Merge branch 'develop' into ximinez/lending-sendmulti

Signed-off-by: JCW <a1q123456@users.noreply.github.com>
Co-authored-by: xrplf-ai-reviewer[bot] <266832837+xrplf-ai-reviewer[bot]@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>

.github/scripts/levelization/results/ordering.txt

@@ -188,10 +188,16 @@ test.toplevel > xrpl.json
 test.unit_test > xrpl.basics
 test.unit_test > xrpl.protocol
 tests.libxrpl > xrpl.basics
+tests.libxrpl > xrpl.core
 tests.libxrpl > xrpl.json
+tests.libxrpl > xrpl.ledger
 tests.libxrpl > xrpl.net
+tests.libxrpl > xrpl.nodestore
 tests.libxrpl > xrpl.protocol
 tests.libxrpl > xrpl.protocol_autogen
+tests.libxrpl > xrpl.server
+tests.libxrpl > xrpl.shamap
+tests.libxrpl > xrpl.tx
 xrpl.conditions > xrpl.basics
 xrpl.conditions > xrpl.protocol
 xrpl.core > xrpl.basics

.github/scripts/strategy-matrix/generate.py

@@ -51,20 +51,21 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Only generate a subset of configurations in PRs.
         if not all:
             # Debian:
-            # - Bookworm using GCC 13: Release on linux/amd64, set the reference
-            #   fee to 500.
-            # - Bookworm using GCC 15: Debug on linux/amd64, enable code
-            #   coverage (which will be done below).
+            # - Bookworm using GCC 13: Debug on linux/amd64, set the reference
+            #   fee to 500 and enable code coverage (which will be done below).
+            # - Bookworm using GCC 15: Debug on linux/amd64, enable Address and
+            #   UB sanitizers (which will be done below).
             # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar.
             # - Bookworm using Clang 17: Release on linux/amd64, set the
             #   reference fee to 1000.
-            # - Bookworm using Clang 20: Debug on linux/amd64.
+            # - Bookworm using Clang 20: Debug on linux/amd64, enable Address
+            #   and UB sanitizers (which will be done below).
             if os["distro_name"] == "debian":
                 skip = True
                 if os["distro_version"] == "bookworm":
                     if (
                         f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13"
-                        and build_type == "Release"
+                        and build_type == "Debug"
                         and architecture["platform"] == "linux/amd64"
                     ):
                         cmake_args = f"-DUNIT_TEST_REFERENCE_FEE=500 {cmake_args}"
@@ -193,11 +194,11 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         ):
             continue
 
-        # Enable code coverage for Debian Bookworm using GCC 15 in Debug on
-        # linux/amd64
+        # Enable code coverage for Debian Bookworm using GCC 13 in Debug on
+        # linux/amd64.
         if (
             f"{os['distro_name']}-{os['distro_version']}" == "debian-bookworm"
-            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13"
             and build_type == "Debug"
             and architecture["platform"] == "linux/amd64"
         ):
@@ -234,23 +235,39 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Add the configuration to the list, with the most unique fields first,
         # so that they are easier to identify in the GitHub Actions UI, as long
         # names get truncated.
-        # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros.
+        # Add Address and UB sanitizers as separate configurations for specific
+        # bookworm distros. Thread sanitizer is currently disabled (see below).
         # GCC-Asan xrpld-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
-        if (
-            os["distro_version"] == "bookworm"
-            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20"
-        ):
-            # Add ASAN + UBSAN configuration.
+        if os[
+            "distro_version"
+        ] == "bookworm" and f"{os['compiler_name']}-{os['compiler_version']}" in [
+            "gcc-15",
+            "clang-20",
+        ]:
+            # Add ASAN configuration.
             configurations.append(
                 {
-                    "config_name": config_name + "-asan-ubsan",
+                    "config_name": config_name + "-asan",
                     "cmake_args": cmake_args,
                     "cmake_target": cmake_target,
                     "build_only": build_only,
                     "build_type": build_type,
                     "os": os,
                     "architecture": architecture,
-                    "sanitizers": "address,undefinedbehavior",
+                    "sanitizers": "address",
+                }
+            )
+            # Add UBSAN configuration.
+            configurations.append(
+                {
+                    "config_name": config_name + "-ubsan",
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "undefinedbehavior",
                 }
             )
             # TSAN is deactivated due to seg faults with latest compilers.

