ci: [DEPENDABOT] bump actions/checkout from 6.0.2 to 6.0.3

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/check-pr-description.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Write PR body to file
         env:

.github/workflows/on-pr.yml

@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - name: Determine changed files
         # This step checks whether any files have changed that should
         # cause the next jobs to run. We do it this way rather than

.github/workflows/publish-docs.yml

@@ -44,7 +44,7 @@ jobs:
     container: ghcr.io/xrplf/ci/tools-rippled-documentation:sha-a8c7be1
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab

.github/workflows/reusable-build-docker-image.yml

@@ -46,7 +46,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Determine arch
         id: vars

.github/workflows/reusable-build-test-config.yml

@@ -110,7 +110,7 @@ jobs:
         uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4
 
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab

.github/workflows/reusable-check-levelization.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - name: Check levelization
         run: python .github/scripts/levelization/generate.py
       - name: Check for differences

.github/workflows/reusable-check-rename.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - name: Check definitions
         run: .github/scripts/rename/definitions.sh .
       - name: Check copyright notices

.github/workflows/reusable-clang-tidy.yml

@@ -42,7 +42,7 @@ jobs:
       issues: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab

.github/workflows/reusable-package.yml

@@ -27,7 +27,7 @@ jobs:
       matrix: ${{ steps.generate.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -45,7 +45,7 @@ jobs:
       version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           sparse-checkout: |
             .github/actions/generate-version
@@ -94,7 +94,7 @@ jobs:
               systemd-rpm-macros
 
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Download pre-built binary
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1

.github/workflows/reusable-strategy-matrix.yml

@@ -23,7 +23,7 @@ jobs:
       matrix: ${{ steps.generate.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0

.github/workflows/reusable-upload-recipe.yml

@@ -43,7 +43,7 @@ jobs:
     container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13-sha-5dd7158
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Generate build version number
         id: version

.github/workflows/upload-conan-deps.yml

@@ -64,7 +64,7 @@ jobs:
         uses: XRPLF/actions/cleanup-workspace@c7d9ce5ebb03c752a354889ecd870cadfc2b1cd4
 
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Prepare runner
         uses: XRPLF/actions/prepare-runner@90f11ee655d1687824fb8793db770477d52afbab

src/libxrpl/protocol/STAmount.cpp

@@ -1250,30 +1250,16 @@ hasInvalidAmount(STBase const& field, int depth, beast::Journal j)
         return true;
     }
 
-    // Dispatch on the serialized type tag rather than RTTI: this is on the invariant-checking path
-    // and a dynamic_cast chain over every field of every modified entry is measurably expensive.
-    // The object-like tags below all denote STObject subclasses (STLedgerEntry, STTx), so the
-    // downcast is sound; nested fields are only ever plain STI_OBJECT / STI_ARRAY containers.
-    // safeDowncast keeps a dynamic_cast validity assert in debug builds while compiling to
-    // static_cast in release.
-    switch (field.getSType())
-    {
-        case STI_AMOUNT: {
-            auto const& amount = safeDowncast<STAmount const&>(field);
-            return !isLegalMPT(amount) || !isLegalNet(amount);
-        }
+    if (auto const amount = dynamic_cast<STAmount const*>(&field))
+        return !isLegalMPT(*amount) || !isLegalNet(*amount);
 
-        case STI_OBJECT:
-        case STI_LEDGERENTRY:
-        case STI_TRANSACTION:
-            return hasInvalidAmount(safeDowncast<STObject const&>(field), depth + 1, j);
+    if (auto const object = dynamic_cast<STObject const*>(&field))
+        return hasInvalidAmount(*object, depth + 1, j);
 
-        case STI_ARRAY:
-            return hasInvalidAmount(safeDowncast<STArray const&>(field), depth + 1, j);
+    if (auto const array = dynamic_cast<STArray const*>(&field))
+        return hasInvalidAmount(*array, depth + 1, j);
 
-        default:
-            return false;
-    }
+    return false;
 }
 
 bool

src/libxrpl/tx/Transactor.cpp

@@ -1172,17 +1172,21 @@ Transactor::checkTransactionInvariants(TER result, XRPAmount fee)
 [[nodiscard]] TER
 Transactor::checkInvariants(TER result, XRPAmount fee)
 {
-    /*
-     * DISABLED for 3.2.0 — Must be re-introduced for 3.3.0
-     *
-     * Transaction invariants are disabled due to a performance regression:
-     * the two-pass design (transaction-specific invariants + protocol invariants)
-     * iterates over modified ledger entries twice per transaction.
-     *
-     * Until resolved, only protocol invariants are checked (delegated to ctx_).
-     * This is safe because all transaction invariants in 3.2.0 are  no-ops.
-     */
-    return ctx_.checkInvariants(result, fee);
+    // Transaction invariants first (more specific). These check post-conditions of the specific
+    // transaction. If these fail, the transaction's core logic is wrong.
+    auto const txResult = checkTransactionInvariants(result, fee);
+
+    // Protocol invariants second (broader). These check properties that must hold regardless of
+    // transaction type.
+    auto const protoResult = ctx_.checkInvariants(result, fee);
+
+    // Fail if either check failed. tef (fatal) takes priority over tec.
+    if (protoResult == tefINVARIANT_FAILED)
+        return tefINVARIANT_FAILED;
+    if (txResult == tecINVARIANT_FAILED || protoResult == tecINVARIANT_FAILED)
+        return tecINVARIANT_FAILED;
+
+    return result;
 }
 //------------------------------------------------------------------------------
 ApplyResult