Merge branch 'develop' into ximinez/lending-sendmulti

* XRPLF/develop: (105 commits)
  fix: Handle WSClient write failure when server closes WebSocket (6671)
  ci: Change conditions for uploading artifacts in public/private/org repos (6734)
  refactor: Rename non-functional uses of `ripple(d)` to `xrpl(d)` (6676)
  refactor: Move more helper files into `libxrpl/ledger/helpers` (6731)
  fix: Minor RPC fixes (6730)
  fix: Prevent deletion of MPTokens with active escrow (6635)
  fix: Clamp VaultClawback to assetsAvailable for zero-amount clawback (6646)
  fix: Add assorted Lending Protocol fixes (6678)
  fix: Change variable signedness and correctly handle `std::optional` (6657)
  refactor: Reorganize RPC handler files (6628)
  chore: Update XRPLF/actions (6713)
  docs: Add explanatory comment to checkFee (6631)
  fix: Decouple reserve from fee in delegate payment (6568)
  fix: Check trustline limits for share-denominated vault withdrawals (6645)
  fix: Remove fatal assertion on Linux thread name truncation  (6690)
  chore: Enable clang-tidy `coreguidelines` checks (6698)
  ci: Allow uploading artifacts for XRPLF org (6702)
  fix: Enforce aggregate MaximumAmount in multi-send MPT (6644)
  chore: Use nudb recipe from the upstream (6701)
  fix: Fix previous ledger size typo in RCLConsensus (6696)
  ...

src/libxrpl/ledger/View.cpp

@@ -452,6 +452,489 @@ doWithdraw(
     return accountSend(view, sourceAcct, dstAcct, amount, j, WaiveTransferFee::Yes);
 }
 