include/xrpl/basics/CanProcess.h

@@ -1,134 +0,0 @@
-//------------------------------------------------------------------------------
-/*
-    This file is part of rippled: https://github.com/ripple/rippled
-    Copyright (c) 2024 Ripple Labs Inc.
-
-    Permission to use, copy, modify, and/or distribute this software for any
-    purpose  with  or without fee is hereby granted, provided that the above
-    copyright notice and this permission notice appear in all copies.
-
-    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
-    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-    ANY  SPECIAL ,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
-    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-*/
-//==============================================================================
-
-#ifndef RIPPLE_BASICS_CANPROCESS_H_INCLUDED
-#define RIPPLE_BASICS_CANPROCESS_H_INCLUDED
-
-#include <functional>
-#include <mutex>
-#include <set>
-
-/** RAII class to check if an Item is already being processed on another thread,
- * as indicated by it's presence in a Collection.
- *
- * If the Item is not in the Collection, it will be added under lock in the
- * ctor, and removed under lock in the dtor. The object will be considered
- * "usable" and evaluate to `true`.
- *
- * If the Item is in the Collection, no changes will be made to the collection,
- * and the CanProcess object will be considered "unusable".
- *
- * It's up to the caller to decide what "usable" and "unusable" mean. (e.g.
- * Process or skip a block of code, or set a flag.)
- *
- * The current use is to avoid lock contention that would be involved in
- * processing something associated with the Item.
- *
- * Examples:
- *
- * void IncomingLedgers::acquireAsync(LedgerHash const& hash, ...)
- * {
- *    if (CanProcess check{acquiresMutex_, pendingAcquires_, hash})
- *    {
- *      acquire(hash, ...);
- *    }
- * }
- *
- * bool
- * NetworkOPsImp::recvValidation(
- *   std::shared_ptr<STValidation> const& val,
- *   std::string const& source)
- *   {
- *       CanProcess check(
- *           validationsMutex_, pendingValidations_, val->getLedgerHash());
- *       BypassAccept bypassAccept =
- *           check ? BypassAccept::no : BypassAccept::yes;
- *       handleNewValidation(app_, val, source, bypassAccept, m_journal);
- *   }
- *
- */
-class CanProcess
-{
-public:
-    template <class Mutex, class Collection, class Item>
-    CanProcess(Mutex& mtx, Collection& collection, Item const& item)
-        : cleanup_(insert(mtx, collection, item))
-    {
-    }
-
-    ~CanProcess()
-    {
-        if (cleanup_)
-            cleanup_();
-    }
-
-    explicit
-    operator bool() const
-    {
-        return static_cast<bool>(cleanup_);
-    }
-
-private:
-    template <bool useIterator, class Mutex, class Collection, class Item>
-    std::function<void()>
-    doInsert(Mutex& mtx, Collection& collection, Item const& item)
-    {
-        std::unique_lock<Mutex> lock(mtx);
-        // TODO: Use structured binding once LLVM 16 is the minimum supported
-        // version. See also: https://github.com/llvm/llvm-project/issues/48582
-        // https://github.com/llvm/llvm-project/commit/127bf44385424891eb04cff8e52d3f157fc2cb7c
-        auto const insertResult = collection.insert(item);
-        auto const it = insertResult.first;
-        if (!insertResult.second)
-            return {};
-        if constexpr (useIterator)
-            return [&, it]() {
-                std::unique_lock<Mutex> lock(mtx);
-                collection.erase(it);
-            };
-        else
-            return [&]() {
-                std::unique_lock<Mutex> lock(mtx);
-                collection.erase(item);
-            };
-    }
-
-    // Generic insert() function doesn't use iterators because they may get
-    // invalidated
-    template <class Mutex, class Collection, class Item>
-    std::function<void()>
-    insert(Mutex& mtx, Collection& collection, Item const& item)
-    {
-        return doInsert<false>(mtx, collection, item);
-    }
-
-    // Specialize insert() for std::set, which does not invalidate iterators for
-    // insert and erase
-    template <class Mutex, class Item>
-    std::function<void()>
-    insert(Mutex& mtx, std::set<Item>& collection, Item const& item)
-    {
-        return doInsert<true>(mtx, collection, item);
-    }
-
-    // If set, then the item is "usable"
-    std::function<void()> cleanup_;
-};
-
-#endif

include/xrpl/basics/DecayingSample.h

@@ -67,8 +67,10 @@ private:
             }
             else
             {
-                while ((elapsed--) != 0u)
+                for (; elapsed > 0; --elapsed)
+                {
                     m_value -= (m_value + Window - 1) / Window;
+                }
             }
         }
 

include/xrpl/beast/test/yield_to.h

@@ -43,8 +43,10 @@ public:
         : work_(boost::asio::make_work_guard(ios_))
     {
         threads_.reserve(concurrency);
-        while ((concurrency--) != 0u)
+        for (std::size_t i = 0; i < concurrency; ++i)
+        {
             threads_.emplace_back([&] { ios_.run(); });
+        }
     }
 
