Merge branch 'develop' into vlntb/refactore-barrier-semaphore

Due to rounding, the LPTokenBalance of the last LP might not match the LP's trustline balance. This was fixed for `AMMWithdraw` in `fixAMMv1_1` by adjusting the LPTokenBalance to be the same as the trustline balance. Since `AMMClawback` is also performing a withdrawal, we need to adjust LPTokenBalance as well in `AMMClawback.`

This change includes:
1. Refactored `verifyAndAdjustLPTokenBalance` function in `AMMUtils`, which both`AMMWithdraw` and `AMMClawback` call to adjust LPTokenBalance.
2. Added the unit test `testLastHolderLPTokenBalance` to test the scenario.
3. Modify the existing unit tests for `fixAMMClawbackRounding`.

.codecov.yml

@@ -7,13 +7,13 @@ comment:
   show_carryforward_flags: false
 
 coverage:
-  range: "60..80"
+  range: "70..85"
   precision: 1
   round: nearest
   status:
     project:
       default:
-        target: 60%
+        target: 75%
         threshold: 2%
     patch:
       default:

.github/workflows/doxygen.yml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  job:
+  documentation:
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/libxrpl.yml

@@ -1,6 +1,6 @@
 name: Check libXRPL compatibility with Clio
 env:
-  CONAN_URL: http://18.143.149.228:8081/artifactory/api/conan/conan-non-prod
+  CONAN_URL: http://18.143.149.228:8081/artifactory/api/conan/dev
   CONAN_LOGIN_USERNAME_RIPPLE: ${{ secrets.CONAN_USERNAME }}
   CONAN_PASSWORD_RIPPLE: ${{ secrets.CONAN_TOKEN }}
 on:

.github/workflows/macos.yml

@@ -96,4 +96,7 @@ jobs:
         run: |
           n=$(nproc)
           echo "Using $n test jobs"
-          ${build_dir}/rippled --unittest --unittest-jobs $n
+
+          cd ${build_dir}
+          ./rippled --unittest --unittest-jobs $n
+          ctest -j $n --output-on-failure

.github/workflows/nix.yml

@@ -163,7 +163,9 @@ jobs:
           cmake-args: "-Dassert=TRUE -Dwerr=TRUE ${{ matrix.cmake-args }}"
       - name: test
         run: |
-          ${build_dir}/rippled --unittest --unittest-jobs $(nproc)
+          cd ${build_dir}
+          ./rippled --unittest --unittest-jobs $(nproc)
+          ctest -j $(nproc) --output-on-failure
 
   reference-fee-test:
     strategy:
@@ -217,8 +219,9 @@ jobs:
           cmake-args: "-Dassert=TRUE -Dwerr=TRUE ${{ matrix.cmake-args }}"
       - name: test
         run: |
-          ${build_dir}/rippled --unittest --unittest-jobs $(nproc)
-
+          cd ${build_dir}
+          ./rippled --unittest --unittest-jobs $(nproc)
+          ctest -j $(nproc) --output-on-failure
   coverage:
     strategy:
       fail-fast: false
@@ -441,3 +444,4 @@ jobs:
           run: |
             cd ${BUILD_DIR}
             ./rippled -u --unittest-jobs $(( $(nproc)/4 ))
+            ctest -j $(nproc) --output-on-failure

.github/workflows/windows.yml

@@ -95,5 +95,6 @@ jobs:
         shell: bash
         if: ${{ matrix.configuration.tests }}
         run: |
-          ${build_dir}/${{ matrix.configuration.type }}/rippled --unittest \
-              --unittest-jobs $(nproc)
+          cd ${build_dir}/${{ matrix.configuration.type }}
+          ./rippled --unittest --unittest-jobs $(nproc)
+          ctest -j $(nproc) --output-on-failure

BUILD.md

@@ -288,7 +288,7 @@ It fixes some source files to add missing `#include`s.
    Single-config generators:
 
    ```
-   cmake --build .
+   cmake --build . -j $(nproc)
    ```
 
    Multi-config generators:

Builds/levelization/results/ordering.txt

@@ -132,6 +132,7 @@ test.shamap > xrpl.protocol
 test.toplevel > test.csf
 test.toplevel > xrpl.json
 test.unit_test > xrpl.basics
+tests.libxrpl > xrpl.basics
 xrpl.json > xrpl.basics
 xrpl.protocol > xrpl.basics
 xrpl.protocol > xrpl.json

CMakeLists.txt

@@ -90,6 +90,11 @@ set_target_properties(OpenSSL::SSL PROPERTIES
   INTERFACE_COMPILE_DEFINITIONS OPENSSL_NO_SSL2
 )
 set(SECP256K1_INSTALL TRUE)
+set(SECP256K1_BUILD_BENCHMARK FALSE)
+set(SECP256K1_BUILD_TESTS FALSE)
+set(SECP256K1_BUILD_EXHAUSTIVE_TESTS FALSE)
+set(SECP256K1_BUILD_CTIME_TESTS FALSE)
+set(SECP256K1_BUILD_EXAMPLES FALSE)
 add_subdirectory(external/secp256k1)
 add_library(secp256k1::secp256k1 ALIAS secp256k1)
 add_subdirectory(external/ed25519-donna)
@@ -144,3 +149,8 @@ set(PROJECT_EXPORT_SET RippleExports)
 include(RippledCore)
 include(RippledInstall)
 include(RippledValidatorKeys)
+
+if(tests)
+  include(CTest)
+  add_subdirectory(src/tests/libxrpl)
+endif()

README.md

@@ -1,3 +1,5 @@
+[![codecov](https://codecov.io/gh/XRPLF/rippled/graph/badge.svg?token=WyFr5ajq3O)](https://codecov.io/gh/XRPLF/rippled)
+
 # The XRP Ledger
 
 The [XRP Ledger](https://xrpl.org/) is a decentralized cryptographic ledger powered by a network of peer-to-peer nodes. The XRP Ledger uses a novel Byzantine Fault Tolerant consensus algorithm to settle and record transactions in a secure distributed database without a central operator.

SECURITY.md

@@ -83,7 +83,7 @@ To report a qualifying bug, please send a detailed report to:
 |Long Key ID  | `0xCD49A0AFC57929BE`                                |
 |Fingerprint  | `24E6 3B02 37E0 FA9C 5E96 8974 CD49 A0AF C579 29BE` |
 
-The full PGP key for this address, which is also available on several key servers (e.g. on [keys.gnupg.net](https://keys.gnupg.net)), is: 
+The full PGP key for this address, which is also available on several key servers (e.g. on [keyserver.ubuntu.com](https://keyserver.ubuntu.com)), is: 
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBFUwGHYBEAC0wpGpBPkd8W1UdQjg9+cEFzeIEJRaoZoeuJD8mofwI5Ejnjdt

cmake/RippledDocs.cmake

@@ -53,9 +53,9 @@ set(download_script "${CMAKE_BINARY_DIR}/docs/download-cppreference.cmake")
 file(WRITE
   "${download_script}"
   "file(DOWNLOAD \
-    http://upload.cppreference.com/mwiki/images/b/b2/html_book_20190607.zip \
+    https://github.com/PeterFeicht/cppreference-doc/releases/download/v20250209/html-book-20250209.zip \
     ${CMAKE_BINARY_DIR}/docs/cppreference.zip \
-    EXPECTED_HASH MD5=82b3a612d7d35a83e3cb1195a63689ab \
+    EXPECTED_HASH MD5=bda585f72fbca4b817b29a3d5746567b \
   )\n \
   execute_process( \
     COMMAND \"${CMAKE_COMMAND}\" -E tar -xf cppreference.zip \

cmake/RippledSanity.cmake

@@ -2,16 +2,6 @@
    convenience variables and sanity checks
 #]===================================================================]
 
-include(ProcessorCount)
-
-if (NOT ep_procs)
-  ProcessorCount(ep_procs)
-  if (ep_procs GREATER 1)
-    # never use more than half of cores for EP builds
-    math (EXPR ep_procs "${ep_procs} / 2")
-    message (STATUS "Using ${ep_procs} cores for ExternalProject builds.")
-  endif ()
-endif ()
 get_property(is_multiconfig GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
 
 set (CMAKE_CONFIGURATION_TYPES "Debug;Release" CACHE STRING "" FORCE)

cmake/RippledSettings.cmake

@@ -18,7 +18,7 @@ if(tests)
   endif()
 endif()
 
-option(unity "Creates a build using UNITY support in cmake. This is the default" ON)
+option(unity "Creates a build using UNITY support in cmake." OFF)
 if(unity)
   if(NOT is_ci)
     set(CMAKE_UNITY_BUILD_BATCH_SIZE 15 CACHE STRING "")

cmake/deps/Boost.cmake

@@ -2,7 +2,6 @@ find_package(Boost 1.82 REQUIRED
   COMPONENTS
     chrono
     container
-    context
     coroutine
     date_time
     filesystem
@@ -24,7 +23,7 @@ endif()
 
 target_link_libraries(ripple_boost
   INTERFACE
-    Boost::boost
+    Boost::headers
     Boost::chrono
     Boost::container
     Boost::coroutine

cmake/xrpl_add_test.cmake

@@ -0,0 +1,41 @@
+include(isolate_headers)
+
+function(xrpl_add_test name)
+  set(target ${PROJECT_NAME}.test.${name})
+
+  file(GLOB_RECURSE sources CONFIGURE_DEPENDS
+  "${CMAKE_CURRENT_SOURCE_DIR}/${name}/*.cpp"
+  "${CMAKE_CURRENT_SOURCE_DIR}/${name}.cpp"
+  )
+  add_executable(${target} EXCLUDE_FROM_ALL ${ARGN} ${sources})
+
+  isolate_headers(
+    ${target}
+    "${CMAKE_SOURCE_DIR}"
+    "${CMAKE_SOURCE_DIR}/tests/${name}"
+    PRIVATE
+  )
+
+  # Make sure the test isn't optimized away in unity builds
+  set_target_properties(${target} PROPERTIES
+    UNITY_BUILD_MODE GROUP
+    UNITY_BUILD_BATCH_SIZE 0)  # Adjust as needed
+
+  add_test(NAME ${target} COMMAND ${target})
+  set_tests_properties(
+    ${target} PROPERTIES
+    FIXTURES_REQUIRED ${target}_fixture
+  )
+
+  add_test(
+    NAME ${target}.build
+    COMMAND
+      ${CMAKE_COMMAND}
+      --build ${CMAKE_BINARY_DIR}
+      --config $<CONFIG>
+      --target ${target}
+  )
+  set_tests_properties(${target}.build PROPERTIES
+    FIXTURES_SETUP ${target}_fixture
+  )
+endfunction()

conanfile.py

@@ -1,4 +1,4 @@
-from conan import ConanFile
+from conan import ConanFile, __version__ as conan_version
 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
 import re
 
@@ -24,13 +24,12 @@ class Xrpl(ConanFile):
     }
 
     requires = [
-        'date/3.0.3',
+        'doctest/2.4.11',
         'grpc/1.50.1',
         'libarchive/3.7.6',
         'nudb/2.0.8',
         'openssl/1.1.1v',
         'soci/4.0.3',
-        'xxhash/0.8.2',
         'zlib/1.3.1',
     ]
 