+// Direct send w/o fees:
+// - Redeeming IOUs and/or sending sender's own IOUs.
+// - Create trust line if needed.
+// --> bCheckIssuer : normally require issuer to be involved.
+static TER
+rippleCreditIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    bool bCheckIssuer,
+    beast::Journal j)
+{
+    AccountID const& issuer = saAmount.getIssuer();
+    Currency const& currency = saAmount.getCurrency();
+
+    // Make sure issuer is involved.
+    XRPL_ASSERT(
+        !bCheckIssuer || uSenderID == issuer || uReceiverID == issuer,
+        "xrpl::rippleCreditIOU : matching issuer or don't care");
+    (void)issuer;
+
+    // Disallow sending to self.
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleCreditIOU : sender is not receiver");
+
+    bool const bSenderHigh = uSenderID > uReceiverID;
+    auto const index = keylet::line(uSenderID, uReceiverID, currency);
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && uSenderID != noAccount(), "xrpl::rippleCreditIOU : sender is not XRP");
+    XRPL_ASSERT(
+        !isXRP(uReceiverID) && uReceiverID != noAccount(),
+        "xrpl::rippleCreditIOU : receiver is not XRP");
+
+    // If the line exists, modify it accordingly.
+    if (auto const sleRippleState = view.peek(index))
+    {
+        STAmount saBalance = sleRippleState->getFieldAmount(sfBalance);
+
+        if (bSenderHigh)
+            saBalance.negate();  // Put balance in sender terms.
+
+        view.creditHook(uSenderID, uReceiverID, saAmount, saBalance);
+
+        STAmount const saBefore = saBalance;
+
+        saBalance -= saAmount;
+
+        JLOG(j.trace()) << "rippleCreditIOU: " << to_string(uSenderID) << " -> "
+                        << to_string(uReceiverID) << " : before=" << saBefore.getFullText()
+                        << " amount=" << saAmount.getFullText()
+                        << " after=" << saBalance.getFullText();
+
+        std::uint32_t const uFlags(sleRippleState->getFieldU32(sfFlags));
+        bool bDelete = false;
+
+        // FIXME This NEEDS to be cleaned up and simplified. It's impossible
+        //       for anyone to understand.
+        if (saBefore > beast::zero
+            // Sender balance was positive.
+            && saBalance <= beast::zero
+            // Sender is zero or negative.
+            && (uFlags & (!bSenderHigh ? lsfLowReserve : lsfHighReserve))
+            // Sender reserve is set.
+            && static_cast<bool>(uFlags & (!bSenderHigh ? lsfLowNoRipple : lsfHighNoRipple)) !=
+                static_cast<bool>(
+                    view.read(keylet::account(uSenderID))->getFlags() & lsfDefaultRipple) &&
+            !(uFlags & (!bSenderHigh ? lsfLowFreeze : lsfHighFreeze)) &&
+            !sleRippleState->getFieldAmount(!bSenderHigh ? sfLowLimit : sfHighLimit)
+            // Sender trust limit is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityIn : sfHighQualityIn)
+            // Sender quality in is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityOut : sfHighQualityOut))
+        // Sender quality out is 0.
+        {
+            // Clear the reserve of the sender, possibly delete the line!
+            adjustOwnerCount(view, view.peek(keylet::account(uSenderID)), -1, j);
+
+            // Clear reserve flag.
+            sleRippleState->setFieldU32(
+                sfFlags, uFlags & (!bSenderHigh ? ~lsfLowReserve : ~lsfHighReserve));
+
+            // Balance is zero, receiver reserve is clear.
+            bDelete = !saBalance  // Balance is zero.
+                && !(uFlags & (bSenderHigh ? lsfLowReserve : lsfHighReserve));
+            // Receiver reserve is clear.
+        }
+
+        if (bSenderHigh)
+            saBalance.negate();
+
+        // Want to reflect balance to zero even if we are deleting line.
+        sleRippleState->setFieldAmount(sfBalance, saBalance);
+        // ONLY: Adjust ripple balance.
+
+        if (bDelete)
+        {
+            return trustDelete(
+                view,
+                sleRippleState,
+                bSenderHigh ? uReceiverID : uSenderID,
+                !bSenderHigh ? uReceiverID : uSenderID,
+                j);
+        }
+
+        view.update(sleRippleState);
+        return tesSUCCESS;
+    }
+
+    STAmount const saReceiverLimit(Issue{currency, uReceiverID});
+    STAmount saBalance{saAmount};
+
+    saBalance.setIssuer(noAccount());
+
+    JLOG(j.debug()) << "rippleCreditIOU: "
+                       "create line: "
+                    << to_string(uSenderID) << " -> " << to_string(uReceiverID) << " : "
+                    << saAmount.getFullText();
+
+    auto const sleAccount = view.peek(keylet::account(uReceiverID));
+    if (!sleAccount)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    bool const noRipple = (sleAccount->getFlags() & lsfDefaultRipple) == 0;
+
+    return trustCreate(
+        view,
+        bSenderHigh,
