public:
         BEAST_EXPECT(Number(-100, -30000).truncate() == Number(0, 0));
     }
 
+    void
+    testInteger()
+    {
+        testcase("Integer enforcement");
+
+        using namespace std::string_literals;
+
+        {
+            Number a{100};
+            BEAST_EXPECT(!a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a = Number{1, 30};
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a = -100;
+            BEAST_EXPECT(!a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            // If there's any interaction with an integer, the value
+            // becomes an integer. This is not always what the value is
+            // being used for, so it's up to the context to check or not
+            // check whether the number is a _valid_ integer.
+            a += Number{37, 2, true};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+        }
+        {
+            Number a{100, true};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a = Number{1, 15};
+            BEAST_EXPECT(!a.valid());
+            BEAST_EXPECT(a.representable());
+            // The false in the assigned value does not override the
+            // flag in "a"
+            a = Number{1, 30, false};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(!a.valid());
+            BEAST_EXPECT(!a.representable());
+            a = -100;
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a *= Number{1, 13};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(!a.valid());
+            BEAST_EXPECT(a.representable());
+            a *= Number{1, 3};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(!a.valid());
+            BEAST_EXPECT(!a.representable());
+            // Intermittent value precision can be lost, but the result
+            // will be rounded, so that's fine.
+            a /= Number{1, 5};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a = Number{1, 14} - 3;
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a += 1;
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            ++a;
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+            a++;
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(!a.valid());
+            BEAST_EXPECT(a.representable());
+            a = Number{5, true};
+            BEAST_EXPECT(a.isInteger());
+            BEAST_EXPECT(a.valid());
+            BEAST_EXPECT(a.representable());
+        }
+    }
+
     void
     run() override
     {
@@ -746,6 +829,7 @@ public:
         test_inc_dec();
         test_toSTAmount();
         test_truncate();
+        testInteger();
     }
 };
 

src/xrpld/app/tx/detail/InvariantCheck.cpp

@@ -2180,6 +2180,13 @@ ValidVault::Vault::make(SLE const& from)
     self.assetsAvailable = from.at(sfAssetsAvailable);
     self.assetsMaximum = from.at(sfAssetsMaximum);
     self.lossUnrealized = from.at(sfLossUnrealized);
+    if (self.asset.integral())
+    {
+        self.assetsTotal.setIsInteger(true);
+        self.assetsAvailable.setIsInteger(true);
+        self.assetsMaximum.setIsInteger(true);
+        self.lossUnrealized.setIsInteger(true);
+    }
     return self;
 }
 
@@ -2413,6 +2420,19 @@ ValidVault::finalize(
         beforeVault_.empty() || beforeVault_[0].key == afterVault.key,
         "ripple::ValidVault::finalize : single vault operation");
 
+    if (!afterVault.assetsTotal.representable() ||
+        !afterVault.assetsAvailable.representable() ||
+        !afterVault.assetsMaximum.representable() ||
+        !afterVault.lossUnrealized.representable())
+    {
+        JLOG(j.fatal()) << "Invariant failed: vault overflowed maximum current "
+                           "representable integer value";
+        XRPL_ASSERT(
+            enforce,
+            "ripple::ValidVault::finalize : vault integer limit invariant");
+        return !enforce;  // That's all we can do here
+    }
+
     auto const updatedShares = [&]() -> std::optional<Shares> {
         // At this moment we only know that a vault is being updated and there
         // might be some MPTokenIssuance objects which are also updated in the

src/xrpld/app/tx/detail/VaultClawback.cpp

@@ -48,6 +48,8 @@ VaultClawback::preflight(PreflightContext const& ctx)
                 << "VaultClawback: only asset issuer can clawback.";
             return temMALFORMED;
         }
+        else if (!amount->representableNumber())
+            return temBAD_AMOUNT;
     }
 
     return tesSUCCESS;
@@ -146,8 +148,11 @@ VaultClawback::doApply()
         amount.asset() == vaultAsset,
         "ripple::VaultClawback::doApply : matching asset");
 