@@ -99,7 +98,10 @@ class Xrpl(ConanFile):
             self.options['boost'].visibility = 'global'
 
     def requirements(self):
-        self.requires('boost/1.83.0', force=True)
+        # Conan 2 requires transitive headers to be specified
+        transitive_headers_opt = {'transitive_headers': True} if conan_version.split('.')[0] == '2' else {}
+        self.requires('boost/1.83.0', force=True, **transitive_headers_opt)
+        self.requires('date/3.0.3', **transitive_headers_opt)
         self.requires('lz4/1.10.0', force=True)
         self.requires('protobuf/3.21.9', force=True)
         self.requires('sqlite3/3.47.0', force=True)
@@ -107,6 +109,7 @@ class Xrpl(ConanFile):
             self.requires('jemalloc/5.3.0')
         if self.options.rocksdb:
             self.requires('rocksdb/9.7.3')
+        self.requires('xxhash/0.8.2', **transitive_headers_opt)
 
     exports_sources = (
         'CMakeLists.txt',
@@ -161,7 +164,17 @@ class Xrpl(ConanFile):
         # `include/`, not `include/ripple/proto/`.
         libxrpl.includedirs = ['include', 'include/ripple/proto']
         libxrpl.requires = [
-            'boost::boost',
+            'boost::headers',
+            'boost::chrono',
+            'boost::container',
+            'boost::coroutine',
+            'boost::date_time',
+            'boost::filesystem',
+            'boost::json',
+            'boost::program_options',
+            'boost::regex',
+            'boost::system',
+            'boost::thread',
             'date::date',
             'grpc::grpc++',
             'libarchive::libarchive',

docs/build/environment.md

@@ -23,7 +23,7 @@ direction.
 
 ```
 apt update
-apt install --yes curl git libssl-dev python3.10-dev python3-pip make g++-11 libprotobuf-dev protobuf-compiler
+apt install --yes curl git libssl-dev pipx python3.10-dev python3-pip make g++-11 libprotobuf-dev protobuf-compiler
 
 curl --location --remote-name \
   "https://github.com/Kitware/CMake/releases/download/v3.25.1/cmake-3.25.1.tar.gz"
@@ -35,7 +35,8 @@ make --jobs $(nproc)
 make install
 cd ..
 
-pip3 install 'conan<2'
+pipx install 'conan<2'
+pipx ensurepath
 ```
 
 [1]: https://github.com/thejohnfreeman/rippled-docker/blob/master/ubuntu-22.04/install.sh

external/antithesis-sdk/CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.25)
+cmake_minimum_required(VERSION 3.18)
 
 # Note, version set explicitly by rippled project
 project(antithesis-sdk-cpp VERSION 0.4.4 LANGUAGES CXX)

include/xrpl/basics/Buffer.h

@@ -25,6 +25,7 @@
 
 #include <cstdint>
 #include <cstring>
+#include <memory>
 
 namespace ripple {
 

include/xrpl/basics/Expected.h

@@ -22,8 +22,18 @@
 
 #include <xrpl/basics/contract.h>
 
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated"
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
 #include <boost/outcome.hpp>
 
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#endif
+
 #include <stdexcept>
 
 namespace ripple {

include/xrpl/basics/StringUtilities.h

@@ -29,7 +29,6 @@
 #include <array>
 #include <cstdint>
 #include <optional>
-#include <sstream>
 #include <string>
 
 namespace ripple {

include/xrpl/basics/algorithm.h

@@ -20,7 +20,6 @@
 #ifndef RIPPLE_ALGORITHM_H_INCLUDED
 #define RIPPLE_ALGORITHM_H_INCLUDED
 
-#include <iterator>
 #include <utility>
 
 namespace ripple {

include/xrpl/basics/hardened_hash.h

@@ -24,12 +24,8 @@
 #include <xrpl/beast/hash/xxhasher.h>
 
 #include <cstdint>
-#include <functional>
 #include <mutex>
 #include <random>
-#include <type_traits>
-#include <unordered_map>
-#include <unordered_set>
 #include <utility>
 
 namespace ripple {

include/xrpl/basics/mulDiv.h

@@ -23,7 +23,6 @@
 #include <cstdint>
 #include <limits>
 #include <optional>
-#include <utility>
 
 namespace ripple {
 auto constexpr muldiv_max = std::numeric_limits<std::uint64_t>::max();

include/xrpl/basics/tagged_integer.h

@@ -24,10 +24,8 @@
 
 #include <boost/operators.hpp>
 
-#include <functional>
 #include <iostream>
 #include <type_traits>
-#include <utility>
 
 namespace ripple {
 

include/xrpl/beast/clock/abstract_clock.h

@@ -20,9 +20,6 @@
 #ifndef BEAST_CHRONO_ABSTRACT_CLOCK_H_INCLUDED
 #define BEAST_CHRONO_ABSTRACT_CLOCK_H_INCLUDED
 
-#include <chrono>
-#include <string>
-
 namespace beast {
 
 /** Abstract interface to a clock.

include/xrpl/beast/clock/manual_clock.h

@@ -23,6 +23,8 @@
 #include <xrpl/beast/clock/abstract_clock.h>
 #include <xrpl/beast/utility/instrumentation.h>
 
+#include <chrono>
+
 namespace beast {
 
 /** Manual clock implementation.

include/xrpl/beast/container/aged_container_utility.h

@@ -22,6 +22,7 @@
 
 #include <xrpl/beast/container/aged_container.h>
 
+#include <chrono>
 #include <type_traits>
 
 namespace beast {

include/xrpl/beast/container/detail/aged_associative_container.h

@@ -20,8 +20,6 @@
 #ifndef BEAST_CONTAINER_DETAIL_AGED_ASSOCIATIVE_CONTAINER_H_INCLUDED
 #define BEAST_CONTAINER_DETAIL_AGED_ASSOCIATIVE_CONTAINER_H_INCLUDED
 
-#include <type_traits>
-
 namespace beast {
 namespace detail {
 

include/xrpl/beast/container/detail/aged_ordered_container.h

@@ -33,7 +33,6 @@
 #include <algorithm>
 #include <functional>
 #include <initializer_list>
-#include <iterator>
 #include <memory>
 #include <type_traits>
 #include <utility>

include/xrpl/beast/core/LexicalCast.h

@@ -29,11 +29,9 @@
 #include <charconv>
 #include <cstdlib>
 #include <iterator>
-#include <limits>
 #include <string>
 #include <type_traits>
 #include <typeinfo>
-#include <utility>
 
 namespace beast {
 

include/xrpl/beast/hash/hash_append.h

@@ -24,14 +24,36 @@
 #include <boost/container/flat_set.hpp>
 #include <boost/endian/conversion.hpp>
 
+/*
+
+Workaround for overzealous clang warning, which trips on libstdc++ headers
+
+  In file included from
+  /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_algo.h:61:
+  /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_tempbuf.h:263:8:
+  error: 'get_temporary_buffer<std::pair<ripple::Quality, const
+  std::vector<std::unique_ptr<ripple::Step>> *>>' is deprecated
+  [-Werror,-Wdeprecated-declarations] 263 |
+  std::get_temporary_buffer<value_type>(_M_original_len));
+       ^
+*/
+
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated"
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#include <functional>
+
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#endif
+
 #include <array>
 #include <chrono>
-#include <cstdint>
 #include <cstring>
-#include <functional>
-#include <map>
 #include <memory>
-#include <set>
 #include <string>
 #include <system_error>
 #include <tuple>

include/xrpl/beast/hash/uhash.h

@@ -30,7 +30,7 @@ namespace beast {
 template <class Hasher = xxhasher>
 struct uhash
 {
-    explicit uhash() = default;
+    uhash() = default;
 
     using result_type = typename Hasher::result_type;
 

include/xrpl/beast/net/IPAddress.h

@@ -29,11 +29,7 @@
 #include <boost/asio/ip/address.hpp>
 #include <boost/functional/hash.hpp>
 
-#include <cstdint>
-#include <ios>
-#include <sstream>
 #include <string>
-#include <typeinfo>
 
 //------------------------------------------------------------------------------
 

include/xrpl/beast/net/IPAddressV4.h

@@ -24,12 +24,6 @@
 
 #include <boost/asio/ip/address_v4.hpp>
 
-#include <cstdint>
-#include <functional>
-#include <ios>
-#include <string>
-#include <utility>
-
 namespace beast {
 namespace IP {
 

include/xrpl/beast/net/IPAddressV6.h

@@ -24,12 +24,6 @@
 
 #include <boost/asio/ip/address_v6.hpp>
 
-#include <cstdint>
-#include <functional>
-#include <ios>
-#include <string>
-#include <utility>
-
 namespace beast {
 namespace IP {
 

include/xrpl/beast/net/IPEndpoint.h

@@ -25,7 +25,6 @@
 #include <xrpl/beast/net/IPAddress.h>
 
 #include <cstdint>
-#include <ios>
 #include <optional>
 #include <string>
 
@@ -215,7 +214,7 @@ namespace std {
 template <>
 struct hash<::beast::IP::Endpoint>
 {
-    explicit hash() = default;
+    hash() = default;
 
     std::size_t
     operator()(::beast::IP::Endpoint const& endpoint) const
@@ -230,7 +229,7 @@ namespace boost {
 template <>
 struct hash<::beast::IP::Endpoint>
 {
-    explicit hash() = default;
+    hash() = default;
 
     std::size_t
     operator()(::beast::IP::Endpoint const& endpoint) const

include/xrpl/beast/rfc2616.h

@@ -28,10 +28,8 @@
 
 #include <algorithm>
 #include <cctype>
-#include <cstdint>
 #include <iterator>
 #include <string>
-#include <utility>
 #include <vector>
 
 namespace beast {

include/xrpl/beast/test/yield_to.h

@@ -13,7 +13,6 @@
 #include <boost/optional.hpp>
 
 #include <condition_variable>
-#include <functional>
 #include <mutex>
 #include <thread>
 #include <vector>

include/xrpl/beast/unit_test/reporter.h

@@ -16,7 +16,6 @@
 
 #include <algorithm>
 #include <chrono>
-#include <functional>
 #include <iomanip>
 #include <iostream>
 #include <sstream>

include/xrpl/beast/unit_test/runner.h

@@ -13,7 +13,6 @@
 #include <boost/assert.hpp>
 
 #include <mutex>
-#include <ostream>
 #include <string>
 
 namespace beast {

include/xrpl/beast/utility/rngfill.h

@@ -48,8 +48,10 @@ rngfill(void* buffer, std::size_t bytes, Generator& g)
 
 #ifdef __GNUC__
     // gcc 11.1 (falsely) warns about an array-bounds overflow in release mode.
+    // gcc 12.1 (also falsely) warns about an string overflow in release mode.
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Warray-bounds"
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
 #endif
 
     if (bytes > 0)

include/xrpl/json/json_value.h

@@ -26,7 +26,6 @@
 #include <cstring>
 #include <map>
 #include <string>
-#include <utility>
 #include <vector>
 
 /** \brief JSON (JavaScript Object Notation).