+        uSenderID,
+        uReceiverID,
+        index.key,
+        sleAccount,
+        false,
+        noRipple,
+        false,
+        false,
+        saBalance,
+        saReceiverLimit,
+        0,
+        0,
+        j);
+}
+
+// Send regardless of limits.
+// --> saAmount: Amount/currency/issuer to deliver to receiver.
+// <-- saActual: Amount actually cost.  Sender pays fees.
+static TER
+rippleSendIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const& issuer = saAmount.getIssuer();
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && !isXRP(uReceiverID),
+        "xrpl::rippleSendIOU : neither sender nor receiver is XRP");
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendIOU : sender is not receiver");
+
+    if (uSenderID == issuer || uReceiverID == issuer || issuer == noAccount())
+    {
+        // Direct send: redeeming IOUs and/or sending own IOUs.
+        auto const ter = rippleCreditIOU(view, uSenderID, uReceiverID, saAmount, false, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party IOUs: transit.
+
+    // Calculate the amount to transfer accounting
+    // for any transfer fees if the fee is not waived:
+    saActual = (waiveFee == WaiveTransferFee::Yes) ? saAmount
+                                                   : multiply(saAmount, transferRate(view, issuer));
+
+    JLOG(j.debug()) << "rippleSendIOU> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    TER terResult = rippleCreditIOU(view, issuer, uReceiverID, saAmount, true, j);
+
+    if (tesSUCCESS == terResult)
+        terResult = rippleCreditIOU(view, uSenderID, issuer, saActual, true, j);
+
+    return terResult;
+}
+
+template <class TAsset>
+static TER
+doSendMulti(
+    std::string const& name,
+    ApplyView& view,
+    AccountID const& senderID,
+    TAsset const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee,
+    // Don't pass back parameters that the caller already has
+    std::function<
+        TER(AccountID const& senderID,
+            AccountID const& receiverID,
+            STAmount const& amount,
+            bool checkIssuer)> doCredit,
+    std::function<
+        TER(AccountID const& issuer, STAmount const& takeFromSender, STAmount const& amount)>
+        preMint = {})
+{
+    // Use the same pattern for all the SendMulti functions to help avoid
+    // divergence and copy/paste errors.
+    auto const& issuer = issue.getIssuer();
+
+    // These values may not stay in sync
+    STAmount takeFromSender{issue};
+    actual = takeFromSender;
+
+    // Failures return immediately.
+    for (auto const& r : receivers)
+    {
+        auto const& receiverID = r.first;
+        STAmount amount{issue, r.second};
+
+        if (amount < beast::zero)
+        {
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+        }
+
+        /* If we aren't sending anything or if the sender is the same as the
+         * receiver then we don't need to do anything.
+         */
+        if (!amount || (senderID == receiverID))
+            continue;
+
+        using namespace std::string_literals;
+        XRPL_ASSERT(!isXRP(receiverID), ("xrpl::"s + name + " : receiver is not XRP").c_str());
+
+        if (senderID == issuer || receiverID == issuer || issuer == noAccount())
+        {
+            if (preMint)
+            {
+                if (auto const ter = preMint(issuer, takeFromSender, amount))
+                    return ter;
+            }
+            // Direct send: redeeming IOUs and/or sending own IOUs.
+            if (auto const ter = doCredit(senderID, receiverID, amount, false))
+                return ter;
+            actual += amount;
+            // Do not add amount to takeFromSender, because doCredit took
+            // it.
+
+            continue;
+        }
+
+        // Sending 3rd party: transit.
+
+        // Calculate the amount to transfer accounting
+        // for any transfer fees if the fee is not waived:
+        STAmount actualSend = (waiveFee == WaiveTransferFee::Yes || issue.native())
+            ? amount
+            : multiply(amount, transferRate(view, amount));
+        actual += actualSend;
+        takeFromSender += actualSend;
+
+        JLOG(j.debug()) << name << "> " << to_string(senderID) << " - > " << to_string(receiverID)
+                        << " : deliver=" << amount.getFullText()
+                        << " cost=" << actualSend.getFullText();
+
+        if (TER const terResult = doCredit(issuer, receiverID, amount, true))
+            return terResult;
+    }
+
+    if (senderID != issuer && takeFromSender)
+    {
+        if (TER const terResult = doCredit(senderID, issuer, takeFromSender, true))
+            return terResult;
+    }
+
+    return tesSUCCESS;
+}
+
+// Send regardless of limits.
+// --> receivers: Amount/currency/issuer to deliver to receivers.
+// <-- saActual: Amount actually cost to sender.  Sender pays fees.