+    // Both of these values are going to be decreased in this transaction,
+    // so the limit doesn't really matter.
     auto assetsAvailable = vault->at(sfAssetsAvailable);
     auto assetsTotal = vault->at(sfAssetsTotal);
+
     [[maybe_unused]] auto const lossUnrealized = vault->at(sfLossUnrealized);
     XRPL_ASSERT(
         lossUnrealized <= (assetsTotal - assetsAvailable),
@@ -156,7 +161,7 @@ VaultClawback::doApply()
     AccountID holder = tx[sfHolder];
     MPTIssue const share{mptIssuanceID};
     STAmount sharesDestroyed = {share};
-    STAmount assetsRecovered;
+    STAmount assetsRecovered = {vaultAsset};
     try
     {
         if (amount == beast::zero)
@@ -192,6 +197,12 @@ VaultClawback::doApply()
                 return tecINTERNAL;  // LCOV_EXCL_LINE
             assetsRecovered = *maybeAssets;
         }
+        // Clawback amounts are allowed to be invalid, but not unrepresentable.
+        // Amounts over the "soft" limit help bring the numbers back into the
+        // valid range.
+        if (!sharesDestroyed.representableNumber() ||
+            !assetsRecovered.representableNumber())
+            return tecPRECISION_LOSS;
 
         // Clamp to maximum.
         if (assetsRecovered > *assetsAvailable)

src/xrpld/app/tx/detail/VaultCreate.cpp

@@ -193,7 +193,29 @@ VaultCreate::doApply()
     vault->at(sfLossUnrealized) = Number(0);
     // Leave default values for AssetTotal and AssetAvailable, both zero.
     if (auto value = tx[~sfAssetsMaximum])
-        vault->at(sfAssetsMaximum) = *value;
+    {
+        auto assetsMaximumProxy = vault->at(sfAssetsMaximum);
+        assetsMaximumProxy = *value;
+        if (asset.integral())
+        {
+            // Only the Maximum can be a non-zero value, so only it needs to be
+            // checked.
+            assetsMaximumProxy.value().setIsInteger(true);
+            if (!assetsMaximumProxy.value().representable())
+                return tecPRECISION_LOSS;
+        }
+    }
+    // TODO: Should integral types automatically set a limit to the
+    // Number::maxMantissa value? Or maxIntValue?
+    /*
+    else if (asset.integral())
+    {
+        auto assetsMaximumProxy = vault->at(~sfAssetsMaximum);
+        assetsMaximumProxy = STNumber::maxIntValue
+        assetsMaximumProxy.value().setIsInteger(true);
+    }
+    */
+
     vault->at(sfShareMPTID) = mptIssuanceID;
     if (auto value = tx[~sfData])
         vault->at(sfData) = *value;

src/xrpld/app/tx/detail/VaultDeposit.cpp

@@ -23,7 +23,10 @@ VaultDeposit::preflight(PreflightContext const& ctx)
         return temMALFORMED;
     }
 
-    if (ctx.tx[sfAmount] <= beast::zero)
+    auto const amount = ctx.tx[sfAmount];
+    if (amount <= beast::zero)
+        return temBAD_AMOUNT;
+    if (!amount.validNumber())
         return temBAD_AMOUNT;
 
     return tesSUCCESS;
@@ -162,7 +165,8 @@ VaultDeposit::doApply()
     auto const amount = ctx_.tx[sfAmount];
     // Make sure the depositor can hold shares.
     auto const mptIssuanceID = (*vault)[sfShareMPTID];
-    auto const sleIssuance = view().read(keylet::mptIssuance(mptIssuanceID));
+    SLE::const_pointer sleIssuance =
+        view().read(keylet::mptIssuance(mptIssuanceID));
     if (!sleIssuance)
     {
         // LCOV_EXCL_START
@@ -172,6 +176,8 @@ VaultDeposit::doApply()
     }
 
     auto const& vaultAccount = vault->at(sfAccount);
+    auto const& vaultAsset = vault->at(sfAsset);
+
     // Note, vault owner is always authorized
     if (vault->isFlag(lsfVaultPrivate) && account_ != vault->at(sfOwner))
     {
@@ -216,7 +222,8 @@ VaultDeposit::doApply()
         }
     }
 