include/xrpl/protocol/AccountID.h

@@ -29,7 +29,6 @@
 #include <xrpl/protocol/json_get_or_throw.h>
 
 #include <cstddef>
-#include <mutex>
 #include <optional>
 #include <string>
 
@@ -149,7 +148,7 @@ namespace std {
 template <>
 struct hash<ripple::AccountID> : ripple::AccountID::hasher
 {
-    explicit hash() = default;
+    hash() = default;
 };
 
 }  // namespace std

include/xrpl/protocol/ApiVersion.h

@@ -20,7 +20,6 @@
 #ifndef RIPPLE_PROTOCOL_APIVERSION_H_INCLUDED
 #define RIPPLE_PROTOCOL_APIVERSION_H_INCLUDED
 
-#include <functional>
 #include <type_traits>
 #include <utility>
 

include/xrpl/protocol/Batch.h

@@ -0,0 +1,37 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of rippled: https://github.com/ripple/rippled
+    Copyright (c) 2024 Ripple Labs Inc.
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose  with  or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL ,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#include <xrpl/protocol/HashPrefix.h>
+#include <xrpl/protocol/STVector256.h>
+#include <xrpl/protocol/Serializer.h>
+
+namespace ripple {
+
+inline void
+serializeBatch(
+    Serializer& msg,
+    std::uint32_t const& flags,
+    std::vector<uint256> const& txids)
+{
+    msg.add32(HashPrefix::batch);
+    msg.add32(flags);
+    msg.add32(std::uint32_t(txids.size()));
+    for (auto const& txid : txids)
+        msg.addBitString(txid);
+}
+
+}  // namespace ripple

include/xrpl/protocol/Book.h

@@ -21,6 +21,7 @@
 #define RIPPLE_PROTOCOL_BOOK_H_INCLUDED
 
 #include <xrpl/basics/CountedObject.h>
+#include <xrpl/basics/base_uint.h>
 #include <xrpl/protocol/Issue.h>
 
 #include <boost/utility/base_from_member.hpp>
@@ -36,12 +37,17 @@ class Book final : public CountedObject<Book>
 public:
     Issue in;
     Issue out;
+    std::optional<uint256> domain;
 
     Book()
     {
     }
 
-    Book(Issue const& in_, Issue const& out_) : in(in_), out(out_)
+    Book(
+        Issue const& in_,
+        Issue const& out_,
+        std::optional<uint256> const& domain_)
+        : in(in_), out(out_), domain(domain_)
     {
     }
 };
@@ -61,6 +67,8 @@ hash_append(Hasher& h, Book const& b)
 {
     using beast::hash_append;
     hash_append(h, b.in, b.out);
+    if (b.domain)
+        hash_append(h, *(b.domain));
 }
 
 Book
@@ -71,7 +79,8 @@ reversed(Book const& book);
 [[nodiscard]] inline constexpr bool
 operator==(Book const& lhs, Book const& rhs)
 {
-    return (lhs.in == rhs.in) && (lhs.out == rhs.out);
+    return (lhs.in == rhs.in) && (lhs.out == rhs.out) &&
+        (lhs.domain == rhs.domain);
 }
 /** @} */
 
@@ -82,7 +91,18 @@ operator<=>(Book const& lhs, Book const& rhs)
 {
     if (auto const c{lhs.in <=> rhs.in}; c != 0)
         return c;
-    return lhs.out <=> rhs.out;
+    if (auto const c{lhs.out <=> rhs.out}; c != 0)
+        return c;
+
+    // Manually compare optionals
+    if (lhs.domain && rhs.domain)
+        return *lhs.domain <=> *rhs.domain;  // Compare values if both exist
+    if (!lhs.domain && rhs.domain)
+        return std::weak_ordering::less;  // Empty is considered less
+    if (lhs.domain && !rhs.domain)
+        return std::weak_ordering::greater;  // Non-empty is greater
+
+    return std::weak_ordering::equivalent;  // Both are empty
 }
 /** @} */
 
@@ -104,7 +124,7 @@ private:
         boost::base_from_member<std::hash<ripple::AccountID>, 1>;
 
 public:
-    explicit hash() = default;
+    hash() = default;
 
     using value_type = std::size_t;
     using argument_type = ripple::Issue;
@@ -126,12 +146,14 @@ template <>
 struct hash<ripple::Book>
 {
 private:
-    using hasher = std::hash<ripple::Issue>;
+    using issue_hasher = std::hash<ripple::Issue>;
+    using uint256_hasher = ripple::uint256::hasher;
 
-    hasher m_hasher;
+    issue_hasher m_issue_hasher;
+    uint256_hasher m_uint256_hasher;
 
 public:
-    explicit hash() = default;
+    hash() = default;
 
     using value_type = std::size_t;
     using argument_type = ripple::Book;
@@ -139,8 +161,12 @@ public:
     value_type
     operator()(argument_type const& value) const
     {
-        value_type result(m_hasher(value.in));
-        boost::hash_combine(result, m_hasher(value.out));
+        value_type result(m_issue_hasher(value.in));
+        boost::hash_combine(result, m_issue_hasher(value.out));
+
+        if (value.domain)
+            boost::hash_combine(result, m_uint256_hasher(*value.domain));
+
         return result;
     }
 };
@@ -154,7 +180,7 @@ namespace boost {
 template <>
 struct hash<ripple::Issue> : std::hash<ripple::Issue>
 {
-    explicit hash() = default;
+    hash() = default;
 
     using Base = std::hash<ripple::Issue>;
     // VFALCO NOTE broken in vs2012
@@ -164,7 +190,7 @@ struct hash<ripple::Issue> : std::hash<ripple::Issue>
 template <>
 struct hash<ripple::Book> : std::hash<ripple::Book>
 {
-    explicit hash() = default;
+    hash() = default;
 
     using Base = std::hash<ripple::Book>;
     // VFALCO NOTE broken in vs2012

include/xrpl/protocol/ErrorCodes.h

@@ -154,7 +154,10 @@ enum error_code_i {
     // Simulate
     rpcTX_SIGNED = 96,
 
-    rpcLAST = rpcTX_SIGNED  // rpcLAST should always equal the last code.
+    // Pathfinding
+    rpcDOMAIN_MALFORMED = 97,
+
+    rpcLAST = rpcDOMAIN_MALFORMED  // rpcLAST should always equal the last code.
 };
 
 /** Codes returned in the `warnings` array of certain RPC commands.

include/xrpl/protocol/Feature.h

@@ -24,7 +24,6 @@
 
 #include <boost/container/flat_map.hpp>
 
-#include <array>
 #include <bitset>
 #include <map>
 #include <optional>
@@ -55,6 +54,18 @@
  *    `VoteBehavior::DefaultYes`. The communication process is beyond
  *    the scope of these instructions.
  *
+ * 5) A feature marked as Obsolete can mean either:
+ *    1) It is in the ledger (marked as Supported::yes) and it is on its way to
+ *      become Retired
+ *    2) The feature is not in the ledger (has always been marked as
+ *      Supported::no) and the code to support it has been removed
+ *
+ * If we want to discontinue a feature that we've never fully supported and
+ * the feature has never been enabled, we should remove all the related
+ * code, and mark the feature as "abandoned". To do this:
+ *
+ * 1) Open features.macro, move the feature to the abandoned section and
+ *    change the macro to XRPL_ABANDON
  *
  * When a feature has been enabled for several years, the conditional code
  * may be removed, and the feature "retired". To retire a feature:
@@ -88,10 +99,13 @@ namespace detail {
 #undef XRPL_FIX
 #pragma push_macro("XRPL_RETIRE")
 #undef XRPL_RETIRE
+#pragma push_macro("XRPL_ABANDON")
+#undef XRPL_ABANDON
 
 #define XRPL_FEATURE(name, supported, vote) +1
 #define XRPL_FIX(name, supported, vote) +1
 #define XRPL_RETIRE(name) +1
+#define XRPL_ABANDON(name) +1
 
 // This value SHOULD be equal to the number of amendments registered in
 // Feature.cpp. Because it's only used to reserve storage, and determine how
@@ -108,6 +122,8 @@ static constexpr std::size_t numFeatures =
 #pragma pop_macro("XRPL_FIX")
 #undef XRPL_FEATURE
 #pragma pop_macro("XRPL_FEATURE")
+#undef XRPL_ABANDON
+#pragma pop_macro("XRPL_ABANDON")
 
 /** Amendments that this server supports and the default voting behavior.
    Whether they are enabled depends on the Rules defined in the validated
@@ -349,10 +365,13 @@ foreachFeature(FeatureBitset bs, F&& f)
 #undef XRPL_FIX
 #pragma push_macro("XRPL_RETIRE")
 #undef XRPL_RETIRE
+#pragma push_macro("XRPL_ABANDON")
+#undef XRPL_ABANDON
 
 #define XRPL_FEATURE(name, supported, vote) extern uint256 const feature##name;
 #define XRPL_FIX(name, supported, vote) extern uint256 const fix##name;
 #define XRPL_RETIRE(name)
+#define XRPL_ABANDON(name)
 
 #include <xrpl/protocol/detail/features.macro>
 
@@ -362,6 +381,8 @@ foreachFeature(FeatureBitset bs, F&& f)
 #pragma pop_macro("XRPL_FIX")
 #undef XRPL_FEATURE
 #pragma pop_macro("XRPL_FEATURE")
+#undef XRPL_ABANDON
+#pragma pop_macro("XRPL_ABANDON")
 
 }  // namespace ripple
 

include/xrpl/protocol/FeeUnits.h

@@ -27,14 +27,9 @@
 #include <boost/multiprecision/cpp_int.hpp>
 #include <boost/operators.hpp>
 
-#include <cmath>
-#include <ios>
 #include <iosfwd>
 #include <limits>
 #include <optional>
-#include <sstream>
-#include <string>
-#include <utility>
 
 namespace ripple {
 

include/xrpl/protocol/HashPrefix.h

@@ -88,6 +88,9 @@ enum class HashPrefix : std::uint32_t {
 
     /** Credentials signature */
     credential = detail::make_hash_prefix('C', 'R', 'D'),
+
+    /** Batch */
+    batch = detail::make_hash_prefix('B', 'C', 'H'),
 };
 
 template <class Hasher>

include/xrpl/protocol/IOUAmount.h

@@ -98,6 +98,12 @@ public:
 
     static IOUAmount
     minPositiveAmount();
+
+    friend std::ostream&
+    operator<<(std::ostream& os, IOUAmount const& x)
+    {
+        return os << to_string(x);
+    }
 };
 
 inline IOUAmount::IOUAmount(beast::Zero)

include/xrpl/protocol/Indexes.h

@@ -32,6 +32,7 @@
 #include <xrpl/protocol/jss.h>
 
 #include <cstdint>
+#include <set>
 
 namespace ripple {
 

include/xrpl/protocol/Issue.h

@@ -24,9 +24,6 @@
 #include <xrpl/json/json_value.h>
 #include <xrpl/protocol/UintTypes.h>
 
-#include <functional>
-#include <type_traits>
-
 namespace ripple {
 
 /** A currency issued by an account.

include/xrpl/protocol/LedgerFormats.h

@@ -145,13 +145,15 @@ enum LedgerSpecificFlags {
         0x10000000,               // True, reject new paychans
     lsfDisallowIncomingTrustline =
         0x20000000,               // True, reject new trustlines (only if no issued assets)
-    // 0x40000000 is available
+    lsfAllowTrustLineLocking =
+        0x40000000,               // True, enable trustline locking
     lsfAllowTrustLineClawback =
         0x80000000,               // True, enable clawback
 
     // ltOFFER
     lsfPassive = 0x00010000,
     lsfSell = 0x00020000,  // True, offer was placed as a sell.
+    lsfHybrid = 0x00040000,  // True, offer is hybrid.
 
