Merge branch 'develop' into bthomee/node_depth

Per [XLS-0095](https://xls.xrpl.org/xls/XLS-0095-rename-rippled-to-xrpld.html), we are taking steps to rename ripple(d) to xrpl(d). This change modifies the system name from `rippled` to `xrpld`.

The system name is used in limited places:
* When no explicit config file is passed via the `--config` flag, then the system name is used to construct the path where the config file and database may be stored, via the `$XDG_CONFIG_HOME` and `$XDG_DATA_HOME` directories, respectively.
* It is used in the metadata and user-agent as part of RPC calls.
* It is newly used in the full version string.

.clang-tidy

@@ -8,12 +8,14 @@ Checks: "-*,
   bugprone-chained-comparison,
   bugprone-compare-pointer-to-member-virtual-function,
   bugprone-copy-constructor-init,
+  bugprone-crtp-constructor-accessibility,
   bugprone-dangling-handle,
   bugprone-dynamic-static-initializers,
   bugprone-empty-catch,
   bugprone-fold-init-type,
   bugprone-forward-declaration-namespace,
   bugprone-inaccurate-erase,
+  bugprone-inc-dec-in-conditions,
   bugprone-incorrect-enable-if,
   bugprone-incorrect-roundings,
   bugprone-infinite-loop,
@@ -30,9 +32,12 @@ Checks: "-*,
   bugprone-multiple-statement-macro,
   bugprone-no-escape,
   bugprone-non-zero-enum-to-bool-conversion,
+  bugprone-optional-value-conversion,
   bugprone-parent-virtual-call,
+  bugprone-pointer-arithmetic-on-polymorphic-object,
   bugprone-posix-return,
   bugprone-redundant-branch-condition,
+  bugprone-reserved-identifier,
   bugprone-return-const-ref-from-parameter,
   bugprone-shared-ptr-array-mismatch,
   bugprone-signal-handler,
@@ -49,17 +54,26 @@ Checks: "-*,
   bugprone-suspicious-include,
   bugprone-suspicious-memory-comparison,
   bugprone-suspicious-memset-usage,
+  bugprone-suspicious-missing-comma,
   bugprone-suspicious-realloc-usage,
   bugprone-suspicious-semicolon,
   bugprone-suspicious-string-compare,
+  bugprone-suspicious-stringview-data-usage,
   bugprone-swapped-arguments,
+  bugprone-switch-missing-default-case,
   bugprone-terminating-continue,
   bugprone-throw-keyword-missing,
+  bugprone-too-small-loop-variable,
+  # bugprone-unchecked-optional-access, # see https://github.com/XRPLF/rippled/pull/6502
   bugprone-undefined-memory-manipulation,
   bugprone-undelegated-constructor,
   bugprone-unhandled-exception-at-new,
+  bugprone-unhandled-self-assignment,
   bugprone-unique-ptr-array-mismatch,
   bugprone-unsafe-functions,
+  bugprone-unused-raii,
+  bugprone-unused-return-value,
+  bugprone-unused-local-non-trivial-variable,
   bugprone-virtual-near-miss,
   cppcoreguidelines-no-suspend-with-lock,
   cppcoreguidelines-virtual-class-destructor,
@@ -71,37 +85,24 @@ Checks: "-*,
   misc-throw-by-value-catch-by-reference,
   misc-unused-alias-decls,
   misc-unused-using-decls,
-  readability-duplicate-include,
-  readability-enum-initial-value,
-  readability-misleading-indentation,
-  readability-non-const-parameter,
-  readability-redundant-declaration,
-  readability-reference-to-constructed-temporary,
   modernize-deprecated-headers,
   modernize-make-shared,
   modernize-make-unique,
   performance-implicit-conversion-in-loop,
   performance-move-constructor-init,
-  performance-trivially-destructible
+  performance-trivially-destructible,
+  readability-duplicate-include,
+  readability-enum-initial-value,
+  readability-misleading-indentation,
+  readability-non-const-parameter,
+  readability-redundant-declaration,
+  readability-reference-to-constructed-temporary
   "
 # ---
-# more checks that have some issues that need to be resolved:
+# checks that have some issues that need to be resolved:
 #
-# bugprone-crtp-constructor-accessibility,
-# bugprone-inc-dec-in-conditions,
-# bugprone-reserved-identifier,
 # bugprone-move-forwarding-reference,
-# bugprone-unused-local-non-trivial-variable,
-# bugprone-switch-missing-default-case,
-# bugprone-suspicious-stringview-data-usage,
-# bugprone-suspicious-missing-comma,
-# bugprone-pointer-arithmetic-on-polymorphic-object,
-# bugprone-optional-value-conversion,
-# bugprone-too-small-loop-variable,
-# bugprone-unused-return-value,
 # bugprone-use-after-move,
-# bugprone-unhandled-self-assignment,
-# bugprone-unused-raii,
 #
 # cppcoreguidelines-misleading-capture-default-by-value,
 # cppcoreguidelines-init-variables,
@@ -194,7 +195,7 @@ CheckOptions:
   #   readability-identifier-naming.PublicMemberSuffix: ""
   #   readability-identifier-naming.FunctionIgnoredRegexp: ".*tag_invoke.*"
   bugprone-unsafe-functions.ReportMoreUnsafeFunctions: true
-#   bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
+  bugprone-unused-return-value.CheckedReturnTypes: ::std::error_code;::std::error_condition;::std::errc
 #   misc-include-cleaner.IgnoreHeaders: '.*/(detail|impl)/.*;.*(expected|unexpected).*;.*ranges_lower_bound\.h;time.h;stdlib.h;__chrono/.*;fmt/chrono.h;boost/uuid/uuid_hash.hpp'
 #
 # HeaderFilterRegex: '^.*/(src|tests)/.*\.(h|hpp)$'

.github/pull_request_template.md

@@ -29,22 +29,6 @@ If a refactor, how is this better than the previous implementation?
 If there is a spec or design document for this feature, please link it here.
 -->
 
-### Type of Change
-
-<!--
-Please check [x] relevant options, delete irrelevant ones.
--->
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
-- [ ] Refactor (non-breaking change that only restructures code)
-- [ ] Performance (increase or change in throughput and/or latency)
-- [ ] Tests (you added tests for code that already exists, or your new feature included in this PR)
-- [ ] Documentation update
-- [ ] Chore (no impact to binary, e.g. `.gitignore`, formatting, dropping support for older tooling)
-- [ ] Release
-
 ### API Impact
 
 <!--

.github/scripts/levelization/README.md

@@ -70,7 +70,7 @@ that `test` code should _never_ be included in `xrpl` or `xrpld` code.)
 
 ## Validation
 
-The [levelization](generate.sh) script takes no parameters,
+The [levelization](generate.py) script takes no parameters,
 reads no environment variables, and can be run from any directory,
 as long as it is in the expected location in the rippled repo.
 It can be run at any time from within a checked out repo, and will
@@ -104,7 +104,7 @@ It generates many files of [results](results):
   Github Actions workflow to test that levelization loops haven't
   changed. Unfortunately, if changes are detected, it can't tell if
   they are improvements or not, so if you have resolved any issues or
-  done anything else to improve levelization, run `levelization.sh`,
+  done anything else to improve levelization, run `generate.py`,
   and commit the updated results.
 
 The `loops.txt` and `ordering.txt` files relate the modules
@@ -128,7 +128,7 @@ The committed files hide the detailed values intentionally, to
 prevent false alarms and merging issues, and because it's easy to
 get those details locally.
 
-1. Run `levelization.sh`
+1. Run `generate.py`
 2. Grep the modules in `paths.txt`.
    - For example, if a cycle is found `A ~= B`, simply `grep -w
 A .github/scripts/levelization/results/paths.txt | grep -w B`

.github/scripts/levelization/generate.py

@@ -0,0 +1,335 @@
+#!/usr/bin/env python3
+
+"""
+Usage: generate.py
+This script takes no parameters, and can be called from any directory in the file system.
+"""
+
+import os
+import re
+import subprocess
+import sys
+from collections import defaultdict
+from pathlib import Path
+from typing import Dict, List, Tuple, Set, Optional
+
+# Compile regex patterns once at module level
+INCLUDE_PATTERN = re.compile(r"^\s*#include.*/.*\.h")
+INCLUDE_PATH_PATTERN = re.compile(r'[<"]([^>"]+)[>"]')
+
+
+def dictionary_sort_key(s: str) -> str:
+    """
+    Create a sort key that mimics 'sort -d' (dictionary order).
+    Dictionary order only considers blanks and alphanumeric characters.
+    This means punctuation like '.' is ignored during sorting.
+    """
+    # Keep only alphanumeric characters and spaces
+    return "".join(c for c in s if c.isalnum() or c.isspace())
+
+
+def get_level(file_path: str) -> str:
+    """
+    Extract the level from a file path (second and third directory components).
+    Equivalent to bash: cut -d/ -f 2,3
+
+    Examples:
+        src/xrpld/app/main.cpp -> xrpld.app
+        src/libxrpl/protocol/STObject.cpp -> libxrpl.protocol
+        include/xrpl/basics/base_uint.h -> xrpl.basics
+    """
+    parts = file_path.split("/")
+
+    # Get fields 2 and 3 (indices 1 and 2 in 0-based indexing)
+    if len(parts) >= 3:
+        level = f"{parts[1]}/{parts[2]}"
+    elif len(parts) >= 2:
+        level = f"{parts[1]}/toplevel"
+    else:
+        level = file_path
+
+    # If the "level" indicates a file, cut off the filename
+    if "." in level.split("/")[-1]:  # Avoid Path object creation
+        # Use the "toplevel" label as a workaround for `sort`
+        # inconsistencies between different utility versions
+        level = level.rsplit("/", 1)[0] + "/toplevel"
+
+    return level.replace("/", ".")
+
+
+def extract_include_level(include_line: str) -> Optional[str]:
+    """
+    Extract the include path from an #include directive.
+    Gets the first two directory components from the include path.
+    Equivalent to bash: cut -d/ -f 1,2
+
+    Examples:
+        #include <xrpl/basics/base_uint.h> -> xrpl.basics
+        #include "xrpld/app/main/Application.h" -> xrpld.app
+    """
+    # Remove everything before the quote or angle bracket
+    match = INCLUDE_PATH_PATTERN.search(include_line)
+    if not match:
+        return None
+
+    include_path = match.group(1)
+    parts = include_path.split("/")
+
+    # Get first two fields (indices 0 and 1)
+    if len(parts) >= 2:
+        include_level = f"{parts[0]}/{parts[1]}"
+    else:
+        include_level = include_path
+
+    # If the "includelevel" indicates a file, cut off the filename
+    if "." in include_level.split("/")[-1]:  # Avoid Path object creation
+        include_level = include_level.rsplit("/", 1)[0] + "/toplevel"
+
+    return include_level.replace("/", ".")
+
+
+def find_repository_directories(
+    start_path: Path, depth_limit: int = 10
+) -> Tuple[Path, List[Path]]:
+    """
+    Find the repository root by looking for src or include folders.
+    Walks up the directory tree from the start path.
+    """
+    current = start_path.resolve()
+
+    # Walk up the directory tree
+    for _ in range(depth_limit):  # Limit search depth to prevent infinite loops
+        src_path = current / "src"
+        include_path = current / "include"
+        # Check if this directory has src or include folders
+        has_src = src_path.exists()
+        has_include = include_path.exists()
+
+        if has_src or has_include:
+            return current, [src_path, include_path]
+
+        # Move up one level
+        parent = current.parent
+        if parent == current:  # Reached filesystem root
+            break
+        current = parent
+
+    # If we couldn't find it, raise an error
+    raise RuntimeError(
+        "Could not find repository root. "
+        "Expected to find a directory containing 'src' and/or 'include' folders."
+    )
+
+
+def main():
+    # Change to the script's directory
+    script_dir = Path(__file__).parent.resolve()
+    os.chdir(script_dir)
+
+    # Clean up and create results directory.
+    results_dir = script_dir / "results"
+    if results_dir.exists():
+        import shutil
+
+        shutil.rmtree(results_dir)
+    results_dir.mkdir()
+
+    # Find the repository root by searching for src and include directories.
+    try:
+        repo_root, scan_dirs = find_repository_directories(script_dir)
+
+        print(f"Found repository root: {repo_root}")
+        print(f"Scanning directories:")
+        for scan_dir in scan_dirs:
+            print(f"  - {scan_dir.relative_to(repo_root)}")
+    except RuntimeError as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+    print("\nScanning for raw includes...")
+    # Find all #include directives
+    raw_includes: List[Tuple[str, str]] = []
+    rawincludes_file = results_dir / "rawincludes.txt"
+
+    # Write to file as we go to avoid storing everything in memory.
+    with open(rawincludes_file, "w", buffering=8192) as raw_f:
+        for dir_path in scan_dirs:
+            print(f"  Scanning {dir_path.relative_to(repo_root)}...")
+
+            for file_path in dir_path.rglob("*"):
+                if not file_path.is_file():
+                    continue
+
+                try:
+                    rel_path_str = str(file_path.relative_to(repo_root))
+
+                    # Read file with a large buffer for performance.
+                    with open(
+                        file_path,
+                        "r",
+                        encoding="utf-8",
+                        errors="ignore",
+                        buffering=8192,
+                    ) as f:
+                        for line in f:
+                            # Quick check before regex
+                            if "#include" not in line or "boost" in line:
+                                continue
+
+                            if INCLUDE_PATTERN.match(line):
+                                line_stripped = line.strip()
+                                entry = f"{rel_path_str}:{line_stripped}\n"
+                                print(entry, end="")
+                                raw_f.write(entry)
+                                raw_includes.append((rel_path_str, line_stripped))
+                except Exception as e:
+                    print(f"Error reading {file_path}: {e}", file=sys.stderr)
+
+    # Build levelization paths and count directly (no need to sort first).
+    print("Build levelization paths")
+    path_counts: Dict[Tuple[str, str], int] = defaultdict(int)
+
+    for file_path, include_line in raw_includes:
+        include_level = extract_include_level(include_line)
+        if not include_level:
+            continue
+
+        level = get_level(file_path)
+        if level != include_level:
+            path_counts[(level, include_level)] += 1
+
+    # Sort and deduplicate paths (using dictionary order like bash 'sort -d').
+    print("Sort and deduplicate paths")
+
+    paths_file = results_dir / "paths.txt"
+    with open(paths_file, "w") as f:
+        # Sort using dictionary order: only alphanumeric and spaces matter
+        sorted_items = sorted(
+            path_counts.items(),
+            key=lambda x: (dictionary_sort_key(x[0][0]), dictionary_sort_key(x[0][1])),
+        )
+        for (level, include_level), count in sorted_items:
+            line = f"{count:7} {level} {include_level}\n"
+            print(line.rstrip())
+            f.write(line)
+
+    # Split into flat-file database
+    print("Split into flat-file database")
+    includes_dir = results_dir / "includes"
+    included_by_dir = results_dir / "included_by"
+    includes_dir.mkdir()
+    included_by_dir.mkdir()
+
+    # Batch writes by grouping data first to avoid repeated file opens.
+    includes_data: Dict[str, List[Tuple[str, int]]] = defaultdict(list)
+    included_by_data: Dict[str, List[Tuple[str, int]]] = defaultdict(list)
+
+    # Process in sorted order to match bash script behaviour (dictionary order).
+    sorted_items = sorted(
+        path_counts.items(),
+        key=lambda x: (dictionary_sort_key(x[0][0]), dictionary_sort_key(x[0][1])),
+    )
+    for (level, include_level), count in sorted_items:
+        includes_data[level].append((include_level, count))
+        included_by_data[include_level].append((level, count))
+
+    # Write all includes files in sorted order (dictionary order).
+    for level in sorted(includes_data.keys(), key=dictionary_sort_key):
+        entries = includes_data[level]
+        with open(includes_dir / level, "w") as f:
+            for include_level, count in entries:
+                line = f"{include_level} {count}\n"
+                print(line.rstrip())
+                f.write(line)
+
+    # Write all included_by files in sorted order (dictionary order).
+    for include_level in sorted(included_by_data.keys(), key=dictionary_sort_key):
+        entries = included_by_data[include_level]
+        with open(included_by_dir / include_level, "w") as f:
+            for level, count in entries:
+                line = f"{level} {count}\n"
+                print(line.rstrip())
+                f.write(line)
+
+    # Search for loops
+    print("Search for loops")
+    loops_file = results_dir / "loops.txt"
+    ordering_file = results_dir / "ordering.txt"
+
+    loops_found: Set[Tuple[str, str]] = set()
+
+    # Pre-load all include files into memory to avoid repeated I/O.
+    # This is the biggest optimisation - we were reading files repeatedly in nested loops.
+    # Use list of tuples to preserve file order.
+    includes_cache: Dict[str, List[Tuple[str, int]]] = {}
+    includes_lookup: Dict[str, Dict[str, int]] = {}  # For fast lookup
+
+    # Note: bash script uses 'for source in *' which uses standard glob sorting,
+    # NOT dictionary order. So we use standard sorted() here, not dictionary_sort_key.
+    for include_file in sorted(includes_dir.iterdir(), key=lambda p: p.name):
+        if not include_file.is_file():
+            continue
+
+        includes_cache[include_file.name] = []
+        includes_lookup[include_file.name] = {}
+        with open(include_file, "r") as f:
+            for line in f:
+                parts = line.strip().split()
+                if len(parts) >= 2:
+                    include_name = parts[0]
+                    include_count = int(parts[1])
+                    includes_cache[include_file.name].append(
+                        (include_name, include_count)
+                    )
+                    includes_lookup[include_file.name][include_name] = include_count
+
+    with open(loops_file, "w", buffering=8192) as loops_f, open(
+        ordering_file, "w", buffering=8192
+    ) as ordering_f:
+
+        # Use standard sorting to match bash glob expansion 'for source in *'.
+        for source in sorted(includes_cache.keys()):
+            source_includes = includes_cache[source]
+
+            for include, include_freq in source_includes:
+                # Check if include file exists and references source
+                if include not in includes_lookup:
+                    continue
+
+                source_freq = includes_lookup[include].get(source)
+
+                if source_freq is not None:
+                    # Found a loop
+                    loop_key = tuple(sorted([source, include]))
+                    if loop_key in loops_found:
+                        continue
+                    loops_found.add(loop_key)
+
+                    loops_f.write(f"Loop: {source} {include}\n")
+
+                    # If the counts are close, indicate that the two modules are
+                    # on the same level, though they shouldn't be.
+                    diff = include_freq - source_freq
+                    if diff > 3:
+                        loops_f.write(f"  {source} > {include}\n\n")
+                    elif diff < -3:
+                        loops_f.write(f"  {include} > {source}\n\n")
+                    elif source_freq == include_freq:
+                        loops_f.write(f"  {include} == {source}\n\n")
+                    else:
+                        loops_f.write(f"  {include} ~= {source}\n\n")
+                else:
+                    ordering_f.write(f"{source} > {include}\n")
+
+    # Print results
+    print("\nOrdering:")
+    with open(ordering_file, "r") as f:
+        print(f.read(), end="")
+
+    print("\nLoops:")
+    with open(loops_file, "r") as f:
+        print(f.read(), end="")
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/levelization/generate.sh

@@ -1,130 +0,0 @@
-#!/bin/bash
-
-# Usage: generate.sh
-# This script takes no parameters, reads no environment variables,
-# and can be run from any directory, as long as it is in the expected
-# location in the repo.
-
-pushd $( dirname $0 )
-
-if [ -v PS1 ]
-then
-  # if the shell is interactive, clean up any flotsam before analyzing
-  git clean -ix
-fi
-
-# Ensure all sorting is ASCII-order consistently across platforms.
-export LANG=C
-
-rm -rfv results
-mkdir results
-includes="$( pwd )/results/rawincludes.txt"
-pushd ../../..
-echo Raw includes:
-grep -r '^[ ]*#include.*/.*\.h' include src | \
-    grep -v boost | tee ${includes}
-popd
-pushd results
-
-oldifs=${IFS}
-IFS=:
-mkdir includes
-mkdir included_by
-echo Build levelization paths
-exec 3< ${includes} # open rawincludes.txt for input
-while read -r -u 3 file include
-do
-    level=$( echo ${file} | cut -d/ -f 2,3 )
-    # If the "level" indicates a file, cut off the filename
-    if [[ "${level##*.}" != "${level}" ]]
-    then
-        # Use the "toplevel" label as a workaround for `sort`
-        # inconsistencies between different utility versions
-        level="$( dirname ${level} )/toplevel"
-    fi
-    level=$( echo ${level} | tr '/' '.' )
-
-    includelevel=$( echo ${include} | sed 's/.*["<]//; s/[">].*//' | \
-        cut -d/ -f 1,2 )
-    if [[ "${includelevel##*.}" != "${includelevel}" ]]
-    then
-        # Use the "toplevel" label as a workaround for `sort`
-        # inconsistencies between different utility versions
-        includelevel="$( dirname ${includelevel} )/toplevel"
-    fi
-    includelevel=$( echo ${includelevel} | tr '/' '.' )
-
-    if [[ "$level" != "$includelevel" ]]
-    then
-        echo $level $includelevel | tee -a paths.txt
-    fi
-done
-echo Sort and deduplicate paths
-sort -ds paths.txt | uniq -c | tee sortedpaths.txt
-mv sortedpaths.txt paths.txt
-exec 3>&- #close fd 3
-IFS=${oldifs}
-unset oldifs
-
-echo Split into flat-file database
-exec 4<paths.txt # open paths.txt for input
-while read -r -u 4 count level include
-do
-    echo ${include} ${count} | tee -a includes/${level}
-    echo ${level} ${count} | tee -a included_by/${include}
-done
-exec 4>&- #close fd 4
-
-loops="$( pwd )/loops.txt"
-ordering="$( pwd )/ordering.txt"
-pushd includes
-echo Search for loops
-# Redirect stdout to a file
-exec 4>&1
-exec 1>"${loops}"
-for source in *
-do
-  if [[ -f "$source" ]]
-  then
-    exec 5<"${source}" # open for input
-    while read -r -u 5 include includefreq
-    do
-      if [[ -f $include ]]
-      then
-        if grep -q -w $source $include
-        then
-          if grep -q -w "Loop: $include $source" "${loops}"
-          then
-            continue
-          fi
-          sourcefreq=$( grep -w $source $include | cut -d\  -f2 )
-          echo "Loop: $source $include"
-          # If the counts are close, indicate that the two modules are
-          # on the same level, though they shouldn't be
-          if [[ $(( $includefreq - $sourcefreq )) -gt 3 ]]
-          then
-              echo -e "  $source > $include\n"
-          elif [[ $(( $sourcefreq - $includefreq )) -gt 3 ]]
-          then
-              echo -e "  $include > $source\n"
-          elif [[ $sourcefreq -eq $includefreq ]]
-          then
-              echo -e "  $include == $source\n"
-          else
-              echo -e "  $include ~= $source\n"
-          fi
-        else
-          echo "$source > $include" >> "${ordering}"
-        fi
-      fi
-    done
-    exec 5>&- #close fd 5
-  fi
-done
-exec 1>&4 #close fd 1
-exec 4>&- #close fd 4
-cat "${ordering}"
-cat "${loops}"
-popd
-popd
-popd

.github/scripts/levelization/results/ordering.txt

@@ -42,6 +42,7 @@ libxrpl.tx > xrpl.server
 libxrpl.tx > xrpl.tx
 test.app > test.jtx
 test.app > test.rpc
+test.app > test.shamap
 test.app > test.toplevel
 test.app > test.unit_test
 test.app > xrpl.basics
@@ -57,6 +58,7 @@ test.app > xrpl.protocol
 test.app > xrpl.rdb
 test.app > xrpl.resource
 test.app > xrpl.server
+test.app > xrpl.shamap
 test.app > xrpl.tx
 test.basics > test.jtx
 test.basics > test.unit_test
@@ -134,6 +136,7 @@ test.peerfinder > xrpld.core
 test.peerfinder > xrpld.peerfinder
 test.peerfinder > xrpl.protocol
 test.protocol > test.toplevel
+test.protocol > test.unit_test
 test.protocol > xrpl.basics
 test.protocol > xrpl.json
 test.protocol > xrpl.protocol
@@ -171,6 +174,7 @@ test.shamap > xrpl.shamap
 test.toplevel > test.csf
 test.toplevel > xrpl.json
 test.unit_test > xrpl.basics
+test.unit_test > xrpl.protocol
 tests.libxrpl > xrpl.basics
 tests.libxrpl > xrpl.json
 tests.libxrpl > xrpl.net

.github/scripts/strategy-matrix/generate.py

@@ -55,7 +55,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
             #   fee to 500.
             # - Bookworm using GCC 15: Debug on linux/amd64, enable code
             #   coverage (which will be done below).
-            # - Bookworm using Clang 16: Debug on linux/arm64, enable voidstar.
+            # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar.
             # - Bookworm using Clang 17: Release on linux/amd64, set the
             #   reference fee to 1000.
             # - Bookworm using Clang 20: Debug on linux/amd64.
@@ -78,7 +78,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
                     if (
                         f"{os['compiler_name']}-{os['compiler_version']}" == "clang-16"
                         and build_type == "Debug"
-                        and architecture["platform"] == "linux/arm64"
+                        and architecture["platform"] == "linux/amd64"
                     ):
                         cmake_args = f"-Dvoidstar=ON {cmake_args}"
                         skip = False

.github/workflows/check-pr-title.yml

@@ -0,0 +1,10 @@
+name: Check PR title
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+    branches: [develop]
+
+jobs:
+  check_title:
+    uses: XRPLF/actions/.github/workflows/check-pr-title.yml@943eb8277e8f4b010fde0c826ce4154c36c39509