     ~enable_yield_to()

include/xrpl/core/HashRouter.h

@@ -137,13 +137,6 @@ private:
             return std::move(peers_);
         }
 
-        /** Return set of peers waiting for reply. Leaves list unchanged. */
-        std::set<PeerShortID> const&
-        peekPeerSet()
-        {
-            return peers_;
-        }
-
         /** Return seated relay time point if the message has been relayed */
         [[nodiscard]] std::optional<Stopwatch::time_point>
         relayed() const
@@ -175,20 +168,6 @@ private:
             return true;
         }
 
-        bool
-        shouldProcessForPeer(
-            PeerShortID peer,
-            Stopwatch::time_point now,
-            std::chrono::seconds interval)
-        {
-            if (peerProcessed_.contains(peer) && ((peerProcessed_[peer] + interval) > now))
-                return false;
-            // Peer may already be in the list, but adding it again doesn't hurt
-            addPeer(peer);
-            peerProcessed_[peer] = now;
-            return true;
-        }
-
     private:
         HashRouterFlags flags_ = HashRouterFlags::UNDEFINED;
         std::set<PeerShortID> peers_;
@@ -196,7 +175,6 @@ private:
         // than one flag needs to expire independently.
         std::optional<Stopwatch::time_point> relayed_;
         std::optional<Stopwatch::time_point> processed_;
-        std::map<PeerShortID, Stopwatch::time_point> peerProcessed_;
     };
 
 public:
@@ -219,7 +197,7 @@ public:
 
     /** Add a suppression peer and get message's relay status.
      * Return pair:
-     * element 1: true if the key is added.
+     * element 1: true if the peer is added.
      * element 2: optional is seated to the relay time point or
      * is unseated if has not relayed yet. */
     std::pair<bool, std::optional<Stopwatch::time_point>>
@@ -236,15 +214,6 @@ public:
         HashRouterFlags& flags,
         std::chrono::seconds tx_interval);
 
-    /** Determines whether the hashed item should be processed for the given
-       peer. Could be an incoming or outgoing message.
-
-       Items filtered with this function should only be processed for the given
-       peer once. Unlike shouldProcess, it can be processed for other peers.
-     */
-    bool
-    shouldProcessForPeer(uint256 const& key, PeerShortID peer, std::chrono::seconds interval);
-
     /** Set the flags on a hash.
 
         @return `true` if the flags were changed. `false` if unchanged.
@@ -270,11 +239,6 @@ public:
     std::optional<std::set<PeerShortID>>
     shouldRelay(uint256 const& key);
 
-    /** Returns a copy of the set of peers in the Entry for the key
-     */
-    std::set<PeerShortID>
-    getPeers(uint256 const& key);
-
 private:
     // pair.second indicates whether the entry was created
     std::pair<Entry&, bool>

include/xrpl/nodestore/detail/varint.h

@@ -54,8 +54,9 @@ read_varint(void const* buf, std::size_t buflen, std::size_t& t)
         return 1;
     }
     auto const used = n;
-    while (n--)
+    while (n > 0)
     {
+        --n;
         auto const d = p[n];
         auto const t0 = t;
         t *= 127;

include/xrpl/proto/xrpl.proto

@@ -288,18 +288,8 @@ message TMLedgerData {
   required uint32 ledgerSeq = 2;
   required TMLedgerInfoType type = 3;
   repeated TMLedgerNode nodes = 4;
-  // If the peer supports "responseCookies", this field will
-  // never be populated.
   optional uint32 requestCookie = 5;
   optional TMReplyError error = 6;
-  // The old field is called "requestCookie", but this is
-  // a response, so this name makes more sense
-  repeated uint32 responseCookies = 7;
-  // If a TMGetLedger request was received without a "requestCookie",
-  // and the peer supports it, this flag will be set to true to
-  // indicate that the receiver should process the result in addition
-  // to forwarding it to its "responseCookies" peers.
-  optional bool directResponse = 8;
 }
 
 message TMPing {

include/xrpl/protocol/LedgerHeader.h

@@ -35,8 +35,6 @@ struct LedgerHeader
 
     // If validated is false, it means "not yet validated."
     // Once validated is true, it will never be set false at a later time.
-    // NOTE: If you are accessing this directly, you are probably doing it
-    //   wrong. Use LedgerMaster::isValidated().
     // VFALCO TODO Make this not mutable
     bool mutable validated = false;
     bool accepted = false;

include/xrpl/protocol/detail/features.macro

@@ -15,6 +15,7 @@
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.
 