     // ltRIPPLE_STATE
     lsfLowReserve = 0x00010000,  // True, if entry counts toward reserve.

include/xrpl/protocol/MultiApiJson.h

@@ -28,7 +28,6 @@
 #include <concepts>
 #include <cstdlib>
 #include <functional>
-#include <limits>
 #include <type_traits>
 #include <utility>
 

include/xrpl/protocol/NFTSyntheticSerializer.h

@@ -28,6 +28,8 @@
 
 namespace ripple {
 
+namespace RPC {
+
 /**
    Adds common synthetic fields to transaction-related JSON responses
 
@@ -40,6 +42,7 @@ insertNFTSyntheticInJson(
     TxMeta const&);
 /** @} */
 
+}  // namespace RPC
 }  // namespace ripple
 
 #endif

include/xrpl/protocol/Permissions.h

@@ -25,7 +25,6 @@
 #include <optional>
 #include <string>
 #include <unordered_map>
-#include <unordered_set>
 
 namespace ripple {
 /**

include/xrpl/protocol/Protocol.h

@@ -169,6 +169,9 @@ std::size_t constexpr maxTrim = 25;
  */
 std::size_t constexpr permissionMaxSize = 10;
 
+/** The maximum number of transactions that can be in a batch. */
+std::size_t constexpr maxBatchTxCount = 8;
+
 }  // namespace ripple
 
 #endif

include/xrpl/protocol/PublicKey.h

@@ -32,7 +32,6 @@
 #include <cstring>
 #include <optional>
 #include <ostream>
-#include <utility>
 
 namespace ripple {
 

include/xrpl/protocol/Rules.h

@@ -28,6 +28,9 @@
 
 namespace ripple {
 
+bool
+isFeatureEnabled(uint256 const& feature);
+
 class DigestAwareReadView;
 
 /** Rules controlling protocol behavior. */

include/xrpl/protocol/SOTemplate.h

@@ -25,7 +25,6 @@
 
 #include <functional>
 #include <initializer_list>
-#include <memory>
 #include <stdexcept>
 
 namespace ripple {

include/xrpl/protocol/STAmount.h

@@ -703,6 +703,12 @@ isXRP(STAmount const& amount)
     return amount.native();
 }
 
+bool
+canAdd(STAmount const& amt1, STAmount const& amt2);
+
+bool
+canSubtract(STAmount const& amt1, STAmount const& amt2);
+
 // Since `canonicalize` does not have access to a ledger, this is needed to put
 // the low-level routine stAmountCanonicalize on an amendment switch. Only
 // transactions need to use this switchover. Outside of a transaction it's safe

include/xrpl/protocol/STBase.h

@@ -24,7 +24,6 @@
 #include <xrpl/protocol/SField.h>
 #include <xrpl/protocol/Serializer.h>
 
-#include <memory>
 #include <ostream>
 #include <string>
 #include <type_traits>

include/xrpl/protocol/STBlob.h

@@ -27,7 +27,6 @@
 #include <xrpl/protocol/STBase.h>
 
 #include <cstring>
-#include <memory>
 
 namespace ripple {
 

include/xrpl/protocol/STTx.h

@@ -125,10 +125,16 @@ public:
         @return `true` if valid signature. If invalid, the error message string.
     */
     enum class RequireFullyCanonicalSig : bool { no, yes };
+
     Expected<void, std::string>
     checkSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules)
         const;
 
+    Expected<void, std::string>
+    checkBatchSign(
+        RequireFullyCanonicalSig requireCanonicalSig,
+        Rules const& rules) const;
+
     // SQL Functions with metadata.
     static std::string const&
     getMetaSQLInsertReplaceHeader();
@@ -144,6 +150,9 @@ public:
         char status,
         std::string const& escapedMetaData) const;
 
+    std::vector<uint256>
+    getBatchTransactionIDs() const;
+
 private:
     Expected<void, std::string>
     checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const;
@@ -153,12 +162,24 @@ private:
         RequireFullyCanonicalSig requireCanonicalSig,
         Rules const& rules) const;
 
+    Expected<void, std::string>
+    checkBatchSingleSign(
+        STObject const& batchSigner,
+        RequireFullyCanonicalSig requireCanonicalSig) const;
+
+    Expected<void, std::string>
+    checkBatchMultiSign(
+        STObject const& batchSigner,
+        RequireFullyCanonicalSig requireCanonicalSig,
+        Rules const& rules) const;
+
     STBase*
     copy(std::size_t n, void* buf) const override;
     STBase*
     move(std::size_t n, void* buf) override;
 
     friend class detail::STVar;
+    mutable std::vector<uint256> batch_txn_ids_;
 };
 
 bool

include/xrpl/protocol/STValidation.h

@@ -28,8 +28,6 @@
 #include <xrpl/protocol/SecretKey.h>
 
 #include <cstdint>
-#include <functional>
-#include <memory>
 #include <optional>
 #include <sstream>
 

include/xrpl/protocol/Serializer.h

@@ -33,7 +33,6 @@
 
 #include <cstdint>
 #include <cstring>
-#include <iomanip>
 #include <type_traits>
 
 namespace ripple {

include/xrpl/protocol/Sign.h

@@ -25,8 +25,6 @@
 #include <xrpl/protocol/STObject.h>
 #include <xrpl/protocol/SecretKey.h>
 
-#include <utility>
-
 namespace ripple {
 
 /** Sign an STObject

include/xrpl/protocol/TER.h

@@ -139,8 +139,8 @@ enum TEMcodes : TERUnderlyingType {
 
     temARRAY_EMPTY,
     temARRAY_TOO_LARGE,
-
     temBAD_TRANSFER_FEE,
+    temINVALID_INNER_BATCH,
 };
 
 //------------------------------------------------------------------------------
@@ -360,6 +360,8 @@ enum TECcodes : TERUnderlyingType {
     tecWRONG_ASSET = 194,
     tecLIMIT_EXCEEDED = 195,
     tecPSEUDO_ACCOUNT = 196,
+    tecPRECISION_LOSS = 197,
+    tecNO_DELEGATE_PERMISSION = 198,
 };
 
 //------------------------------------------------------------------------------
@@ -645,37 +647,37 @@ using TER = TERSubset<CanCvtToTER>;
 //------------------------------------------------------------------------------
 
 inline bool
-isTelLocal(TER x)
+isTelLocal(TER x) noexcept
 {
-    return ((x) >= telLOCAL_ERROR && (x) < temMALFORMED);
+    return (x >= telLOCAL_ERROR && x < temMALFORMED);
 }
 
 inline bool
-isTemMalformed(TER x)
+isTemMalformed(TER x) noexcept
 {
-    return ((x) >= temMALFORMED && (x) < tefFAILURE);
+    return (x >= temMALFORMED && x < tefFAILURE);
 }
 
 inline bool
-isTefFailure(TER x)
+isTefFailure(TER x) noexcept
 {
-    return ((x) >= tefFAILURE && (x) < terRETRY);
+    return (x >= tefFAILURE && x < terRETRY);
 }
 
 inline bool
-isTerRetry(TER x)
+isTerRetry(TER x) noexcept
 {
-    return ((x) >= terRETRY && (x) < tesSUCCESS);
+    return (x >= terRETRY && x < tesSUCCESS);
 }
 
 inline bool
-isTesSuccess(TER x)
+isTesSuccess(TER x) noexcept
 {
-    return ((x) == tesSUCCESS);
+    return (x == tesSUCCESS);
 }
 
 inline bool
-isTecClaim(TER x)
+isTecClaim(TER x) noexcept
 {
     return ((x) >= tecCLAIM);
 }

include/xrpl/protocol/TxFlags.h

@@ -58,7 +58,8 @@ namespace ripple {
 // clang-format off
 // Universal Transaction flags:
 constexpr std::uint32_t tfFullyCanonicalSig                = 0x80000000;
-constexpr std::uint32_t tfUniversal                        = tfFullyCanonicalSig;
+constexpr std::uint32_t tfInnerBatchTxn                    = 0x40000000;
+constexpr std::uint32_t tfUniversal                        = tfFullyCanonicalSig | tfInnerBatchTxn;
 constexpr std::uint32_t tfUniversalMask                    = ~tfUniversal;
 
 // AccountSet flags:
@@ -91,14 +92,16 @@ constexpr std::uint32_t asfDisallowIncomingCheck           = 13;
 constexpr std::uint32_t asfDisallowIncomingPayChan         = 14;
 constexpr std::uint32_t asfDisallowIncomingTrustline       = 15;
 constexpr std::uint32_t asfAllowTrustLineClawback          = 16;
+constexpr std::uint32_t asfAllowTrustLineLocking           = 17;
 
 // OfferCreate flags:
 constexpr std::uint32_t tfPassive                          = 0x00010000;
 constexpr std::uint32_t tfImmediateOrCancel                = 0x00020000;
 constexpr std::uint32_t tfFillOrKill                       = 0x00040000;
 constexpr std::uint32_t tfSell                             = 0x00080000;
+constexpr std::uint32_t tfHybrid                           = 0x00100000;
 constexpr std::uint32_t tfOfferCreateMask =
-    ~(tfUniversal | tfPassive | tfImmediateOrCancel | tfFillOrKill | tfSell);
+    ~(tfUniversal | tfPassive | tfImmediateOrCancel | tfFillOrKill | tfSell | tfHybrid);
 
 // Payment flags:
 constexpr std::uint32_t tfNoRippleDirect                   = 0x00010000;
@@ -119,13 +122,7 @@ constexpr std::uint32_t tfClearDeepFreeze                  = 0x00800000;
 constexpr std::uint32_t tfTrustSetMask =
     ~(tfUniversal | tfSetfAuth | tfSetNoRipple | tfClearNoRipple | tfSetFreeze |
       tfClearFreeze | tfSetDeepFreeze | tfClearDeepFreeze);
-
-// valid flags for granular permission
-constexpr std::uint32_t tfTrustSetGranularMask = tfSetfAuth | tfSetFreeze | tfClearFreeze;
-
-// bits representing supportedGranularMask are set to 0 and the bits
-// representing other flags are set to 1 in tfPermissionMask.
-constexpr std::uint32_t tfTrustSetPermissionMask = (~tfTrustSetMask) & (~tfTrustSetGranularMask);
+constexpr std::uint32_t tfTrustSetPermissionMask = ~(tfUniversal | tfSetfAuth | tfSetFreeze | tfClearFreeze);
 