.github/workflows/on-pr.yml

@@ -46,7 +46,7 @@ jobs:
         # that Github considers any skipped jobs to have passed, and in
         # turn the required checks as well.
         id: changes
-        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         with:
           files: |
             # These paths are unique to `on-pr.yml`.
@@ -141,9 +141,8 @@ jobs:
     needs:
       - should-run
       - build-test
-    # Only run when committing to a PR that targets a release branch in the
-    # XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' && needs.should-run.outputs.go == 'true' && startsWith(github.ref, 'refs/heads/release') }}
+    # Only run when committing to a PR that targets a release branch.
+    if: ${{ github.repository == 'XRPLF/rippled' && needs.should-run.outputs.go == 'true' && github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release') }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/on-tag.yml

@@ -17,8 +17,7 @@ defaults:
 
 jobs:
   upload-recipe:
-    # Only run when a tag is pushed to the XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' }}
+    if: ${{ github.repository == 'XRPLF/rippled' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/on-trigger.yml

@@ -92,8 +92,8 @@ jobs:
 
   upload-recipe:
     needs: build-test
-    # Only run when pushing to the develop branch in the XRPLF repository.
-    if: ${{ github.repository_owner == 'XRPLF' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
+    # Only run when pushing to the develop branch.
+    if: ${{ github.repository == 'XRPLF/rippled' && github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
     uses: ./.github/workflows/reusable-upload-recipe.yml
     secrets:
       remote_username: ${{ secrets.CONAN_REMOTE_USERNAME }}

.github/workflows/pre-commit.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
   run-hooks:
-    uses: XRPLF/actions/.github/workflows/pre-commit.yml@56de1bdf19639e009639a50b8d17c28ca954f267
+    uses: XRPLF/actions/.github/workflows/pre-commit.yml@44856eb0d6ecb7d376370244324ab3dc8b863bad
     with:
       runs_on: ubuntu-latest
       container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }'

.github/workflows/reusable-build-test-config.yml

@@ -76,7 +76,7 @@ jobs:
     name: ${{ inputs.config_name }}
     runs-on: ${{ fromJSON(inputs.runs_on) }}
     container: ${{ inputs.image != '' && inputs.image || null }}
-    timeout-minutes: 60
+    timeout-minutes: ${{ inputs.sanitizers != '' && 360 || 60 }}
     env:
       # Use a namespace to keep the objects separate for each configuration.
       CCACHE_NAMESPACE: ${{ inputs.config_name }}
@@ -176,7 +176,7 @@ jobs:
           fi
 
       - name: Upload the binary (Linux)
-        if: ${{ github.repository_owner == 'XRPLF' && runner.os == 'Linux' }}
+        if: ${{ github.repository == 'XRPLF/rippled' && runner.os == 'Linux' }}
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: xrpld-${{ inputs.config_name }}
@@ -204,8 +204,14 @@ jobs:
 
       - name: Set sanitizer options
         if: ${{ !inputs.build_only && env.SANITIZERS_ENABLED == 'true' }}
+        env:
+          CONFIG_NAME: ${{ inputs.config_name }}
         run: |
-          echo "ASAN_OPTIONS=print_stacktrace=1:detect_container_overflow=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
+          ASAN_OPTS="halt_on_error=0:use_sigaltstack=0:print_stacktrace=1:detect_container_overflow=0:detect_stack_use_after_return=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp"
+          if [[ "${CONFIG_NAME}" == *gcc* ]]; then
+            ASAN_OPTS="${ASAN_OPTS}:alloc_dealloc_mismatch=0"
+          fi
+          echo "ASAN_OPTIONS=${ASAN_OPTS}" >> ${GITHUB_ENV}
           echo "TSAN_OPTIONS=second_deadlock_stack=1:halt_on_error=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
           echo "UBSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
           echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
@@ -230,6 +236,8 @@ jobs:
           BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
         run: |
           set -o pipefail
+          # Coverage builds are slower due to instrumentation; use fewer parallel jobs to avoid flakiness
+          [ "$COVERAGE_ENABLED" = "true" ] && BUILD_NPROC=$(( BUILD_NPROC - 2 ))
           ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}" 2>&1 | tee unittest.log
 
       - name: Show test failure summary
@@ -266,7 +274,7 @@ jobs:
             --target coverage
 
       - name: Upload coverage report
-        if: ${{ github.repository_owner == 'XRPLF' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
+        if: ${{ github.repository == 'XRPLF/rippled' && !inputs.build_only && env.COVERAGE_ENABLED == 'true' }}
         uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           disable_search: true

.github/workflows/reusable-check-levelization.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Check levelization
-        run: .github/scripts/levelization/generate.sh
+        run: python .github/scripts/levelization/generate.py
       - name: Check for differences
         env:
           MESSAGE: |
@@ -32,7 +32,7 @@ jobs:
             removed from loops.txt, it's probably an improvement, while if
             something was added, it's probably a regression.
 
-            Run '.github/scripts/levelization/generate.sh' in your repo, commit
+            Run '.github/scripts/levelization/generate.py' in your repo, commit
             and push the changes. See .github/scripts/levelization/README.md for
             more info.
         run: |

.github/workflows/reusable-clang-tidy.yml

@@ -31,7 +31,7 @@ jobs:
 
       - name: Get changed C++ files
         id: changed_files
-        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         with:
           files: |
             **/*.cpp
@@ -41,7 +41,7 @@ jobs:
 
       - name: Get changed clang-tidy configuration
         id: changed_clang_tidy
-        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         with:
           files: |
             .clang-tidy
@@ -51,5 +51,5 @@ jobs:
     if: ${{ always() && !cancelled() && (!inputs.check_only_changed || needs.determine-files.outputs.any_cpp_changed == 'true' || needs.determine-files.outputs.clang_tidy_config_changed == 'true') }}
     uses: ./.github/workflows/reusable-clang-tidy-files.yml
     with:
-      files: ${{ (needs.determine-files.outputs.clang_tidy_config_changed == 'true' && '') || (inputs.check_only_changed && needs.determine-files.outputs.all_changed_files || '') }}
+      files: ${{ needs.determine-files.outputs.clang_tidy_config_changed == 'true' && '' || (inputs.check_only_changed && needs.determine-files.outputs.all_changed_files || '') }}
       create_issue_on_failure: ${{ inputs.create_issue_on_failure }}

.github/workflows/reusable-upload-recipe.yml

@@ -69,22 +69,28 @@ jobs:
           conan export . --version=${{ steps.version.outputs.version }}
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/${{ steps.version.outputs.version }}
 
+      # When this workflow is triggered by a push event, it will always be when merging into the
+      # 'develop' branch, see on-trigger.yml.
       - name: Upload Conan recipe (develop)
-        if: ${{ github.ref == 'refs/heads/develop' }}
+        if: ${{ github.event_name == 'push' }}
         env:
           REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=develop
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/develop
 
+      # When this workflow is triggered by a pull request event, it will always be when merging into
+      # one of the 'release' branches, see on-pr.yml.
       - name: Upload Conan recipe (rc)
-        if: ${{ startsWith(github.ref, 'refs/heads/release') }}
+        if: ${{ github.event_name == 'pull_request' }}
         env:
           REMOTE_NAME: ${{ inputs.remote_name }}
         run: |
           conan export . --version=rc
           conan upload --confirm --check --remote="${REMOTE_NAME}" xrpl/rc
 
+      # When this workflow is triggered by a tag event, it will always be when tagging a final
+      # release, see on-tag.yml.
       - name: Upload Conan recipe (release)
         if: ${{ github.event_name == 'tag' }}
         env:

.github/workflows/upload-conan-deps.yml

@@ -103,11 +103,11 @@ jobs:
           sanitizers: ${{ matrix.sanitizers }}
 
       - name: Log into Conan remote
-        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         run: conan remote login "${CONAN_REMOTE_NAME}" "${{ secrets.CONAN_REMOTE_USERNAME }}" --password "${{ secrets.CONAN_REMOTE_PASSWORD }}"
 
       - name: Upload Conan packages
-        if: ${{ github.repository_owner == 'XRPLF' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        if: ${{ github.repository == 'XRPLF/rippled' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
         env:
           FORCE_OPTION: ${{ github.event.inputs.force_upload == 'true' && '--force' || '' }}
         run: conan upload "*" --remote="${CONAN_REMOTE_NAME}" --confirm ${FORCE_OPTION}

.gitignore

@@ -75,6 +75,9 @@ DerivedData
 /.claude
 /CLAUDE.md
 
+# Python
+__pycache__
+
 # Direnv's directory
 /.direnv
 

CMakeLists.txt

@@ -131,7 +131,6 @@ if(coverage)
     include(XrplCov)
 endif()
 
-set(PROJECT_EXPORT_SET XrplExports)
 include(XrplCore)
 include(XrplInstall)
 include(XrplValidatorKeys)

CONTRIBUTING.md

@@ -127,26 +127,6 @@ tl;dr
 > 6. Wrap the body at 72 characters.
 > 7. Use the body to explain what and why vs. how.
 
-In addition to those guidelines, please add one of the following
-prefixes to the subject line if appropriate.
-
-- `fix:` - The primary purpose is to fix an existing bug.
-- `perf:` - The primary purpose is performance improvements.
-- `refactor:` - The changes refactor code without affecting
-  functionality.
-- `test:` - The changes _only_ affect unit tests.
-- `docs:` - The changes _only_ affect documentation. This can
-  include code comments in addition to `.md` files like this one.
-- `build:` - The changes _only_ affect the build process,
-  including CMake and/or Conan settings.
-- `chore:` - Other tasks that don't affect the binary, but don't fit
-  any of the other cases. e.g. formatting, git settings, updating
-  Github Actions jobs.
-
-Whenever possible, when updating commits after the PR is open, please
-add the PR number to the end of the subject line. e.g. `test: Add
-unit tests for Feature X (#1234)`.
-
 ## Pull requests
 
 In general, pull requests use `develop` as the base branch.
@@ -180,6 +160,23 @@ credibility of the existing approvals is insufficient.
 Pull requests must be merged by [squash-and-merge][squash]
 to preserve a linear history for the `develop` branch.
 
+### Type of Change
+
+In addition to those guidelines, please start your PR title with one of the following:
+
+- `build:` - The changes _only_ affect the build process, including CMake and/or Conan settings.
+- `feat`: New feature (change which adds functionality).
+- `fix:` - The primary purpose is to fix an existing bug.
+- `docs:` - The changes _only_ affect documentation.
+- `test:` - The changes _only_ affect unit tests.
+- `ci`: Continuous Integration (changes to our CI configuration files and scripts).
+- `style`: Code style (formatting).
+- `refactor:` - The changes refactor code without affecting functionality.
+- `perf:` - The primary purpose is performance improvements.
+- `chore:` - Other tasks that don't affect the binary, but don't fit any of the other cases. e.g. `git` settings, `clang-tidy`, removing dead code, dropping support for older tooling.
+
+First letter after the type prefix should be capitalized, and the type prefix should be followed by a colon and a space. e.g. `feat: Add support for Borrowing Protocol`.
+
 ### "Ready to merge"
 
 A pull request should only have the "Ready to merge" label added when it

cmake/XrplConfig.cmake

@@ -1,60 +0,0 @@
-include(CMakeFindDependencyMacro)
-# need to represent system dependencies of the lib here
-#[=========================================================[
-  Boost
-#]=========================================================]
-if(static OR APPLE OR MSVC)
-    set(Boost_USE_STATIC_LIBS ON)
-endif()
-set(Boost_USE_MULTITHREADED ON)
-if(static OR MSVC)
-    set(Boost_USE_STATIC_RUNTIME ON)
-else()
-    set(Boost_USE_STATIC_RUNTIME OFF)
-endif()
-find_dependency(
-    Boost
-    COMPONENTS
-    chrono
-    container
-    context
-    coroutine
-    date_time
-    filesystem
-    program_options
-    regex
-    system
-    thread
-)
-#[=========================================================[
-  OpenSSL
-#]=========================================================]
-if(NOT DEFINED OPENSSL_ROOT_DIR)
-    if(DEFINED ENV{OPENSSL_ROOT})
-        set(OPENSSL_ROOT_DIR $ENV{OPENSSL_ROOT})
-    elseif(APPLE)
-        find_program(homebrew brew)
-        if(homebrew)
-            execute_process(
-                COMMAND ${homebrew} --prefix openssl
-                OUTPUT_VARIABLE OPENSSL_ROOT_DIR
-                OUTPUT_STRIP_TRAILING_WHITESPACE
-            )
-        endif()
-    endif()
-    file(TO_CMAKE_PATH "${OPENSSL_ROOT_DIR}" OPENSSL_ROOT_DIR)
-endif()
-
-if(static OR APPLE OR MSVC)
-    set(OPENSSL_USE_STATIC_LIBS ON)
-endif()
-set(OPENSSL_MSVC_STATIC_RT ON)
-find_dependency(OpenSSL REQUIRED)
-find_dependency(ZLIB)
-find_dependency(date)
-if(TARGET ZLIB::ZLIB)
-    set_target_properties(
-        OpenSSL::Crypto
-        PROPERTIES INTERFACE_LINK_LIBRARIES ZLIB::ZLIB
-    )
-endif()

cmake/XrplInstall.cmake

@@ -2,100 +2,38 @@
    install stuff
 #]===================================================================]
 
-include(create_symbolic_link)
+include(GNUInstallDirs)
 
-# If no suffix is defined for executables (e.g. Windows uses .exe but Linux
-# and macOS use none), then explicitly set it to the empty string.
-if(NOT DEFINED suffix)
-    set(suffix "")
+if(is_root_project AND TARGET xrpld)
+    install(
+        TARGETS xrpld
+        RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT runtime
+    )
+
+    install(
+        FILES "${CMAKE_CURRENT_SOURCE_DIR}/cfg/xrpld-example.cfg"
+        DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/xrpld"
+        RENAME xrpld.cfg
+        COMPONENT runtime
+    )
+
+    install(
+        FILES "${CMAKE_CURRENT_SOURCE_DIR}/cfg/validators-example.txt"
+        DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/xrpld"
+        RENAME validators.txt
+        COMPONENT runtime
+    )
 endif()
 
 install(
-    TARGETS
-        common
-        opts
-        xrpl_boost
-        xrpl_libs
-        xrpl_syslibs
-        xrpl.imports.main
-        xrpl.libpb
-        xrpl.libxrpl
-        xrpl.libxrpl.basics
-        xrpl.libxrpl.beast
-        xrpl.libxrpl.conditions
-        xrpl.libxrpl.core
-        xrpl.libxrpl.crypto
-        xrpl.libxrpl.git
-        xrpl.libxrpl.json
-        xrpl.libxrpl.rdb
-        xrpl.libxrpl.ledger
-        xrpl.libxrpl.net
-        xrpl.libxrpl.nodestore
-        xrpl.libxrpl.protocol
-        xrpl.libxrpl.resource
-        xrpl.libxrpl.server
-        xrpl.libxrpl.shamap
-        xrpl.libxrpl.tx
-        antithesis-sdk-cpp
-    EXPORT XrplExports
-    LIBRARY DESTINATION lib
-    ARCHIVE DESTINATION lib
-    RUNTIME DESTINATION bin
-    INCLUDES DESTINATION include
+    TARGETS xrpl.libpb xrpl.libxrpl
+    LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT development
+    ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT development
+    RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT development
 )
 
 install(
     DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/xrpl"
     DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
-)
-
-install(
-    EXPORT XrplExports
-    FILE XrplTargets.cmake
-    NAMESPACE Xrpl::
-    DESTINATION lib/cmake/xrpl
-)
-include(CMakePackageConfigHelpers)
-write_basic_package_version_file(
-    XrplConfigVersion.cmake
-    VERSION ${xrpld_version}
-    COMPATIBILITY SameMajorVersion
-)
-
-if(is_root_project AND TARGET xrpld)
-    install(TARGETS xrpld RUNTIME DESTINATION bin)
-    set_target_properties(xrpld PROPERTIES INSTALL_RPATH_USE_LINK_PATH ON)
-    # sample configs should not overwrite existing files
-    # install if-not-exists workaround as suggested by
-    # https://cmake.org/Bug/view.php?id=12646
-    install(
-        CODE
-            "
-    macro (copy_if_not_exists SRC DEST NEWNAME)
-      if (NOT EXISTS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${DEST}/\${NEWNAME}\")
-        file (INSTALL FILE_PERMISSIONS OWNER_READ OWNER_WRITE DESTINATION \"\${CMAKE_INSTALL_PREFIX}/\${DEST}\" FILES \"\${SRC}\" RENAME \"\${NEWNAME}\")
-      else ()
-        message (\"-- Skipping : \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${DEST}/\${NEWNAME}\")
-      endif ()
-    endmacro()
-    copy_if_not_exists(\"${CMAKE_CURRENT_SOURCE_DIR}/cfg/xrpld-example.cfg\" etc xrpld.cfg)
-    copy_if_not_exists(\"${CMAKE_CURRENT_SOURCE_DIR}/cfg/validators-example.txt\" etc validators.txt)
-  "
-    )
-    install(
-        CODE
-            "
-    set(CMAKE_MODULE_PATH \"${CMAKE_MODULE_PATH}\")
-    include(create_symbolic_link)
-    create_symbolic_link(xrpld${suffix} \
-       \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/rippled${suffix})
-  "
-    )
-endif()
-
-install(
-    FILES
-        ${CMAKE_CURRENT_SOURCE_DIR}/cmake/XrplConfig.cmake
-        ${CMAKE_CURRENT_BINARY_DIR}/XrplConfigVersion.cmake
-    DESTINATION lib/cmake/xrpl
+    COMPONENT development
 )

cmake/XrplInterface.cmake

@@ -23,7 +23,7 @@ target_compile_definitions(
         BOOST_FILESYSTEM_NO_DEPRECATED
         >
         $<$<NOT:$<BOOL:${boost_show_deprecated}>>:
-        BOOST_COROUTINES_NO_DEPRECATION_WARNING
+        BOOST_COROUTINES2_NO_DEPRECATION_WARNING
         BOOST_BEAST_ALLOW_DEPRECATED
         BOOST_FILESYSTEM_DEPRECATED
         >

cmake/XrplSanity.cmake

@@ -50,6 +50,13 @@ if(MSVC AND CMAKE_GENERATOR_PLATFORM STREQUAL "Win32")
     message(FATAL_ERROR "Visual Studio 32-bit build is not supported.")
 endif()
 
+if(voidstar AND NOT is_amd64)
+    message(
+        FATAL_ERROR
+        "The voidstar library only supported on amd64/x86_64. Detected archictecture was: ${CMAKE_SYSTEM_PROCESSOR}"
+    )
+endif()
+
 if(APPLE AND NOT HOMEBREW)
     find_program(HOMEBREW brew)
 endif()

cmake/deps/Boost.cmake

@@ -7,7 +7,7 @@ find_package(
     COMPONENTS
         chrono
         container
-        coroutine
+        context
         date_time
         filesystem
         json
@@ -26,7 +26,7 @@ target_link_libraries(
         Boost::headers
         Boost::chrono
         Boost::container
-        Boost::coroutine
+        Boost::context
         Boost::date_time
         Boost::filesystem
         Boost::json
@@ -38,23 +38,26 @@ target_link_libraries(
 if(Boost_COMPILER)
     target_link_libraries(xrpl_boost INTERFACE Boost::disable_autolinking)
 endif()
-if(SANITIZERS_ENABLED AND is_clang)
-    # TODO: gcc does not support -fsanitize-blacklist...can we do something else for gcc ?
-    if(NOT Boost_INCLUDE_DIRS AND TARGET Boost::headers)
-        get_target_property(
-            Boost_INCLUDE_DIRS
-            Boost::headers
-            INTERFACE_INCLUDE_DIRECTORIES
-        )
-    endif()
-    message(STATUS "Adding [${Boost_INCLUDE_DIRS}] to sanitizer blacklist")
-    file(
-        WRITE ${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt
-        "src:${Boost_INCLUDE_DIRS}/*"
-    )
-    target_compile_options(
-        opts
-        INTERFACE # ignore boost headers for sanitizing
-            -fsanitize-blacklist=${CMAKE_CURRENT_BINARY_DIR}/san_bl.txt
+
+# GCC 14+ has a false positive -Wuninitialized warning in Boost.Coroutine2's
+# state.hpp when compiled with -O3. This is due to GCC's intentional behavior
+# change (Bug #98871, #119388) where warnings from inlined system header code
+# are no longer suppressed by -isystem. The warning occurs in operator|= in
+# boost/coroutine2/detail/state.hpp when inlined from push_control_block::destroy().
+# See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119388
+if(is_gcc AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 14)
+    target_compile_options(xrpl_boost INTERFACE -Wno-uninitialized)
+endif()
+
+# Boost.Context's ucontext backend has ASAN fiber-switching annotations
+# (start/finish_switch_fiber) that are compiled in when BOOST_USE_ASAN is defined.
+# This tells ASAN about coroutine stack switches, preventing false positive
+# stack-use-after-scope errors. BOOST_USE_UCONTEXT ensures the ucontext backend
+# is selected (fcontext does not support ASAN annotations).
+# These defines must match what Boost was compiled with (see conan/profiles/sanitizers).
+if(enable_asan)
+    target_compile_definitions(
+        xrpl_boost
+        INTERFACE BOOST_USE_ASAN BOOST_USE_UCONTEXT
     )
 endif()

conan/profiles/sanitizers

@@ -7,16 +7,21 @@ include(default)
     {% if compiler == "gcc" %}
         {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
             {% set sanitizer_list = [] %}
+            {% set defines = [] %}
             {% set model_code = "" %}
             {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1", "-Wno-stringop-overflow"] %}
 
             {% if "address" in sanitizers %}
                 {% set _ = sanitizer_list.append("address") %}
                 {% set model_code = "-mcmodel=large" %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% elif "thread" in sanitizers %}
                 {% set _ = sanitizer_list.append("thread") %}
                 {% set model_code = "-mcmodel=medium" %}
                 {% set _ = extra_cxxflags.append("-Wno-tsan") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% endif %}
 
             {% if "undefinedbehavior" in sanitizers %}
@@ -29,16 +34,22 @@ include(default)
             tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
             tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
             tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
         {% endif %}
     {% elif compiler == "apple-clang" or compiler == "clang" %}
         {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
             {% set sanitizer_list = [] %}
+            {% set defines = [] %}
             {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1"] %}
 
             {% if "address" in sanitizers %}
                 {% set _ = sanitizer_list.append("address") %}
+                {% set _ = defines.append("BOOST_USE_ASAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% elif "thread" in sanitizers %}
                 {% set _ = sanitizer_list.append("thread") %}
+                {% set _ = defines.append("BOOST_USE_TSAN")%}
+                {% set _ = defines.append("BOOST_USE_UCONTEXT")%}
             {% endif %}
 
             {% if "undefinedbehavior" in sanitizers %}
@@ -52,8 +63,24 @@ include(default)
             tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
             tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
             tools.build:exelinkflags+=['{{sanitizer_flags}}']
+            tools.build:defines+={{defines}}
         {% endif %}
     {% endif %}
 {% endif %}
 
-tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags"]
+tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags", "tools.build:defines"]
+
+[options]
+{% if sanitizers %}
+    {% if "address" in sanitizers %}
+        # Build Boost.Context with ucontext backend (not fcontext) so that
+        # ASAN fiber-switching annotations (__sanitizer_start/finish_switch_fiber)
+        # are compiled into the library. fcontext (assembly) has no ASAN support.
+        # define=BOOST_USE_ASAN=1 is critical: it must be defined when building
+        # Boost.Context itself so the ucontext backend compiles in the ASAN annotations.
+        boost/*:extra_b2_flags=context-impl=ucontext address-sanitizer=on define=BOOST_USE_ASAN=1
+        boost/*:without_context=False
+        # Boost stacktrace fails to build with some sanitizers
+        boost/*:without_stacktrace=True
+    {% endif %}
+{% endif %}

conanfile.py

@@ -1,4 +1,5 @@
 import re
+import os
 
 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
 
@@ -57,6 +58,9 @@ class Xrpl(ConanFile):
         "tests": False,
         "unity": False,
         "xrpld": False,
+        "boost/*:without_context": False,
+        "boost/*:without_coroutine": True,
+        "boost/*:without_coroutine2": False,
         "date/*:header_only": True,
         "ed25519/*:shared": False,
         "grpc/*:shared": False,
@@ -126,6 +130,12 @@ class Xrpl(ConanFile):
         if self.settings.compiler in ["clang", "gcc"]:
             self.options["boost"].without_cobalt = True
 