+XRPL_FIX    (Cleanup3_2_0,                Supported::no, VoteBehavior::DefaultNo)
 XRPL_FEATURE(MPTokensV2,                  Supported::no, VoteBehavior::DefaultNo)
 XRPL_FIX    (Security3_1_3,               Supported::no, VoteBehavior::DefaultNo)
 XRPL_FIX    (PermissionedDomainInvariant, Supported::yes, VoteBehavior::DefaultNo)

include/xrpl/protocol_autogen/LedgerEntryBase.h

@@ -130,6 +130,19 @@ public:
         return sle_->at(sfFlags);
     }
 
+    /**
+     * @brief Check if a specific flag is set.
+     *
+     * @param f The flag bitmask to check
+     * @return true if all bits in f are set in the flags field
+     */
+    [[nodiscard]]
+    bool
+    isFlag(std::uint32_t f) const
+    {
+        return sle_->isFlag(f);
+    }
+
     /**
      * @brief Get the underlying SLE object.
      *

include/xrpl/server/NetworkOPs.h

@@ -185,7 +185,7 @@ public:
     virtual bool
     isFull() = 0;
     virtual void
-    setMode(OperatingMode om, char const* reason) = 0;
+    setMode(OperatingMode om) = 0;
     virtual bool
     isBlocked() = 0;
     virtual bool

sanitizers/suppressions/ubsan.supp

@@ -11,7 +11,6 @@ float-cast-overflow:external
 float-divide-by-zero:external
 function:external
 implicit-integer-sign-change:external
-implicit-signed-integer-truncation::external
 implicit-signed-integer-truncation:external
 implicit-unsigned-integer-truncation:external
 integer-divide-by-zero:external
@@ -71,145 +70,15 @@ vla-bound:boost
 vptr_check:boost
 vptr:boost
 