+static TER
+rippleSendMultiIOU(
+    ApplyView& view,
+    AccountID const& senderID,
+    Issue const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(!isXRP(senderID), "xrpl::rippleSendMultiIOU : sender is not XRP");
+
+    auto doCredit = [&view, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool checkIssuer) {
+        return rippleCreditIOU(view, senderID, receiverID, amount, checkIssuer, j);
+    };
+
+    return doSendMulti(
+        "rippleSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+}
+
+static TER
+rippleCreditMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    beast::Journal j)
+{
+    // Do not check MPT authorization here - it must have been checked earlier
+    auto const mptID = keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID());
+    auto const& issuer = saAmount.getIssuer();
+    auto sleIssuance = view.peek(mptID);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+    if (uSenderID == issuer)
+    {
+        (*sleIssuance)[sfOutstandingAmount] += saAmount.mpt().value();
+        view.update(sleIssuance);
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uSenderID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            auto const amt = sle->getFieldU64(sfMPTAmount);
+            auto const pay = saAmount.mpt().value();
+            if (amt < pay)
+                return tecINSUFFICIENT_FUNDS;
+            (*sle)[sfMPTAmount] = amt - pay;
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    if (uReceiverID == issuer)
+    {
+        auto const outstanding = sleIssuance->getFieldU64(sfOutstandingAmount);
+        auto const redeem = saAmount.mpt().value();
+        if (outstanding >= redeem)
+        {
+            sleIssuance->setFieldU64(sfOutstandingAmount, outstanding - redeem);
+            view.update(sleIssuance);
+        }
+        else
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uReceiverID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            (*sle)[sfMPTAmount] += saAmount.mpt().value();
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    return tesSUCCESS;
+}
+
+static TER
+rippleSendMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendMPT : sender is not receiver");
+
+    // Safe to get MPT since rippleSendMPT is only called by accountSendMPT
+    auto const& issuer = saAmount.getIssuer();
+
+    auto const sle = view.read(keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    if (uSenderID == issuer || uReceiverID == issuer)
+    {
+        // if sender is issuer, check that the new OutstandingAmount will not
+        // exceed MaximumAmount
+        if (uSenderID == issuer)
+        {
+            auto const sendAmount = saAmount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        // Direct send: redeeming MPTs and/or sending own MPTs.
+        auto const ter = rippleCreditMPT(view, uSenderID, uReceiverID, saAmount, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party MPTs: transit.
+    saActual = (waiveFee == WaiveTransferFee::Yes)
+        ? saAmount
+        : multiply(saAmount, transferRate(view, saAmount.get<MPTIssue>().getMptID()));
+
+    JLOG(j.debug()) << "rippleSendMPT> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    if (auto const terResult = rippleCreditMPT(view, issuer, uReceiverID, saAmount, j);
+        terResult != tesSUCCESS)
+        return terResult;
+
+    return rippleCreditMPT(view, uSenderID, issuer, saActual, j);
+}
+
+static TER
+rippleSendMultiMPT(
+    ApplyView& view,
+    AccountID const& senderID,
+    MPTIssue const& mptIssue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const sle = view.read(keylet::mptIssuance(mptIssue.getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    auto preMint = [&](AccountID const& issuer,
+                       STAmount const& takeFromSender,
+                       STAmount const& amount) -> TER {
+        // if sender is issuer, check that the new OutstandingAmount will
+        // not exceed MaximumAmount
+        if (senderID == issuer)
+        {
+            XRPL_ASSERT_PARTS(
+                takeFromSender == beast::zero,
+                "rippler::rippleSendMultiMPT",
+                "sender == issuer, takeFromSender == zero");
+            auto const sendAmount = amount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        return tesSUCCESS;
+    };
+    auto doCredit =
+        [&view, j](
+            AccountID const& senderID, AccountID const& receiverID, STAmount const& amount, bool) {
+            return rippleCreditMPT(view, senderID, receiverID, amount, j);
+        };
+
+    return doSendMulti(
+        "rippleSendMultiMPT",
+        view,
+        senderID,
+        mptIssue,
+        receivers,
+        actual,
+        j,
+        waiveFee,
+        doCredit,
+        preMint);
+}
+
 TER
 cleanupOnAccountDelete(
     ApplyView& view,