-    STAmount sharesCreated = {vault->at(sfShareMPTID)}, assetsDeposited;
+    STAmount sharesCreated = {vault->at(sfShareMPTID)};
+    STAmount assetsDeposited = {vaultAsset};
     try
     {
         // Compute exchange before transferring any amounts.
@@ -242,13 +249,19 @@ VaultDeposit::doApply()
             // LCOV_EXCL_STOP
         }
         assetsDeposited = *maybeAssets;
+
+        // Deposit needs to be more strict than the other Vault transactions
+        // that deal with asset <-> share calculations, because we don't
+        // want to go over the "soft" limit.
+        if (!sharesCreated.validNumber() || !assetsDeposited.validNumber())
+            return tecPRECISION_LOSS;
     }
     catch (std::overflow_error const&)
     {
         // It's easy to hit this exception from Number with large enough Scale
         // so we avoid spamming the log and only use debug here.
         JLOG(j_.debug())  //
-            << "VaultDeposit: overflow error with"
+            << "VaultDeposit: overflow error computing shares with"
             << " scale=" << (int)vault->at(sfScale).value()  //
             << ", assetsTotal=" << vault->at(sfAssetsTotal).value()
             << ", sharesTotal=" << sleIssuance->at(sfOutstandingAmount)
@@ -260,15 +273,40 @@ VaultDeposit::doApply()
         sharesCreated.asset() != assetsDeposited.asset(),
         "ripple::VaultDeposit::doApply : assets are not shares");
 
-    vault->at(sfAssetsTotal) += assetsDeposited;
-    vault->at(sfAssetsAvailable) += assetsDeposited;
+    auto assetsTotalProxy = vault->at(sfAssetsTotal);
+    auto assetsAvailableProxy = vault->at(sfAssetsAvailable);
+    if (vaultAsset.value().integral())
+    {
+        assetsTotalProxy.value().setIsInteger(true);
+        assetsAvailableProxy.value().setIsInteger(true);
+    }
+    assetsTotalProxy += assetsDeposited;
+    assetsAvailableProxy += assetsDeposited;
+    if (!assetsTotalProxy.value().valid() ||
+        !assetsAvailableProxy.value().valid())
+    {
+        // It's easy to hit this exception from Number with large enough
+        // Scale so we avoid spamming the log and only use debug here.
+        JLOG(j_.warn())  //
+            << "VaultDeposit: integer overflow error in total assets with"
+            << " scale=" << (int)vault->at(sfScale).value()  //
+            << ", assetsTotal=" << vault->at(sfAssetsTotal).value()
+            << ", sharesTotal=" << sleIssuance->at(sfOutstandingAmount)
+            << ", amount=" << amount;
+
+        return tecPRECISION_LOSS;
+    }
+
     view().update(vault);
 
     // A deposit must not push the vault over its limit.
     auto const maximum = *vault->at(sfAssetsMaximum);
-    if (maximum != 0 && *vault->at(sfAssetsTotal) > maximum)
+    if (maximum != 0 && *assetsTotalProxy > maximum)
         return tecLIMIT_EXCEEDED;
 
+    // Reset the sleIssance ptr, since it's about to get invalidated
+    sleIssuance.reset();
+
     // Transfer assets from depositor to vault.
     if (auto const ter = accountSend(
             view(),
@@ -306,6 +344,37 @@ VaultDeposit::doApply()
         !isTesSuccess(ter))
         return ter;
 