+        # Check if environment variable exists
+        if "SANITIZERS" in os.environ:
+            sanitizers = os.environ["SANITIZERS"]
+            if "address" in sanitizers.lower():
+                self.default_options["fPIC"] = False
+
     def requirements(self):
         # Conan 2 requires transitive headers to be specified
         transitive_headers_opt = (
@@ -196,7 +206,8 @@ class Xrpl(ConanFile):
             "boost::headers",
             "boost::chrono",
             "boost::container",
-            "boost::coroutine",
+            "boost::context",
+            "boost::coroutine2",
             "boost::date_time",
             "boost::filesystem",
             "boost::json",

cspell.config.yaml

@@ -99,6 +99,7 @@ words:
   - endmacro
   - exceptioned
   - Falco
+  - fcontext
   - finalizers
   - firewalled
   - fmtdur

include/xrpl/basics/Mutex.hpp

@@ -0,0 +1,155 @@
+/*
+    This file is part of clio: https://github.com/XRPLF/clio
+    Copyright (c) 2024, the clio developers.
+
+    Permission to use, copy, modify, and distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+*/
+
+#pragma once
+
+#include <mutex>
+#include <type_traits>
+
+namespace xrpl {
+
+template <typename ProtectedDataType, typename MutexType>
+class Mutex;
+
+/**
+ * @brief A lock on a mutex that provides access to the protected data.
+ *
+ * @tparam ProtectedDataType data type to hold
+ * @tparam LockType type of lock
+ * @tparam MutexType type of mutex
+ */
+template <typename ProtectedDataType, template <typename...> typename LockType, typename MutexType>
+class Lock
+{
+    LockType<MutexType> lock_;
+    ProtectedDataType& data_;
+
+public:
+    /** @cond */
+    ProtectedDataType const&
+    operator*() const
+    {
+        return data_;
+    }
+
+    ProtectedDataType&
+    operator*()
+    {
+        return data_;
+    }
+
+    ProtectedDataType const&
+    get() const
+    {
+        return data_;
+    }
+
+    ProtectedDataType&
+    get()
+    {
+        return data_;
+    }
+
+    ProtectedDataType const*
+    operator->() const
+    {
+        return &data_;
+    }
+
+    ProtectedDataType*
+    operator->()
+    {
+        return &data_;
+    }
+
+    operator LockType<MutexType>&() &
+    {
+        return lock_;
+    }
+
+    operator LockType<MutexType> const&() const&
+    {
+        return lock_;
+    }
+    /** @endcond */
+
+private:
+    friend class Mutex<std::remove_const_t<ProtectedDataType>, MutexType>;
+
+    Lock(MutexType& mutex, ProtectedDataType& data) : lock_(mutex), data_(data)
+    {
+    }
+};
+
+/**
+ * @brief A container for data that is protected by a mutex. Inspired by Mutex in Rust.
+ *
+ * @tparam ProtectedDataType data type to hold
+ * @tparam MutexType type of mutex
+ */
+template <typename ProtectedDataType, typename MutexType = std::mutex>
+class Mutex
+{
+    mutable MutexType mutex_;
+    ProtectedDataType data_{};
+
+public:
+    Mutex() = default;
+
+    /**
+     * @brief Construct a new Mutex object with the given data
+     *
+     * @param data The data to protect
+     */
+    explicit Mutex(ProtectedDataType data) : data_(std::move(data))
+    {
+    }
+
+    /**
+     * @brief Make a new Mutex object with the given data
+     *
+     * @tparam Args The types of the arguments to forward to the constructor of the protected data
+     * @param args The arguments to forward to the constructor of the protected data
+     * @return The Mutex object that protects the given data
+     */
+    template <typename... Args>
+    static Mutex
+    make(Args&&... args)
+    {
+        return Mutex{ProtectedDataType{std::forward<Args>(args)...}};
+    }
+
+    /**
+     * @brief Lock the mutex and get a lock object allowing access to the protected data
+     *
+     * @tparam LockType The type of lock to use
+     * @return A lock on the mutex and a reference to the protected data
+     */
+    template <template <typename...> typename LockType = std::lock_guard>
+    Lock<ProtectedDataType const, LockType, MutexType>
+    lock() const
+    {
+        return {mutex_, data_};
+    }
+
+    /**
+     * @brief Lock the mutex and get a lock object allowing access to the protected data
+     *
+     * @tparam LockType The type of lock to use
+     * @return A lock on the mutex and a reference to the protected data
+     */
+    template <template <typename...> typename LockType = std::lock_guard>
+    Lock<ProtectedDataType, LockType, MutexType>
+    lock()
+    {
+        return {mutex_, data_};
+    }
+};
+
+}  // namespace xrpl

include/xrpl/basics/Slice.h

@@ -11,6 +11,7 @@
 #include <limits>
 #include <stdexcept>
 #include <string>
+#include <string_view>
 #include <type_traits>
 #include <vector>
 
@@ -231,4 +232,11 @@ makeSlice(std::basic_string<char, Traits, Alloc> const& s)
     return Slice(s.data(), s.size());
 }
 
+template <class Traits>
+Slice
+makeSlice(std::basic_string_view<char, Traits> const& s)
+{
+    return Slice(s.data(), s.size());
+}
+
 }  // namespace xrpl

include/xrpl/core/Coro.ipp

@@ -1,7 +1,5 @@
 #pragma once
 
-#include <xrpl/basics/ByteUtilities.h>
-
 namespace xrpl {
 
 template <class F>
@@ -11,16 +9,18 @@ JobQueue::Coro::Coro(Coro_create_t, JobQueue& jq, JobType type, std::string cons
     , name_(name)
     , running_(false)
     , coro_(
+          // Stack size of 1MB wasn't sufficient for deep calls. ASAN tests flagged the issue. Hence
+          // increasing the size to 1.5MB.
+          boost::context::protected_fixedsize_stack(1536 * 1024),
           [this, fn = std::forward<F>(f)](
-              boost::coroutines::asymmetric_coroutine<void>::push_type& do_yield) {
+              boost::coroutines2::asymmetric_coroutine<void>::push_type& do_yield) {
               yield_ = &do_yield;
               yield();
               fn(shared_from_this());
 #ifndef NDEBUG
               finished_ = true;
 #endif
-          },
-          boost::coroutines::attributes(megabytes(1)))
+          })
 {
 }
 

include/xrpl/core/JobQueue.h

@@ -7,7 +7,8 @@
 #include <xrpl/core/detail/Workers.h>
 #include <xrpl/json/json_value.h>
 
-#include <boost/coroutine/all.hpp>
+#include <boost/context/protected_fixedsize_stack.hpp>
+#include <boost/coroutine2/all.hpp>
 
 #include <set>
 
@@ -48,8 +49,8 @@ public:
         std::mutex mutex_;
         std::mutex mutex_run_;
         std::condition_variable cv_;
-        boost::coroutines::asymmetric_coroutine<void>::pull_type coro_;
-        boost::coroutines::asymmetric_coroutine<void>::push_type* yield_;
+        boost::coroutines2::coroutine<void>::pull_type coro_;
+        boost::coroutines2::coroutine<void>::push_type* yield_;
 #ifndef NDEBUG
         bool finished_ = false;
 #endif

include/xrpl/net/HTTPClient.h

@@ -29,6 +29,18 @@ public:
         bool sslVerify,
         beast::Journal j);
 
+    /** Destroys the global SSL context created by initializeSSLContext().
+     *
+     *  This releases the underlying boost::asio::ssl::context and any
+     *  associated OpenSSL resources. Must not be called while any
+     *  HTTPClient requests are in flight.
+     *
+     *  @note Currently only called from tests during teardown. In production,
+     *        the SSL context lives for the lifetime of the process.
+     */
+    static void
+    cleanupSSLContext();
+
     static void
     get(bool bSSL,
         boost::asio::io_context& io_context,

include/xrpl/proto/xrpl.proto

@@ -244,7 +244,15 @@ message TMGetObjectByHash {
 
 message TMLedgerNode {
   required bytes nodedata = 1;
-  optional bytes nodeid = 2;  // missing for ledger base data
+
+  // Used when protocol version <2.3. Not set for ledger base data.
+  optional bytes nodeid = 2;
+
+  // Used when protocol version >=2.3. Neither value is set for ledger base data.
+  oneof reference {
+    bytes id = 3;      // Set for inner nodes.
+    uint32 depth = 4;  // Set for leaf nodes.
+  }
 }
 
 enum TMLedgerInfoType {

include/xrpl/protocol/Feature.h

@@ -64,6 +64,49 @@
 
 namespace xrpl {
 
+// Feature names must not exceed this length (in characters, excluding the null terminator).
+static constexpr std::size_t maxFeatureNameSize = 63;
+// Reserve this exact feature-name length (in characters/bytes, excluding the null terminator)
+// so that a 32-byte uint256 (for example, in WASM or other interop contexts) can be used
+// as a compact, fixed-size feature selector without conflicting with human-readable names.
+static constexpr std::size_t reservedFeatureNameSize = 32;
+
+// Both validFeatureNameSize and validFeatureName are consteval functions that can be used in
+// static_asserts to validate feature names at compile time. They are only used inside
+// enforceValidFeatureName in Feature.cpp, but are exposed here for testing. The expected
+// parameter `auto fn` is a constexpr lambda which returns a const char*, making it available
+// for compile-time evaluation. Read more in https://accu.org/journals/overload/30/172/wu/
+consteval auto
+validFeatureNameSize(auto fn) -> bool
+{
+    constexpr char const* n = fn();
+    // Note, std::strlen is not constexpr, we need to implement our own here.
+    constexpr std::size_t N = [](auto n) {
+        std::size_t ret = 0;
+        for (auto ptr = n; *ptr != '\0'; ret++, ++ptr)
+            ;
+        return ret;
+    }(n);
+    return N != reservedFeatureNameSize &&  //
+        N <= maxFeatureNameSize;
+}
+
+consteval auto
+validFeatureName(auto fn) -> bool
+{
+    constexpr char const* n = fn();
+    // Prevent the use of visually confusable characters and enforce that feature names
+    // are always valid ASCII. This is needed because C++ allows Unicode identifiers.
+    // Characters below 0x20 are nonprintable control characters, and characters with the 0x80 bit
+    // set are non-ASCII (e.g. UTF-8 encoding of Unicode), so both are disallowed.
+    for (auto ptr = n; *ptr != '\0'; ++ptr)
+    {
+        if (*ptr & 0x80 || *ptr < 0x20)
+            return false;
+    }
+    return true;
+}
+
 enum class VoteBehavior : int { Obsolete = -1, DefaultNo = 0, DefaultYes };
 enum class AmendmentSupport : int { Retired = -1, Supported = 0, Unsupported };
 

include/xrpl/protocol/STTx.h

@@ -15,7 +15,7 @@
 
 namespace xrpl {
 
-enum TxnSql : char {
+enum class TxnSql : char {
     txnSqlNew = 'N',
     txnSqlConflict = 'C',
     txnSqlHeld = 'H',
@@ -122,7 +122,7 @@ public:
     getMetaSQL(
         Serializer rawTxn,
         std::uint32_t inLedger,
-        char status,
+        TxnSql status,
         std::string const& escapedMetaData) const;
 
     std::vector<uint256> const&

include/xrpl/protocol/SecretKey.h

@@ -16,8 +16,11 @@ namespace xrpl {
 /** A secret key. */
 class SecretKey
 {
+public:
+    static constexpr std::size_t size_ = 32;
+
 private:
-    std::uint8_t buf_[32];
+    std::uint8_t buf_[size_];
 
 public:
     using const_iterator = std::uint8_t const*;
@@ -27,9 +30,14 @@ public:
     SecretKey&
     operator=(SecretKey const&) = default;
 
+    bool
+    operator==(SecretKey const&) = delete;
+    bool
+    operator!=(SecretKey const&) = delete;
+
     ~SecretKey();
 
-    SecretKey(std::array<std::uint8_t, 32> const& data);
+    SecretKey(std::array<std::uint8_t, size_> const& data);
     SecretKey(Slice const& slice);
 
     std::uint8_t const*
@@ -78,16 +86,10 @@ public:
 };
 
 inline bool
-operator==(SecretKey const& lhs, SecretKey const& rhs)
-{
-    return lhs.size() == rhs.size() && std::memcmp(lhs.data(), rhs.data(), rhs.size()) == 0;
-}
+operator==(SecretKey const& lhs, SecretKey const& rhs) = delete;
 
 inline bool
-operator!=(SecretKey const& lhs, SecretKey const& rhs)
-{
-    return !(lhs == rhs);
-}
+operator!=(SecretKey const& lhs, SecretKey const& rhs) = delete;
 
 //------------------------------------------------------------------------------
 

include/xrpl/protocol/SystemParameters.h

@@ -14,7 +14,7 @@ namespace xrpl {
 static inline std::string const&
 systemName()
 {
-    static std::string const name = "ripple";
+    static std::string const name = "xrpld";
     return name;
 }
 

include/xrpl/protocol/detail/transactions.macro

@@ -42,7 +42,7 @@ TRANSACTION(ttPAYMENT, 0, Payment,
 
 /** This transaction type creates an escrow object. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/escrow/Escrow.h>
+#   include <xrpl/tx/transactors/escrow/EscrowCreate.h>
 #endif
 TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate,
     Delegation::delegable,
@@ -58,6 +58,9 @@ TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate,
 }))
 
 /** This transaction type completes an existing escrow. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/escrow/EscrowFinish.h>
+#endif
 TRANSACTION(ttESCROW_FINISH, 2, EscrowFinish,
     Delegation::delegable,
     uint256{},
@@ -94,7 +97,7 @@ TRANSACTION(ttACCOUNT_SET, 3, AccountSet,
 
 /** This transaction type cancels an existing escrow. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/escrow/Escrow.h>
+#   include <xrpl/tx/transactors/escrow/EscrowCancel.h>
 #endif
 TRANSACTION(ttESCROW_CANCEL, 4, EscrowCancel,
     Delegation::delegable,
@@ -180,7 +183,7 @@ TRANSACTION(ttSIGNER_LIST_SET, 12, SignerListSet,
 
 /** This transaction type creates a new unidirectional XRP payment channel. */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/payment_channel/PayChan.h>
+#   include <xrpl/tx/transactors/payment_channel/PayChanCreate.h>
 #endif
 TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate,
     Delegation::delegable,
@@ -196,6 +199,9 @@ TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate,
 }))
 
 /** This transaction type funds an existing unidirectional XRP payment channel. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/payment_channel/PayChanFund.h>
+#endif
 TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund,
     Delegation::delegable,
     uint256{},
@@ -207,6 +213,9 @@ TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund,
 }))
 
 /** This transaction type submits a claim against an existing unidirectional payment channel. */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/payment_channel/PayChanClaim.h>
+#endif
 TRANSACTION(ttPAYCHAN_CLAIM, 15, PaymentChannelClaim,
     Delegation::delegable,
     uint256{},
@@ -617,7 +626,7 @@ TRANSACTION(ttXCHAIN_CREATE_BRIDGE, 48, XChainCreateBridge,
 
 /** This transaction type creates or updates a DID */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/did/DID.h>
+#   include <xrpl/tx/transactors/did/DIDSet.h>
 #endif
 TRANSACTION(ttDID_SET, 49, DIDSet,
     Delegation::delegable,
@@ -630,6 +639,9 @@ TRANSACTION(ttDID_SET, 49, DIDSet,
 }))
 
 /** This transaction type deletes a DID */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/did/DIDDelete.h>
+#endif
 TRANSACTION(ttDID_DELETE, 50, DIDDelete,
     Delegation::delegable,
     featureDID,
@@ -739,7 +751,7 @@ TRANSACTION(ttMPTOKEN_AUTHORIZE, 57, MPTokenAuthorize,
 
 /** This transaction type create an Credential instance */
 #if TRANSACTION_INCLUDE
-#   include <xrpl/tx/transactors/credentials/Credentials.h>
+#   include <xrpl/tx/transactors/credentials/CredentialCreate.h>
 #endif
 TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate,
     Delegation::delegable,
@@ -753,6 +765,9 @@ TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate,
 }))
 
 /** This transaction type accept an Credential object */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/credentials/CredentialAccept.h>
+#endif
 TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept,
     Delegation::delegable,
     featureCredentials,
@@ -763,6 +778,9 @@ TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept,
 }))
 
 /** This transaction type delete an Credential object */
+#if TRANSACTION_INCLUDE
+#   include <xrpl/tx/transactors/credentials/CredentialDelete.h>
+#endif
 TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete,
     Delegation::delegable,
     featureCredentials,
@@ -830,7 +848,7 @@ TRANSACTION(ttDELEGATE_SET, 64, DelegateSet,
 #   include <xrpl/tx/transactors/vault/VaultCreate.h>
 #endif
 TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     createPseudoAcct | createMPTIssuance | mustModifyVault,
     ({
@@ -848,7 +866,7 @@ TRANSACTION(ttVAULT_CREATE, 65, VaultCreate,
 #   include <xrpl/tx/transactors/vault/VaultSet.h>
 #endif
 TRANSACTION(ttVAULT_SET, 66, VaultSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mustModifyVault,
     ({
@@ -863,7 +881,7 @@ TRANSACTION(ttVAULT_SET, 66, VaultSet,
 #   include <xrpl/tx/transactors/vault/VaultDelete.h>
 #endif
 TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mustDeleteAcct | destroyMPTIssuance | mustModifyVault,
     ({
@@ -875,7 +893,7 @@ TRANSACTION(ttVAULT_DELETE, 67, VaultDelete,
 #   include <xrpl/tx/transactors/vault/VaultDeposit.h>
 #endif
 TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayAuthorizeMPT | mustModifyVault,
     ({
@@ -888,7 +906,7 @@ TRANSACTION(ttVAULT_DEPOSIT, 68, VaultDeposit,
 #   include <xrpl/tx/transactors/vault/VaultWithdraw.h>
 #endif
 TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayDeleteMPT | mayAuthorizeMPT | mustModifyVault,
     ({
@@ -903,7 +921,7 @@ TRANSACTION(ttVAULT_WITHDRAW, 69, VaultWithdraw,
 #   include <xrpl/tx/transactors/vault/VaultClawback.h>
 #endif
 TRANSACTION(ttVAULT_CLAWBACK, 70, VaultClawback,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureSingleAssetVault,
     mayDeleteMPT | mustModifyVault,
     ({
@@ -932,7 +950,7 @@ TRANSACTION(ttBATCH, 71, Batch,
 #   include <xrpl/tx/transactors/lending/LoanBrokerSet.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_SET, 74, LoanBrokerSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     createPseudoAcct | mayAuthorizeMPT, ({
     {sfVaultID, soeREQUIRED},
@@ -949,7 +967,7 @@ TRANSACTION(ttLOAN_BROKER_SET, 74, LoanBrokerSet,
 #   include <xrpl/tx/transactors/lending/LoanBrokerDelete.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_DELETE, 75, LoanBrokerDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mustDeleteAcct | mayAuthorizeMPT, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -960,7 +978,7 @@ TRANSACTION(ttLOAN_BROKER_DELETE, 75, LoanBrokerDelete,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverDeposit.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_DEPOSIT, 76, LoanBrokerCoverDeposit,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -972,7 +990,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_DEPOSIT, 76, LoanBrokerCoverDeposit,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverWithdraw.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_WITHDRAW, 77, LoanBrokerCoverWithdraw,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -987,7 +1005,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_WITHDRAW, 77, LoanBrokerCoverWithdraw,
 #   include <xrpl/tx/transactors/lending/LoanBrokerCoverClawback.h>
 #endif
 TRANSACTION(ttLOAN_BROKER_COVER_CLAWBACK, 78, LoanBrokerCoverClawback,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanBrokerID, soeOPTIONAL},
@@ -999,7 +1017,7 @@ TRANSACTION(ttLOAN_BROKER_COVER_CLAWBACK, 78, LoanBrokerCoverClawback,
 #   include <xrpl/tx/transactors/lending/LoanSet.h>
 #endif
 TRANSACTION(ttLOAN_SET, 80, LoanSet,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT | mustModifyVault, ({
     {sfLoanBrokerID, soeREQUIRED},
@@ -1026,7 +1044,7 @@ TRANSACTION(ttLOAN_SET, 80, LoanSet,
 #   include <xrpl/tx/transactors/lending/LoanDelete.h>
 #endif
 TRANSACTION(ttLOAN_DELETE, 81, LoanDelete,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     noPriv, ({
     {sfLoanID, soeREQUIRED},
@@ -1037,7 +1055,7 @@ TRANSACTION(ttLOAN_DELETE, 81, LoanDelete,
 #   include <xrpl/tx/transactors/lending/LoanManage.h>
 #endif
 TRANSACTION(ttLOAN_MANAGE, 82, LoanManage,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     // All of the LoanManage options will modify the vault, but the
     // transaction can succeed without options, essentially making it
@@ -1051,7 +1069,7 @@ TRANSACTION(ttLOAN_MANAGE, 82, LoanManage,
 #   include <xrpl/tx/transactors/lending/LoanPay.h>
 #endif
 TRANSACTION(ttLOAN_PAY, 84, LoanPay,
-    Delegation::delegable,
+    Delegation::notDelegable,
     featureLendingProtocol,
     mayAuthorizeMPT | mustModifyVault, ({
     {sfLoanID, soeREQUIRED},

include/xrpl/shamap/SHAMap.h

@@ -16,6 +16,7 @@
 
 #include <set>
 #include <stack>
+#include <tuple>
 #include <vector>
 
 namespace xrpl {
@@ -253,7 +254,7 @@ public:
     bool
     getNodeFat(
         SHAMapNodeID const& wanted,
-        std::vector<std::pair<SHAMapNodeID, Blob>>& data,
+        std::vector<std::tuple<SHAMapNodeID, Blob, bool>>& data,
         bool fatLeaves,
         std::uint32_t depth) const;
 
@@ -280,10 +281,45 @@ public:
     void
     serializeRoot(Serializer& s) const;
 
+    /** Add a root node to the SHAMap during synchronization.
+     *
+     * This function is used when receiving the root node of a SHAMap from a peer during ledger
+     * synchronization. The node must already have been deserialized.
+     *
+     * @param hash The expected hash of the root node.
+     * @param rootNode A deserialized root node to add.
+     * @param filter Optional sync filter to track received nodes.
+     * @return Status indicating whether the node was useful, duplicate, or invalid.
+     *
+     * @note This function expects the rootNode to be a valid, deserialized SHAMapTreeNode. The
+     *       caller is responsible for deserialization and basic validation before calling this
+     *       function.
+     */
     SHAMapAddNode
-    addRootNode(SHAMapHash const& hash, Slice const& rootNode, SHAMapSyncFilter* filter);
+    addRootNode(
+        SHAMapHash const& hash,
+        intr_ptr::SharedPtr<SHAMapTreeNode> rootNode,
+        SHAMapSyncFilter const* filter);
+
+    /** Add a known node at a specific position in the SHAMap during synchronization.
+     *
+     * This function is used when receiving nodes from peers during ledger synchronization. The node
+     * is inserted at the position specified by nodeID. The node must already have been
+     * deserialized.
+     *
+     * @param nodeID The position in the tree where this node belongs.
+     * @param treeNode A deserialized tree node to add.
+     * @param filter Optional sync filter to track received nodes.
+     * @return Status indicating whether the node was useful, duplicate, or invalid.
+     *
+     * @note This function expects that the caller has already validated that the nodeID is
+     * consistent with the node's content.
+     */
     SHAMapAddNode
-    addKnownNode(SHAMapNodeID const& nodeID, Slice const& rawNode, SHAMapSyncFilter* filter);
+    addKnownNode(
+        SHAMapNodeID const& nodeID,
+        intr_ptr::SharedPtr<SHAMapTreeNode> treeNode,
+        SHAMapSyncFilter const* filter);
 
     // status functions
     void
@@ -344,11 +380,11 @@ private:
     intr_ptr::SharedPtr<SHAMapTreeNode>
     fetchNodeNT(SHAMapHash const& hash) const;
     intr_ptr::SharedPtr<SHAMapTreeNode>
-    fetchNodeNT(SHAMapHash const& hash, SHAMapSyncFilter* filter) const;
+    fetchNodeNT(SHAMapHash const& hash, SHAMapSyncFilter const* filter) const;
     intr_ptr::SharedPtr<SHAMapTreeNode>
     fetchNode(SHAMapHash const& hash) const;
     intr_ptr::SharedPtr<SHAMapTreeNode>
-    checkFilter(SHAMapHash const& hash, SHAMapSyncFilter* filter) const;
+    checkFilter(SHAMapHash const& hash, SHAMapSyncFilter const* filter) const;
 
     /** Update hashes up to the root */
     void
@@ -420,7 +456,7 @@ private:
     descendAsync(
         SHAMapInnerNode* parent,
         int branch,
-        SHAMapSyncFilter* filter,
+        SHAMapSyncFilter const* filter,
         bool& pending,
         descendCallback&&) const;
 
@@ -429,7 +465,7 @@ private:
         SHAMapInnerNode* parent,
         SHAMapNodeID const& parentID,
         int branch,
-        SHAMapSyncFilter* filter) const;
+        SHAMapSyncFilter const* filter) const;
 
     // Non-storing
     // Does not hook the returned node to its parent

include/xrpl/tx/invariants/InvariantCheck.h

@@ -27,6 +27,33 @@ namespace xrpl {
  * communicate the interface required of any invariant checker. Any invariant
  * check implementation should implement the public methods documented here.
  *
+ * ## Rules for implementing `finalize`
+ *
+ * ### Invariants must run regardless of transaction result
+ *
+ * An invariant's `finalize` method MUST perform meaningful checks even when
+ * the transaction has failed (i.e., `!isTesSuccess(tec)`). The following
+ * pattern is almost certainly wrong and must never be used:
+ *
+ * @code
+ * // WRONG: skipping all checks on failure defeats the purpose of invariants
+ * if (!isTesSuccess(tec))
+ *     return true;
+ * @endcode
+ *
+ * The entire purpose of invariants is to detect and prevent the impossible.
+ * A bug or exploit could cause a failed transaction to mutate ledger state in
+ * unexpected ways. Invariants are the last line of defense against such
+ * scenarios.
+ *
+ * In general: an invariant that expects a domain-specific state change to
+ * occur (e.g., a new object being created) should only expect that change
+ * when the transaction succeeded. A failed VaultCreate must not have created
+ * a Vault. A failed LoanSet must not have created a Loan.
+ *
+ * Also be aware that failed transactions, regardless of type, carry no
+ * Privileges. Any privilege-gated checks must therefore also be applied to
+ * failed transactions.
  */
 class InvariantChecker_PROTOTYPE
 {
@@ -48,7 +75,11 @@ public:
 
     /**
      * @brief called after all ledger entries have been visited to determine
-     * the final status of the check
+     * the final status of the check.
+     *
+     * This method MUST perform meaningful checks even when `tec` indicates a
+     * failed transaction. See the class-level documentation for the rules
+     * governing how failed transactions must be handled.
      *
      * @param tx the transaction being applied
      * @param tec the current TER result of the transaction

include/xrpl/tx/transactors/credentials/CredentialAccept.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialAccept : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialAccept(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/CredentialCreate.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/CredentialDelete.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class CredentialDelete : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit CredentialDelete(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/credentials/Credentials.h