 // EnableAmendment flags:
 constexpr std::uint32_t tfGotMajority                      = 0x00010000;
@@ -162,8 +159,7 @@ constexpr std::uint32_t const tfMPTokenAuthorizeMask  = ~(tfUniversal | tfMPTUna
 constexpr std::uint32_t const tfMPTLock                   = 0x00000001;
 constexpr std::uint32_t const tfMPTUnlock                 = 0x00000002;
 constexpr std::uint32_t const tfMPTokenIssuanceSetMask  = ~(tfUniversal | tfMPTLock | tfMPTUnlock);
-constexpr std::uint32_t const tfMPTokenIssuanceSetGranularMask = tfMPTLock | tfMPTUnlock;
-constexpr std::uint32_t const tfMPTokenIssuanceSetPermissionMask = (~tfMPTokenIssuanceSetMask) & (~tfMPTokenIssuanceSetGranularMask);
+constexpr std::uint32_t const tfMPTokenIssuanceSetPermissionMask = ~(tfUniversal | tfMPTLock | tfMPTUnlock);
 
 // MPTokenIssuanceDestroy flags:
 constexpr std::uint32_t const tfMPTokenIssuanceDestroyMask  = ~tfUniversal;
@@ -239,6 +235,20 @@ constexpr std::uint32_t const tfVaultPrivate               = 0x00010000;
 static_assert(tfVaultPrivate == lsfVaultPrivate);
 constexpr std::uint32_t const tfVaultShareNonTransferable  = 0x00020000;
 constexpr std::uint32_t const tfVaultCreateMask = ~(tfUniversal | tfVaultPrivate | tfVaultShareNonTransferable);
+
+// Batch Flags:
+constexpr std::uint32_t tfAllOrNothing                 = 0x00010000;
+constexpr std::uint32_t tfOnlyOne                      = 0x00020000;
+constexpr std::uint32_t tfUntilFailure                 = 0x00040000;
+constexpr std::uint32_t tfIndependent                  = 0x00080000;
+/**
+ * @note If nested Batch transactions are supported in the future, the tfInnerBatchTxn flag
+ *  will need to be removed from this mask to allow Batch transaction to be inside 
+ *  the sfRawTransactions array.
+ */
+constexpr std::uint32_t const tfBatchMask =
+    ~(tfUniversal | tfAllOrNothing | tfOnlyOne | tfUntilFailure | tfIndependent) | tfInnerBatchTxn;
+
 // clang-format on
 
 }  // namespace ripple

include/xrpl/protocol/TxMeta.h

@@ -46,7 +46,10 @@ private:
         CtorHelper);
 
 public:
-    TxMeta(uint256 const& transactionID, std::uint32_t ledger);
+    TxMeta(
+        uint256 const& transactionID,
+        std::uint32_t ledger,
+        std::optional<uint256> parentBatchId = std::nullopt);
     TxMeta(uint256 const& txID, std::uint32_t ledger, Blob const&);
     TxMeta(uint256 const& txID, std::uint32_t ledger, std::string const&);
     TxMeta(uint256 const& txID, std::uint32_t ledger, STObject const&);
@@ -130,6 +133,27 @@ public:
         return static_cast<bool>(mDelivered);
     }
 
+    void
+    setParentBatchId(uint256 const& parentBatchId)
+    {
+        mParentBatchId = parentBatchId;
+    }
+
+    uint256
+    getParentBatchId() const
+    {
+        XRPL_ASSERT(
+            hasParentBatchId(),
+            "ripple::TxMeta::getParentBatchId : non-null batch id");
+        return *mParentBatchId;
+    }
+
+    bool
+    hasParentBatchId() const
+    {
+        return static_cast<bool>(mParentBatchId);
+    }
+
 private:
     uint256 mTransactionID;
     std::uint32_t mLedger;
@@ -137,6 +161,7 @@ private:
     int mResult;
 
     std::optional<STAmount> mDelivered;
+    std::optional<uint256> mParentBatchId;
 
     STArray mNodes;
 };

include/xrpl/protocol/UintTypes.h

@@ -63,6 +63,9 @@ using NodeID = base_uint<160, detail::NodeIDTag>;
  * and a 160-bit account */
 using MPTID = base_uint<192>;
 
+/** Domain is a 256-bit hash representing a specific domain. */
+using Domain = base_uint<256>;
+
 /** XRP currency. */
 Currency const&
 xrpCurrency();
@@ -119,25 +122,25 @@ namespace std {
 template <>
 struct hash<ripple::Currency> : ripple::Currency::hasher
 {
-    explicit hash() = default;
+    hash() = default;
 };
 
 template <>
 struct hash<ripple::NodeID> : ripple::NodeID::hasher
 {
-    explicit hash() = default;
+    hash() = default;
 };
 
 template <>
 struct hash<ripple::Directory> : ripple::Directory::hasher
 {
-    explicit hash() = default;
+    hash() = default;
 };
 
 template <>
 struct hash<ripple::uint256> : ripple::uint256::hasher
 {
-    explicit hash() = default;
+    hash() = default;
 };
 
 }  // namespace std

include/xrpl/protocol/XChainAttestations.h

@@ -35,8 +35,6 @@
 #include <boost/container/vector.hpp>
 
 #include <cstddef>
-#include <type_traits>
-#include <unordered_map>
 #include <vector>
 
 namespace ripple {

include/xrpl/protocol/detail/b58_utils.h

@@ -27,7 +27,6 @@
 #include <boost/outcome.hpp>
 #include <boost/outcome/result.hpp>
 
-#include <cinttypes>
 #include <span>
 #include <system_error>
 #include <tuple>

include/xrpl/protocol/detail/features.macro

@@ -26,12 +26,21 @@
 #if !defined(XRPL_RETIRE)
 #error "undefined macro: XRPL_RETIRE"
 #endif
+#if !defined(XRPL_ABANDON)
+#error "undefined macro: XRPL_ABANDON"
+#endif
 
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.
 // If you add an amendment here, then do not forget to increment `numFeatures`
 // in include/xrpl/protocol/Feature.h.
 
+XRPL_FIX    (AMMClawbackRounding,        Supported::no,  VoteBehavior::DefaultNo)
+XRPL_FEATURE(TokenEscrow,                Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FIX    (EnforceNFTokenTrustlineV2,  Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FIX    (AMMv1_3,                    Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FEATURE(PermissionedDEX,            Supported::yes, VoteBehavior::DefaultNo)
+XRPL_FEATURE(Batch,                      Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(SingleAssetVault,           Supported::no, VoteBehavior::DefaultNo)
 XRPL_FEATURE(PermissionDelegation,       Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (PayChanCancelAfter,         Supported::yes, VoteBehavior::DefaultNo)
@@ -109,7 +118,6 @@ XRPL_FEATURE(DepositAuth,                Supported::yes, VoteBehavior::DefaultYe
 XRPL_FIX    (1513,                       Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(FlowCross,                  Supported::yes, VoteBehavior::DefaultYes)
 XRPL_FEATURE(Flow,                       Supported::yes, VoteBehavior::DefaultYes)
-XRPL_FEATURE(OwnerPaysFee,               Supported::no,  VoteBehavior::DefaultNo)
 
 // The following amendments are obsolete, but must remain supported
 // because they could potentially get enabled.
@@ -127,6 +135,11 @@ XRPL_FIX    (NFTokenDirV1,          Supported::yes, VoteBehavior::Obsolete)
 XRPL_FEATURE(NonFungibleTokensV1,   Supported::yes, VoteBehavior::Obsolete)
 XRPL_FEATURE(CryptoConditionsSuite, Supported::yes, VoteBehavior::Obsolete)
 
+// The following amendments were never supported, never enabled, and 
+// we've abanded them. These features should never be in the ledger,
+// and we've removed all the related code.
+XRPL_ABANDON(OwnerPaysFee)
+
 // The following amendments have been active for at least two years. Their
 // pre-amendment code has been removed and the identifiers are deprecated.
 // All known amendments and amendments that may appear in a validated

include/xrpl/protocol/detail/ledger_entries.macro

@@ -188,6 +188,7 @@ LEDGER_ENTRY(ltDIR_NODE, 0x0064, DirectoryNode, directory, ({
     {sfNFTokenID,            soeOPTIONAL},
     {sfPreviousTxnID,        soeOPTIONAL},
     {sfPreviousTxnLgrSeq,    soeOPTIONAL},
+    {sfDomainID,             soeOPTIONAL}
 }))
 
 /** The ledger object which lists details about amendments on the network.
@@ -249,6 +250,8 @@ LEDGER_ENTRY(ltOFFER, 0x006f, Offer, offer, ({
     {sfPreviousTxnID,        soeREQUIRED},
     {sfPreviousTxnLgrSeq,    soeREQUIRED},
     {sfExpiration,           soeOPTIONAL},
+    {sfDomainID,             soeOPTIONAL},
+    {sfAdditionalBooks,      soeOPTIONAL},
 }))
 
 /** A ledger object which describes a deposit preauthorization.
@@ -351,6 +354,8 @@ LEDGER_ENTRY(ltESCROW, 0x0075, Escrow, escrow, ({
     {sfPreviousTxnID,        soeREQUIRED},
     {sfPreviousTxnLgrSeq,    soeREQUIRED},
     {sfDestinationNode,      soeOPTIONAL},
+    {sfTransferRate,         soeOPTIONAL},
+    {sfIssuerNode,           soeOPTIONAL},
 }))
 
 /** A ledger object describing a single unidirectional XRP payment channel.
@@ -402,6 +407,7 @@ LEDGER_ENTRY(ltMPTOKEN_ISSUANCE, 0x007e, MPTokenIssuance, mpt_issuance, ({
     {sfAssetScale,               soeDEFAULT},
     {sfMaximumAmount,            soeOPTIONAL},
     {sfOutstandingAmount,        soeREQUIRED},
+    {sfLockedAmount,             soeOPTIONAL},
     {sfMPTokenMetadata,          soeOPTIONAL},
     {sfPreviousTxnID,            soeREQUIRED},
     {sfPreviousTxnLgrSeq,        soeREQUIRED},
@@ -415,6 +421,7 @@ LEDGER_ENTRY(ltMPTOKEN, 0x007f, MPToken, mptoken, ({
     {sfAccount,                  soeREQUIRED},
     {sfMPTokenIssuanceID,        soeREQUIRED},
     {sfMPTAmount,                soeDEFAULT},
+    {sfLockedAmount,             soeOPTIONAL},
     {sfOwnerNode,                soeREQUIRED},
     {sfPreviousTxnID,            soeREQUIRED},
     {sfPreviousTxnLgrSeq,        soeREQUIRED},

include/xrpl/protocol/detail/sfields.macro

@@ -144,6 +144,7 @@ TYPED_SFIELD(sfOutstandingAmount,        UINT64,    25, SField::sMD_BaseTen|SFie
 TYPED_SFIELD(sfMPTAmount,                UINT64,    26, SField::sMD_BaseTen|SField::sMD_Default)
 TYPED_SFIELD(sfIssuerNode,               UINT64,    27)
 TYPED_SFIELD(sfSubjectNode,              UINT64,    28)
+TYPED_SFIELD(sfLockedAmount,             UINT64,    29, SField::sMD_BaseTen|SField::sMD_Default)
 