+    {
+        // Load the updated issuance
+        sleIssuance = view().read(keylet::mptIssuance(mptIssuanceID));
+        if (!sleIssuance)
+        {
+            // LCOV_EXCL_START
+            JLOG(j_.error())
+                << "VaultDeposit: missing issuance of vault shares.";
+            return tefINTERNAL;
+            // LCOV_EXCL_STOP
+        }
+
+        // Check if the deposit pushed the total over the integer Number limit.
+        // That is not a problem for the MPT itself, which is 64-bit, but for
+        // any computations that use it, such as converting assets to shares and
+        // vice-versa
+        STAmount const shareTotal{
+            vault->at(sfShareMPTID), sleIssuance->at(sfOutstandingAmount)};
+        if (!shareTotal.validNumber())
+        {
+            JLOG(j_.warn())  //
+                << "VaultDeposit: integer overflow error in total shares with"
+                << " scale=" << (int)vault->at(sfScale).value()  //
+                << ", assetsTotal=" << vault->at(sfAssetsTotal).value()
+                << ", sharesTotal=" << sleIssuance->at(sfOutstandingAmount)
+                << ", amount=" << amount;
+
+            return tecPRECISION_LOSS;
+        }
+    }
+
     return tesSUCCESS;
 }
 

src/xrpld/app/tx/detail/VaultSet.cpp

@@ -138,12 +138,18 @@ VaultSet::doApply()
     // Update mutable flags and fields if given.
     if (tx.isFieldPresent(sfData))
         vault->at(sfData) = tx[sfData];
-    if (tx.isFieldPresent(sfAssetsMaximum))
+    if (auto const value = tx[~sfAssetsMaximum])
     {
-        if (tx[sfAssetsMaximum] != 0 &&
-            tx[sfAssetsMaximum] < *vault->at(sfAssetsTotal))
+        if (*value != 0 && *value < *vault->at(sfAssetsTotal))
             return tecLIMIT_EXCEEDED;
-        vault->at(sfAssetsMaximum) = tx[sfAssetsMaximum];
+        auto assetsMaximumProxy = vault->at(sfAssetsMaximum);
+        assetsMaximumProxy = *value;
+        if (vault->at(sfAsset).value().integral())
+        {
+            assetsMaximumProxy.value().setIsInteger(true);
+            if (!assetsMaximumProxy.value().representable())
+                return tecPRECISION_LOSS;
+        }
     }
 
     if (auto const domainId = tx[~sfDomainID]; domainId)

src/xrpld/app/tx/detail/VaultWithdraw.cpp

@@ -20,7 +20,10 @@ VaultWithdraw::preflight(PreflightContext const& ctx)
         return temMALFORMED;
     }
 
-    if (ctx.tx[sfAmount] <= beast::zero)
+    auto const amount = ctx.tx[sfAmount];
+    if (amount <= beast::zero)
+        return temBAD_AMOUNT;
+    if (!amount.representableNumber())
         return temBAD_AMOUNT;
 
     if (auto const destination = ctx.tx[~sfDestination];
@@ -153,7 +156,7 @@ VaultWithdraw::doApply()
     Asset const vaultAsset = vault->at(sfAsset);
     MPTIssue const share{mptIssuanceID};
     STAmount sharesRedeemed = {share};
-    STAmount assetsWithdrawn;
+    STAmount assetsWithdrawn = {vaultAsset};
     try
     {
         if (amount.asset() == vaultAsset)
@@ -187,6 +190,12 @@ VaultWithdraw::doApply()
         }
         else
             return tefINTERNAL;  // LCOV_EXCL_LINE
+        // Withdraw amounts are allowed to be invalid, but not unrepresentable.
+        // Amounts over the "soft" limit help bring the numbers back into the
+        // valid range.
+        if (!sharesRedeemed.representableNumber() ||
+            !assetsWithdrawn.representableNumber())
+            return tecPRECISION_LOSS;
     }
     catch (std::overflow_error const&)
     {
@@ -213,6 +222,8 @@ VaultWithdraw::doApply()
         return tecINSUFFICIENT_FUNDS;
     }
 
+    // These values are only going to decrease, and can't be less than 0, so
+    // there's no need for integer range enforcement.
     auto assetsAvailable = vault->at(sfAssetsAvailable);
     auto assetsTotal = vault->at(sfAssetsTotal);
     [[maybe_unused]] auto const lossUnrealized = vault->at(sfLossUnrealized);