@@ -1,77 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class CredentialCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class CredentialDelete : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialDelete(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class CredentialAccept : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit CredentialAccept(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/dex/AMMHelpers.h

@@ -370,7 +370,7 @@ changeSpotPriceQuality(
     if (!amounts)
     {
         JLOG(j.trace()) << "changeSpotPrice calc failed: " << to_string(pool.in) << " "
-                        << to_string(pool.out) << " " << quality << " " << tfee << std::endl;
+                        << to_string(pool.out) << " " << quality << " " << tfee;
         return std::nullopt;
     }
 

include/xrpl/tx/transactors/did/DIDDelete.h

@@ -4,24 +4,6 @@
 
 namespace xrpl {
 
-class DIDSet : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit DIDSet(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
 class DIDDelete : public Transactor
 {
 public:

include/xrpl/tx/transactors/did/DIDSet.h

@@ -0,0 +1,23 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class DIDSet : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit DIDSet(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/Escrow.h

@@ -1,80 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class EscrowCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit EscrowCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class EscrowFinish : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit EscrowFinish(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static bool
-    checkExtraFeatures(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static NotTEC
-    preflightSigValidated(PreflightContext const& ctx);
-
-    static XRPAmount
-    calculateBaseFee(ReadView const& view, STTx const& tx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-//------------------------------------------------------------------------------
-
-class EscrowCancel : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit EscrowCancel(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowCancel.h

@@ -0,0 +1,26 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowCancel : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit EscrowCancel(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowCreate.h

@@ -0,0 +1,29 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit EscrowCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/escrow/EscrowFinish.h

@@ -0,0 +1,35 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class EscrowFinish : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit EscrowFinish(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static bool
+    checkExtraFeatures(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static NotTEC
+    preflightSigValidated(PreflightContext const& ctx);
+
+    static XRPAmount
+    calculateBaseFee(ReadView const& view, STTx const& tx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChan.h

@@ -1,83 +0,0 @@
-#pragma once
-
-#include <xrpl/tx/Transactor.h>
-
-namespace xrpl {
-
-class PayChanCreate : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit PayChanCreate(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelCreate = PayChanCreate;
-
-//------------------------------------------------------------------------------
-
-class PayChanFund : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
-
-    explicit PayChanFund(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static TxConsequences
-    makeTxConsequences(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelFund = PayChanFund;
-
-//------------------------------------------------------------------------------
-
-class PayChanClaim : public Transactor
-{
-public:
-    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
-
-    explicit PayChanClaim(ApplyContext& ctx) : Transactor(ctx)
-    {
-    }
-
-    static bool
-    checkExtraFeatures(PreflightContext const& ctx);
-
-    static std::uint32_t
-    getFlagsMask(PreflightContext const& ctx);
-
-    static NotTEC
-    preflight(PreflightContext const& ctx);
-
-    static TER
-    preclaim(PreclaimContext const& ctx);
-
-    TER
-    doApply() override;
-};
-
-using PaymentChannelClaim = PayChanClaim;
-
-}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanClaim.h

@@ -0,0 +1,34 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanClaim : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};
+
+    explicit PayChanClaim(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static bool
+    checkExtraFeatures(PreflightContext const& ctx);
+
+    static std::uint32_t
+    getFlagsMask(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelClaim = PayChanClaim;
+
+}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanCreate.h

@@ -0,0 +1,31 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanCreate : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit PayChanCreate(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    static TER
+    preclaim(PreclaimContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelCreate = PayChanCreate;
+
+}  // namespace xrpl

include/xrpl/tx/transactors/payment_channel/PayChanFund.h

@@ -0,0 +1,28 @@
+#pragma once
+
+#include <xrpl/tx/Transactor.h>
+
+namespace xrpl {
+
+class PayChanFund : public Transactor
+{
+public:
+    static constexpr ConsequencesFactoryType ConsequencesFactory{Custom};
+
+    explicit PayChanFund(ApplyContext& ctx) : Transactor(ctx)
+    {
+    }
+
+    static TxConsequences
+    makeTxConsequences(PreflightContext const& ctx);
+
+    static NotTEC
+    preflight(PreflightContext const& ctx);
+
+    TER
+    doApply() override;
+};
+
+using PaymentChannelFund = PayChanFund;
+
+}  // namespace xrpl

sanitizers/suppressions/asan.supp

@@ -1,15 +1,6 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppressions.
 #
 # ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
-#
-# The detect_container_overflow=0 option disables false positives from:
-# - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
-# - Boost context/coroutine stack switching (Workers.cpp, thread.h)
-#
-# See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
-
-# Boost
-interceptor_name:boost/asio
 
 # Leaks in Doctest tests: xrpl.test.*
 interceptor_name:src/libxrpl/net/HTTPClient.cpp

sanitizers/suppressions/lsan.supp

@@ -1,16 +1,5 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
 
-# Suppress leaks detected by asan in rippled code.
-leak:src/libxrpl/net/HTTPClient.cpp
-leak:src/libxrpl/net/RegisterSSLCerts.cpp
-leak:src/tests/libxrpl/net/HTTPClient.cpp
-leak:xrpl/net/AutoSocket.h
-leak:xrpl/net/HTTPClient.h
-leak:xrpl/net/HTTPClientSSLContext.h
-leak:xrpl/net/RegisterSSLCerts.h
-leak:ripple::HTTPClient
-leak:ripple::HTTPClientImp
-
 # Suppress leaks detected by asan in boost code.
 leak:boost::asio
 leak:boost/asio

src/libxrpl/basics/ResolverAsio.cpp

@@ -35,7 +35,6 @@ namespace xrpl {
 template <class Derived>
 class AsyncObject
 {
-protected:
     AsyncObject() : m_pending(0)
     {
     }
@@ -93,6 +92,8 @@ public:
 private:
     // The number of handlers pending.
     std::atomic<int> m_pending;
+
+    friend Derived;
 };
 
 class ResolverAsioImpl : public ResolverAsio, public AsyncObject<ResolverAsioImpl>

src/libxrpl/basics/base64.cpp

@@ -116,6 +116,7 @@ encode(void* dest, void const* src, std::size_t len)
         in += 3;
     }
 
+    // NOLINTNEXTLINE(bugprone-switch-missing-default-case)
     switch (len % 3)
     {
         case 2:
@@ -168,7 +169,7 @@ decode(void* dest, char const* src, std::size_t len)
             break;
         ++in;
         c4[i] = v;
-        if (++i == 4)
+        if (++i; i == 4)
         {
             c3[0] = (c4[0] << 2) + ((c4[1] & 0x30) >> 4);
             c3[1] = ((c4[1] & 0xf) << 4) + ((c4[2] & 0x3c) >> 2);

src/libxrpl/basics/make_SSLContext.cpp

@@ -239,6 +239,7 @@ initAuthenticated(
     {
         boost::system::error_code ec;
 
+        // NOLINTNEXTLINE(bugprone-unused-return-value)
         context.use_certificate_file(cert_file, boost::asio::ssl::context::pem, ec);
 
         if (ec)
@@ -298,6 +299,7 @@ initAuthenticated(
     {
         boost::system::error_code ec;
 
+        // NOLINTNEXTLINE(bugprone-unused-return-value)
         context.use_private_key_file(key_file, boost::asio::ssl::context::pem, ec);
 
         if (ec)

src/libxrpl/beast/core/CurrentThreadName.cpp

@@ -62,7 +62,8 @@ namespace beast::detail {
 inline void
 setCurrentThreadNameImpl(std::string_view name)
 {
-    pthread_setname_np(name.data());
+    // The string is assumed to be null terminated
+    pthread_setname_np(name.data());  // NOLINT(bugprone-suspicious-stringview-data-usage)
 }
 
 }  // namespace beast::detail
@@ -85,7 +86,7 @@ setCurrentThreadNameImpl(std::string_view name)
         sizeof(boundedName),
         "%.*s",
         static_cast<int>(maxThreadNameLength),
-        name.data());
+        name.data());  // NOLINT(bugprone-suspicious-stringview-data-usage)
 
     pthread_setname_np(pthread_self(), boundedName);
 

src/libxrpl/beast/insight/StatsDCollector.cpp

@@ -470,6 +470,7 @@ public:
 
         m_io_context.run();
 
+        // NOLINTNEXTLINE(bugprone-unused-return-value)
         m_socket.shutdown(boost::asio::ip::udp::socket::shutdown_send, ec);
 
         m_socket.close();

src/libxrpl/json/json_reader.cpp

@@ -729,21 +729,18 @@ Reader::decodeUnicodeCodePoint(Token& token, Location& current, Location end, un
 
         unsigned int surrogatePair;
 
-        if (*(current++) == '\\' && *(current++) == 'u')
-        {
-            if (decodeUnicodeEscapeSequence(token, current, end, surrogatePair))
-            {
-                unicode = 0x10000 + ((unicode & 0x3FF) << 10) + (surrogatePair & 0x3FF);
-            }
-            else
-                return false;
-        }
-        else
+        if (*current != '\\' || *(current + 1) != 'u')
             return addError(
-                "expecting another \\u token to begin the second half of a "
-                "unicode surrogate pair",
+                "expecting another \\u token to begin the second half of a unicode surrogate pair",
                 token,
                 current);
+
+        current += 2;  // skip two characters checked above
+
+        if (!decodeUnicodeEscapeSequence(token, current, end, surrogatePair))
+            return false;
+
+        unicode = 0x10000 + ((unicode & 0x3FF) << 10) + (surrogatePair & 0x3FF);
     }
 
     return true;

src/libxrpl/json/json_writer.cpp

@@ -319,7 +319,7 @@ StyledWriter::writeValue(Value const& value)
                     document_ += " : ";
                     writeValue(childValue);
 
-                    if (++it == members.end())
+                    if (++it; it == members.end())
                         break;
 
                     document_ += ",";

src/libxrpl/ledger/BookDirs.cpp

@@ -74,8 +74,10 @@ BookDirs::const_iterator::operator++()
     XRPL_ASSERT(index_ != zero, "xrpl::BookDirs::const_iterator::operator++ : nonzero index");
     if (!cdirNext(*view_, cur_key_, sle_, entry_, index_))
     {
-        if (index_ != 0 ||
-            (cur_key_ = view_->succ(++cur_key_, next_quality_).value_or(zero)) == zero)
+        if (index_ == 0)
+            cur_key_ = view_->succ(++cur_key_, next_quality_).value_or(zero);
+
+        if (index_ != 0 || cur_key_ == zero)
         {
             cur_key_ = key_;
             entry_ = 0;
@@ -84,9 +86,7 @@ BookDirs::const_iterator::operator++()
         else if (!cdirFirst(*view_, cur_key_, sle_, entry_, index_))
         {
             // LCOV_EXCL_START
-            UNREACHABLE(
-                "xrpl::BookDirs::const_iterator::operator++ : directory is "
-                "empty");
+            UNREACHABLE("xrpl::BookDirs::const_iterator::operator++ : directory is empty");
             // LCOV_EXCL_STOP
         }
     }

src/libxrpl/ledger/View.cpp

@@ -2333,7 +2333,6 @@ accountSendMultiIOU(
     if (auto stream = j.trace())
     {
         std::string sender_bal("-");
-        std::string receiver_bal("-");
 
         if (sender)
             sender_bal = sender->getFieldAmount(sfBalance).getFullText();

src/libxrpl/net/HTTPClient.cpp

@@ -26,6 +26,12 @@ HTTPClient::initializeSSLContext(
     httpClientSSLContext.emplace(sslVerifyDir, sslVerifyFile, sslVerify, j);
 }
 
+void
+HTTPClient::cleanupSSLContext()
+{
+    httpClientSSLContext.reset();
+}
+
 //------------------------------------------------------------------------------
 //
 // Fetch a web page via http or https.

src/libxrpl/net/RegisterSSLCerts.cpp

@@ -79,6 +79,7 @@ registerSSLCerts(boost::asio::ssl::context& ctx, boost::system::error_code& ec,
     SSL_CTX_set_cert_store(ctx.native_handle(), store.release());
 
 #else
+    // NOLINTNEXTLINE(bugprone-unused-return-value)
     ctx.set_default_verify_paths(ec);
 #endif
 }

src/libxrpl/protocol/BuildInfo.cpp

@@ -3,6 +3,7 @@
 #include <xrpl/beast/core/SemanticVersion.h>
 #include <xrpl/git/Git.h>
 #include <xrpl/protocol/BuildInfo.h>
+#include <xrpl/protocol/SystemParameters.h>
 
 #include <boost/preprocessor/stringize.hpp>
 
@@ -80,7 +81,7 @@ getVersionString()
 std::string const&
 getFullVersionString()
 {
-    static std::string const value = "rippled-" + getVersionString();
+    static std::string const value = systemName() + "-" + getVersionString();
     return value;
 }
 

src/libxrpl/protocol/Feature.cpp

@@ -395,10 +395,20 @@ featureToName(uint256 const& f)
 #pragma push_macro("XRPL_RETIRE_FIX")
 #undef XRPL_RETIRE_FIX
 
+consteval auto
+enforceValidFeatureName(auto fn) -> char const*
+{
+    static_assert(validFeatureName(fn), "Invalid feature name");
+    static_assert(validFeatureNameSize(fn), "Invalid feature name size");
+    return fn();
+}
+
 #define XRPL_FEATURE(name, supported, vote) \
-    uint256 const feature##name = registerFeature(#name, supported, vote);
+    uint256 const feature##name =           \
+        registerFeature(enforceValidFeatureName([] { return #name; }), supported, vote);
 #define XRPL_FIX(name, supported, vote) \
-    uint256 const fix##name = registerFeature("fix" #name, supported, vote);
+    uint256 const fix##name =           \
+        registerFeature(enforceValidFeatureName([] { return "fix" #name; }), supported, vote);
 
 // clang-format off
 #define XRPL_RETIRE_FEATURE(name)                                       \

src/libxrpl/protocol/Permissions.cpp

@@ -86,7 +86,7 @@ Permission::getPermissionName(std::uint32_t const value) const
 {
     auto const permissionValue = static_cast<GranularPermissionType>(value);
     if (auto const granular = getGranularName(permissionValue))
-        return *granular;
+        return granular;
 
     // not a granular permission, check if it maps to a transaction type
     auto const txType = permissionToTxType(value);

src/libxrpl/protocol/STBase.cpp

@@ -23,6 +23,9 @@ STBase::STBase(SField const& n) : fName(&n)
 STBase&
 STBase::operator=(STBase const& t)
 {
+    if (this == &t)
+        return *this;
+
     if (!fName->isUseful())
         fName = t.fName;
     return *this;

src/libxrpl/protocol/STTx.cpp

@@ -351,7 +351,7 @@ STTx::getMetaSQL(std::uint32_t inLedger, std::string const& escapedMetaData) con
 {
     Serializer s;
     add(s);
-    return getMetaSQL(s, inLedger, txnSqlValidated, escapedMetaData);
+    return getMetaSQL(s, inLedger, TxnSql::txnSqlValidated, escapedMetaData);
 }
 
 // VFALCO This could be a free function elsewhere
@@ -359,7 +359,7 @@ std::string
 STTx::getMetaSQL(
     Serializer rawTxn,
     std::uint32_t inLedger,
-    char status,
+    TxnSql status,
     std::string const& escapedMetaData) const
 {
     static boost::format bfTrans("('%s', '%s', '%s', '%d', '%d', '%c', %s, %s)");
@@ -370,8 +370,8 @@ STTx::getMetaSQL(
 
     return str(
         boost::format(bfTrans) % to_string(getTransactionID()) % format->getName() %
-        toBase58(getAccountID(sfAccount)) % getFieldU32(sfSequence) % inLedger % status % rTxn %
-        escapedMetaData);
+        toBase58(getAccountID(sfAccount)) % getFieldU32(sfSequence) % inLedger %
+        safe_cast<char>(status) % rTxn % escapedMetaData);
 }
 
 static Expected<void, std::string>

src/libxrpl/resource/Consumer.cpp

@@ -39,6 +39,9 @@ Consumer::~Consumer()
 Consumer&
 Consumer::operator=(Consumer const& other)
 {
+    if (this == &other)
+        return *this;
+
     // remove old ref
     if (m_logic && m_entry)
         m_logic->release(*m_entry);

src/libxrpl/server/JSONRPCUtil.cpp

@@ -68,6 +68,7 @@ HTTPReply(int nStatus, std::string const& content, Json::Output const& output, b
         return;
     }
 
+    // NOLINTNEXTLINE(bugprone-switch-missing-default-case)
     switch (nStatus)
     {
         case 200:

src/libxrpl/shamap/SHAMap.cpp

@@ -178,7 +178,7 @@ SHAMap::finishFetch(SHAMapHash const& hash, std::shared_ptr<NodeObject> const& o
 
 // See if a sync filter has a node
 intr_ptr::SharedPtr<SHAMapTreeNode>
-SHAMap::checkFilter(SHAMapHash const& hash, SHAMapSyncFilter* filter) const
+SHAMap::checkFilter(SHAMapHash const& hash, SHAMapSyncFilter const* filter) const
 {
     if (auto nodeData = filter->getNode(hash))
     {
@@ -204,7 +204,7 @@ SHAMap::checkFilter(SHAMapHash const& hash, SHAMapSyncFilter* filter) const
 // Get a node without throwing
 // Used on maps where missing nodes are expected
 intr_ptr::SharedPtr<SHAMapTreeNode>
-SHAMap::fetchNodeNT(SHAMapHash const& hash, SHAMapSyncFilter* filter) const
+SHAMap::fetchNodeNT(SHAMapHash const& hash, SHAMapSyncFilter const* filter) const
 {
     auto node = cacheLookup(hash);
     if (node)
@@ -317,7 +317,7 @@ SHAMap::descend(
     SHAMapInnerNode* parent,
     SHAMapNodeID const& parentID,
     int branch,
-    SHAMapSyncFilter* filter) const
+    SHAMapSyncFilter const* filter) const
 {
     XRPL_ASSERT(parent->isInner(), "xrpl::SHAMap::descend : valid parent input");
     XRPL_ASSERT(
@@ -346,7 +346,7 @@ SHAMapTreeNode*
 SHAMap::descendAsync(
     SHAMapInnerNode* parent,
     int branch,
-    SHAMapSyncFilter* filter,
+    SHAMapSyncFilter const* filter,
     bool& pending,
     descendCallback&& callback) const
 {

src/libxrpl/shamap/SHAMapNodeID.cpp

@@ -118,7 +118,9 @@ selectBranch(SHAMapNodeID const& id, uint256 const& hash)
 SHAMapNodeID
 SHAMapNodeID::createID(int depth, uint256 const& key)
 {
-    XRPL_ASSERT((depth >= 0) && (depth < 65), "xrpl::SHAMapNodeID::createID : valid branch input");
+    XRPL_ASSERT(
+        depth >= 0 && depth <= SHAMap::leafDepth,
+        "xrpl::SHAMapNodeID::createID : valid branch input");
     return SHAMapNodeID(depth, key & depthMask(depth));
 }
 

src/libxrpl/shamap/SHAMapSync.cpp

@@ -386,7 +386,7 @@ SHAMap::getMissingNodes(int max, SHAMapSyncFilter* filter)
 bool
 SHAMap::getNodeFat(
     SHAMapNodeID const& wanted,
-    std::vector<std::pair<SHAMapNodeID, Blob>>& data,
+    std::vector<std::tuple<SHAMapNodeID, Blob, bool>>& data,
     bool fatLeaves,
     std::uint32_t depth) const
 {
@@ -432,7 +432,7 @@ SHAMap::getNodeFat(
         // Add this node to the reply
         s.erase();
         node->serializeForWire(s);
-        data.emplace_back(std::make_pair(nodeID, s.getData()));
+        data.emplace_back(std::make_tuple(nodeID, s.getData(), node->isLeaf()));
 
         if (node->isInner())
         {
@@ -462,7 +462,8 @@ SHAMap::getNodeFat(
                             // Just include this node
                             s.erase();
                             childNode->serializeForWire(s);
-                            data.emplace_back(std::make_pair(childID, s.getData()));
+                            data.emplace_back(
+                                std::make_tuple(childID, s.getData(), childNode->isLeaf()));
                         }
                     }
                 }
@@ -480,8 +481,18 @@ SHAMap::serializeRoot(Serializer& s) const
 }
 
 SHAMapAddNode
-SHAMap::addRootNode(SHAMapHash const& hash, Slice const& rootNode, SHAMapSyncFilter* filter)
+SHAMap::addRootNode(
+    SHAMapHash const& hash,
+    intr_ptr::SharedPtr<SHAMapTreeNode> rootNode,
+    SHAMapSyncFilter const* filter)
 {
+    XRPL_ASSERT(rootNode, "xrpl::SHAMap::addRootNode : non-null root node");
+    if (!rootNode)
+    {
+        JLOG(journal_.error()) << "Null node received";
+        return SHAMapAddNode::invalid();
+    }
+
     // we already have a root_ node
     if (root_->getHash().isNonZero())
     {
@@ -491,14 +502,16 @@ SHAMap::addRootNode(SHAMapHash const& hash, Slice const& rootNode, SHAMapSyncFil
     }
 
     XRPL_ASSERT(cowid_ >= 1, "xrpl::SHAMap::addRootNode : valid cowid");
-    auto node = SHAMapTreeNode::makeFromWire(rootNode);
-    if (!node || node->getHash() != hash)
+    if (rootNode->getHash() != hash)
+    {
+        JLOG(journal_.warn()) << "Corrupt node received";
         return SHAMapAddNode::invalid();
+    }
 
     if (backed_)
-        canonicalize(hash, node);
+        canonicalize(hash, rootNode);
 
-    root_ = node;
+    root_ = std::move(rootNode);
 
     if (root_->isLeaf())
         clearSynching();
@@ -515,9 +528,18 @@ SHAMap::addRootNode(SHAMapHash const& hash, Slice const& rootNode, SHAMapSyncFil
 }
 
 SHAMapAddNode
-SHAMap::addKnownNode(SHAMapNodeID const& node, Slice const& rawNode, SHAMapSyncFilter* filter)
+SHAMap::addKnownNode(
+    SHAMapNodeID const& nodeID,
+    intr_ptr::SharedPtr<SHAMapTreeNode> treeNode,
+    SHAMapSyncFilter const* filter)
 {
-    XRPL_ASSERT(!node.isRoot(), "xrpl::SHAMap::addKnownNode : valid node input");
+    XRPL_ASSERT(!nodeID.isRoot(), "xrpl::SHAMap::addKnownNode : valid node input");
+    XRPL_ASSERT(treeNode, "xrpl::SHAMap::addKnownNode : non-null tree node");
+    if (!treeNode)
+    {
+        JLOG(journal_.error()) << "Null node received";
+        return SHAMapAddNode::invalid();
+    }
 
     if (!isSynching())
     {
@@ -531,14 +553,14 @@ SHAMap::addKnownNode(SHAMapNodeID const& node, Slice const& rawNode, SHAMapSyncF
 
     while (currNode->isInner() &&
            !static_cast<SHAMapInnerNode*>(currNode)->isFullBelow(generation) &&
-           (currNodeID.getDepth() < node.getDepth()))
+           (currNodeID.getDepth() < nodeID.getDepth()))
     {
-        int const branch = selectBranch(currNodeID, node.getNodeID());
+        int const branch = selectBranch(currNodeID, nodeID.getNodeID());
         XRPL_ASSERT(branch >= 0, "xrpl::SHAMap::addKnownNode : valid branch");
         auto inner = static_cast<SHAMapInnerNode*>(currNode);
         if (inner->isEmptyBranch(branch))
         {
-            JLOG(journal_.warn()) << "Add known node for empty branch" << node;
+            JLOG(journal_.warn()) << "Add known node for empty branch" << nodeID;
             return SHAMapAddNode::invalid();
         }
 
@@ -554,67 +576,44 @@ SHAMap::addKnownNode(SHAMapNodeID const& node, Slice const& rawNode, SHAMapSyncF
         if (currNode != nullptr)
             continue;
 
-        auto newNode = SHAMapTreeNode::makeFromWire(rawNode);
-
-        if (!newNode || childHash != newNode->getHash())
+        if (childHash != treeNode->getHash())
         {
             JLOG(journal_.warn()) << "Corrupt node received";
             return SHAMapAddNode::invalid();
         }
 
-        // In rare cases, a node can still be corrupt even after hash
-        // validation. For leaf nodes, we perform an additional check to
-        // ensure the node's position in the tree is consistent with its
-        // content to prevent inconsistencies that could
-        // propagate further down the line.
-        if (newNode->isLeaf())
-        {
-            auto const& actualKey =
-                static_cast<SHAMapLeafNode const*>(newNode.get())->peekItem()->key();
-
-            // Validate that this leaf belongs at the target position
-            auto const expectedNodeID = SHAMapNodeID::createID(node.getDepth(), actualKey);
-            if (expectedNodeID.getNodeID() != node.getNodeID())
-            {
-                JLOG(journal_.debug())
-                    << "Leaf node position mismatch: "
-                    << "expected=" << expectedNodeID.getNodeID() << ", actual=" << node.getNodeID();
-                return SHAMapAddNode::invalid();
-            }
-        }
-
         // Inner nodes must be at a level strictly less than 64
         // but leaf nodes (while notionally at level 64) can be
         // at any depth up to and including 64:
         if ((currNodeID.getDepth() > leafDepth) ||
-            (newNode->isInner() && currNodeID.getDepth() == leafDepth))
+            (treeNode->isInner() && currNodeID.getDepth() == leafDepth))
         {
             // Map is provably invalid
             state_ = SHAMapState::Invalid;
             return SHAMapAddNode::useful();
         }
 