src/libxrpl/ledger/helpers/OfferHelpers.cpp

@@ -21,7 +21,7 @@ offerDelete(ApplyView& view, std::shared_ptr<SLE> const& sle, beast::Journal j)
     if (!sle)
         return tesSUCCESS;
     auto offerIndex = sle->key();
-    auto owner = sle->getAccountID(sfAccount);
+    auto const owner = sle->getAccountID(sfAccount);
 
     // Detect legacy directories.
     uint256 const uDirectory = sle->getFieldH256(sfBookDirectory);

src/libxrpl/ledger/helpers/RippleStateHelpers.cpp

@@ -579,7 +579,7 @@ requireAuth(ReadView const& view, Issue const& issue, AccountID const& account,
     return tesSUCCESS;
 }
 
-TER
+[[nodiscard]] TER
 canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, AccountID const& to)
 {
     if (issue.native())
@@ -617,7 +617,7 @@ canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, Acc
 //
 //------------------------------------------------------------------------------
 
-TER
+[[nodiscard]] TER
 addEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,
@@ -671,7 +671,7 @@ addEmptyHolding(
         journal);
 }
 
-TER
+[[nodiscard]] TER
 removeEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,

src/libxrpl/ledger/helpers/TokenHelpers.cpp

@@ -938,6 +938,85 @@ accountSendMultiIOU(
                << receivers.size() << " receivers.";
     }
 
+    auto doCredit = [&view, &sender, &receivers, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool /*checkIssuer*/) -> TER {
+        if (!senderID)
+        {
+            SLE::pointer receiver =
+                receiverID != beast::zero ? view.peek(keylet::account(receiverID)) : SLE::pointer();
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU> " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+
+            if (receiver)
+            {
+                // Increment XRP balance.
+                auto const rcvBal = receiver->getFieldAmount(sfBalance);
+                receiver->setFieldAmount(sfBalance, rcvBal + amount);
+                view.creditHook(xrpAccount(), receiverID, amount, -rcvBal);
+
+                view.update(receiver);
+            }
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU< " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+            return tesSUCCESS;
+        }
+        // Sender
+        if (sender)
+        {
+            if (sender->getFieldAmount(sfBalance) < amount)
+            {
+                return TER{tecFAILED_PROCESSING};
+            }
+            else
+            {
+                auto const sndBal = sender->getFieldAmount(sfBalance);
+                view.creditHook(senderID, xrpAccount(), amount, sndBal);
+
+                // Decrement XRP balance.
+                sender->setFieldAmount(sfBalance, sndBal - amount);
+                view.update(sender);
+            }
+        }
+
+        if (auto stream = j.trace())
+        {
+            std::string sender_bal("-");
+
+            if (sender)
+                sender_bal = sender->getFieldAmount(sfBalance).getFullText();
+
+            stream << "accountSendMultiIOU< " << to_string(senderID) << " (" << sender_bal
+                   << ") -> " << receivers.size() << " receivers.";
+        }
+
+        return tesSUCCESS;
+    };
+    return doSendMulti(
+        "accountSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+
     // Failures return immediately.
     STAmount takeFromSender{issue};
     for (auto const& r : receivers)