-# Google protobuf
+# Google protobuf - intentional overflows in hash functions
 undefined:protobuf
-
-# Suppress UBSan errors in xrpld code by source file path
-undefined:src/libxrpl/basics/base64.cpp
-undefined:src/libxrpl/basics/Number.cpp
-undefined:src/libxrpl/beast/utility/beast_Journal.cpp
-undefined:src/libxrpl/crypto/RFC1751.cpp
-undefined:src/libxrpl/ledger/ApplyView.cpp
-undefined:src/libxrpl/ledger/View.cpp
-undefined:src/libxrpl/protocol/Permissions.cpp
-undefined:src/libxrpl/protocol/STAmount.cpp
-undefined:src/libxrpl/protocol/STPathSet.cpp
-undefined:src/libxrpl/protocol/tokens.cpp
-undefined:src/libxrpl/shamap/SHAMap.cpp
-undefined:src/test/app/Batch_test.cpp
-undefined:src/test/app/Invariants_test.cpp
-undefined:src/test/app/NFToken_test.cpp
-undefined:src/test/app/Offer_test.cpp
-undefined:src/test/app/Path_test.cpp
-undefined:src/test/basics/XRPAmount_test.cpp
-undefined:src/test/beast/LexicalCast_test.cpp
-undefined:src/test/jtx/impl/acctdelete.cpp
-undefined:src/test/ledger/SkipList_test.cpp
-undefined:src/test/rpc/Subscribe_test.cpp
-undefined:src/tests/libxrpl/basics/RangeSet.cpp
-undefined:src/xrpld/app/main/BasicApp.cpp
-undefined:src/xrpld/app/main/BasicApp.cpp
-undefined:src/xrpld/app/misc/detail/AmendmentTable.cpp
-undefined:src/xrpld/app/misc/NetworkOPs.cpp
-undefined:src/libxrpl/json/json_value.cpp
-undefined:src/xrpld/app/paths/detail/StrandFlow.h
-undefined:src/xrpld/app/tx/detail/NFTokenMint.cpp
-undefined:src/xrpld/app/tx/detail/OracleSet.cpp
-undefined:src/xrpld/core/detail/JobQueue.cpp
-undefined:src/xrpld/core/detail/Workers.cpp
-undefined:src/xrpld/rpc/detail/Role.cpp
-undefined:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
-undefined:xrpl/basics/base_uint.h
-undefined:xrpl/basics/DecayingSample.h
-undefined:xrpl/beast/test/yield_to.h
-undefined:xrpl/beast/xor_shift_engine.h
-undefined:xrpl/nodestore/detail/varint.h
-undefined:xrpl/peerfinder/detail/Counts.h
-undefined:xrpl/protocol/nft.h
-
-# basic_string.h:483:51: runtime error: unsigned integer overflow
-unsigned-integer-overflow:basic_string.h
-unsigned-integer-overflow:bits/chrono.h
-unsigned-integer-overflow:bits/random.h
-unsigned-integer-overflow:bits/random.tcc
-unsigned-integer-overflow:bits/stl_algobase.h
-unsigned-integer-overflow:bits/uniform_int_dist.h
-unsigned-integer-overflow:string_view
-
-# runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'std::size_t' (aka 'unsigned long')
-unsigned-integer-overflow:src/libxrpl/basics/base64.cpp
-unsigned-integer-overflow:src/libxrpl/basics/Number.cpp
-unsigned-integer-overflow:src/libxrpl/crypto/RFC1751.cpp
-unsigned-integer-overflow:rc/libxrpl/json/json_value.cpp
-unsigned-integer-overflow:src/libxrpl/ledger/ApplyView.cpp
-unsigned-integer-overflow:src/libxrpl/ledger/View.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/Permissions.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STPathSet.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/tokens.cpp
-unsigned-integer-overflow:src/libxrpl/shamap/SHAMap.cpp
-unsigned-integer-overflow:src/test/app/Batch_test.cpp
-unsigned-integer-overflow:src/test/app/Invariants_test.cpp
-unsigned-integer-overflow:src/test/app/NFToken_test.cpp
-unsigned-integer-overflow:src/test/app/Offer_test.cpp
-unsigned-integer-overflow:src/test/app/Path_test.cpp
-unsigned-integer-overflow:src/test/basics/XRPAmount_test.cpp
-unsigned-integer-overflow:src/test/beast/LexicalCast_test.cpp
-unsigned-integer-overflow:src/test/jtx/impl/acctdelete.cpp
-unsigned-integer-overflow:src/test/ledger/SkipList_test.cpp
-unsigned-integer-overflow:src/test/rpc/Subscribe_test.cpp
-unsigned-integer-overflow:src/tests/libxrpl/basics/RangeSet.cpp
-unsigned-integer-overflow:src/xrpld/app/main/BasicApp.cpp
-unsigned-integer-overflow:src/xrpld/app/misc/detail/AmendmentTable.cpp
-unsigned-integer-overflow:src/xrpld/app/misc/NetworkOPs.cpp
-unsigned-integer-overflow:src/xrpld/app/paths/detail/StrandFlow.h
-unsigned-integer-overflow:src/xrpld/app/tx/detail/NFTokenMint.cpp
-unsigned-integer-overflow:src/xrpld/app/tx/detail/OracleSet.cpp
-unsigned-integer-overflow:src/xrpld/rpc/detail/Role.cpp
-unsigned-integer-overflow:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
-unsigned-integer-overflow:xrpl/basics/base_uint.h
-unsigned-integer-overflow:xrpl/basics/DecayingSample.h
-unsigned-integer-overflow:xrpl/beast/test/yield_to.h
-unsigned-integer-overflow:xrpl/beast/xor_shift_engine.h
-unsigned-integer-overflow:xrpl/nodestore/detail/varint.h
-unsigned-integer-overflow:xrpl/peerfinder/detail/Counts.h
-unsigned-integer-overflow:xrpl/protocol/nft.h
-
-# Xrpld intentional overflows and operations
-# STAmount uses intentional negation of INT64_MIN and overflow in arithmetic
-signed-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-
-# XRPAmount test intentional overflows
-signed-integer-overflow:src/test/basics/XRPAmount_test.cpp
-
-# Peerfinder intentional overflow in counter arithmetic
-unsigned-integer-overflow:src/xrpld/peerfinder/detail/Counts.h
-
-# Signed integer overflow suppressions
-signed-integer-overflow:src/test/beast/LexicalCast_test.cpp
-
-# External library suppressions
-unsigned-integer-overflow:nudb/detail/xxhash.hpp
-
-# Loan_test.cpp intentional underflow in test arithmetic
-unsigned-integer-overflow:src/test/app/Loan_test.cpp
-undefined:src/test/app/Loan_test.cpp
-
-# Source tree restructured paths (libxrpl/tx/transactors/)
-# These duplicate the xrpld/app/tx/detail entries above for the new layout
-unsigned-integer-overflow:src/libxrpl/tx/transactors/oracle/OracleSet.cpp
-undefined:src/libxrpl/tx/transactors/oracle/OracleSet.cpp
-unsigned-integer-overflow:src/libxrpl/tx/transactors/nft/NFTokenMint.cpp
-undefined:src/libxrpl/tx/transactors/nft/NFTokenMint.cpp
-
-# Protobuf intentional overflows in hash functions
-# Protobuf uses intentional unsigned overflow for hash computation (stringpiece.h:393)
 unsigned-integer-overflow:google/protobuf/stubs/stringpiece.h
 
-# gRPC intentional overflows
-# gRPC uses intentional overflow in timer calculations
+# gRPC intentional overflows in timer calculations
 unsigned-integer-overflow:grpc
 unsigned-integer-overflow:timer_manager.cc
 