-        if (currNodeID != node)
+        if (currNodeID != nodeID)
         {
             // Either this node is broken or we didn't request it (yet)
-            JLOG(journal_.warn()) << "unable to hook node " << node;
+            JLOG(journal_.warn()) << "unable to hook node " << nodeID;
             JLOG(journal_.info()) << " stuck at " << currNodeID;
-            JLOG(journal_.info()) << "got depth=" << node.getDepth()
+            JLOG(journal_.info()) << "got depth=" << nodeID.getDepth()
                                   << ", walked to= " << currNodeID.getDepth();
             return SHAMapAddNode::useful();
         }
 
         if (backed_)
-            canonicalize(childHash, newNode);
+            canonicalize(childHash, treeNode);
 
-        newNode = prevNode->canonicalizeChild(branch, std::move(newNode));
+        treeNode = prevNode->canonicalizeChild(branch, std::move(treeNode));
 
         if (filter)
         {
             Serializer s;
-            newNode->serializeWithPrefix(s);
+            treeNode->serializeWithPrefix(s);
             filter->gotNode(
-                false, childHash, ledgerSeq_, std::move(s.modData()), newNode->getType());
+                false, childHash, ledgerSeq_, std::move(s.modData()), treeNode->getType());
         }
 
         return SHAMapAddNode::useful();

src/libxrpl/tx/invariants/InvariantCheck.cpp

@@ -488,8 +488,9 @@ AccountRootsDeletedClean::finalize(
                 return false;
         }
         // Simple types
-        for (auto const& [keyletfunc, _, __] : directAccountKeylets)
+        for (auto const& [keyletfunc, _1, _2] : directAccountKeylets)
         {
+            // TODO: use '_' for both unused variables above once we are in C++26
             if (objectExists(std::invoke(keyletfunc, accountID)) && enforce)
                 return false;
         }

src/libxrpl/tx/transactors/account/DeleteAccount.cpp

@@ -1,5 +1,4 @@
 #include <xrpl/basics/Log.h>
-#include <xrpl/basics/mulDiv.h>
 #include <xrpl/beast/utility/instrumentation.h>
 #include <xrpl/ledger/CredentialHelpers.h>
 #include <xrpl/ledger/View.h>
@@ -11,7 +10,7 @@
 #include <xrpl/tx/transactors/account/DeleteAccount.h>
 #include <xrpl/tx/transactors/account/SetSignerList.h>
 #include <xrpl/tx/transactors/delegate/DelegateSet.h>
-#include <xrpl/tx/transactors/did/DID.h>
+#include <xrpl/tx/transactors/did/DIDDelete.h>
 #include <xrpl/tx/transactors/nft/NFTokenUtils.h>
 #include <xrpl/tx/transactors/oracle/DeleteOracle.h>
 #include <xrpl/tx/transactors/payment/DepositPreauth.h>

src/libxrpl/tx/transactors/account/SetAccount.cpp

@@ -491,7 +491,7 @@ SetAccount::doApply()
 
         if (messageKey.empty())
         {
-            JLOG(j_.debug()) << "set message key";
+            JLOG(j_.debug()) << "clear message key";
             sle->makeFieldAbsent(sfMessageKey);
         }
         else

src/libxrpl/tx/transactors/bridge/XChainBridge.cpp

@@ -868,7 +868,13 @@ applyClaimAttestations(
         XChainClaimAttestations curAtts{sleClaimID->getFieldArray(sfXChainClaimAttestations)};
 
         auto const newAttResult = onNewAttestations(
-            curAtts, view, &atts[0], &atts[0] + atts.size(), quorum, signersList, j);
+            curAtts,
+            view,
+            &atts[0],
+            &atts[0] + atts.size(),  // NOLINT(bugprone-pointer-arithmetic-on-polymorphic-object)
+            quorum,
+            signersList,
+            j);
 
         // update the claim id
         sleClaimID->setFieldArray(sfXChainClaimAttestations, curAtts.toSTArray());
@@ -1026,7 +1032,13 @@ applyCreateAccountAttestations(
         }();
 
         auto const newAttResult = onNewAttestations(
-            curAtts, view, &atts[0], &atts[0] + atts.size(), quorum, signersList, j);
+            curAtts,
+            view,
+            &atts[0],
+            &atts[0] + atts.size(),  // NOLINT(bugprone-pointer-arithmetic-on-polymorphic-object)
+            quorum,
+            signersList,
+            j);
 
         if (!createCID)
         {

src/libxrpl/tx/transactors/check/CancelCheck.cpp

@@ -25,15 +25,11 @@ CancelCheck::preclaim(PreclaimContext const& ctx)
         return tecNO_ENTRY;
     }
 
-    using duration = NetClock::duration;
-    using timepoint = NetClock::time_point;
-    auto const optExpiry = (*sleCheck)[~sfExpiration];
-
     // Expiration is defined in terms of the close time of the parent
     // ledger, because we definitively know the time that it closed but
     // we do not know the closing time of the ledger that is under
     // construction.
-    if (!optExpiry || (ctx.view.parentCloseTime() < timepoint{duration{*optExpiry}}))
+    if (!hasExpired(ctx.view, (*sleCheck)[~sfExpiration]))
     {
         // If the check is not yet expired, then only the creator or the
         // destination may cancel the check.

src/libxrpl/tx/transactors/credentials/CredentialAccept.cpp

@@ -0,0 +1,113 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CredentialHelpers.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/credentials/CredentialAccept.h>
+
+#include <chrono>
+
+namespace xrpl {
+
+using namespace credentials;
+
+std::uint32_t
+CredentialAccept::getFlagsMask(PreflightContext const& ctx)
+{
+    // 0 means "Allow any flags"
+    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
+}
+
+NotTEC
+CredentialAccept::preflight(PreflightContext const& ctx)
+{
+    if (!ctx.tx[sfIssuer])
+    {
+        JLOG(ctx.j.trace()) << "Malformed transaction: Issuer field zeroed.";
+        return temINVALID_ACCOUNT_ID;
+    }
+
+    auto const credType = ctx.tx[sfCredentialType];
+    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
+    {
+        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";
+        return temMALFORMED;
+    }
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialAccept::preclaim(PreclaimContext const& ctx)
+{
+    AccountID const subject = ctx.tx[sfAccount];
+    AccountID const issuer = ctx.tx[sfIssuer];
+    auto const credType(ctx.tx[sfCredentialType]);
+
+    if (!ctx.view.exists(keylet::account(issuer)))
+    {
+        JLOG(ctx.j.warn()) << "No issuer: " << to_string(issuer);
+        return tecNO_ISSUER;
+    }
+
+    auto const sleCred = ctx.view.read(keylet::credential(subject, issuer, credType));
+    if (!sleCred)
+    {
+        JLOG(ctx.j.warn()) << "No credential: " << to_string(subject) << ", " << to_string(issuer)
+                           << ", " << credType;
+        return tecNO_ENTRY;
+    }
+
+    if (sleCred->getFieldU32(sfFlags) & lsfAccepted)
+    {
+        JLOG(ctx.j.warn()) << "Credential already accepted: " << to_string(subject) << ", "
+                           << to_string(issuer) << ", " << credType;
+        return tecDUPLICATE;
+    }
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialAccept::doApply()
+{
+    AccountID const issuer{ctx_.tx[sfIssuer]};
+
+    // Both exist as credential object exist itself (checked in preclaim)
+    auto const sleSubject = view().peek(keylet::account(account_));
+    auto const sleIssuer = view().peek(keylet::account(issuer));
+
+    if (!sleSubject || !sleIssuer)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    {
+        STAmount const reserve{
+            view().fees().accountReserve(sleSubject->getFieldU32(sfOwnerCount) + 1)};
+        if (mPriorBalance < reserve)
+            return tecINSUFFICIENT_RESERVE;
+    }
+
+    auto const credType(ctx_.tx[sfCredentialType]);
+    Keylet const credentialKey = keylet::credential(account_, issuer, credType);
+    auto const sleCred = view().peek(credentialKey);  // Checked in preclaim()
+
+    if (checkExpired(sleCred, view().header().parentCloseTime))
+    {
+        JLOG(j_.trace()) << "Credential is expired: " << sleCred->getText();
+        // delete expired credentials even if the transaction failed
+        auto const err = credentials::deleteSLE(view(), sleCred, j_);
+        return isTesSuccess(err) ? tecEXPIRED : err;
+    }
+
+    sleCred->setFieldU32(sfFlags, lsfAccepted);
+    view().update(sleCred);
+
+    adjustOwnerCount(view(), sleIssuer, -1, j_);
+    adjustOwnerCount(view(), sleSubject, 1, j_);
+
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/credentials/CredentialCreate.cpp

@@ -0,0 +1,164 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CredentialHelpers.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/credentials/CredentialCreate.h>
+
+#include <chrono>
+
+namespace xrpl {
+
+/*
+    Credentials
+    ======
+
+   A verifiable credentials (VC
+   https://en.wikipedia.org/wiki/Verifiable_credentials), as defined by the W3C
+   specification (https://www.w3.org/TR/vc-data-model-2.0/), is a
+   secure and tamper-evident way to represent information about a subject, such
+   as an individual, organization, or even an IoT device. These credentials are
+   issued by a trusted entity and can be verified by third parties without
+   directly involving the issuer at all.
+*/
+
+using namespace credentials;
+
+std::uint32_t
+CredentialCreate::getFlagsMask(PreflightContext const& ctx)
+{
+    // 0 means "Allow any flags"
+    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
+}
+
+NotTEC
+CredentialCreate::preflight(PreflightContext const& ctx)
+{
+    auto const& tx = ctx.tx;
+    auto& j = ctx.j;
+
+    if (!tx[sfSubject])
+    {
+        JLOG(j.trace()) << "Malformed transaction: Invalid Subject";
+        return temMALFORMED;
+    }
+
+    auto const uri = tx[~sfURI];
+    if (uri && (uri->empty() || (uri->size() > maxCredentialURILength)))
+    {
+        JLOG(j.trace()) << "Malformed transaction: invalid size of URI.";
+        return temMALFORMED;
+    }
+
+    auto const credType = tx[sfCredentialType];
+    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
+    {
+        JLOG(j.trace()) << "Malformed transaction: invalid size of CredentialType.";
+        return temMALFORMED;
+    }
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialCreate::preclaim(PreclaimContext const& ctx)
+{
+    auto const credType(ctx.tx[sfCredentialType]);
+    auto const subject = ctx.tx[sfSubject];
+
+    if (!ctx.view.exists(keylet::account(subject)))
+    {
+        JLOG(ctx.j.trace()) << "Subject doesn't exist.";
+        return tecNO_TARGET;
+    }
+
+    if (ctx.view.exists(keylet::credential(subject, ctx.tx[sfAccount], credType)))
+    {
+        JLOG(ctx.j.trace()) << "Credential already exists.";
+        return tecDUPLICATE;
+    }
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialCreate::doApply()
+{
+    auto const subject = ctx_.tx[sfSubject];
+    auto const credType(ctx_.tx[sfCredentialType]);
+    Keylet const credentialKey = keylet::credential(subject, account_, credType);
+
+    auto const sleCred = std::make_shared<SLE>(credentialKey);
+    if (!sleCred)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    auto const optExp = ctx_.tx[~sfExpiration];
+    if (optExp)
+    {
+        std::uint32_t const closeTime =
+            ctx_.view().header().parentCloseTime.time_since_epoch().count();
+
+        if (closeTime > *optExp)
+        {
+            JLOG(j_.trace()) << "Malformed transaction: "
+                                "Expiration time is in the past.";
+            return tecEXPIRED;
+        }
+
+        sleCred->setFieldU32(sfExpiration, *optExp);
+    }
+
+    auto const sleIssuer = view().peek(keylet::account(account_));
+    if (!sleIssuer)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    {
+        STAmount const reserve{
+            view().fees().accountReserve(sleIssuer->getFieldU32(sfOwnerCount) + 1)};
+        if (mPriorBalance < reserve)
+            return tecINSUFFICIENT_RESERVE;
+    }
+
+    sleCred->setAccountID(sfSubject, subject);
+    sleCred->setAccountID(sfIssuer, account_);
+    sleCred->setFieldVL(sfCredentialType, credType);
+
+    if (ctx_.tx.isFieldPresent(sfURI))
+        sleCred->setFieldVL(sfURI, ctx_.tx.getFieldVL(sfURI));
+
+    {
+        auto const page =
+            view().dirInsert(keylet::ownerDir(account_), credentialKey, describeOwnerDir(account_));
+        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key)
+                         << ": " << (page ? "success" : "failure");
+        if (!page)
+            return tecDIR_FULL;
+        sleCred->setFieldU64(sfIssuerNode, *page);
+
+        adjustOwnerCount(view(), sleIssuer, 1, j_);
+    }
+
+    if (subject == account_)
+    {
+        sleCred->setFieldU32(sfFlags, lsfAccepted);
+    }
+    else
+    {
+        auto const page =
+            view().dirInsert(keylet::ownerDir(subject), credentialKey, describeOwnerDir(subject));
+        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key)
+                         << ": " << (page ? "success" : "failure");
+        if (!page)
+            return tecDIR_FULL;
+        sleCred->setFieldU64(sfSubjectNode, *page);
+        view().update(view().peek(keylet::account(subject)));
+    }
+
+    view().insert(sleCred);
+
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/credentials/CredentialDelete.cpp

@@ -0,0 +1,90 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CredentialHelpers.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/credentials/CredentialDelete.h>
+
+#include <chrono>
+
+namespace xrpl {
+
+using namespace credentials;
+
+std::uint32_t
+CredentialDelete::getFlagsMask(PreflightContext const& ctx)
+{
+    // 0 means "Allow any flags"
+    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
+}
+
+NotTEC
+CredentialDelete::preflight(PreflightContext const& ctx)
+{
+    auto const subject = ctx.tx[~sfSubject];
+    auto const issuer = ctx.tx[~sfIssuer];
+
+    if (!subject && !issuer)
+    {
+        // Neither field is present, the transaction is malformed.
+        JLOG(ctx.j.trace()) << "Malformed transaction: "
+                               "No Subject or Issuer fields.";
+        return temMALFORMED;
+    }
+
+    // Make sure that the passed account is valid.
+    if ((subject && subject->isZero()) || (issuer && issuer->isZero()))
+    {
+        JLOG(ctx.j.trace()) << "Malformed transaction: Subject or Issuer "
+                               "field zeroed.";
+        return temINVALID_ACCOUNT_ID;
+    }
+
+    auto const credType = ctx.tx[sfCredentialType];
+    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
+    {
+        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";
+        return temMALFORMED;
+    }
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialDelete::preclaim(PreclaimContext const& ctx)
+{
+    AccountID const account{ctx.tx[sfAccount]};
+    auto const subject = ctx.tx[~sfSubject].value_or(account);
+    auto const issuer = ctx.tx[~sfIssuer].value_or(account);
+    auto const credType(ctx.tx[sfCredentialType]);
+
+    if (!ctx.view.exists(keylet::credential(subject, issuer, credType)))
+        return tecNO_ENTRY;
+
+    return tesSUCCESS;
+}
+
+TER
+CredentialDelete::doApply()
+{
+    auto const subject = ctx_.tx[~sfSubject].value_or(account_);
+    auto const issuer = ctx_.tx[~sfIssuer].value_or(account_);
+
+    auto const credType(ctx_.tx[sfCredentialType]);
+    auto const sleCred = view().peek(keylet::credential(subject, issuer, credType));
+    if (!sleCred)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    if ((subject != account_) && (issuer != account_) &&
+        !checkExpired(sleCred, ctx_.view().header().parentCloseTime))
+    {
+        JLOG(j_.trace()) << "Can't delete non-expired credential.";
+        return tecNO_PERMISSION;
+    }
+
+    return deleteSLE(view(), sleCred, j_);
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/credentials/Credentials.cpp

@@ -1,341 +0,0 @@
-#include <xrpl/basics/Log.h>
-#include <xrpl/ledger/ApplyView.h>
-#include <xrpl/ledger/CredentialHelpers.h>
-#include <xrpl/ledger/View.h>
-#include <xrpl/protocol/Feature.h>
-#include <xrpl/protocol/Indexes.h>
-#include <xrpl/protocol/TxFlags.h>
-#include <xrpl/tx/transactors/credentials/Credentials.h>
-
-#include <chrono>
-
-namespace xrpl {
-
-/*
-    Credentials
-    ======
-
-   A verifiable credentials (VC
-   https://en.wikipedia.org/wiki/Verifiable_credentials), as defined by the W3C
-   specification (https://www.w3.org/TR/vc-data-model-2.0/), is a
-   secure and tamper-evident way to represent information about a subject, such
-   as an individual, organization, or even an IoT device. These credentials are
-   issued by a trusted entity and can be verified by third parties without
-   directly involving the issuer at all.
-*/
-
-using namespace credentials;
-
-// ------- CREATE --------------------------
-
-std::uint32_t
-CredentialCreate::getFlagsMask(PreflightContext const& ctx)
-{
-    // 0 means "Allow any flags"
-    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
-}
-
-NotTEC
-CredentialCreate::preflight(PreflightContext const& ctx)
-{
-    auto const& tx = ctx.tx;
-    auto& j = ctx.j;
-
-    if (!tx[sfSubject])
-    {
-        JLOG(j.trace()) << "Malformed transaction: Invalid Subject";
-        return temMALFORMED;
-    }
-
-    auto const uri = tx[~sfURI];
-    if (uri && (uri->empty() || (uri->size() > maxCredentialURILength)))
-    {
-        JLOG(j.trace()) << "Malformed transaction: invalid size of URI.";
-        return temMALFORMED;
-    }
-
-    auto const credType = tx[sfCredentialType];
-    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
-    {
-        JLOG(j.trace()) << "Malformed transaction: invalid size of CredentialType.";
-        return temMALFORMED;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialCreate::preclaim(PreclaimContext const& ctx)
-{
-    auto const credType(ctx.tx[sfCredentialType]);
-    auto const subject = ctx.tx[sfSubject];
-
-    if (!ctx.view.exists(keylet::account(subject)))
-    {
-        JLOG(ctx.j.trace()) << "Subject doesn't exist.";
-        return tecNO_TARGET;
-    }
-
-    if (ctx.view.exists(keylet::credential(subject, ctx.tx[sfAccount], credType)))
-    {
-        JLOG(ctx.j.trace()) << "Credential already exists.";
-        return tecDUPLICATE;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialCreate::doApply()
-{
-    auto const subject = ctx_.tx[sfSubject];
-    auto const credType(ctx_.tx[sfCredentialType]);
-    Keylet const credentialKey = keylet::credential(subject, account_, credType);
-
-    auto const sleCred = std::make_shared<SLE>(credentialKey);
-    if (!sleCred)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    auto const optExp = ctx_.tx[~sfExpiration];
-    if (optExp)
-    {
-        std::uint32_t const closeTime =
-            ctx_.view().header().parentCloseTime.time_since_epoch().count();
-
-        if (closeTime > *optExp)
-        {
-            JLOG(j_.trace()) << "Malformed transaction: "
-                                "Expiration time is in the past.";
-            return tecEXPIRED;
-        }
-
-        sleCred->setFieldU32(sfExpiration, ctx_.tx.getFieldU32(sfExpiration));
-    }
-
-    auto const sleIssuer = view().peek(keylet::account(account_));
-    if (!sleIssuer)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    {
-        STAmount const reserve{
-            view().fees().accountReserve(sleIssuer->getFieldU32(sfOwnerCount) + 1)};
-        if (mPriorBalance < reserve)
-            return tecINSUFFICIENT_RESERVE;
-    }
-
-    sleCred->setAccountID(sfSubject, subject);
-    sleCred->setAccountID(sfIssuer, account_);
-    sleCred->setFieldVL(sfCredentialType, credType);
-
-    if (ctx_.tx.isFieldPresent(sfURI))
-        sleCred->setFieldVL(sfURI, ctx_.tx.getFieldVL(sfURI));
-
-    {
-        auto const page =
-            view().dirInsert(keylet::ownerDir(account_), credentialKey, describeOwnerDir(account_));
-        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key)
-                         << ": " << (page ? "success" : "failure");
-        if (!page)
-            return tecDIR_FULL;
-        sleCred->setFieldU64(sfIssuerNode, *page);
-
-        adjustOwnerCount(view(), sleIssuer, 1, j_);
-    }
-
-    if (subject == account_)
-    {
-        sleCred->setFieldU32(sfFlags, lsfAccepted);
-    }
-    else
-    {
-        auto const page =
-            view().dirInsert(keylet::ownerDir(subject), credentialKey, describeOwnerDir(subject));
-        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key)
-                         << ": " << (page ? "success" : "failure");
-        if (!page)
-            return tecDIR_FULL;
-        sleCred->setFieldU64(sfSubjectNode, *page);
-        view().update(view().peek(keylet::account(subject)));
-    }
-
-    view().insert(sleCred);
-
-    return tesSUCCESS;
-}
-
-// ------- DELETE --------------------------
-
-std::uint32_t
-CredentialDelete::getFlagsMask(PreflightContext const& ctx)
-{
-    // 0 means "Allow any flags"
-    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
-}
-
-NotTEC
-CredentialDelete::preflight(PreflightContext const& ctx)
-{
-    auto const subject = ctx.tx[~sfSubject];
-    auto const issuer = ctx.tx[~sfIssuer];
-
-    if (!subject && !issuer)
-    {
-        // Neither field is present, the transaction is malformed.
-        JLOG(ctx.j.trace()) << "Malformed transaction: "
-                               "No Subject or Issuer fields.";
-        return temMALFORMED;
-    }
-
-    // Make sure that the passed account is valid.
-    if ((subject && subject->isZero()) || (issuer && issuer->isZero()))
-    {
-        JLOG(ctx.j.trace()) << "Malformed transaction: Subject or Issuer "
-                               "field zeroed.";
-        return temINVALID_ACCOUNT_ID;
-    }
-
-    auto const credType = ctx.tx[sfCredentialType];
-    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
-    {
-        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";
-        return temMALFORMED;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialDelete::preclaim(PreclaimContext const& ctx)
-{
-    AccountID const account{ctx.tx[sfAccount]};
-    auto const subject = ctx.tx[~sfSubject].value_or(account);
-    auto const issuer = ctx.tx[~sfIssuer].value_or(account);
-    auto const credType(ctx.tx[sfCredentialType]);
-
-    if (!ctx.view.exists(keylet::credential(subject, issuer, credType)))
-        return tecNO_ENTRY;
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialDelete::doApply()
-{
-    auto const subject = ctx_.tx[~sfSubject].value_or(account_);
-    auto const issuer = ctx_.tx[~sfIssuer].value_or(account_);
-
-    auto const credType(ctx_.tx[sfCredentialType]);
-    auto const sleCred = view().peek(keylet::credential(subject, issuer, credType));
-    if (!sleCred)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    if ((subject != account_) && (issuer != account_) &&
-        !checkExpired(sleCred, ctx_.view().header().parentCloseTime))
-    {
-        JLOG(j_.trace()) << "Can't delete non-expired credential.";
-        return tecNO_PERMISSION;
-    }
-
-    return deleteSLE(view(), sleCred, j_);
-}
-
-// ------- APPLY --------------------------
-
-std::uint32_t
-CredentialAccept::getFlagsMask(PreflightContext const& ctx)
-{
-    // 0 means "Allow any flags"
-    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;
-}
-
-NotTEC
-CredentialAccept::preflight(PreflightContext const& ctx)
-{
-    if (!ctx.tx[sfIssuer])
-    {
-        JLOG(ctx.j.trace()) << "Malformed transaction: Issuer field zeroed.";
-        return temINVALID_ACCOUNT_ID;
-    }
-
-    auto const credType = ctx.tx[sfCredentialType];
-    if (credType.empty() || (credType.size() > maxCredentialTypeLength))
-    {
-        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";
-        return temMALFORMED;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialAccept::preclaim(PreclaimContext const& ctx)
-{
-    AccountID const subject = ctx.tx[sfAccount];
-    AccountID const issuer = ctx.tx[sfIssuer];
-    auto const credType(ctx.tx[sfCredentialType]);
-
-    if (!ctx.view.exists(keylet::account(issuer)))
-    {
-        JLOG(ctx.j.warn()) << "No issuer: " << to_string(issuer);
-        return tecNO_ISSUER;
-    }
-
-    auto const sleCred = ctx.view.read(keylet::credential(subject, issuer, credType));
-    if (!sleCred)
-    {
-        JLOG(ctx.j.warn()) << "No credential: " << to_string(subject) << ", " << to_string(issuer)
-                           << ", " << credType;
-        return tecNO_ENTRY;
-    }
-
-    if (sleCred->getFieldU32(sfFlags) & lsfAccepted)
-    {
-        JLOG(ctx.j.warn()) << "Credential already accepted: " << to_string(subject) << ", "
-                           << to_string(issuer) << ", " << credType;
-        return tecDUPLICATE;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-CredentialAccept::doApply()
-{
-    AccountID const issuer{ctx_.tx[sfIssuer]};
-
-    // Both exist as credential object exist itself (checked in preclaim)
-    auto const sleSubject = view().peek(keylet::account(account_));
-    auto const sleIssuer = view().peek(keylet::account(issuer));
-
-    if (!sleSubject || !sleIssuer)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    {
-        STAmount const reserve{
-            view().fees().accountReserve(sleSubject->getFieldU32(sfOwnerCount) + 1)};
-        if (mPriorBalance < reserve)
-            return tecINSUFFICIENT_RESERVE;
-    }
-
-    auto const credType(ctx_.tx[sfCredentialType]);
-    Keylet const credentialKey = keylet::credential(account_, issuer, credType);
-    auto const sleCred = view().peek(credentialKey);  // Checked in preclaim()
-
-    if (checkExpired(sleCred, view().header().parentCloseTime))
-    {
-        JLOG(j_.trace()) << "Credential is expired: " << sleCred->getText();
-        // delete expired credentials even if the transaction failed
-        auto const err = credentials::deleteSLE(view(), sleCred, j_);
-        return isTesSuccess(err) ? tecEXPIRED : err;
-    }
-
-    sleCred->setFieldU32(sfFlags, lsfAccepted);
-    view().update(sleCred);
-
-    adjustOwnerCount(view(), sleIssuer, -1, j_);
-    adjustOwnerCount(view(), sleSubject, 1, j_);
-
-    return tesSUCCESS;
-}
-
-}  // namespace xrpl

src/libxrpl/tx/transactors/dex/AMMDeposit.cpp

@@ -17,7 +17,6 @@ AMMDeposit::checkExtraFeatures(PreflightContext const& ctx)
 
 std::uint32_t
 AMMDeposit::getFlagsMask(PreflightContext const& ctx)
-
 {
     return tfAMMDepositMask;
 }

src/libxrpl/tx/transactors/dex/AMMWithdraw.cpp

@@ -676,7 +676,7 @@ AMMWithdraw::equalWithdrawTokens(
     STAmount const& lpTokens,
     STAmount const& lpTokensWithdraw,
     std::uint16_t tfee,
-    FreezeHandling freezeHanding,
+    FreezeHandling freezeHandling,
     WithdrawAll withdrawAll,
     XRPAmount const& priorBalance,
     beast::Journal const& journal)
@@ -697,7 +697,7 @@ AMMWithdraw::equalWithdrawTokens(
                 lptAMMBalance,
                 lpTokensWithdraw,
                 tfee,
-                freezeHanding,
+                freezeHandling,
                 WithdrawAll::Yes,
                 priorBalance,
                 journal);
@@ -731,7 +731,7 @@ AMMWithdraw::equalWithdrawTokens(
             lptAMMBalance,
             tokensAdj,
             tfee,
-            freezeHanding,
+            freezeHandling,
             withdrawAll,
             priorBalance,
             journal);

src/libxrpl/tx/transactors/dex/CreateOffer.cpp

@@ -214,8 +214,10 @@ CreateOffer::checkAcceptAsset(
         return (flags & tapRETRY) ? TER{terNO_ACCOUNT} : TER{tecNO_ISSUER};
     }
 