src/test/app/AMM_test.cpp

@@ -8,7 +8,6 @@
 #include <test/jtx/escrow.h>
 #include <test/jtx/fee.h>
 #include <test/jtx/flags.h>
-#include <test/jtx/mpt.h>
 #include <test/jtx/offer.h>
 #include <test/jtx/paths.h>
 #include <test/jtx/pay.h>
@@ -20,7 +19,6 @@
 #include <test/jtx/ter.h>
 #include <test/jtx/trust.h>
 #include <test/jtx/txflags.h>
-#include <test/jtx/vault.h>
 
 #include <xrpl/basics/Number.h>
 #include <xrpl/basics/base_uint.h>
@@ -37,7 +35,6 @@
 #include <xrpl/protocol/Indexes.h>
 #include <xrpl/protocol/Issue.h>
 #include <xrpl/protocol/LedgerFormats.h>
-#include <xrpl/protocol/MPTIssue.h>
 #include <xrpl/protocol/Protocol.h>
 #include <xrpl/protocol/Quality.h>
 #include <xrpl/protocol/Rules.h>
@@ -7063,200 +7060,10 @@ private:
             {all});
     }
 
-    // Create a single-asset vault, deposit assets so the depositor receives
-    // shares (an MPT issued by the vault pseudo-account), then pair those
-    // shares with XRP in an AMM. Finally do a single-asset deposit of more
-    // shares into the AMM.
-    void
-    testVaultSharesAMM()
-    {
-        testcase("Vault Shares paired with XRP in AMM");
-
-        using namespace jtx;
-
-        // Vaults rely on featureSingleAssetVault (which the AMM_test class
-        // strips by default). MPT-AMM pairs require featureMPTokensV2.
-        FeatureBitset const features{
-            jtx::testable_amendments() | featureSingleAssetVault | featureMPTokensV2};
-
-        Env env{*this, features};
-
-        Account const owner{"vaultOwner"};
-        env.fund(XRP(1'000'000), owner);
-        env.close();
-
-        // Use XRP as the vault asset for simplicity.
-        PrettyAsset const asset{xrpIssue(), 1'000'000};
-
-        Vault const vault{env};
-        auto [vaultTx, vaultKeylet] = vault.create({.owner = owner, .asset = asset});
-        env(vaultTx);
-        env.close();
-        if (!BEAST_EXPECT(env.le(vaultKeylet)))
-            return;
-
-        // Deposit 10,000 XRP into the vault. Owner receives shares (MPT)
-        // issued by the vault's pseudo-account.
-        env(vault.deposit(
-            {.depositor = owner, .id = vaultKeylet.key, .amount = asset(10'000).value()}));
-        env.close();
-
-        auto const vaultSle = env.le(vaultKeylet);
-        if (!BEAST_EXPECT(vaultSle))
-            return;
-        MPTID const shareMptID = vaultSle->at(sfShareMPTID);
-        MPTIssue const shareIssue{shareMptID};
-        // The share MPT is issued by the vault's pseudo-account. Memoize so
-        // env.balance() can format share amounts.
-        env.memoize(Account{"vaultPseudo", vaultSle->at(sfAccount)});
-
-        // XRP vaults use scale=6, so a 10,000 XRP deposit yields
-        // 10,000 * 1e6 = 10^10 share units (raw MPT amount).
-        STAmount const sharesHeld = env.balance(owner, shareIssue);
-        BEAST_EXPECT(sharesHeld.mantissa() == 10'000'000'000ull);
-        BEAST_EXPECT(sharesHeld.asset() == shareIssue);
-
-        // Seed the AMM with half the shares + 5,000 XRP.
-        STAmount const halfShares(shareIssue, std::uint64_t{5'000'000'000});
-        AMM ammOwner(env, owner, halfShares, XRP(5'000));
-        BEAST_EXPECT(ammOwner.ammExists());
-
-        // Single-asset deposit: add 2,500,000,000 more shares (a quarter of
-        // the original holding) to the share side of the pool.
-        STAmount const extraShares(shareIssue, std::uint64_t{2'500'000'000});
-        ammOwner.deposit(owner, extraShares);
-
-        // The share-side pool should now equal halfShares + extraShares,
-        // while the XRP-side balance is unchanged at 5,000 XRP.
-        auto const [shareBalance, xrpBalance, lpt] = ammOwner.balances(shareIssue, xrpIssue());
-        BEAST_EXPECT(shareBalance == halfShares + extraShares);
-        BEAST_EXPECT(xrpBalance == XRP(5'000));
-        // Owner now holds the original 10B shares minus what was put into the
-        // AMM (5B seed + 2.5B single-asset deposit) = 2.5B.
-        STAmount const expectedOwnerShares(shareIssue, std::uint64_t{2'500'000'000});
-        BEAST_EXPECT(env.balance(owner, shareIssue) == expectedOwnerShares);
-    }
-
-    // Create a Vault whose underlying asset is a lockable / clawback-able
-    // MPT. Pair the vault shares with XRP in an AMM. Transfer half of the
-    // owner's LP tokens to a second account, then issuer-lock the
-    // underlying MPT, then try to transfer LP tokens / cash out again.
-    //
-    // Locking the underlying MPT cascades up via
-    // `isVaultPseudoAccountFrozen`: the vault-share MPT is treated as
-    // frozen because its underlying is locked. So:
-    //   - LP-token Payment after lock fails (`tecPATH_DRY`).