 // 128-bit
 TYPED_SFIELD(sfEmailHash,                UINT128,    1)
@@ -195,6 +196,7 @@ TYPED_SFIELD(sfHookNamespace,            UINT256,   32)
 TYPED_SFIELD(sfHookSetTxnID,             UINT256,   33)
 TYPED_SFIELD(sfDomainID,                 UINT256,   34)
 TYPED_SFIELD(sfVaultID,                  UINT256,   35)
+TYPED_SFIELD(sfParentBatchID,            UINT256,   36)
 
 // number (common)
 TYPED_SFIELD(sfNumber,                   NUMBER,     1)
@@ -357,6 +359,9 @@ UNTYPED_SFIELD(sfXChainClaimAttestationCollectionElement, OBJECT, 30)
 UNTYPED_SFIELD(sfXChainCreateAccountAttestationCollectionElement, OBJECT, 31)
 UNTYPED_SFIELD(sfPriceData,              OBJECT,    32)
 UNTYPED_SFIELD(sfCredential,             OBJECT,    33)
+UNTYPED_SFIELD(sfRawTransaction,         OBJECT,    34)
+UNTYPED_SFIELD(sfBatchSigner,            OBJECT,    35)
+UNTYPED_SFIELD(sfBook,                   OBJECT,    36)
 
 // array of objects (common)
 // ARRAY/1 is reserved for end of array
@@ -372,6 +377,7 @@ UNTYPED_SFIELD(sfMemos,                  ARRAY,      9)
 UNTYPED_SFIELD(sfNFTokens,               ARRAY,     10)
 UNTYPED_SFIELD(sfHooks,                  ARRAY,     11)
 UNTYPED_SFIELD(sfVoteSlots,              ARRAY,     12)
+UNTYPED_SFIELD(sfAdditionalBooks,        ARRAY,     13)
 
 // array of objects (uncommon)
 UNTYPED_SFIELD(sfMajorities,             ARRAY,     16)
@@ -388,3 +394,5 @@ UNTYPED_SFIELD(sfAuthorizeCredentials,   ARRAY,     26)
 UNTYPED_SFIELD(sfUnauthorizeCredentials, ARRAY,     27)
 UNTYPED_SFIELD(sfAcceptedCredentials,    ARRAY,     28)
 UNTYPED_SFIELD(sfPermissions,            ARRAY,     29)
+UNTYPED_SFIELD(sfRawTransactions,        ARRAY,     30)
+UNTYPED_SFIELD(sfBatchSigners,           ARRAY,     31, SField::sMD_Default, SField::notSigning)

include/xrpl/protocol/detail/transactions.macro

@@ -38,12 +38,13 @@ TRANSACTION(ttPAYMENT, 0, Payment, Delegation::delegatable, ({
     {sfDestinationTag, soeOPTIONAL},
     {sfDeliverMin, soeOPTIONAL, soeMPTSupported},
     {sfCredentialIDs, soeOPTIONAL},
+    {sfDomainID, soeOPTIONAL},
 }))
 
 /** This transaction type creates an escrow object. */
 TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate, Delegation::delegatable, ({
     {sfDestination, soeREQUIRED},
-    {sfAmount, soeREQUIRED},
+    {sfAmount, soeREQUIRED, soeMPTSupported},
     {sfCondition, soeOPTIONAL},
     {sfCancelAfter, soeOPTIONAL},
     {sfFinishAfter, soeOPTIONAL},
@@ -93,6 +94,7 @@ TRANSACTION(ttOFFER_CREATE, 7, OfferCreate, Delegation::delegatable, ({
     {sfTakerGets, soeREQUIRED},
     {sfExpiration, soeOPTIONAL},
     {sfOfferSequence, soeOPTIONAL},
+    {sfDomainID, soeOPTIONAL},
 }))
 
 /** This transaction type cancels existing offers to trade one asset for another. */
@@ -514,6 +516,12 @@ TRANSACTION(ttVAULT_CLAWBACK, 70, VaultClawback, Delegation::delegatable, ({
     {sfAmount, soeOPTIONAL, soeMPTSupported},
 }))
 
+/** This transaction type batches together transactions. */
+TRANSACTION(ttBATCH, 71, Batch, Delegation::notDelegatable, ({
+    {sfRawTransactions, soeREQUIRED},
+    {sfBatchSigners, soeOPTIONAL},
+}))
+
 /** This system-generated transaction type is used to update the status of the various amendments.
 
     For details, see: https://xrpl.org/amendments.html
@@ -548,4 +556,3 @@ TRANSACTION(ttUNL_MODIFY, 102, UNLModify, Delegation::notDelegatable, ({
     {sfLedgerSequence, soeREQUIRED},
     {sfUNLModifyValidator, soeREQUIRED},
 }))
-

include/xrpl/protocol/digest.h

@@ -25,7 +25,6 @@
 
 #include <boost/endian/conversion.hpp>
 
-#include <algorithm>
 #include <array>
 
 namespace ripple {

include/xrpl/protocol/json_get_or_throw.h

@@ -10,7 +10,6 @@
 #include <charconv>
 #include <exception>
 #include <optional>
-#include <string>
 
 namespace Json {
 struct JsonMissingKeyError : std::exception

include/xrpl/protocol/jss.h

@@ -83,6 +83,8 @@ JSS(PriceDataSeries);                    // field.
 JSS(PriceData);                          // field.
 JSS(Provider);                           // field.
 JSS(QuoteAsset);                         // in: Oracle.
+JSS(RawTransaction);                     // in: Batch
+JSS(RawTransactions);                    // in: Batch
 JSS(SLE_hit_rate);                       // out: GetCounts.
 JSS(Scale);                              // field.
 JSS(SettleDelay);                        // in: TransactionSign
@@ -389,6 +391,7 @@ JSS(load_fee);                // out: LoadFeeTrackImp, NetworkOPs
 JSS(local);                   // out: resource/Logic.h
 JSS(local_txs);               // out: GetCounts
 JSS(local_static_keys);       // out: ValidatorList
+JSS(locked);                  // out: GatewayBalances
 JSS(low);                     // out: BookChanges
 JSS(lowest_sequence);         // out: AccountInfo
 JSS(lowest_ticket);           // out: AccountInfo

include/xrpl/resource/Charge.h

@@ -20,7 +20,6 @@
 #ifndef RIPPLE_RESOURCE_CHARGE_H_INCLUDED
 #define RIPPLE_RESOURCE_CHARGE_H_INCLUDED
 
-#include <ios>
 #include <string>
 
 namespace ripple {

include/xrpl/resource/Gossip.h

@@ -22,6 +22,8 @@
 
 #include <xrpl/beast/net/IPEndpoint.h>
 
+#include <vector>
+
 namespace ripple {
 namespace Resource {
 

include/xrpl/resource/detail/Key.h

@@ -53,7 +53,7 @@ struct Key
 
     struct key_equal
     {
-        explicit key_equal() = default;
+        key_equal() = default;
 
         bool
         operator()(Key const& lhs, Key const& rhs) const

include/xrpl/server/detail/BaseHTTPPeer.h

@@ -41,7 +41,6 @@
 #include <functional>
 #include <memory>
 #include <mutex>
-#include <type_traits>
 #include <vector>
 
 namespace ripple {

include/xrpl/server/detail/Door.h

@@ -37,10 +37,8 @@
 #include <boost/container/flat_map.hpp>
 
 #include <chrono>
-#include <condition_variable>
 #include <functional>
 #include <memory>
-#include <mutex>
 
 namespace ripple {
 

include/xrpl/server/detail/io_list.h

@@ -26,7 +26,6 @@
 #include <functional>
 #include <memory>
 #include <mutex>
-#include <stdexcept>
 #include <type_traits>
 #include <utility>
 

src/libxrpl/protocol/Book.cpp

@@ -48,7 +48,7 @@ operator<<(std::ostream& os, Book const& x)
 Book
 reversed(Book const& book)
 {
-    return Book(book.out, book.in);
+    return Book(book.out, book.in, book.domain);
 }
 
 }  // namespace ripple

src/libxrpl/protocol/BuildInfo.cpp

@@ -36,7 +36,7 @@ namespace BuildInfo {
 //  and follow the format described at http://semver.org/
 //------------------------------------------------------------------------------
 // clang-format off
-char const* const versionString = "2.5.0-b1"
+char const* const versionString = "2.5.0"
 // clang-format on
 
 #if defined(DEBUG) || defined(SANITIZER)

src/libxrpl/protocol/ErrorCodes.cpp

@@ -116,7 +116,8 @@ constexpr static ErrorInfo unorderedErrorInfos[]{
     {rpcUNKNOWN_COMMAND,        "unknownCmd",           "Unknown method.", 405},
     {rpcORACLE_MALFORMED,       "oracleMalformed",      "Oracle request is malformed.", 400},
     {rpcBAD_CREDENTIALS,        "badCredentials",       "Credentials do not exist, are not accepted, or have expired.", 400},
-    {rpcTX_SIGNED,              "transactionSigned",    "Transaction should not be signed.", 400}};
+    {rpcTX_SIGNED,              "transactionSigned",    "Transaction should not be signed.", 400},
+    {rpcDOMAIN_MALFORMED,       "domainMalformed",      "Domain is malformed.", 400}};
 // clang-format on
 
 // Sort and validate unorderedErrorInfos at compile time.  Should be

src/libxrpl/protocol/Feature.cpp

@@ -254,7 +254,7 @@ FeatureCollections::registerFeature(
 {
     check(!readOnly, "Attempting to register a feature after startup.");
     check(
-        support == Supported::yes || vote == VoteBehavior::DefaultNo,
+        support == Supported::yes || vote != VoteBehavior::DefaultYes,
         "Invalid feature parameters. Must be supported to be up-voted.");
     Feature const* i = getByName(name);
     if (!i)
@@ -268,7 +268,7 @@ FeatureCollections::registerFeature(
         features.emplace_back(name, f);
 
         auto const getAmendmentSupport = [=]() {
-            if (vote == VoteBehavior::Obsolete)
+            if (vote == VoteBehavior::Obsolete && support == Supported::yes)
                 return AmendmentSupport::Retired;
             return support == Supported::yes ? AmendmentSupport::Supported
                                              : AmendmentSupport::Unsupported;
@@ -398,6 +398,14 @@ retireFeature(std::string const& name)
     return registerFeature(name, Supported::yes, VoteBehavior::Obsolete);
 }
 
+// Abandoned features are not in the ledger and have no code controlled by the
+// feature. They were never supported, and cannot be voted on.
+uint256
+abandonFeature(std::string const& name)
+{
+    return registerFeature(name, Supported::no, VoteBehavior::Obsolete);
+}
+
 /** Tell FeatureCollections when registration is complete. */
 bool
 registrationIsDone()
@@ -432,6 +440,8 @@ featureToName(uint256 const& f)
 #undef XRPL_FIX
 #pragma push_macro("XRPL_RETIRE")
 #undef XRPL_RETIRE
+#pragma push_macro("XRPL_ABANDON")
+#undef XRPL_ABANDON
 