+    // An account cannot create a trustline to itself, so no line can exist
+    // to be frozen. Additionally, an issuer can always accept its own
+    // issuance.
     if (issue.account == id)
-        // An account can always accept its own issuance.
         return tesSUCCESS;
 
     if ((*issuerAccount)[sfFlags] & lsfRequireAuth)
@@ -242,14 +244,6 @@ CreateOffer::checkAcceptAsset(
         }
     }
 
-    // An account can not create a trustline to itself, so no line can exist
-    // to be frozen. Additionally, an issuer can always accept its own
-    // issuance.
-    if (issue.account == id)
-    {
-        return tesSUCCESS;
-    }
-
     auto const trustLine = view.read(keylet::line(id, issue.account, issue.currency));
 
     if (!trustLine)

src/libxrpl/tx/transactors/did/DIDDelete.cpp

@@ -0,0 +1,59 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/tx/transactors/did/DIDDelete.h>
+
+namespace xrpl {
+
+NotTEC
+DIDDelete::preflight(PreflightContext const& ctx)
+{
+    return tesSUCCESS;
+}
+
+TER
+DIDDelete::deleteSLE(ApplyContext& ctx, Keylet sleKeylet, AccountID const owner)
+{
+    auto const sle = ctx.view().peek(sleKeylet);
+    if (!sle)
+        return tecNO_ENTRY;
+
+    return DIDDelete::deleteSLE(ctx.view(), sle, owner, ctx.journal);
+}
+
+TER
+DIDDelete::deleteSLE(
+    ApplyView& view,
+    std::shared_ptr<SLE> sle,
+    AccountID const owner,
+    beast::Journal j)
+{
+    // Remove object from owner directory
+    if (!view.dirRemove(keylet::ownerDir(owner), (*sle)[sfOwnerNode], sle->key(), true))
+    {
+        // LCOV_EXCL_START
+        JLOG(j.fatal()) << "Unable to delete DID Token from owner.";
+        return tefBAD_LEDGER;
+        // LCOV_EXCL_STOP
+    }
+
+    auto const sleOwner = view.peek(keylet::account(owner));
+    if (!sleOwner)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    adjustOwnerCount(view, sleOwner, -1, j);
+    view.update(sleOwner);
+
+    // Remove object from ledger
+    view.erase(sle);
+    return tesSUCCESS;
+}
+
+TER
+DIDDelete::doApply()
+{
+    return deleteSLE(ctx_, keylet::did(account_), account_);
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/did/DIDSet.cpp

@@ -4,7 +4,7 @@
 #include <xrpl/protocol/Feature.h>
 #include <xrpl/protocol/Indexes.h>
 #include <xrpl/protocol/TxFlags.h>
-#include <xrpl/tx/transactors/did/DID.h>
+#include <xrpl/tx/transactors/did/DIDSet.h>
 
 namespace xrpl {
 
@@ -134,54 +134,4 @@ DIDSet::doApply()
     return addSLE(ctx_, sleDID, account_);
 }
 
-NotTEC
-DIDDelete::preflight(PreflightContext const& ctx)
-{
-    return tesSUCCESS;
-}
-
-TER
-DIDDelete::deleteSLE(ApplyContext& ctx, Keylet sleKeylet, AccountID const owner)
-{
-    auto const sle = ctx.view().peek(sleKeylet);
-    if (!sle)
-        return tecNO_ENTRY;
-
-    return DIDDelete::deleteSLE(ctx.view(), sle, owner, ctx.journal);
-}
-
-TER
-DIDDelete::deleteSLE(
-    ApplyView& view,
-    std::shared_ptr<SLE> sle,
-    AccountID const owner,
-    beast::Journal j)
-{
-    // Remove object from owner directory
-    if (!view.dirRemove(keylet::ownerDir(owner), (*sle)[sfOwnerNode], sle->key(), true))
-    {
-        // LCOV_EXCL_START
-        JLOG(j.fatal()) << "Unable to delete DID Token from owner.";
-        return tefBAD_LEDGER;
-        // LCOV_EXCL_STOP
-    }
-
-    auto const sleOwner = view.peek(keylet::account(owner));
-    if (!sleOwner)
-        return tecINTERNAL;  // LCOV_EXCL_LINE
-
-    adjustOwnerCount(view, sleOwner, -1, j);
-    view.update(sleOwner);
-
-    // Remove object from ledger
-    view.erase(sle);
-    return tesSUCCESS;
-}
-
-TER
-DIDDelete::doApply()
-{
-    return deleteSLE(ctx_, keylet::did(account_), account_);
-}
-
 }  // namespace xrpl

src/libxrpl/tx/transactors/escrow/EscrowCancel.cpp

@@ -0,0 +1,201 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/tx/transactors/escrow/EscrowCancel.h>
+
+#include <libxrpl/tx/transactors/escrow/EscrowHelpers.h>
+
+namespace xrpl {
+
+NotTEC
+EscrowCancel::preflight(PreflightContext const& ctx)
+{
+    return tesSUCCESS;
+}
+
+template <ValidIssueType T>
+static TER
+escrowCancelPreclaimHelper(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    STAmount const& amount);
+
+template <>
+TER
+escrowCancelPreclaimHelper<Issue>(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the account, return tecINTERNAL
+    if (issuer == account)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    // If the issuer has requireAuth set, check if the account is authorized
+    if (auto const ter = requireAuth(ctx.view, amount.issue(), account); ter != tesSUCCESS)
+        return ter;
+
+    return tesSUCCESS;
+}
+
+template <>
+TER
+escrowCancelPreclaimHelper<MPTIssue>(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the account, return tecINTERNAL
+    if (issuer == account)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    // If the mpt does not exist, return tecOBJECT_NOT_FOUND
+    auto const issuanceKey = keylet::mptIssuance(amount.get<MPTIssue>().getMptID());
+    auto const sleIssuance = ctx.view.read(issuanceKey);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+
+    // If the issuer has requireAuth set, check if the account is
+    // authorized
+    auto const& mptIssue = amount.get<MPTIssue>();
+    if (auto const ter = requireAuth(ctx.view, mptIssue, account, AuthType::WeakAuth);
+        ter != tesSUCCESS)
+        return ter;
+
+    return tesSUCCESS;
+}
+
+TER
+EscrowCancel::preclaim(PreclaimContext const& ctx)
+{
+    if (ctx.view.rules().enabled(featureTokenEscrow))
+    {
+        auto const k = keylet::escrow(ctx.tx[sfOwner], ctx.tx[sfOfferSequence]);
+        auto const slep = ctx.view.read(k);
+        if (!slep)
+            return tecNO_TARGET;
+
+        AccountID const account = (*slep)[sfAccount];
+        STAmount const amount = (*slep)[sfAmount];
+
+        if (!isXRP(amount))
+        {
+            if (auto const ret = std::visit(
+                    [&]<typename T>(T const&) {
+                        return escrowCancelPreclaimHelper<T>(ctx, account, amount);
+                    },
+                    amount.asset().value());
+                !isTesSuccess(ret))
+                return ret;
+        }
+    }
+    return tesSUCCESS;
+}
+
+TER
+EscrowCancel::doApply()
+{
+    auto const k = keylet::escrow(ctx_.tx[sfOwner], ctx_.tx[sfOfferSequence]);
+    auto const slep = ctx_.view().peek(k);
+    if (!slep)
+    {
+        if (ctx_.view().rules().enabled(featureTokenEscrow))
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+
+        return tecNO_TARGET;
+    }
+
+    auto const now = ctx_.view().header().parentCloseTime;
+
+    // No cancel time specified: can't execute at all.
+    if (!(*slep)[~sfCancelAfter])
+        return tecNO_PERMISSION;
+
+    // Too soon: can't execute before the cancel time.
+    if (!after(now, (*slep)[sfCancelAfter]))
+        return tecNO_PERMISSION;
+
+    AccountID const account = (*slep)[sfAccount];
+
+    // Remove escrow from owner directory
+    {
+        auto const page = (*slep)[sfOwnerNode];
+        if (!ctx_.view().dirRemove(keylet::ownerDir(account), page, k.key, true))
+        {
+            // LCOV_EXCL_START
+            JLOG(j_.fatal()) << "Unable to delete Escrow from owner.";
+            return tefBAD_LEDGER;
+            // LCOV_EXCL_STOP
+        }
+    }
+
+    // Remove escrow from recipient's owner directory, if present.
+    if (auto const optPage = (*slep)[~sfDestinationNode]; optPage)
+    {
+        if (!ctx_.view().dirRemove(keylet::ownerDir((*slep)[sfDestination]), *optPage, k.key, true))
+        {
+            // LCOV_EXCL_START
+            JLOG(j_.fatal()) << "Unable to delete Escrow from recipient.";
+            return tefBAD_LEDGER;
+            // LCOV_EXCL_STOP
+        }
+    }
+
+    auto const sle = ctx_.view().peek(keylet::account(account));
+    STAmount const amount = slep->getFieldAmount(sfAmount);
+
+    // Transfer amount back to the owner
+    if (isXRP(amount))
+        (*sle)[sfBalance] = (*sle)[sfBalance] + amount;
+    else
+    {
+        if (!ctx_.view().rules().enabled(featureTokenEscrow))
+            return temDISABLED;  // LCOV_EXCL_LINE
+
+        auto const issuer = amount.getIssuer();
+        bool const createAsset = account == account_;
+        if (auto const ret = std::visit(
+                [&]<typename T>(T const&) {
+                    return escrowUnlockApplyHelper<T>(
+                        ctx_.view(),
+                        parityRate,
+                        slep,
+                        mPriorBalance,
+                        amount,
+                        issuer,
+                        account,  // sender and receiver are the same
+                        account,
+                        createAsset,
+                        j_);
+                },
+                amount.asset().value());
+            !isTesSuccess(ret))
+            return ret;  // LCOV_EXCL_LINE
+
+        // Remove escrow from issuers owner directory, if present.
+        if (auto const optPage = (*slep)[~sfIssuerNode]; optPage)
+        {
+            if (!ctx_.view().dirRemove(keylet::ownerDir(issuer), *optPage, k.key, true))
+            {
+                // LCOV_EXCL_START
+                JLOG(j_.fatal()) << "Unable to delete Escrow from recipient.";
+                return tefBAD_LEDGER;
+                // LCOV_EXCL_STOP
+            }
+        }
+    }
+
+    adjustOwnerCount(ctx_.view(), sle, -1, ctx_.journal);
+    ctx_.view().update(sle);
+
+    // Remove escrow from ledger
+    ctx_.view().erase(slep);
+
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/escrow/EscrowCreate.cpp

@@ -0,0 +1,498 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/basics/chrono.h>
+#include <xrpl/conditions/Condition.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/MPTAmount.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/protocol/XRPAmount.h>
+#include <xrpl/tx/transactors/escrow/EscrowCreate.h>
+
+namespace xrpl {
+
+/*
+    Escrow
+    ======
+
+    Escrow is a feature of the XRP Ledger that allows you to send conditional
+    XRP payments. These conditional payments, called escrows, set aside XRP and
+    deliver it later when certain conditions are met. Conditions to successfully
+    finish an escrow include time-based unlocks and crypto-conditions. Escrows
+    can also be set to expire if not finished in time.
+
+    The XRP set aside in an escrow is locked up. No one can use or destroy the
+    XRP until the escrow has been successfully finished or canceled. Before the
+    expiration time, only the intended receiver can get the XRP. After the
+    expiration time, the XRP can only be returned to the sender.
+
+    For more details on escrow, including examples, diagrams and more please
+    visit https://xrpl.org/escrow.html
+
+    For details on specific transactions, including fields and validation rules
+    please see:
+
+    `EscrowCreate`
+    --------------
+        See: https://xrpl.org/escrowcreate.html
+
+    `EscrowFinish`
+    --------------
+        See: https://xrpl.org/escrowfinish.html
+
+    `EscrowCancel`
+    --------------
+        See: https://xrpl.org/escrowcancel.html
+*/
+
+//------------------------------------------------------------------------------
+
+TxConsequences
+EscrowCreate::makeTxConsequences(PreflightContext const& ctx)
+{
+    auto const amount = ctx.tx[sfAmount];
+    return TxConsequences{ctx.tx, isXRP(amount) ? amount.xrp() : beast::zero};
+}
+
+template <ValidIssueType T>
+static NotTEC
+escrowCreatePreflightHelper(PreflightContext const& ctx);
+
+template <>
+NotTEC
+escrowCreatePreflightHelper<Issue>(PreflightContext const& ctx)
+{
+    STAmount const amount = ctx.tx[sfAmount];
+    if (amount.native() || amount <= beast::zero)
+        return temBAD_AMOUNT;
+
+    if (badCurrency() == amount.getCurrency())
+        return temBAD_CURRENCY;
+
+    return tesSUCCESS;
+}
+
+template <>
+NotTEC
+escrowCreatePreflightHelper<MPTIssue>(PreflightContext const& ctx)
+{
+    if (!ctx.rules.enabled(featureMPTokensV1))
+        return temDISABLED;
+
+    auto const amount = ctx.tx[sfAmount];
+    if (amount.native() || amount.mpt() > MPTAmount{maxMPTokenAmount} || amount <= beast::zero)
+        return temBAD_AMOUNT;
+
+    return tesSUCCESS;
+}
+
+NotTEC
+EscrowCreate::preflight(PreflightContext const& ctx)
+{
+    STAmount const amount{ctx.tx[sfAmount]};
+    if (!isXRP(amount))
+    {
+        if (!ctx.rules.enabled(featureTokenEscrow))
+            return temBAD_AMOUNT;
+
+        if (auto const ret = std::visit(
+                [&]<typename T>(T const&) { return escrowCreatePreflightHelper<T>(ctx); },
+                amount.asset().value());
+            !isTesSuccess(ret))
+            return ret;
+    }
+    else
+    {
+        if (amount <= beast::zero)
+            return temBAD_AMOUNT;
+    }
+
+    // We must specify at least one timeout value
+    if (!ctx.tx[~sfCancelAfter] && !ctx.tx[~sfFinishAfter])
+        return temBAD_EXPIRATION;
+
+    // If both finish and cancel times are specified then the cancel time must
+    // be strictly after the finish time.
+    if (ctx.tx[~sfCancelAfter] && ctx.tx[~sfFinishAfter] &&
+        ctx.tx[sfCancelAfter] <= ctx.tx[sfFinishAfter])
+        return temBAD_EXPIRATION;
+
+    // In the absence of a FinishAfter, the escrow can be finished
+    // immediately, which can be confusing. When creating an escrow,
+    // we want to ensure that either a FinishAfter time is explicitly
+    // specified or a completion condition is attached.
+    if (!ctx.tx[~sfFinishAfter] && !ctx.tx[~sfCondition])
+        return temMALFORMED;
+
+    if (auto const cb = ctx.tx[~sfCondition])
+    {
+        using namespace xrpl::cryptoconditions;
+
+        std::error_code ec;
+
+        auto condition = Condition::deserialize(*cb, ec);
+        if (!condition)
+        {
+            JLOG(ctx.j.debug()) << "Malformed condition during escrow creation: " << ec.message();
+            return temMALFORMED;
+        }
+    }
+
+    return tesSUCCESS;
+}
+
+template <ValidIssueType T>
+static TER
+escrowCreatePreclaimHelper(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    AccountID const& dest,
+    STAmount const& amount);
+
+template <>
+TER
+escrowCreatePreclaimHelper<Issue>(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    AccountID const& dest,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the account, return tecNO_PERMISSION
+    if (issuer == account)
+        return tecNO_PERMISSION;
+
+    // If the lsfAllowTrustLineLocking is not enabled, return tecNO_PERMISSION
+    auto const sleIssuer = ctx.view.read(keylet::account(issuer));
+    if (!sleIssuer)
+        return tecNO_ISSUER;
+    if (!sleIssuer->isFlag(lsfAllowTrustLineLocking))
+        return tecNO_PERMISSION;
+
+    // If the account does not have a trustline to the issuer, return tecNO_LINE
+    auto const sleRippleState = ctx.view.read(keylet::line(account, issuer, amount.getCurrency()));
+    if (!sleRippleState)
+        return tecNO_LINE;
+
+    STAmount const balance = (*sleRippleState)[sfBalance];
+
+    // If balance is positive, issuer must have higher address than account
+    if (balance > beast::zero && issuer < account)
+        return tecNO_PERMISSION;  // LCOV_EXCL_LINE
+
+    // If balance is negative, issuer must have lower address than account
+    if (balance < beast::zero && issuer > account)
+        return tecNO_PERMISSION;  // LCOV_EXCL_LINE
+
+    // If the issuer has requireAuth set, check if the account is authorized
+    if (auto const ter = requireAuth(ctx.view, amount.issue(), account); ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has requireAuth set, check if the destination is authorized
+    if (auto const ter = requireAuth(ctx.view, amount.issue(), dest); ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has frozen the account, return tecFROZEN
+    if (isFrozen(ctx.view, account, amount.issue()))
+        return tecFROZEN;
+
+    // If the issuer has frozen the destination, return tecFROZEN
+    if (isFrozen(ctx.view, dest, amount.issue()))
+        return tecFROZEN;
+
+    STAmount const spendableAmount =
+        accountHolds(ctx.view, account, amount.getCurrency(), issuer, fhIGNORE_FREEZE, ctx.j);
+
+    // If the balance is less than or equal to 0, return tecINSUFFICIENT_FUNDS
+    if (spendableAmount <= beast::zero)
+        return tecINSUFFICIENT_FUNDS;
+
+    // If the spendable amount is less than the amount, return
+    // tecINSUFFICIENT_FUNDS
+    if (spendableAmount < amount)
+        return tecINSUFFICIENT_FUNDS;
+
+    // If the amount is not addable to the balance, return tecPRECISION_LOSS
+    if (!canAdd(spendableAmount, amount))
+        return tecPRECISION_LOSS;
+
+    return tesSUCCESS;
+}
+
+template <>
+TER
+escrowCreatePreclaimHelper<MPTIssue>(
+    PreclaimContext const& ctx,
+    AccountID const& account,
+    AccountID const& dest,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the account, return tecNO_PERMISSION
+    if (issuer == account)
+        return tecNO_PERMISSION;
+
+    // If the mpt does not exist, return tecOBJECT_NOT_FOUND
+    auto const issuanceKey = keylet::mptIssuance(amount.get<MPTIssue>().getMptID());
+    auto const sleIssuance = ctx.view.read(issuanceKey);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+
+    // If the lsfMPTCanEscrow is not enabled, return tecNO_PERMISSION
+    if (!sleIssuance->isFlag(lsfMPTCanEscrow))
+        return tecNO_PERMISSION;
+
+    // If the issuer is not the same as the issuer of the mpt, return
+    // tecNO_PERMISSION
+    if (sleIssuance->getAccountID(sfIssuer) != issuer)
+        return tecNO_PERMISSION;  // LCOV_EXCL_LINE
+
+    // If the account does not have the mpt, return tecOBJECT_NOT_FOUND
+    if (!ctx.view.exists(keylet::mptoken(issuanceKey.key, account)))
+        return tecOBJECT_NOT_FOUND;
+
+    // If the issuer has requireAuth set, check if the account is
+    // authorized
+    auto const& mptIssue = amount.get<MPTIssue>();
+    if (auto const ter = requireAuth(ctx.view, mptIssue, account, AuthType::WeakAuth);
+        ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has requireAuth set, check if the destination is
+    // authorized
+    if (auto const ter = requireAuth(ctx.view, mptIssue, dest, AuthType::WeakAuth);
+        ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has frozen the account, return tecLOCKED
+    if (isFrozen(ctx.view, account, mptIssue))
+        return tecLOCKED;
+
+    // If the issuer has frozen the destination, return tecLOCKED
+    if (isFrozen(ctx.view, dest, mptIssue))
+        return tecLOCKED;
+
+    // If the mpt cannot be transferred, return tecNO_AUTH
+    if (auto const ter = canTransfer(ctx.view, mptIssue, account, dest); ter != tesSUCCESS)
+        return ter;
+
+    STAmount const spendableAmount = accountHolds(
+        ctx.view, account, amount.get<MPTIssue>(), fhIGNORE_FREEZE, ahIGNORE_AUTH, ctx.j);
+
+    // If the balance is less than or equal to 0, return tecINSUFFICIENT_FUNDS
+    if (spendableAmount <= beast::zero)
+        return tecINSUFFICIENT_FUNDS;
+
+    // If the spendable amount is less than the amount, return
+    // tecINSUFFICIENT_FUNDS
+    if (spendableAmount < amount)
+        return tecINSUFFICIENT_FUNDS;
+
+    return tesSUCCESS;
+}
+
+TER
+EscrowCreate::preclaim(PreclaimContext const& ctx)
+{
+    STAmount const amount{ctx.tx[sfAmount]};
+    AccountID const account{ctx.tx[sfAccount]};
+    AccountID const dest{ctx.tx[sfDestination]};
+
+    auto const sled = ctx.view.read(keylet::account(dest));
+    if (!sled)
+        return tecNO_DST;
+
+    // Pseudo-accounts cannot receive escrow. Note, this is not amendment-gated
+    // because all writes to pseudo-account discriminator fields **are**
+    // amendment gated, hence the behaviour of this check will always match the
+    // currently active amendments.
+    if (isPseudoAccount(sled))
+        return tecNO_PERMISSION;
+
+    if (!isXRP(amount))
+    {
+        if (!ctx.view.rules().enabled(featureTokenEscrow))
+            return temDISABLED;  // LCOV_EXCL_LINE
+
+        if (auto const ret = std::visit(
+                [&]<typename T>(T const&) {
+                    return escrowCreatePreclaimHelper<T>(ctx, account, dest, amount);
+                },
+                amount.asset().value());
+            !isTesSuccess(ret))
+            return ret;
+    }
+    return tesSUCCESS;
+}
+
+template <ValidIssueType T>
+static TER
+escrowLockApplyHelper(
+    ApplyView& view,
+    AccountID const& issuer,
+    AccountID const& sender,
+    STAmount const& amount,
+    beast::Journal journal);
+
+template <>
+TER
+escrowLockApplyHelper<Issue>(
+    ApplyView& view,
+    AccountID const& issuer,
+    AccountID const& sender,
+    STAmount const& amount,
+    beast::Journal journal)
+{
+    // Defensive: Issuer cannot create an escrow
+    if (issuer == sender)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    auto const ter = rippleCredit(
+        view, sender, issuer, amount, amount.holds<MPTIssue>() ? false : true, journal);
+    if (ter != tesSUCCESS)
+        return ter;  // LCOV_EXCL_LINE
+    return tesSUCCESS;
+}
+
+template <>
+TER
+escrowLockApplyHelper<MPTIssue>(
+    ApplyView& view,
+    AccountID const& issuer,
+    AccountID const& sender,
+    STAmount const& amount,
+    beast::Journal journal)
+{
+    // Defensive: Issuer cannot create an escrow
+    if (issuer == sender)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    auto const ter = rippleLockEscrowMPT(view, sender, amount, journal);
+    if (ter != tesSUCCESS)
+        return ter;  // LCOV_EXCL_LINE
+    return tesSUCCESS;
+}
+
+TER
+EscrowCreate::doApply()
+{
+    auto const closeTime = ctx_.view().header().parentCloseTime;
+
+    if (ctx_.tx[~sfCancelAfter] && after(closeTime, ctx_.tx[sfCancelAfter]))
+        return tecNO_PERMISSION;
+
+    if (ctx_.tx[~sfFinishAfter] && after(closeTime, ctx_.tx[sfFinishAfter]))
+        return tecNO_PERMISSION;
+
+    auto const sle = ctx_.view().peek(keylet::account(account_));
+    if (!sle)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    // Check reserve and funds availability
+    STAmount const amount{ctx_.tx[sfAmount]};
+
+    auto const reserve = ctx_.view().fees().accountReserve((*sle)[sfOwnerCount] + 1);
+
+    if (mSourceBalance < reserve)
+        return tecINSUFFICIENT_RESERVE;
+
+    // Check reserve and funds availability
+    if (isXRP(amount))
+    {
+        if (mSourceBalance < reserve + STAmount(amount).xrp())
+            return tecUNFUNDED;
+    }
+
+    // Check destination account
+    {
+        auto const sled = ctx_.view().read(keylet::account(ctx_.tx[sfDestination]));
+        if (!sled)
+            return tecNO_DST;  // LCOV_EXCL_LINE
+        if (((*sled)[sfFlags] & lsfRequireDestTag) && !ctx_.tx[~sfDestinationTag])
+            return tecDST_TAG_NEEDED;
+    }
+
+    // Create escrow in ledger.  Note that we we use the value from the
+    // sequence or ticket.  For more explanation see comments in SeqProxy.h.
+    Keylet const escrowKeylet = keylet::escrow(account_, ctx_.tx.getSeqValue());
+    auto const slep = std::make_shared<SLE>(escrowKeylet);
+    (*slep)[sfAmount] = amount;
+    (*slep)[sfAccount] = account_;
+    (*slep)[~sfCondition] = ctx_.tx[~sfCondition];
+    (*slep)[~sfSourceTag] = ctx_.tx[~sfSourceTag];
+    (*slep)[sfDestination] = ctx_.tx[sfDestination];
+    (*slep)[~sfCancelAfter] = ctx_.tx[~sfCancelAfter];
+    (*slep)[~sfFinishAfter] = ctx_.tx[~sfFinishAfter];
+    (*slep)[~sfDestinationTag] = ctx_.tx[~sfDestinationTag];
+
+    if (ctx_.view().rules().enabled(fixIncludeKeyletFields))
+    {
+        (*slep)[sfSequence] = ctx_.tx.getSeqValue();
+    }
+
+    if (ctx_.view().rules().enabled(featureTokenEscrow) && !isXRP(amount))
+    {
+        auto const xferRate = transferRate(ctx_.view(), amount);
+        if (xferRate != parityRate)
+            (*slep)[sfTransferRate] = xferRate.value;
+    }
+
+    ctx_.view().insert(slep);
+
+    // Add escrow to sender's owner directory
+    {
+        auto page = ctx_.view().dirInsert(
+            keylet::ownerDir(account_), escrowKeylet, describeOwnerDir(account_));
+        if (!page)
+            return tecDIR_FULL;  // LCOV_EXCL_LINE
+        (*slep)[sfOwnerNode] = *page;
+    }
+
+    // If it's not a self-send, add escrow to recipient's owner directory.
+    AccountID const dest = ctx_.tx[sfDestination];
+    if (dest != account_)
+    {
+        auto page =
+            ctx_.view().dirInsert(keylet::ownerDir(dest), escrowKeylet, describeOwnerDir(dest));
+        if (!page)
+            return tecDIR_FULL;  // LCOV_EXCL_LINE
+        (*slep)[sfDestinationNode] = *page;
+    }
+
+    // IOU escrow objects are added to the issuer's owner directory to help
+    // track the total locked balance. For MPT, this isn't necessary because the
+    // locked balance is already stored directly in the MPTokenIssuance object.
+    AccountID const issuer = amount.getIssuer();
+    if (!isXRP(amount) && issuer != account_ && issuer != dest && !amount.holds<MPTIssue>())
+    {
+        auto page =
+            ctx_.view().dirInsert(keylet::ownerDir(issuer), escrowKeylet, describeOwnerDir(issuer));
+        if (!page)
+            return tecDIR_FULL;  // LCOV_EXCL_LINE
+        (*slep)[sfIssuerNode] = *page;
+    }
+
+    // Deduct owner's balance
+    if (isXRP(amount))
+        (*sle)[sfBalance] = (*sle)[sfBalance] - amount;
+    else
+    {
+        if (auto const ret = std::visit(
+                [&]<typename T>(T const&) {
+                    return escrowLockApplyHelper<T>(ctx_.view(), issuer, account_, amount, j_);
+                },
+                amount.asset().value());
+            !isTesSuccess(ret))
+        {
+            return ret;  // LCOV_EXCL_LINE
+        }
+    }
+
+    // increment owner count
+    adjustOwnerCount(ctx_.view(), sle, 1, ctx_.journal);
+    ctx_.view().update(sle);
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/escrow/EscrowFinish.cpp