-    //   - AMM withdrawal of LP tokens fails (`tecFROZEN`).
-    // The LP tokens are effectively stuck for as long as the underlying
-    // MPT remains locked.
-    void
-    testLockedVaultMPTCashOut()
-    {
-        testcase("Cash out LP Tokens after vault MPT locked");
-
-        using namespace jtx;
-
-        FeatureBitset const features{
-            jtx::testable_amendments() | featureSingleAssetVault | featureMPTokensV2};
-
-        Env env{*this, features};
-
-        Account const issuer{"issuer"};
-        Account const owner{"vaultOwner"};
-        Account const trader{"trader"};
-
-        env.fund(XRP(1'000'000), issuer, owner, trader);
-        env.close();
-
-        // Underlying MPT supports lock + clawback. MPTDEXFlags adds
-        // CanTransfer + CanTrade so the vault and AMM can route it.
-        MPTTester mpt(
-            {.env = env,
-             .issuer = issuer,
-             .holders = {owner},
-             .pay = 100'000,
-             .flags = tfMPTCanLock | tfMPTCanClawback | MPTDEXFlags});
-        PrettyAsset const asset = MPT(mpt);
-
-        // Create the vault.
-        Vault const vault{env};
-        auto [vaultTx, vaultKeylet] = vault.create({.owner = owner, .asset = asset});
-        env(vaultTx);
-        env.close();
-        if (!BEAST_EXPECT(env.le(vaultKeylet)))
-            return;
-
-        // Deposit 50,000 of the underlying MPT.
-        env(vault.deposit(
-            {.depositor = owner, .id = vaultKeylet.key, .amount = asset(50'000).value()}));
-        env.close();
-
-        auto const vaultSle = env.le(vaultKeylet);
-        if (!BEAST_EXPECT(vaultSle))
-            return;
-        MPTID const shareMptID = vaultSle->at(sfShareMPTID);
-        MPTIssue const shareIssue{shareMptID};
-        env.memoize(Account{"vaultPseudo", vaultSle->at(sfAccount)});
-
-        // MPT vaults use scale=0, so 50,000 deposit -> 50,000 share units.
-        STAmount const sharesHeld = env.balance(owner, shareIssue);
-        BEAST_EXPECT(sharesHeld.mantissa() == 50'000);
-
-        // Create the AMM: 25,000 vault shares + 1,000 XRP.
-        STAmount const seedShares(shareIssue, std::uint64_t{25'000});
-        AMM ammOwner(env, owner, seedShares, XRP(1'000));
-        BEAST_EXPECT(ammOwner.ammExists());
-
-        // The AMM pseudo-account issues the LP tokens; memoize so
-        // env.balance() can format LP-token amounts.
-        env.memoize(Account{"ammPseudo", ammOwner.ammAccount()});
-
-        // Owner's LP token balance after AMM creation.
-        auto const lptIssue = ammOwner.lptIssue();
-        STAmount const lptOwner0 = env.balance(owner, lptIssue);
-        STAmount const lptZero(lptIssue, std::uint32_t{0});
-        BEAST_EXPECT(lptOwner0 != lptZero);
-
-        // Trader needs a trust line to receive LP tokens.
-        STAmount const lptTrustLimit(lptIssue, std::uint64_t{1'000'000'000});
-        env(trust(trader, lptTrustLimit));
-        env.close();
-
-        // Step 1: transfer half the LP tokens from owner -> trader.
-        STAmount const halfLpt(lptIssue, lptOwner0.mantissa() / 2, lptOwner0.exponent());
-        env(pay(owner, trader, halfLpt));
-        env.close();
-        BEAST_EXPECT(env.balance(trader, lptIssue) == halfLpt);
-
-        // Step 2: issuer locks the underlying MPT.
-        mpt.set({.flags = tfMPTLock});
-        env.close();
-
-        // Step 3: transfer LP tokens again. The lock on the underlying MPT
-        // cascades through the vault-share issuance via
-        // isVaultPseudoAccountFrozen, so the AMM-routed Payment fails.
-        STAmount const quarterLpt(lptIssue, lptOwner0.mantissa() / 4, lptOwner0.exponent());
-        env(pay(owner, trader, quarterLpt), ter(tecPATH_DRY));
-        env.close();
-        // Trader's balance is still just the half from before the lock.
-        BEAST_EXPECT(env.balance(trader, lptIssue) == halfLpt);
-
-        // Step 4: try to cash out the LP tokens. The AMM withdrawal must
-        // touch the vault-share side, which is now treated as frozen
-        // because its underlying is locked, so the withdrawal fails.
-        ammOwner.withdrawAll(trader, std::nullopt, ter(tecFROZEN));
-        env.close();
-        // Trader still holds the LP tokens; nothing was redeemed.
-        BEAST_EXPECT(env.balance(trader, lptIssue) == halfLpt);
-        BEAST_EXPECT(env.balance(trader, shareIssue) == STAmount(shareIssue, std::uint64_t{0}));
-    }
-
     void
     run() override
     {
         FeatureBitset const all{testable_amendments()};
-        testVaultSharesAMM();
-        testLockedVaultMPTCashOut();
         testInvalidInstance();
         testInstanceCreate();
         testInvalidDeposit(all);