 #define XRPL_FEATURE(name, supported, vote) \
     uint256 const feature##name = registerFeature(#name, supported, vote);
@@ -443,6 +453,11 @@ featureToName(uint256 const& f)
     [[deprecated("The referenced amendment has been retired")]] \
     [[maybe_unused]]                                            \
     uint256 const retired##name = retireFeature(#name);
+
+#define XRPL_ABANDON(name)                                        \
+    [[deprecated("The referenced amendment has been abandoned")]] \
+    [[maybe_unused]]                                              \
+    uint256 const abandoned##name = abandonFeature(#name);
 // clang-format on
 
 #include <xrpl/protocol/detail/features.macro>
@@ -453,6 +468,8 @@ featureToName(uint256 const& f)
 #pragma pop_macro("XRPL_FIX")
 #undef XRPL_FEATURE
 #pragma pop_macro("XRPL_FEATURE")
+#undef XRPL_ABANDON
+#pragma pop_macro("XRPL_ABANDON")
 
 // All of the features should now be registered, since variables in a cpp file
 // are initialized from top to bottom.

src/libxrpl/protocol/Indexes.cpp

@@ -117,12 +117,19 @@ getBookBase(Book const& book)
     XRPL_ASSERT(
         isConsistent(book), "ripple::getBookBase : input is consistent");
 
-    auto const index = indexHash(
-        LedgerNameSpace::BOOK_DIR,
-        book.in.currency,
-        book.out.currency,
-        book.in.account,
-        book.out.account);
+    auto const index = book.domain ? indexHash(
+                                         LedgerNameSpace::BOOK_DIR,
+                                         book.in.currency,
+                                         book.out.currency,
+                                         book.in.account,
+                                         book.out.account,
+                                         *(book.domain))
+                                   : indexHash(
+                                         LedgerNameSpace::BOOK_DIR,
+                                         book.in.currency,
+                                         book.out.currency,
+                                         book.in.account,
+                                         book.out.account);
 
     // Return with quality 0.
     auto k = keylet::quality({ltDIR_NODE, index}, 0);

src/libxrpl/protocol/InnerObjectFormats.cpp

@@ -158,6 +158,20 @@ InnerObjectFormats::InnerObjectFormats()
     add(sfPermission.jsonName.c_str(),
         sfPermission.getCode(),
         {{sfPermissionValue, soeREQUIRED}});
+
+    add(sfBatchSigner.jsonName.c_str(),
+        sfBatchSigner.getCode(),
+        {{sfAccount, soeREQUIRED},
+         {sfSigningPubKey, soeOPTIONAL},
+         {sfTxnSignature, soeOPTIONAL},
+         {sfSigners, soeOPTIONAL}});
+
+    add(sfBook.jsonName,
+        sfBook.getCode(),
+        {
+            {sfBookDirectory, soeREQUIRED},
+            {sfBookNode, soeREQUIRED},
+        });
 }
 
 InnerObjectFormats const&

src/libxrpl/protocol/NFTSyntheticSerializer.cpp

@@ -28,6 +28,7 @@
 #include <memory>
 
 namespace ripple {
+namespace RPC {
 
 void
 insertNFTSyntheticInJson(
@@ -39,4 +40,5 @@ insertNFTSyntheticInJson(
     insertNFTokenOfferID(response[jss::meta], transaction, transactionMeta);
 }
 
+}  // namespace RPC
 }  // namespace ripple

src/libxrpl/protocol/Rules.cpp

@@ -161,4 +161,12 @@ Rules::operator!=(Rules const& other) const
 {
     return !(*this == other);
 }
+
+bool
+isFeatureEnabled(uint256 const& feature)
+{
+    auto const& rules = getCurrentTransactionRules();
+    return rules && rules->enabled(feature);
+}
+
 }  // namespace ripple

src/libxrpl/protocol/STAmount.cpp

@@ -506,6 +506,162 @@ getRate(STAmount const& offerOut, STAmount const& offerIn)
     return 0;
 }
 
+/**
+ * @brief Safely checks if two STAmount values can be added without overflow,
+ * underflow, or precision loss.
+ *
+ * This function determines whether the addition of two STAmount objects is
+ * safe, depending on their type:
+ * - For XRP amounts, it checks for integer overflow and underflow.
+ * - For IOU amounts, it checks for acceptable precision loss.
+ * - For MPT amounts, it checks for overflow and underflow within 63-bit signed
+ * integer limits.
+ * - If either amount is zero, addition is always considered safe.
+ * - If the amounts are of different currencies or types, addition is not
+ * allowed.
+ *
+ * @param a The first STAmount to add.
+ * @param b The second STAmount to add.
+ * @return true if the addition is safe; false otherwise.
+ */
+bool
+canAdd(STAmount const& a, STAmount const& b)
+{
+    // cannot add different currencies
+    if (!areComparable(a, b))
+        return false;
+
+    // special case: adding anything to zero is always fine
+    if (a == beast::zero || b == beast::zero)
+        return true;
+
+    // XRP case (overflow & underflow check)
+    if (isXRP(a) && isXRP(b))
+    {
+        XRPAmount A = a.xrp();
+        XRPAmount B = b.xrp();
+
+        if ((B > XRPAmount{0} &&
+             A > XRPAmount{std::numeric_limits<XRPAmount::value_type>::max()} -
+                     B) ||
+            (B < XRPAmount{0} &&
+             A < XRPAmount{std::numeric_limits<XRPAmount::value_type>::min()} -
+                     B))
+        {
+            return false;
+        }
+        return true;
+    }
+
+    // IOU case (precision check)
+    if (a.holds<Issue>() && b.holds<Issue>())
+    {
+        static STAmount const one{IOUAmount{1, 0}, noIssue()};
+        static STAmount const maxLoss{IOUAmount{1, -4}, noIssue()};
+        STAmount lhs = divide((a - b) + b, a, noIssue()) - one;
+        STAmount rhs = divide((b - a) + a, b, noIssue()) - one;
+        return ((rhs.negative() ? -rhs : rhs) +
+                (lhs.negative() ? -lhs : lhs)) <= maxLoss;
+    }
+
+    // MPT (overflow & underflow check)
+    if (a.holds<MPTIssue>() && b.holds<MPTIssue>())
+    {
+        MPTAmount A = a.mpt();
+        MPTAmount B = b.mpt();
+        if ((B > MPTAmount{0} &&
+             A > MPTAmount{std::numeric_limits<MPTAmount::value_type>::max()} -
+                     B) ||
+            (B < MPTAmount{0} &&
+             A < MPTAmount{std::numeric_limits<MPTAmount::value_type>::min()} -
+                     B))
+        {
+            return false;
+        }
+
+        return true;
+    }
+    // LCOV_EXCL_START
+    UNREACHABLE("STAmount::canAdd : unexpected STAmount type");
+    return false;
+    // LCOV_EXCL_STOP
+}
+
+/**
+ * @brief Determines if it is safe to subtract one STAmount from another.
+ *
+ * This function checks whether subtracting amount `b` from amount `a` is valid,
+ * considering currency compatibility and underflow conditions for specific
+ * types.
+ *
+ * - Subtracting zero is always allowed.
+ * - Subtraction is only allowed between comparable currencies.
+ * - For XRP amounts, ensures no underflow or overflow occurs.
+ * - For IOU amounts, subtraction is always allowed (no underflow).
+ * - For MPT amounts, ensures no underflow or overflow occurs.
+ *
+ * @param a The minuend (amount to subtract from).
+ * @param b The subtrahend (amount to subtract).
+ * @return true if subtraction is allowed, false otherwise.
+ */
+bool
+canSubtract(STAmount const& a, STAmount const& b)
+{
+    // Cannot subtract different currencies
+    if (!areComparable(a, b))
+        return false;
+
+    // Special case: subtracting zero is always fine
+    if (b == beast::zero)
+        return true;
+
+    // XRP case (underflow & overflow check)
+    if (isXRP(a) && isXRP(b))
+    {
+        XRPAmount A = a.xrp();
+        XRPAmount B = b.xrp();
+        // Check for underflow
+        if (B > XRPAmount{0} && A < B)
+            return false;
+
+        // Check for overflow
+        if (B < XRPAmount{0} &&
+            A > XRPAmount{std::numeric_limits<XRPAmount::value_type>::max()} +
+                    B)
+            return false;
+
+        return true;
+    }
+
+    // IOU case (no underflow)
+    if (a.holds<Issue>() && b.holds<Issue>())
+    {
+        return true;
+    }
+
+    // MPT case (underflow & overflow check)
+    if (a.holds<MPTIssue>() && b.holds<MPTIssue>())
+    {
+        MPTAmount A = a.mpt();
+        MPTAmount B = b.mpt();
+
+        // Underflow check
+        if (B > MPTAmount{0} && A < B)
+            return false;
+
+        // Overflow check
+        if (B < MPTAmount{0} &&
+            A > MPTAmount{std::numeric_limits<MPTAmount::value_type>::max()} +
+                    B)
+            return false;
+        return true;
+    }
+    // LCOV_EXCL_START
+    UNREACHABLE("STAmount::canSubtract : unexpected STAmount type");
+    return false;
+    // LCOV_EXCL_STOP
+}
+
 void
 STAmount::setJson(Json::Value& elem) const
 {

src/libxrpl/protocol/STTx.cpp

@@ -19,6 +19,7 @@
 
 #include <xrpl/basics/Blob.h>
 #include <xrpl/basics/Expected.h>
+#include <xrpl/basics/Log.h>
 #include <xrpl/basics/Slice.h>
 #include <xrpl/basics/StringUtilities.h>
 #include <xrpl/basics/base_uint.h>
@@ -29,6 +30,7 @@
 #include <xrpl/beast/utility/instrumentation.h>
 #include <xrpl/json/json_value.h>
 #include <xrpl/protocol/AccountID.h>
+#include <xrpl/protocol/Batch.h>
 #include <xrpl/protocol/HashPrefix.h>
 #include <xrpl/protocol/MPTIssue.h>
 #include <xrpl/protocol/Protocol.h>
@@ -42,6 +44,7 @@
 #include <xrpl/protocol/STBase.h>
 #include <xrpl/protocol/STObject.h>
 #include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/STVector256.h>
 #include <xrpl/protocol/SecretKey.h>
 #include <xrpl/protocol/SeqProxy.h>
 #include <xrpl/protocol/Serializer.h>
@@ -262,6 +265,42 @@ STTx::checkSign(
     return Unexpected("Internal signature check failure.");
 }
 
+Expected<void, std::string>
+STTx::checkBatchSign(
+    RequireFullyCanonicalSig requireCanonicalSig,
+    Rules const& rules) const
+{
+    try
+    {
+        XRPL_ASSERT(
+            getTxnType() == ttBATCH,
+            "STTx::checkBatchSign : not a batch transaction");
+        if (getTxnType() != ttBATCH)
+        {
+            JLOG(debugLog().fatal()) << "not a batch transaction";
+            return Unexpected("Not a batch transaction.");
+        }
+        STArray const& signers{getFieldArray(sfBatchSigners)};
+        for (auto const& signer : signers)
+        {
+            Blob const& signingPubKey = signer.getFieldVL(sfSigningPubKey);
+            auto const result = signingPubKey.empty()
+                ? checkBatchMultiSign(signer, requireCanonicalSig, rules)
+                : checkBatchSingleSign(signer, requireCanonicalSig);
+
+            if (!result)
+                return result;
+        }
+        return {};
+    }
+    catch (std::exception const& e)
+    {
+        JLOG(debugLog().error())
+            << "Batch signature check failed: " << e.what();
+    }
+    return Unexpected("Internal batch signature check failure.");
+}
+
 Json::Value
 STTx::getJson(JsonOptions options) const
 {
@@ -341,79 +380,90 @@ STTx::getMetaSQL(
         getFieldU32(sfSequence) % inLedger % status % rTxn % escapedMetaData);
 }
 