-# Standard library intentional overflows
-# These are intentional overflows in random number generation and character conversion
-unsigned-integer-overflow:__random/seed_seq.h
-unsigned-integer-overflow:__charconv/traits.h
-
-
-# Suppress errors in RocksDB
-# RocksDB uses intentional unsigned integer overflows in hash functions and CRC calculations
+# RocksDB intentional unsigned integer overflows in hash functions and CRC calculations
 unsigned-integer-overflow:rocks*/*/util/xxhash.h
 unsigned-integer-overflow:rocks*/*/util/xxph3.h
 unsigned-integer-overflow:rocks*/*/util/hash.cc
@@ -221,13 +90,14 @@ unsigned-integer-overflow:rocks*/*/table/format.cc
 unsigned-integer-overflow:rocks*/*/table/block_based/block_based_table_builder.cc
 unsigned-integer-overflow:rocks*/*/table/block_based/reader_common.cc
 unsigned-integer-overflow:rocks*/*/db/version_set.cc
-
-# RocksDB misaligned loads (intentional for performance on ARM64)
 alignment:rocks*/*/util/crc32c_arm64.cc
+undefined:rocks*/*/util/crc32c_arm64.cc
+undefined:rocks*/*/util/xxhash.h
 
 # nudb intentional overflows in hash functions
 unsigned-integer-overflow:nudb/detail/xxhash.hpp
 alignment:nudb/detail/xxhash.hpp
+undefined:nudb
 
 # Snappy compression library intentional overflows
 unsigned-integer-overflow:snappy.cc
@@ -239,10 +109,40 @@ unsigned-integer-overflow:absl/base/internal/low_level_alloc.cc
 unsigned-integer-overflow:absl/hash/internal/hash.h
 unsigned-integer-overflow:absl/container/internal/raw_hash_set.h
 
-# Standard library intentional overflows in chrono duration arithmetic
+# Standard library intentional overflows
+unsigned-integer-overflow:basic_string.h
+unsigned-integer-overflow:bits/chrono.h
+unsigned-integer-overflow:bits/random.h
+unsigned-integer-overflow:bits/random.tcc
+unsigned-integer-overflow:bits/stl_algobase.h
+unsigned-integer-overflow:bits/uniform_int_dist.h
+unsigned-integer-overflow:string_view
+unsigned-integer-overflow:__random/seed_seq.h
+unsigned-integer-overflow:__charconv/traits.h
 unsigned-integer-overflow:__chrono/duration.h
 
-# Suppress undefined errors in RocksDB and nudb
-undefined:rocks.*/*/util/crc32c_arm64.cc
-undefined:rocks.*/*/util/xxhash.h
-undefined:nudb
+# =============================================================================
+# Rippled code suppressions
+# =============================================================================
+
+# Signed integer negation (-value) in amount types.
+# INT64_MIN cannot occur in practice due to domain invariants (mantissa ranges
+# are well within int64_t bounds), but UBSan flags the pattern as potential
+# signed overflow. Narrowed to operator- to avoid suppressing unrelated
+# overflows anywhere in a stack trace containing these type names.
+signed-integer-overflow:operator-*IOUAmount*
+signed-integer-overflow:operator-*XRPAmount*
+signed-integer-overflow:operator-*MPTAmount*
+signed-integer-overflow:operator-*STAmount*
+
+# STAmount::operator+ signed addition — operands are bounded by total supply
+# (~10^17 for XRP, ~10^18 for MPT) so overflow cannot occur in practice.
+signed-integer-overflow:operator+*STAmount*
+
+# STAmount::getRate uses unsigned shift and addition
+unsigned-integer-overflow:*STAmount*getRate*
+# STAmount::serialize uses unsigned bitwise operations
+unsigned-integer-overflow:*STAmount*serialize*
+
+# nft::cipheredTaxon uses intentional uint32 wraparound (LCG permutation)
+unsigned-integer-overflow:cipheredTaxon

src/libxrpl/basics/base64.cpp

@@ -107,7 +107,7 @@ encode(void* dest, void const* src, std::size_t len)
     char const* in = static_cast<char const*>(src);
     auto const tab = base64::get_alphabet();
 
-    for (auto n = len / 3; n != 0u; --n)
+    for (auto n = len / 3; n > 0; --n)
     {
         *out++ = tab[(in[0] & 0xfc) >> 2];
         *out++ = tab[((in[0] & 0x03) << 4) + ((in[1] & 0xf0) >> 4)];

src/libxrpl/core/HashRouter.cpp

@@ -82,19 +82,6 @@ HashRouter::shouldProcess(
     return s.shouldProcess(suppressionMap_.clock().now(), tx_interval);
 }
 