@@ -0,0 +1,372 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/basics/chrono.h>
+#include <xrpl/conditions/Condition.h>
+#include <xrpl/conditions/Fulfillment.h>
+#include <xrpl/core/HashRouter.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CredentialHelpers.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/protocol/XRPAmount.h>
+#include <xrpl/tx/transactors/escrow/EscrowFinish.h>
+
+#include <libxrpl/tx/transactors/escrow/EscrowHelpers.h>
+
+namespace xrpl {
+
+// During an EscrowFinish, the transaction must specify both
+// a condition and a fulfillment. We track whether that
+// fulfillment matches and validates the condition.
+constexpr HashRouterFlags SF_CF_INVALID = HashRouterFlags::PRIVATE5;
+constexpr HashRouterFlags SF_CF_VALID = HashRouterFlags::PRIVATE6;
+
+//------------------------------------------------------------------------------
+
+static bool
+checkCondition(Slice f, Slice c)
+{
+    using namespace xrpl::cryptoconditions;
+
+    std::error_code ec;
+
+    auto condition = Condition::deserialize(c, ec);
+    if (!condition)
+        return false;
+
+    auto fulfillment = Fulfillment::deserialize(f, ec);
+    if (!fulfillment)
+        return false;
+
+    return validate(*fulfillment, *condition);
+}
+
+bool
+EscrowFinish::checkExtraFeatures(PreflightContext const& ctx)
+{
+    return !ctx.tx.isFieldPresent(sfCredentialIDs) || ctx.rules.enabled(featureCredentials);
+}
+
+NotTEC
+EscrowFinish::preflight(PreflightContext const& ctx)
+{
+    auto const cb = ctx.tx[~sfCondition];
+    auto const fb = ctx.tx[~sfFulfillment];
+
+    // If you specify a condition, then you must also specify
+    // a fulfillment.
+    if (static_cast<bool>(cb) != static_cast<bool>(fb))
+        return temMALFORMED;
+
+    return tesSUCCESS;
+}
+
+NotTEC
+EscrowFinish::preflightSigValidated(PreflightContext const& ctx)
+{
+    auto const cb = ctx.tx[~sfCondition];
+    auto const fb = ctx.tx[~sfFulfillment];
+
+    if (cb && fb)
+    {
+        auto& router = ctx.registry.getHashRouter();
+
+        auto const id = ctx.tx.getTransactionID();
+        auto const flags = router.getFlags(id);
+
+        // If we haven't checked the condition, check it
+        // now. Whether it passes or not isn't important
+        // in preflight.
+        if (!any(flags & (SF_CF_INVALID | SF_CF_VALID)))
+        {
+            if (checkCondition(*fb, *cb))
+                router.setFlags(id, SF_CF_VALID);
+            else
+                router.setFlags(id, SF_CF_INVALID);
+        }
+    }
+
+    if (auto const err = credentials::checkFields(ctx.tx, ctx.j); !isTesSuccess(err))
+        return err;
+
+    return tesSUCCESS;
+}
+
+XRPAmount
+EscrowFinish::calculateBaseFee(ReadView const& view, STTx const& tx)
+{
+    XRPAmount extraFee{0};
+
+    if (auto const fb = tx[~sfFulfillment])
+    {
+        extraFee += view.fees().base * (32 + (fb->size() / 16));
+    }
+
+    return Transactor::calculateBaseFee(view, tx) + extraFee;
+}
+
+template <ValidIssueType T>
+static TER
+escrowFinishPreclaimHelper(
+    PreclaimContext const& ctx,
+    AccountID const& dest,
+    STAmount const& amount);
+
+template <>
+TER
+escrowFinishPreclaimHelper<Issue>(
+    PreclaimContext const& ctx,
+    AccountID const& dest,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the account, return tesSUCCESS
+    if (issuer == dest)
+        return tesSUCCESS;
+
+    // If the issuer has requireAuth set, check if the destination is authorized
+    if (auto const ter = requireAuth(ctx.view, amount.issue(), dest); ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has deep frozen the destination, return tecFROZEN
+    if (isDeepFrozen(ctx.view, dest, amount.getCurrency(), amount.getIssuer()))
+        return tecFROZEN;
+
+    return tesSUCCESS;
+}
+
+template <>
+TER
+escrowFinishPreclaimHelper<MPTIssue>(
+    PreclaimContext const& ctx,
+    AccountID const& dest,
+    STAmount const& amount)
+{
+    AccountID issuer = amount.getIssuer();
+    // If the issuer is the same as the dest, return tesSUCCESS
+    if (issuer == dest)
+        return tesSUCCESS;
+
+    // If the mpt does not exist, return tecOBJECT_NOT_FOUND
+    auto const issuanceKey = keylet::mptIssuance(amount.get<MPTIssue>().getMptID());
+    auto const sleIssuance = ctx.view.read(issuanceKey);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+
+    // If the issuer has requireAuth set, check if the destination is
+    // authorized
+    auto const& mptIssue = amount.get<MPTIssue>();
+    if (auto const ter = requireAuth(ctx.view, mptIssue, dest, AuthType::WeakAuth);
+        ter != tesSUCCESS)
+        return ter;
+
+    // If the issuer has frozen the destination, return tecLOCKED
+    if (isFrozen(ctx.view, dest, mptIssue))
+        return tecLOCKED;
+
+    return tesSUCCESS;
+}
+
+TER
+EscrowFinish::preclaim(PreclaimContext const& ctx)
+{
+    if (ctx.view.rules().enabled(featureCredentials))
+    {
+        if (auto const err = credentials::valid(ctx.tx, ctx.view, ctx.tx[sfAccount], ctx.j);
+            !isTesSuccess(err))
+            return err;
+    }
+
+    if (ctx.view.rules().enabled(featureTokenEscrow))
+    {
+        auto const k = keylet::escrow(ctx.tx[sfOwner], ctx.tx[sfOfferSequence]);
+        auto const slep = ctx.view.read(k);
+        if (!slep)
+            return tecNO_TARGET;
+
+        AccountID const dest = (*slep)[sfDestination];
+        STAmount const amount = (*slep)[sfAmount];
+
+        if (!isXRP(amount))
+        {
+            if (auto const ret = std::visit(
+                    [&]<typename T>(T const&) {
+                        return escrowFinishPreclaimHelper<T>(ctx, dest, amount);
+                    },
+                    amount.asset().value());
+                !isTesSuccess(ret))
+                return ret;
+        }
+    }
+    return tesSUCCESS;
+}
+
+TER
+EscrowFinish::doApply()
+{
+    auto const k = keylet::escrow(ctx_.tx[sfOwner], ctx_.tx[sfOfferSequence]);
+    auto const slep = ctx_.view().peek(k);
+    if (!slep)
+    {
+        if (ctx_.view().rules().enabled(featureTokenEscrow))
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+
+        return tecNO_TARGET;
+    }
+
+    // If a cancel time is present, a finish operation should only succeed prior
+    // to that time.
+    auto const now = ctx_.view().header().parentCloseTime;
+
+    // Too soon: can't execute before the finish time
+    if ((*slep)[~sfFinishAfter] && !after(now, (*slep)[sfFinishAfter]))
+        return tecNO_PERMISSION;
+
+    // Too late: can't execute after the cancel time
+    if ((*slep)[~sfCancelAfter] && after(now, (*slep)[sfCancelAfter]))
+        return tecNO_PERMISSION;
+
+    // Check cryptocondition fulfillment
+    {
+        auto const id = ctx_.tx.getTransactionID();
+        auto flags = ctx_.registry.getHashRouter().getFlags(id);
+
+        auto const cb = ctx_.tx[~sfCondition];
+
+        // It's unlikely that the results of the check will
+        // expire from the hash router, but if it happens,
+        // simply re-run the check.
+        if (cb && !any(flags & (SF_CF_INVALID | SF_CF_VALID)))
+        {
+            // LCOV_EXCL_START
+            auto const fb = ctx_.tx[~sfFulfillment];
+
+            if (!fb)
+                return tecINTERNAL;
+
+            if (checkCondition(*fb, *cb))
+                flags = SF_CF_VALID;
+            else
+                flags = SF_CF_INVALID;
+
+            ctx_.registry.getHashRouter().setFlags(id, flags);
+            // LCOV_EXCL_STOP
+        }
+
+        // If the check failed, then simply return an error
+        // and don't look at anything else.
+        if (any(flags & SF_CF_INVALID))
+            return tecCRYPTOCONDITION_ERROR;
+
+        // Check against condition in the ledger entry:
+        auto const cond = (*slep)[~sfCondition];
+
+        // If a condition wasn't specified during creation,
+        // one shouldn't be included now.
+        if (!cond && cb)
+            return tecCRYPTOCONDITION_ERROR;
+
+        // If a condition was specified during creation of
+        // the suspended payment, the identical condition
+        // must be presented again. We don't check if the
+        // fulfillment matches the condition since we did
+        // that in preflight.
+        if (cond && (cond != cb))
+            return tecCRYPTOCONDITION_ERROR;
+    }
+
+    // NOTE: Escrow payments cannot be used to fund accounts.
+    AccountID const destID = (*slep)[sfDestination];
+    auto const sled = ctx_.view().peek(keylet::account(destID));
+    if (!sled)
+        return tecNO_DST;
+
+    if (auto err = verifyDepositPreauth(ctx_.tx, ctx_.view(), account_, destID, sled, ctx_.journal);
+        !isTesSuccess(err))
+        return err;
+
+    AccountID const account = (*slep)[sfAccount];
+
+    // Remove escrow from owner directory
+    {
+        auto const page = (*slep)[sfOwnerNode];
+        if (!ctx_.view().dirRemove(keylet::ownerDir(account), page, k.key, true))
+        {
+            // LCOV_EXCL_START
+            JLOG(j_.fatal()) << "Unable to delete Escrow from owner.";
+            return tefBAD_LEDGER;
+            // LCOV_EXCL_STOP
+        }
+    }
+
+    // Remove escrow from recipient's owner directory, if present.
+    if (auto const optPage = (*slep)[~sfDestinationNode])
+    {
+        if (!ctx_.view().dirRemove(keylet::ownerDir(destID), *optPage, k.key, true))
+        {
+            // LCOV_EXCL_START
+            JLOG(j_.fatal()) << "Unable to delete Escrow from recipient.";
+            return tefBAD_LEDGER;
+            // LCOV_EXCL_STOP
+        }
+    }
+
+    STAmount const amount = slep->getFieldAmount(sfAmount);
+    // Transfer amount to destination
+    if (isXRP(amount))
+        (*sled)[sfBalance] = (*sled)[sfBalance] + amount;
+    else
+    {
+        if (!ctx_.view().rules().enabled(featureTokenEscrow))
+            return temDISABLED;  // LCOV_EXCL_LINE
+
+        Rate lockedRate = slep->isFieldPresent(sfTransferRate)
+            ? xrpl::Rate(slep->getFieldU32(sfTransferRate))
+            : parityRate;
+        auto const issuer = amount.getIssuer();
+        bool const createAsset = destID == account_;
+        if (auto const ret = std::visit(
+                [&]<typename T>(T const&) {
+                    return escrowUnlockApplyHelper<T>(
+                        ctx_.view(),
+                        lockedRate,
+                        sled,
+                        mPriorBalance,
+                        amount,
+                        issuer,
+                        account,
+                        destID,
+                        createAsset,
+                        j_);
+                },
+                amount.asset().value());
+            !isTesSuccess(ret))
+            return ret;
+
+        // Remove escrow from issuers owner directory, if present.
+        if (auto const optPage = (*slep)[~sfIssuerNode]; optPage)
+        {
+            if (!ctx_.view().dirRemove(keylet::ownerDir(issuer), *optPage, k.key, true))
+            {
+                // LCOV_EXCL_START
+                JLOG(j_.fatal()) << "Unable to delete Escrow from recipient.";
+                return tefBAD_LEDGER;
+                // LCOV_EXCL_STOP
+            }
+        }
+    }
+
+    ctx_.view().update(sled);
+
+    // Adjust source owner count
+    auto const sle = ctx_.view().peek(keylet::account(account));
+    adjustOwnerCount(ctx_.view(), sle, -1, ctx_.journal);
+    ctx_.view().update(sle);
+
+    // Remove escrow from ledger
+    ctx_.view().erase(slep);
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/escrow/EscrowHelpers.h

@@ -0,0 +1,229 @@
+#pragma once
+
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/MPTAmount.h>
+#include <xrpl/tx/transactors/token/MPTokenAuthorize.h>
+
+namespace xrpl {
+
+template <ValidIssueType T>
+TER
+escrowUnlockApplyHelper(
+    ApplyView& view,
+    Rate lockedRate,
+    std::shared_ptr<SLE> const& sleDest,
+    STAmount const& xrpBalance,
+    STAmount const& amount,
+    AccountID const& issuer,
+    AccountID const& sender,
+    AccountID const& receiver,
+    bool createAsset,
+    beast::Journal journal);
+
+template <>
+inline TER
+escrowUnlockApplyHelper<Issue>(
+    ApplyView& view,
+    Rate lockedRate,
+    std::shared_ptr<SLE> const& sleDest,
+    STAmount const& xrpBalance,
+    STAmount const& amount,
+    AccountID const& issuer,
+    AccountID const& sender,
+    AccountID const& receiver,
+    bool createAsset,
+    beast::Journal journal)
+{
+    Keylet const trustLineKey = keylet::line(receiver, amount.issue());
+    bool const recvLow = issuer > receiver;
+    bool const senderIssuer = issuer == sender;
+    bool const receiverIssuer = issuer == receiver;
+    bool const issuerHigh = issuer > receiver;
+
+    if (senderIssuer)
+        return tecINTERNAL;  // LCOV_EXCL_LINE
+
+    if (receiverIssuer)
+        return tesSUCCESS;
+
+    if (!view.exists(trustLineKey) && createAsset && !receiverIssuer)
+    {
+        // Can the account cover the trust line's reserve?
+        if (std::uint32_t const ownerCount = {sleDest->at(sfOwnerCount)};
+            xrpBalance < view.fees().accountReserve(ownerCount + 1))
+        {
+            JLOG(journal.trace()) << "Trust line does not exist. "
+                                     "Insufficient reserve to create line.";
+
+            return tecNO_LINE_INSUF_RESERVE;
+        }
+
+        Currency const currency = amount.getCurrency();
+        STAmount initialBalance(amount.issue());
+        initialBalance.setIssuer(noAccount());
+
+        // clang-format off
+        if (TER const ter = trustCreate(
+                view,                           // payment sandbox
+                recvLow,                        // is dest low?
+                issuer,                         // source
+                receiver,                       // destination
+                trustLineKey.key,               // ledger index
+                sleDest,                        // Account to add to
+                false,                          // authorize account
+                (sleDest->getFlags() & lsfDefaultRipple) == 0,
+                false,                          // freeze trust line
+                false,                          // deep freeze trust line
+                initialBalance,                 // zero initial balance
+                Issue(currency, receiver),      // limit of zero
+                0,                              // quality in
+                0,                              // quality out
+                journal);                       // journal
+            !isTesSuccess(ter))
+        {
+            return ter; // LCOV_EXCL_LINE
+        }
+        // clang-format on
+
+        view.update(sleDest);
+    }
+
+    if (!view.exists(trustLineKey) && !receiverIssuer)
+        return tecNO_LINE;
+
+    auto const xferRate = transferRate(view, amount);
+    // update if issuer rate is less than locked rate
+    if (xferRate < lockedRate)
+        lockedRate = xferRate;
+
+    // Transfer Rate only applies when:
+    // 1. Issuer is not involved in the transfer (senderIssuer or
+    // receiverIssuer)
+    // 2. The locked rate is different from the parity rate
+
+    // NOTE: Transfer fee in escrow works a bit differently from a normal
+    // payment. In escrow, the fee is deducted from the locked/sending amount,
+    // whereas in a normal payment, the transfer fee is taken on top of the
+    // sending amount.
+    auto finalAmt = amount;
+    if ((!senderIssuer && !receiverIssuer) && lockedRate != parityRate)
+    {
+        // compute transfer fee, if any
+        auto const xferFee = amount.value() - divideRound(amount, lockedRate, amount.issue(), true);
+        // compute balance to transfer
+        finalAmt = amount.value() - xferFee;
+    }
+
+    // validate the line limit if the account submitting txn is not the receiver
+    // of the funds
+    if (!createAsset)
+    {
+        auto const sleRippleState = view.peek(trustLineKey);
+        if (!sleRippleState)
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+
+        // if the issuer is the high, then we use the low limit
+        // otherwise we use the high limit
+        STAmount const lineLimit =
+            sleRippleState->getFieldAmount(issuerHigh ? sfLowLimit : sfHighLimit);
+
+        STAmount lineBalance = sleRippleState->getFieldAmount(sfBalance);
+
+        // flip the sign of the line balance if the issuer is not high
+        if (!issuerHigh)
+            lineBalance.negate();
+
+        // add the final amount to the line balance
+        lineBalance += finalAmt;
+
+        // if the transfer would exceed the line limit return tecLIMIT_EXCEEDED
+        if (lineLimit < lineBalance)
+            return tecLIMIT_EXCEEDED;
+    }
+
+    // if destination is not the issuer then transfer funds
+    if (!receiverIssuer)
+    {
+        auto const ter = rippleCredit(view, issuer, receiver, finalAmt, true, journal);
+        if (ter != tesSUCCESS)
+            return ter;  // LCOV_EXCL_LINE
+    }
+    return tesSUCCESS;
+}
+
+template <>
+inline TER
+escrowUnlockApplyHelper<MPTIssue>(
+    ApplyView& view,
+    Rate lockedRate,
+    std::shared_ptr<SLE> const& sleDest,
+    STAmount const& xrpBalance,
+    STAmount const& amount,
+    AccountID const& issuer,
+    AccountID const& sender,
+    AccountID const& receiver,
+    bool createAsset,
+    beast::Journal journal)
+{
+    bool const senderIssuer = issuer == sender;
+    bool const receiverIssuer = issuer == receiver;
+
+    auto const mptID = amount.get<MPTIssue>().getMptID();
+    auto const issuanceKey = keylet::mptIssuance(mptID);
+    if (!view.exists(keylet::mptoken(issuanceKey.key, receiver)) && createAsset && !receiverIssuer)
+    {
+        if (std::uint32_t const ownerCount = {sleDest->at(sfOwnerCount)};
+            xrpBalance < view.fees().accountReserve(ownerCount + 1))
+        {
+            return tecINSUFFICIENT_RESERVE;
+        }
+
+        if (auto const ter = MPTokenAuthorize::createMPToken(view, mptID, receiver, 0);
+            !isTesSuccess(ter))
+        {
+            return ter;  // LCOV_EXCL_LINE
+        }
+
+        // update owner count.
+        adjustOwnerCount(view, sleDest, 1, journal);
+    }
+
+    if (!view.exists(keylet::mptoken(issuanceKey.key, receiver)) && !receiverIssuer)
+        return tecNO_PERMISSION;
+
+    auto const xferRate = transferRate(view, amount);
+    // update if issuer rate is less than locked rate
+    if (xferRate < lockedRate)
+        lockedRate = xferRate;
+
+    // Transfer Rate only applies when:
+    // 1. Issuer is not involved in the transfer (senderIssuer or
+    // receiverIssuer)
+    // 2. The locked rate is different from the parity rate
+
+    // NOTE: Transfer fee in escrow works a bit differently from a normal
+    // payment. In escrow, the fee is deducted from the locked/sending amount,
+    // whereas in a normal payment, the transfer fee is taken on top of the
+    // sending amount.
+    auto finalAmt = amount;
+    if ((!senderIssuer && !receiverIssuer) && lockedRate != parityRate)
+    {
+        // compute transfer fee, if any
+        auto const xferFee = amount.value() - divideRound(amount, lockedRate, amount.asset(), true);
+        // compute balance to transfer
+        finalAmt = amount.value() - xferFee;
+    }
+    return rippleUnlockEscrowMPT(
+        view,
+        sender,
+        receiver,
+        finalAmt,
+        view.rules().enabled(fixTokenEscrowV1) ? amount : finalAmt,
+        journal);
+}
+
+}  // namespace xrpl