src/test/app/Vault_test.cpp

@@ -6139,141 +6139,6 @@ class Vault_test : public beast::unit_test::suite
         runTest(amendments);
     }
 
-    // Issuer mutates the underlying MPT's lsfMPTCanTransfer / lsfMPTCanTrade
-    // flags after holders have already deposited into a vault. Demonstrates:
-    //
-    //   - VaultDeposit and VaultWithdraw both go through `canTransfer`,
-    //     so clearing lsfMPTCanTransfer freezes every holder's funds in
-    //     the vault until the issuer re-enables the flag (`tecNO_AUTH`).
-    //
-    //   - The issuer is exempt: `canTransfer` short-circuits when either
-    //     side of the transfer is the issuer, so the issuer can still
-    //     deposit and withdraw.
-    //
-    //   - lsfMPTCanTrade is *not* checked by VaultDeposit/VaultWithdraw at
-    //     all — clearing it has no effect on vault I/O. (It only gates
-    //     DEX/AMM operations via `canTrade`.)
-    void
-    testMutateCanTransferAfterDeposit()
-    {
-        using namespace test::jtx;
-        testcase("MPT vault: clearing CanTransfer/CanTrade after deposit");
-
-        Env env{*this, testable_amendments() | featureSingleAssetVault};
-
-        Account const issuer{"issuer"};
-        Account const alice{"alice"};
-        Account const bob{"bob"};
-
-        env.fund(XRP(1'000), issuer, alice, bob);
-        env.close();
-
-        // MPT is transferable, tradable, lockable, and clawback-capable. Both
-        // CanTransfer and CanTrade are mutable so the issuer can flip them
-        // later via MPTokenIssuanceSet.
-        MPTTester mptt{env, issuer, mptInitNoFund};
-        mptt.create(
-            {.flags = tfMPTCanTransfer | tfMPTCanTrade | tfMPTCanLock | tfMPTCanClawback,
-             .mutableFlags = tmfMPTCanMutateCanTransfer | tmfMPTCanMutateCanTrade});
-        PrettyAsset const asset = mptt.issuanceID();
-
-        mptt.authorize({.account = alice});
-        mptt.authorize({.account = bob});
-        env(pay(issuer, alice, asset(100'000)));
-        env(pay(issuer, bob, asset(100'000)));
-        env.close();
-
-        Vault const vault{env};
-        auto [createTx, vaultKeylet] = vault.create({.owner = alice, .asset = asset});
-        env(createTx);
-        env.close();
-        BEAST_EXPECT(env.le(vaultKeylet));
-
-        // Both holders deposit. Issuer also deposits (issuer can be a
-        // depositor too) so we can later confirm the issuer-exempt path.
-        env(vault.deposit({.depositor = alice, .id = vaultKeylet.key, .amount = asset(50'000)}));
-        env(vault.deposit({.depositor = bob, .id = vaultKeylet.key, .amount = asset(30'000)}));
-        env(vault.deposit({.depositor = issuer, .id = vaultKeylet.key, .amount = asset(20'000)}));
-        env.close();
-
-        // -- 1. Issuer clears lsfMPTCanTransfer ---------------------------
-        mptt.set({.mutableFlags = tmfMPTClearCanTransfer});
-        env.close();
-
-        {
-            auto const sle = env.le(keylet::mptIssuance(asset.raw().get<MPTIssue>().getMptID()));
-            BEAST_EXPECT(sle && !sle->isFlag(lsfMPTCanTransfer));
-            BEAST_EXPECT(sle && sle->isFlag(lsfMPTCanTrade));
-        }
-
-        // 2. Holder deposits and withdrawals are blocked: vault pseudo-
-        //    account is neither sender nor receiver = issuer, so
-        //    canTransfer returns tecNO_AUTH.
-        env(vault.deposit({.depositor = alice, .id = vaultKeylet.key, .amount = asset(1'000)}),
-            ter(tecNO_AUTH));
-        env(vault.withdraw({.depositor = alice, .id = vaultKeylet.key, .amount = asset(1'000)}),
-            ter(tecNO_AUTH));
-        env(vault.withdraw({.depositor = bob, .id = vaultKeylet.key, .amount = asset(1'000)}),
-            ter(tecNO_AUTH));
-        env.close();
-
-        // 3. Issuer-as-depositor is exempt — `canTransfer` short-circuits
-        //    on the issuer side. Both deposit and withdraw succeed.
-        env(vault.deposit({.depositor = issuer, .id = vaultKeylet.key, .amount = asset(5'000)}));
-        env(vault.withdraw({.depositor = issuer, .id = vaultKeylet.key, .amount = asset(5'000)}));
-        env.close();
-
-        // 3b. A holder can also escape by withdrawing *to the issuer* via
-        //     sfDestination. `canTransfer`'s issuer short-circuit fires on
-        //     `to == issuer`, so the withdrawal succeeds even though
-        //     CanTransfer is cleared. The holder's shares are burned and
-        //     the underlying MPT lands at the issuer (presumably part of
-        //     an off-ledger redemption arrangement).
-        auto const aliceMptBefore = env.balance(alice, asset);
-        auto withdrawToIssuer =
-            vault.withdraw({.depositor = alice, .id = vaultKeylet.key, .amount = asset(2'000)});
-        withdrawToIssuer[sfDestination] = issuer.human();
-        env(withdrawToIssuer);
-        env.close();
-        // Alice's MPT balance is unchanged — the asset went to the issuer,
-        // not back to her — but her share holding was burned.
-        BEAST_EXPECT(env.balance(alice, asset) == aliceMptBefore);
-
-        // -- 4. Also clear lsfMPTCanTrade. Vault paths don't consult
-        //       CanTrade, so this changes nothing for vault I/O. ----------
-        mptt.set({.mutableFlags = tmfMPTClearCanTrade});
-        env.close();
-
-        {
-            auto const sle = env.le(keylet::mptIssuance(asset.raw().get<MPTIssue>().getMptID()));
-            BEAST_EXPECT(sle && !sle->isFlag(lsfMPTCanTrade));
-        }
-
-        // Holder ops still fail the same way (CanTransfer-driven), and the
-        // issuer is still exempt.
-        env(vault.withdraw({.depositor = alice, .id = vaultKeylet.key, .amount = asset(1'000)}),
-            ter(tecNO_AUTH));
-        env(vault.deposit({.depositor = issuer, .id = vaultKeylet.key, .amount = asset(1'000)}));
-        env.close();
-
-        // -- 5. Re-enable CanTransfer; leave CanTrade cleared. ------------
-        mptt.set({.mutableFlags = tmfMPTSetCanTransfer});
-        env.close();
-
-        // Holders can now withdraw all their stake — confirms CanTrade is
-        // not consulted by the vault transactors. Alice already redeemed
-        // 2,000 to the issuer, so only 48,000 remains for her.
-        env(vault.withdraw({.depositor = alice, .id = vaultKeylet.key, .amount = asset(48'000)}));
-        env(vault.withdraw({.depositor = bob, .id = vaultKeylet.key, .amount = asset(30'000)}));
-        env.close();
-
-        {
-            auto const sle = env.le(keylet::mptIssuance(asset.raw().get<MPTIssue>().getMptID()));
-            BEAST_EXPECT(sle && sle->isFlag(lsfMPTCanTransfer));
-            BEAST_EXPECT(sle && !sle->isFlag(lsfMPTCanTrade));
-        }
-    }
-
 public:
     void
     run() override
@@ -6297,7 +6162,6 @@ public:
         testAssetsMaximum();
         testBug6_LimitBypassWithShares();
         testRemoveEmptyHoldingLockedAmount();
-        testMutateCanTransferAfterDeposit();
     }
 };