-bool
-HashRouter::shouldProcessForPeer(
-    uint256 const& key,
-    PeerShortID peer,
-    std::chrono::seconds interval)
-{
-    std::lock_guard lock(mutex_);
-
-    auto& entry = emplace(key).first;
-
-    return entry.shouldProcessForPeer(peer, suppressionMap_.clock().now(), interval);
-}
-
 HashRouterFlags
 HashRouter::getFlags(uint256 const& key)
 {
@@ -132,13 +119,4 @@ HashRouter::shouldRelay(uint256 const& key) -> std::optional<std::set<PeerShortI
     return s.releasePeerSet();
 }
 
-auto
-HashRouter::getPeers(uint256 const& key) -> std::set<PeerShortID>
-{
-    std::lock_guard lock(mutex_);
-
-    auto& s = emplace(key).first;
-    return s.peekPeerSet();
-}
-
 }  // namespace xrpl

src/libxrpl/ledger/View.cpp

@@ -452,6 +452,489 @@ doWithdraw(
     return accountSend(view, sourceAcct, dstAcct, amount, j, WaiveTransferFee::Yes);
 }
 
+// Direct send w/o fees:
+// - Redeeming IOUs and/or sending sender's own IOUs.
+// - Create trust line if needed.
+// --> bCheckIssuer : normally require issuer to be involved.
+static TER
+rippleCreditIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    bool bCheckIssuer,
+    beast::Journal j)
+{
+    AccountID const& issuer = saAmount.getIssuer();
+    Currency const& currency = saAmount.getCurrency();
+
+    // Make sure issuer is involved.
+    XRPL_ASSERT(
+        !bCheckIssuer || uSenderID == issuer || uReceiverID == issuer,
+        "xrpl::rippleCreditIOU : matching issuer or don't care");
+    (void)issuer;
+
+    // Disallow sending to self.
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleCreditIOU : sender is not receiver");
+
+    bool const bSenderHigh = uSenderID > uReceiverID;
+    auto const index = keylet::line(uSenderID, uReceiverID, currency);
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && uSenderID != noAccount(), "xrpl::rippleCreditIOU : sender is not XRP");
+    XRPL_ASSERT(
+        !isXRP(uReceiverID) && uReceiverID != noAccount(),
+        "xrpl::rippleCreditIOU : receiver is not XRP");
+
+    // If the line exists, modify it accordingly.
+    if (auto const sleRippleState = view.peek(index))
+    {
+        STAmount saBalance = sleRippleState->getFieldAmount(sfBalance);
+
+        if (bSenderHigh)
+            saBalance.negate();  // Put balance in sender terms.
+
+        view.creditHook(uSenderID, uReceiverID, saAmount, saBalance);
+
+        STAmount const saBefore = saBalance;
+
+        saBalance -= saAmount;
+
+        JLOG(j.trace()) << "rippleCreditIOU: " << to_string(uSenderID) << " -> "
+                        << to_string(uReceiverID) << " : before=" << saBefore.getFullText()
+                        << " amount=" << saAmount.getFullText()
+                        << " after=" << saBalance.getFullText();
+
+        std::uint32_t const uFlags(sleRippleState->getFieldU32(sfFlags));
+        bool bDelete = false;
+
+        // FIXME This NEEDS to be cleaned up and simplified. It's impossible
+        //       for anyone to understand.
+        if (saBefore > beast::zero
+            // Sender balance was positive.
+            && saBalance <= beast::zero
+            // Sender is zero or negative.
+            && (uFlags & (!bSenderHigh ? lsfLowReserve : lsfHighReserve))
+            // Sender reserve is set.
+            && static_cast<bool>(uFlags & (!bSenderHigh ? lsfLowNoRipple : lsfHighNoRipple)) !=
+                static_cast<bool>(
+                    view.read(keylet::account(uSenderID))->getFlags() & lsfDefaultRipple) &&
+            !(uFlags & (!bSenderHigh ? lsfLowFreeze : lsfHighFreeze)) &&
+            !sleRippleState->getFieldAmount(!bSenderHigh ? sfLowLimit : sfHighLimit)
+            // Sender trust limit is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityIn : sfHighQualityIn)
+            // Sender quality in is 0.
+            && !sleRippleState->getFieldU32(!bSenderHigh ? sfLowQualityOut : sfHighQualityOut))
+        // Sender quality out is 0.
+        {
+            // Clear the reserve of the sender, possibly delete the line!
+            adjustOwnerCount(view, view.peek(keylet::account(uSenderID)), -1, j);
+
+            // Clear reserve flag.
+            sleRippleState->setFieldU32(
+                sfFlags, uFlags & (!bSenderHigh ? ~lsfLowReserve : ~lsfHighReserve));
+
+            // Balance is zero, receiver reserve is clear.
+            bDelete = !saBalance  // Balance is zero.
+                && !(uFlags & (bSenderHigh ? lsfLowReserve : lsfHighReserve));
+            // Receiver reserve is clear.
+        }
+
+        if (bSenderHigh)
+            saBalance.negate();
+