src/libxrpl/tx/transactors/payment_channel/PayChan.cpp

@@ -1,542 +0,0 @@
-#include <xrpl/basics/Log.h>
-#include <xrpl/basics/chrono.h>
-#include <xrpl/ledger/ApplyView.h>
-#include <xrpl/ledger/CredentialHelpers.h>
-#include <xrpl/ledger/View.h>
-#include <xrpl/protocol/Feature.h>
-#include <xrpl/protocol/Indexes.h>
-#include <xrpl/protocol/PayChan.h>
-#include <xrpl/protocol/PublicKey.h>
-#include <xrpl/protocol/TxFlags.h>
-#include <xrpl/protocol/XRPAmount.h>
-#include <xrpl/protocol/digest.h>
-#include <xrpl/tx/transactors/payment_channel/PayChan.h>
-
-namespace xrpl {
-
-/*
-    PaymentChannel
-
-        Payment channels permit off-ledger checkpoints of XRP payments flowing
-        in a single direction. A channel sequesters the owner's XRP in its own
-        ledger entry. The owner can authorize the recipient to claim up to a
-        given balance by giving the receiver a signed message (off-ledger). The
-        recipient can use this signed message to claim any unpaid balance while
-        the channel remains open. The owner can top off the line as needed. If
-        the channel has not paid out all its funds, the owner must wait out a
-        delay to close the channel to give the recipient a chance to supply any
-        claims. The recipient can close the channel at any time. Any transaction
-        that touches the channel after the expiration time will close the
-        channel. The total amount paid increases monotonically as newer claims
-        are issued. When the channel is closed any remaining balance is returned
-        to the owner. Channels are intended to permit intermittent off-ledger
-        settlement of ILP trust lines as balances get substantial. For
-        bidirectional channels, a payment channel can be used in each direction.
-
-    PaymentChannelCreate
-
-        Create a unidirectional channel. The parameters are:
-        Destination
-            The recipient at the end of the channel.
-        Amount
-            The amount of XRP to deposit in the channel immediately.
-        SettleDelay
-            The amount of time everyone but the recipient must wait for a
-            superior claim.
-        PublicKey
-            The key that will sign claims against the channel.
-        CancelAfter (optional)
-            Any channel transaction that touches this channel after the
-            `CancelAfter` time will close it.
-        DestinationTag (optional)
-            Destination tags allow the different accounts inside of a Hosted
-            Wallet to be mapped back onto the Ripple ledger. The destination tag
-            tells the server to which account in the Hosted Wallet the funds are
-            intended to go to. Required if the destination has lsfRequireDestTag
-            set.
-        SourceTag (optional)
-            Source tags allow the different accounts inside of a Hosted Wallet
-            to be mapped back onto the Ripple ledger. Source tags are similar to
-            destination tags but are for the channel owner to identify their own
-            transactions.
-
-    PaymentChannelFund
-
-        Add additional funds to the payment channel. Only the channel owner may
-        use this transaction. The parameters are:
-        Channel
-            The 256-bit ID of the channel.
-        Amount
-            The amount of XRP to add.
-        Expiration (optional)
-            Time the channel closes. The transaction will fail if the expiration
-            times does not satisfy the SettleDelay constraints.
-
-    PaymentChannelClaim
-
-        Place a claim against an existing channel. The parameters are:
-        Channel
-            The 256-bit ID of the channel.
-        Balance (optional)
-            The total amount of XRP delivered after this claim is processed
-   (optional, not needed if just closing). Amount (optional) The amount of XRP
-   the signature is for (not needed if equal to Balance or just closing the
-   line). Signature (optional) Authorization for the balance above, signed by
-   the owner (optional, not needed if closing or owner is performing the
-   transaction). The signature if for the following message: CLM\0 followed by
-   the 256-bit channel ID, and a 64-bit integer drops. PublicKey (optional) The
-   public key that made the signature (optional, required if a signature is
-   present) Flags tfClose Request that the channel be closed tfRenew Request
-   that the channel's expiration be reset. Only the owner may renew a channel.
-
-*/
-
-//------------------------------------------------------------------------------
-
-static TER
-closeChannel(
-    std::shared_ptr<SLE> const& slep,
-    ApplyView& view,
-    uint256 const& key,
-    beast::Journal j)
-{
-    AccountID const src = (*slep)[sfAccount];
-    // Remove PayChan from owner directory
-    {
-        auto const page = (*slep)[sfOwnerNode];
-        if (!view.dirRemove(keylet::ownerDir(src), page, key, true))
-        {
-            // LCOV_EXCL_START
-            JLOG(j.fatal()) << "Could not remove paychan from src owner directory";
-            return tefBAD_LEDGER;
-            // LCOV_EXCL_STOP
-        }
-    }
-
-    // Remove PayChan from recipient's owner directory, if present.
-    if (auto const page = (*slep)[~sfDestinationNode])
-    {
-        auto const dst = (*slep)[sfDestination];
-        if (!view.dirRemove(keylet::ownerDir(dst), *page, key, true))
-        {
-            // LCOV_EXCL_START
-            JLOG(j.fatal()) << "Could not remove paychan from dst owner directory";
-            return tefBAD_LEDGER;
-            // LCOV_EXCL_STOP
-        }
-    }
-
-    // Transfer amount back to owner, decrement owner count
-    auto const sle = view.peek(keylet::account(src));
-    if (!sle)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    XRPL_ASSERT(
-        (*slep)[sfAmount] >= (*slep)[sfBalance], "xrpl::closeChannel : minimum channel amount");
-    (*sle)[sfBalance] = (*sle)[sfBalance] + (*slep)[sfAmount] - (*slep)[sfBalance];
-    adjustOwnerCount(view, sle, -1, j);
-    view.update(sle);
-
-    // Remove PayChan from ledger
-    view.erase(slep);
-    return tesSUCCESS;
-}
-
-//------------------------------------------------------------------------------
-
-TxConsequences
-PayChanCreate::makeTxConsequences(PreflightContext const& ctx)
-{
-    return TxConsequences{ctx.tx, ctx.tx[sfAmount].xrp()};
-}
-
-NotTEC
-PayChanCreate::preflight(PreflightContext const& ctx)
-{
-    if (!isXRP(ctx.tx[sfAmount]) || (ctx.tx[sfAmount] <= beast::zero))
-        return temBAD_AMOUNT;
-
-    if (ctx.tx[sfAccount] == ctx.tx[sfDestination])
-        return temDST_IS_SRC;
-
-    if (!publicKeyType(ctx.tx[sfPublicKey]))
-        return temMALFORMED;
-
-    return tesSUCCESS;
-}
-
-TER
-PayChanCreate::preclaim(PreclaimContext const& ctx)
-{
-    auto const account = ctx.tx[sfAccount];
-    auto const sle = ctx.view.read(keylet::account(account));
-    if (!sle)
-        return terNO_ACCOUNT;
-
-    // Check reserve and funds availability
-    {
-        auto const balance = (*sle)[sfBalance];
-        auto const reserve = ctx.view.fees().accountReserve((*sle)[sfOwnerCount] + 1);
-
-        if (balance < reserve)
-            return tecINSUFFICIENT_RESERVE;
-
-        if (balance < reserve + ctx.tx[sfAmount])
-            return tecUNFUNDED;
-    }
-
-    auto const dst = ctx.tx[sfDestination];
-
-    {
-        // Check destination account
-        auto const sled = ctx.view.read(keylet::account(dst));
-        if (!sled)
-            return tecNO_DST;
-
-        auto const flags = sled->getFlags();
-
-        // Check if they have disallowed incoming payment channels
-        if (flags & lsfDisallowIncomingPayChan)
-            return tecNO_PERMISSION;
-
-        if ((flags & lsfRequireDestTag) && !ctx.tx[~sfDestinationTag])
-            return tecDST_TAG_NEEDED;
-
-        // Pseudo-accounts cannot receive payment channels, other than native
-        // to their underlying ledger object - implemented in their respective
-        // transaction types. Note, this is not amendment-gated because all
-        // writes to pseudo-account discriminator fields **are** amendment
-        // gated, hence the behaviour of this check will always match the
-        // currently active amendments.
-        if (isPseudoAccount(sled))
-            return tecNO_PERMISSION;
-    }
-
-    return tesSUCCESS;
-}
-
-TER
-PayChanCreate::doApply()
-{
-    auto const account = ctx_.tx[sfAccount];
-    auto const sle = ctx_.view().peek(keylet::account(account));
-    if (!sle)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    if (ctx_.view().rules().enabled(fixPayChanCancelAfter))
-    {
-        auto const closeTime = ctx_.view().header().parentCloseTime;
-        if (ctx_.tx[~sfCancelAfter] && after(closeTime, ctx_.tx[sfCancelAfter]))
-            return tecEXPIRED;
-    }
-
-    auto const dst = ctx_.tx[sfDestination];
-
-    // Create PayChan in ledger.
-    //
-    // Note that we we use the value from the sequence or ticket as the
-    // payChan sequence.  For more explanation see comments in SeqProxy.h.
-    Keylet const payChanKeylet = keylet::payChan(account, dst, ctx_.tx.getSeqValue());
-    auto const slep = std::make_shared<SLE>(payChanKeylet);
-
-    // Funds held in this channel
-    (*slep)[sfAmount] = ctx_.tx[sfAmount];
-    // Amount channel has already paid
-    (*slep)[sfBalance] = ctx_.tx[sfAmount].zeroed();
-    (*slep)[sfAccount] = account;
-    (*slep)[sfDestination] = dst;
-    (*slep)[sfSettleDelay] = ctx_.tx[sfSettleDelay];
-    (*slep)[sfPublicKey] = ctx_.tx[sfPublicKey];
-    (*slep)[~sfCancelAfter] = ctx_.tx[~sfCancelAfter];
-    (*slep)[~sfSourceTag] = ctx_.tx[~sfSourceTag];
-    (*slep)[~sfDestinationTag] = ctx_.tx[~sfDestinationTag];
-    if (ctx_.view().rules().enabled(fixIncludeKeyletFields))
-    {
-        (*slep)[sfSequence] = ctx_.tx.getSeqValue();
-    }
-
-    ctx_.view().insert(slep);
-
-    // Add PayChan to owner directory
-    {
-        auto const page = ctx_.view().dirInsert(
-            keylet::ownerDir(account), payChanKeylet, describeOwnerDir(account));
-        if (!page)
-            return tecDIR_FULL;  // LCOV_EXCL_LINE
-        (*slep)[sfOwnerNode] = *page;
-    }
-
-    // Add PayChan to the recipient's owner directory
-    {
-        auto const page =
-            ctx_.view().dirInsert(keylet::ownerDir(dst), payChanKeylet, describeOwnerDir(dst));
-        if (!page)
-            return tecDIR_FULL;  // LCOV_EXCL_LINE
-        (*slep)[sfDestinationNode] = *page;
-    }
-
-    // Deduct owner's balance, increment owner count
-    (*sle)[sfBalance] = (*sle)[sfBalance] - ctx_.tx[sfAmount];
-    adjustOwnerCount(ctx_.view(), sle, 1, ctx_.journal);
-    ctx_.view().update(sle);
-
-    return tesSUCCESS;
-}
-
-//------------------------------------------------------------------------------
-
-TxConsequences
-PayChanFund::makeTxConsequences(PreflightContext const& ctx)
-{
-    return TxConsequences{ctx.tx, ctx.tx[sfAmount].xrp()};
-}
-
-NotTEC
-PayChanFund::preflight(PreflightContext const& ctx)
-{
-    if (!isXRP(ctx.tx[sfAmount]) || (ctx.tx[sfAmount] <= beast::zero))
-        return temBAD_AMOUNT;
-
-    return tesSUCCESS;
-}
-
-TER
-PayChanFund::doApply()
-{
-    Keylet const k(ltPAYCHAN, ctx_.tx[sfChannel]);
-    auto const slep = ctx_.view().peek(k);
-    if (!slep)
-        return tecNO_ENTRY;
-
-    AccountID const src = (*slep)[sfAccount];
-    auto const txAccount = ctx_.tx[sfAccount];
-    auto const expiration = (*slep)[~sfExpiration];
-
-    {
-        auto const cancelAfter = (*slep)[~sfCancelAfter];
-        auto const closeTime = ctx_.view().header().parentCloseTime.time_since_epoch().count();
-        if ((cancelAfter && closeTime >= *cancelAfter) || (expiration && closeTime >= *expiration))
-            return closeChannel(slep, ctx_.view(), k.key, ctx_.registry.journal("View"));
-    }
-
-    if (src != txAccount)
-        // only the owner can add funds or extend
-        return tecNO_PERMISSION;
-
-    if (auto extend = ctx_.tx[~sfExpiration])
-    {
-        auto minExpiration = ctx_.view().header().parentCloseTime.time_since_epoch().count() +
-            (*slep)[sfSettleDelay];
-        if (expiration && *expiration < minExpiration)
-            minExpiration = *expiration;
-
-        if (*extend < minExpiration)
-            return temBAD_EXPIRATION;
-        (*slep)[~sfExpiration] = *extend;
-        ctx_.view().update(slep);
-    }
-
-    auto const sle = ctx_.view().peek(keylet::account(txAccount));
-    if (!sle)
-        return tefINTERNAL;  // LCOV_EXCL_LINE
-
-    {
-        // Check reserve and funds availability
-        auto const balance = (*sle)[sfBalance];
-        auto const reserve = ctx_.view().fees().accountReserve((*sle)[sfOwnerCount]);
-
-        if (balance < reserve)
-            return tecINSUFFICIENT_RESERVE;
-
-        if (balance < reserve + ctx_.tx[sfAmount])
-            return tecUNFUNDED;
-    }
-
-    // do not allow adding funds if dst does not exist
-    if (AccountID const dst = (*slep)[sfDestination]; !ctx_.view().read(keylet::account(dst)))
-    {
-        return tecNO_DST;
-    }
-
-    (*slep)[sfAmount] = (*slep)[sfAmount] + ctx_.tx[sfAmount];
-    ctx_.view().update(slep);
-
-    (*sle)[sfBalance] = (*sle)[sfBalance] - ctx_.tx[sfAmount];
-    ctx_.view().update(sle);
-
-    return tesSUCCESS;
-}
-
-//------------------------------------------------------------------------------
-
-bool
-PayChanClaim::checkExtraFeatures(PreflightContext const& ctx)
-{
-    return !ctx.tx.isFieldPresent(sfCredentialIDs) || ctx.rules.enabled(featureCredentials);
-}
-
-std::uint32_t
-PayChanClaim::getFlagsMask(PreflightContext const&)
-{
-    return tfPaymentChannelClaimMask;
-}
-
-NotTEC
-PayChanClaim::preflight(PreflightContext const& ctx)
-{
-    auto const bal = ctx.tx[~sfBalance];
-    if (bal && (!isXRP(*bal) || *bal <= beast::zero))
-        return temBAD_AMOUNT;
-
-    auto const amt = ctx.tx[~sfAmount];
-    if (amt && (!isXRP(*amt) || *amt <= beast::zero))
-        return temBAD_AMOUNT;
-
-    if (bal && amt && *bal > *amt)
-        return temBAD_AMOUNT;
-
-    {
-        auto const flags = ctx.tx.getFlags();
-
-        if ((flags & tfClose) && (flags & tfRenew))
-            return temMALFORMED;
-    }
-
-    if (auto const sig = ctx.tx[~sfSignature])
-    {
-        if (!(ctx.tx[~sfPublicKey] && bal))
-            return temMALFORMED;
-
-        // Check the signature
-        // The signature isn't needed if txAccount == src, but if it's
-        // present, check it
-
-        auto const reqBalance = bal->xrp();
-        auto const authAmt = amt ? amt->xrp() : reqBalance;
-
-        if (reqBalance > authAmt)
-            return temBAD_AMOUNT;
-
-        Keylet const k(ltPAYCHAN, ctx.tx[sfChannel]);
-        if (!publicKeyType(ctx.tx[sfPublicKey]))
-            return temMALFORMED;
-
-        PublicKey const pk(ctx.tx[sfPublicKey]);
-        Serializer msg;
-        serializePayChanAuthorization(msg, k.key, authAmt);
-        if (!verify(pk, msg.slice(), *sig))
-            return temBAD_SIGNATURE;
-    }
-
-    if (auto const err = credentials::checkFields(ctx.tx, ctx.j); !isTesSuccess(err))
-        return err;
-
-    return tesSUCCESS;
-}
-
-TER
-PayChanClaim::preclaim(PreclaimContext const& ctx)
-{
-    if (!ctx.view.rules().enabled(featureCredentials))
-        return Transactor::preclaim(ctx);
-
-    if (auto const err = credentials::valid(ctx.tx, ctx.view, ctx.tx[sfAccount], ctx.j);
-        !isTesSuccess(err))
-        return err;
-
-    return tesSUCCESS;
-}
-
-TER
-PayChanClaim::doApply()
-{
-    Keylet const k(ltPAYCHAN, ctx_.tx[sfChannel]);
-    auto const slep = ctx_.view().peek(k);
-    if (!slep)
-        return tecNO_TARGET;
-
-    AccountID const src = (*slep)[sfAccount];
-    AccountID const dst = (*slep)[sfDestination];
-    AccountID const txAccount = ctx_.tx[sfAccount];
-
-    auto const curExpiration = (*slep)[~sfExpiration];
-    {
-        auto const cancelAfter = (*slep)[~sfCancelAfter];
-        auto const closeTime = ctx_.view().header().parentCloseTime.time_since_epoch().count();
-        if ((cancelAfter && closeTime >= *cancelAfter) ||
-            (curExpiration && closeTime >= *curExpiration))
-            return closeChannel(slep, ctx_.view(), k.key, ctx_.registry.journal("View"));
-    }
-
-    if (txAccount != src && txAccount != dst)
-        return tecNO_PERMISSION;
-
-    if (ctx_.tx[~sfBalance])
-    {
-        auto const chanBalance = slep->getFieldAmount(sfBalance).xrp();
-        auto const chanFunds = slep->getFieldAmount(sfAmount).xrp();
-        auto const reqBalance = ctx_.tx[sfBalance].xrp();
-
-        if (txAccount == dst && !ctx_.tx[~sfSignature])
-            return temBAD_SIGNATURE;
-
-        if (ctx_.tx[~sfSignature])
-        {
-            PublicKey const pk((*slep)[sfPublicKey]);
-            if (ctx_.tx[sfPublicKey] != pk)
-                return temBAD_SIGNER;
-        }
-
-        if (reqBalance > chanFunds)
-            return tecUNFUNDED_PAYMENT;
-
-        if (reqBalance <= chanBalance)
-            // nothing requested
-            return tecUNFUNDED_PAYMENT;
-
-        auto const sled = ctx_.view().peek(keylet::account(dst));
-        if (!sled)
-            return tecNO_DST;
-
-        if (auto err =
-                verifyDepositPreauth(ctx_.tx, ctx_.view(), txAccount, dst, sled, ctx_.journal);
-            !isTesSuccess(err))
-            return err;
-
-        (*slep)[sfBalance] = ctx_.tx[sfBalance];
-        XRPAmount const reqDelta = reqBalance - chanBalance;
-        XRPL_ASSERT(reqDelta >= beast::zero, "xrpl::PayChanClaim::doApply : minimum balance delta");
-        (*sled)[sfBalance] = (*sled)[sfBalance] + reqDelta;
-        ctx_.view().update(sled);
-        ctx_.view().update(slep);
-    }
-
-    if (ctx_.tx.getFlags() & tfRenew)
-    {
-        if (src != txAccount)
-            return tecNO_PERMISSION;
-        (*slep)[~sfExpiration] = std::nullopt;
-        ctx_.view().update(slep);
-    }
-
-    if (ctx_.tx.getFlags() & tfClose)
-    {
-        // Channel will close immediately if dry or the receiver closes
-        if (dst == txAccount || (*slep)[sfBalance] == (*slep)[sfAmount])
-            return closeChannel(slep, ctx_.view(), k.key, ctx_.registry.journal("View"));
-
-        auto const settleExpiration =
-            ctx_.view().header().parentCloseTime.time_since_epoch().count() +
-            (*slep)[sfSettleDelay];
-
-        if (!curExpiration || *curExpiration > settleExpiration)
-        {
-            (*slep)[~sfExpiration] = settleExpiration;
-            ctx_.view().update(slep);
-        }
-    }
-
-    return tesSUCCESS;
-}
-
-}  // namespace xrpl

src/libxrpl/tx/transactors/payment_channel/PayChanClaim.cpp

@@ -0,0 +1,186 @@
+#include <xrpl/basics/Log.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CredentialHelpers.h>
+#include <xrpl/ledger/View.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/PayChan.h>
+#include <xrpl/protocol/PublicKey.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/tx/transactors/payment_channel/PayChanClaim.h>
+
+#include <libxrpl/tx/transactors/payment_channel/PayChanHelpers.h>
+
+namespace xrpl {
+
+bool
+PayChanClaim::checkExtraFeatures(PreflightContext const& ctx)
+{
+    return !ctx.tx.isFieldPresent(sfCredentialIDs) || ctx.rules.enabled(featureCredentials);
+}
+
+std::uint32_t
+PayChanClaim::getFlagsMask(PreflightContext const&)
+{
+    return tfPaymentChannelClaimMask;
+}
+
+NotTEC
+PayChanClaim::preflight(PreflightContext const& ctx)
+{
+    auto const bal = ctx.tx[~sfBalance];
+    if (bal && (!isXRP(*bal) || *bal <= beast::zero))
+        return temBAD_AMOUNT;
+
+    auto const amt = ctx.tx[~sfAmount];
+    if (amt && (!isXRP(*amt) || *amt <= beast::zero))
+        return temBAD_AMOUNT;
+
+    if (bal && amt && *bal > *amt)
+        return temBAD_AMOUNT;
+
+    {
+        auto const flags = ctx.tx.getFlags();
+
+        if ((flags & tfClose) && (flags & tfRenew))
+            return temMALFORMED;
+    }
+
+    if (auto const sig = ctx.tx[~sfSignature])
+    {
+        if (!(ctx.tx[~sfPublicKey] && bal))
+            return temMALFORMED;
+
+        // Check the signature
+        // The signature isn't needed if txAccount == src, but if it's
+        // present, check it
+
+        auto const reqBalance = bal->xrp();
+        auto const authAmt = amt ? amt->xrp() : reqBalance;
+
+        if (reqBalance > authAmt)
+            return temBAD_AMOUNT;
+
+        Keylet const k(ltPAYCHAN, ctx.tx[sfChannel]);
+        if (!publicKeyType(ctx.tx[sfPublicKey]))
+            return temMALFORMED;
+
+        PublicKey const pk(ctx.tx[sfPublicKey]);
+        Serializer msg;
+        serializePayChanAuthorization(msg, k.key, authAmt);
+        if (!verify(pk, msg.slice(), *sig))
+            return temBAD_SIGNATURE;
+    }
+
+    if (auto const err = credentials::checkFields(ctx.tx, ctx.j); !isTesSuccess(err))
+        return err;
+
+    return tesSUCCESS;
+}
+
+TER
+PayChanClaim::preclaim(PreclaimContext const& ctx)
+{
+    if (!ctx.view.rules().enabled(featureCredentials))
+        return Transactor::preclaim(ctx);
+
+    if (auto const err = credentials::valid(ctx.tx, ctx.view, ctx.tx[sfAccount], ctx.j);
+        !isTesSuccess(err))
+        return err;
+
+    return tesSUCCESS;
+}
+
+TER
+PayChanClaim::doApply()
+{
+    Keylet const k(ltPAYCHAN, ctx_.tx[sfChannel]);
+    auto const slep = ctx_.view().peek(k);
+    if (!slep)
+        return tecNO_TARGET;
+
+    AccountID const src = (*slep)[sfAccount];
+    AccountID const dst = (*slep)[sfDestination];
+    AccountID const txAccount = ctx_.tx[sfAccount];
+
+    auto const curExpiration = (*slep)[~sfExpiration];
+    {
+        auto const cancelAfter = (*slep)[~sfCancelAfter];
+        auto const closeTime = ctx_.view().header().parentCloseTime.time_since_epoch().count();
+        if ((cancelAfter && closeTime >= *cancelAfter) ||
+            (curExpiration && closeTime >= *curExpiration))
+            return closeChannel(slep, ctx_.view(), k.key, ctx_.registry.journal("View"));
+    }
+
+    if (txAccount != src && txAccount != dst)
+        return tecNO_PERMISSION;
+
+    if (ctx_.tx[~sfBalance])
+    {
+        auto const chanBalance = slep->getFieldAmount(sfBalance).xrp();
+        auto const chanFunds = slep->getFieldAmount(sfAmount).xrp();
+        auto const reqBalance = ctx_.tx[sfBalance].xrp();
+
+        if (txAccount == dst && !ctx_.tx[~sfSignature])
+            return temBAD_SIGNATURE;
+
+        if (ctx_.tx[~sfSignature])
+        {
+            PublicKey const pk((*slep)[sfPublicKey]);
+            if (ctx_.tx[sfPublicKey] != pk)
+                return temBAD_SIGNER;
+        }
+
+        if (reqBalance > chanFunds)
+            return tecUNFUNDED_PAYMENT;
+
+        if (reqBalance <= chanBalance)
+            // nothing requested
+            return tecUNFUNDED_PAYMENT;
+
+        auto const sled = ctx_.view().peek(keylet::account(dst));
+        if (!sled)
+            return tecNO_DST;
+
+        if (auto err =
+                verifyDepositPreauth(ctx_.tx, ctx_.view(), txAccount, dst, sled, ctx_.journal);
+            !isTesSuccess(err))
+            return err;
+
+        (*slep)[sfBalance] = ctx_.tx[sfBalance];
+        XRPAmount const reqDelta = reqBalance - chanBalance;
+        XRPL_ASSERT(reqDelta >= beast::zero, "xrpl::PayChanClaim::doApply : minimum balance delta");
+        (*sled)[sfBalance] = (*sled)[sfBalance] + reqDelta;
+        ctx_.view().update(sled);
+        ctx_.view().update(slep);
+    }
+
+    if (ctx_.tx.getFlags() & tfRenew)
+    {
+        if (src != txAccount)
+            return tecNO_PERMISSION;
+        (*slep)[~sfExpiration] = std::nullopt;
+        ctx_.view().update(slep);
+    }
+
+    if (ctx_.tx.getFlags() & tfClose)
+    {
+        // Channel will close immediately if dry or the receiver closes
+        if (dst == txAccount || (*slep)[sfBalance] == (*slep)[sfAmount])
+            return closeChannel(slep, ctx_.view(), k.key, ctx_.registry.journal("View"));
+
+        auto const settleExpiration =
+            ctx_.view().header().parentCloseTime.time_since_epoch().count() +
+            (*slep)[sfSettleDelay];
+
+        if (!curExpiration || *curExpiration > settleExpiration)
+        {
+            (*slep)[~sfExpiration] = settleExpiration;
+            ctx_.view().update(slep);
+        }
+    }
+
+    return tesSUCCESS;
+}
+
+}  // namespace xrpl