-Expected<void, std::string>
-STTx::checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const
+static Expected<void, std::string>
+singleSignHelper(
+    STObject const& signer,
+    Slice const& data,
+    bool const fullyCanonical)
 {
     // We don't allow both a non-empty sfSigningPubKey and an sfSigners.
     // That would allow the transaction to be signed two ways.  So if both
     // fields are present the signature is invalid.
-    if (isFieldPresent(sfSigners))
+    if (signer.isFieldPresent(sfSigners))
         return Unexpected("Cannot both single- and multi-sign.");
 
     bool validSig = false;
     try
     {
-        bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
-            (requireCanonicalSig == RequireFullyCanonicalSig::yes);
-
-        auto const spk = getFieldVL(sfSigningPubKey);
-
+        auto const spk = signer.getFieldVL(sfSigningPubKey);
         if (publicKeyType(makeSlice(spk)))
         {
-            Blob const signature = getFieldVL(sfTxnSignature);
-            Blob const data = getSigningData(*this);
-
+            Blob const signature = signer.getFieldVL(sfTxnSignature);
             validSig = verify(
                 PublicKey(makeSlice(spk)),
-                makeSlice(data),
+                data,
                 makeSlice(signature),
                 fullyCanonical);
         }
     }
     catch (std::exception const&)
     {
-        // Assume it was a signature failure.
         validSig = false;
     }
-    if (validSig == false)
+
+    if (!validSig)
         return Unexpected("Invalid signature.");
-    // Signature was verified.
+
     return {};
 }
 
 Expected<void, std::string>
-STTx::checkMultiSign(
-    RequireFullyCanonicalSig requireCanonicalSig,
-    Rules const& rules) const
+STTx::checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const
+{
+    auto const data = getSigningData(*this);
+    bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
+        (requireCanonicalSig == STTx::RequireFullyCanonicalSig::yes);
+    return singleSignHelper(*this, makeSlice(data), fullyCanonical);
+}
+
+Expected<void, std::string>
+STTx::checkBatchSingleSign(
+    STObject const& batchSigner,
+    RequireFullyCanonicalSig requireCanonicalSig) const
+{
+    Serializer msg;
+    serializeBatch(msg, getFlags(), getBatchTransactionIDs());
+    bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
+        (requireCanonicalSig == STTx::RequireFullyCanonicalSig::yes);
+    return singleSignHelper(batchSigner, msg.slice(), fullyCanonical);
+}
+
+Expected<void, std::string>
+multiSignHelper(
+    STObject const& signerObj,
+    bool const fullyCanonical,
+    std::function<Serializer(AccountID const&)> makeMsg,
+    Rules const& rules)
 {
     // Make sure the MultiSigners are present.  Otherwise they are not
     // attempting multi-signing and we just have a bad SigningPubKey.
-    if (!isFieldPresent(sfSigners))
+    if (!signerObj.isFieldPresent(sfSigners))
         return Unexpected("Empty SigningPubKey.");
 
     // We don't allow both an sfSigners and an sfTxnSignature.  Both fields
     // being present would indicate that the transaction is signed both ways.
-    if (isFieldPresent(sfTxnSignature))
+    if (signerObj.isFieldPresent(sfTxnSignature))
         return Unexpected("Cannot both single- and multi-sign.");
 
-    STArray const& signers{getFieldArray(sfSigners)};
+    STArray const& signers{signerObj.getFieldArray(sfSigners)};
 
     // There are well known bounds that the number of signers must be within.
-    if (signers.size() < minMultiSigners ||
-        signers.size() > maxMultiSigners(&rules))
+    if (signers.size() < STTx::minMultiSigners ||
+        signers.size() > STTx::maxMultiSigners(&rules))
         return Unexpected("Invalid Signers array size.");
 
-    // We can ease the computational load inside the loop a bit by
-    // pre-constructing part of the data that we hash.  Fill a Serializer
-    // with the stuff that stays constant from signature to signature.
-    Serializer const dataStart{startMultiSigningData(*this)};
-
     // We also use the sfAccount field inside the loop.  Get it once.
-    auto const txnAccountID = getAccountID(sfAccount);
-
-    // Determine whether signatures must be full canonical.
-    bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
-        (requireCanonicalSig == RequireFullyCanonicalSig::yes);
+    auto const txnAccountID = signerObj.getAccountID(sfAccount);
 
     // Signers must be in sorted order by AccountID.
     AccountID lastAccountID(beast::zero);
@@ -441,18 +491,13 @@ STTx::checkMultiSign(
         bool validSig = false;
         try
         {
-            Serializer s = dataStart;
-            finishMultiSigningData(accountID, s);
-
             auto spk = signer.getFieldVL(sfSigningPubKey);
-
             if (publicKeyType(makeSlice(spk)))
             {
                 Blob const signature = signer.getFieldVL(sfTxnSignature);
-
                 validSig = verify(
                     PublicKey(makeSlice(spk)),
-                    s.slice(),
+                    makeMsg(accountID).slice(),
                     makeSlice(signature),
                     fullyCanonical);
             }
@@ -471,6 +516,90 @@ STTx::checkMultiSign(
     return {};
 }
 
+Expected<void, std::string>
+STTx::checkBatchMultiSign(
+    STObject const& batchSigner,
+    RequireFullyCanonicalSig requireCanonicalSig,
+    Rules const& rules) const
+{
+    bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
+        (requireCanonicalSig == RequireFullyCanonicalSig::yes);
+
+    // We can ease the computational load inside the loop a bit by
+    // pre-constructing part of the data that we hash.  Fill a Serializer
+    // with the stuff that stays constant from signature to signature.
+    Serializer dataStart;
+    serializeBatch(dataStart, getFlags(), getBatchTransactionIDs());
+    return multiSignHelper(
+        batchSigner,
+        fullyCanonical,
+        [&dataStart](AccountID const& accountID) mutable -> Serializer {
+            Serializer s = dataStart;
+            finishMultiSigningData(accountID, s);
+            return s;
+        },
+        rules);
+}
+
+Expected<void, std::string>
+STTx::checkMultiSign(
+    RequireFullyCanonicalSig requireCanonicalSig,
+    Rules const& rules) const
+{
+    bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig) ||
+        (requireCanonicalSig == RequireFullyCanonicalSig::yes);
+
+    // We can ease the computational load inside the loop a bit by
+    // pre-constructing part of the data that we hash.  Fill a Serializer
+    // with the stuff that stays constant from signature to signature.
+    Serializer dataStart = startMultiSigningData(*this);
+    return multiSignHelper(
+        *this,
+        fullyCanonical,
+        [&dataStart](AccountID const& accountID) mutable -> Serializer {
+            Serializer s = dataStart;
+            finishMultiSigningData(accountID, s);
+            return s;
+        },
+        rules);
+}
+
+/**
+ * @brief Retrieves a batch of transaction IDs from the STTx.
+ *
+ * This function returns a vector of transaction IDs by extracting them from
+ * the field array `sfRawTransactions` within the STTx. If the batch
+ * transaction IDs have already been computed and cached in `batch_txn_ids_`,
+ * it returns the cached vector. Otherwise, it computes the transaction IDs,
+ * caches them, and then returns the vector.
+ *
+ * @return A vector of `uint256` containing the batch transaction IDs.
+ *
+ * @note The function asserts that the `sfRawTransactions` field array is not
+ * empty and that the size of the computed batch transaction IDs matches the
+ * size of the `sfRawTransactions` field array.
+ */
+std::vector<uint256>
+STTx::getBatchTransactionIDs() const
+{
+    XRPL_ASSERT(
+        getTxnType() == ttBATCH,
+        "STTx::getBatchTransactionIDs : not a batch transaction");
+    XRPL_ASSERT(
+        getFieldArray(sfRawTransactions).size() != 0,
+        "STTx::getBatchTransactionIDs : empty raw transactions");
+    if (batch_txn_ids_.size() != 0)
+        return batch_txn_ids_;
+
+    for (STObject const& rb : getFieldArray(sfRawTransactions))
+        batch_txn_ids_.push_back(rb.getHash(HashPrefix::transactionID));
+
+    XRPL_ASSERT(
+        batch_txn_ids_.size() == getFieldArray(sfRawTransactions).size(),
+        "STTx::getBatchTransactionIDs : batch transaction IDs size mismatch");
+    return batch_txn_ids_;
+}
+
 //------------------------------------------------------------------------------
 
 static bool
@@ -606,6 +735,48 @@ invalidMPTAmountInTx(STObject const& tx)
     return false;
 }
 
+static bool
+isRawTransactionOkay(STObject const& st, std::string& reason)
+{
+    if (!st.isFieldPresent(sfRawTransactions))
+        return true;
+
+    if (st.isFieldPresent(sfBatchSigners) &&
+        st.getFieldArray(sfBatchSigners).size() > maxBatchTxCount)
+    {
+        reason = "Batch Signers array exceeds max entries.";
+        return false;
+    }
+
+    auto const& rawTxns = st.getFieldArray(sfRawTransactions);
+    if (rawTxns.size() > maxBatchTxCount)
+    {
+        reason = "Raw Transactions array exceeds max entries.";
+        return false;
+    }
+    for (STObject raw : rawTxns)
+    {
+        try
+        {
+            TxType const tt =
+                safe_cast<TxType>(raw.getFieldU16(sfTransactionType));
+            if (tt == ttBATCH)
+            {
+                reason = "Raw Transactions may not contain batch transactions.";
+                return false;
+            }
+
+            raw.applyTemplate(getTxFormat(tt)->getSOTemplate());
+        }
+        catch (std::exception const& e)
+        {
+            reason = e.what();
+            return false;
+        }
+    }
+    return true;
+}
+
 bool
 passesLocalChecks(STObject const& st, std::string& reason)
 {
@@ -630,6 +801,9 @@ passesLocalChecks(STObject const& st, std::string& reason)
         return false;
     }
 
+    if (!isRawTransactionOkay(st, reason))
+        return false;
+
     return true;
 }
 
@@ -645,10 +819,13 @@ sterilize(STTx const& stx)
 bool
 isPseudoTx(STObject const& tx)
 {
-    auto t = tx[~sfTransactionType];
+    auto const t = tx[~sfTransactionType];
+
     if (!t)
         return false;
-    auto tt = safe_cast<TxType>(*t);
+
+    auto const tt = safe_cast<TxType>(*t);
+
     return tt == ttAMENDMENT || tt == ttFEE || tt == ttUNL_MODIFY;
 }