+        // Want to reflect balance to zero even if we are deleting line.
+        sleRippleState->setFieldAmount(sfBalance, saBalance);
+        // ONLY: Adjust ripple balance.
+
+        if (bDelete)
+        {
+            return trustDelete(
+                view,
+                sleRippleState,
+                bSenderHigh ? uReceiverID : uSenderID,
+                !bSenderHigh ? uReceiverID : uSenderID,
+                j);
+        }
+
+        view.update(sleRippleState);
+        return tesSUCCESS;
+    }
+
+    STAmount const saReceiverLimit(Issue{currency, uReceiverID});
+    STAmount saBalance{saAmount};
+
+    saBalance.setIssuer(noAccount());
+
+    JLOG(j.debug()) << "rippleCreditIOU: "
+                       "create line: "
+                    << to_string(uSenderID) << " -> " << to_string(uReceiverID) << " : "
+                    << saAmount.getFullText();
+
+    auto const sleAccount = view.peek(keylet::account(uReceiverID));
+    if (!sleAccount)
+        return tefINTERNAL;  // LCOV_EXCL_LINE
+
+    bool const noRipple = (sleAccount->getFlags() & lsfDefaultRipple) == 0;
+
+    return trustCreate(
+        view,
+        bSenderHigh,
+        uSenderID,
+        uReceiverID,
+        index.key,
+        sleAccount,
+        false,
+        noRipple,
+        false,
+        false,
+        saBalance,
+        saReceiverLimit,
+        0,
+        0,
+        j);
+}
+
+// Send regardless of limits.
+// --> saAmount: Amount/currency/issuer to deliver to receiver.
+// <-- saActual: Amount actually cost.  Sender pays fees.
+static TER
+rippleSendIOU(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const& issuer = saAmount.getIssuer();
+
+    XRPL_ASSERT(
+        !isXRP(uSenderID) && !isXRP(uReceiverID),
+        "xrpl::rippleSendIOU : neither sender nor receiver is XRP");
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendIOU : sender is not receiver");
+
+    if (uSenderID == issuer || uReceiverID == issuer || issuer == noAccount())
+    {
+        // Direct send: redeeming IOUs and/or sending own IOUs.
+        auto const ter = rippleCreditIOU(view, uSenderID, uReceiverID, saAmount, false, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party IOUs: transit.
+
+    // Calculate the amount to transfer accounting
+    // for any transfer fees if the fee is not waived:
+    saActual = (waiveFee == WaiveTransferFee::Yes) ? saAmount
+                                                   : multiply(saAmount, transferRate(view, issuer));
+
+    JLOG(j.debug()) << "rippleSendIOU> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    TER terResult = rippleCreditIOU(view, issuer, uReceiverID, saAmount, true, j);
+
+    if (tesSUCCESS == terResult)
+        terResult = rippleCreditIOU(view, uSenderID, issuer, saActual, true, j);
+
+    return terResult;
+}
+
+template <class TAsset>
+static TER
+doSendMulti(
+    std::string const& name,
+    ApplyView& view,
+    AccountID const& senderID,
+    TAsset const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee,
+    // Don't pass back parameters that the caller already has
+    std::function<
+        TER(AccountID const& senderID,
+            AccountID const& receiverID,
+            STAmount const& amount,
+            bool checkIssuer)> doCredit,
+    std::function<
+        TER(AccountID const& issuer, STAmount const& takeFromSender, STAmount const& amount)>
+        preMint = {})
+{
+    // Use the same pattern for all the SendMulti functions to help avoid
+    // divergence and copy/paste errors.
+    auto const& issuer = issue.getIssuer();
+
+    // These values may not stay in sync
+    STAmount takeFromSender{issue};
+    actual = takeFromSender;
+
+    // Failures return immediately.
+    for (auto const& r : receivers)
+    {
+        auto const& receiverID = r.first;
+        STAmount amount{issue, r.second};
+
+        if (amount < beast::zero)
+        {
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+        }
+
+        /* If we aren't sending anything or if the sender is the same as the
+         * receiver then we don't need to do anything.
+         */
+        if (!amount || (senderID == receiverID))
+            continue;
+
+        using namespace std::string_literals;
+        XRPL_ASSERT(!isXRP(receiverID), ("xrpl::"s + name + " : receiver is not XRP").c_str());
+
+        if (senderID == issuer || receiverID == issuer || issuer == noAccount())
+        {
+            if (preMint)
+            {
+                if (auto const ter = preMint(issuer, takeFromSender, amount))
+                    return ter;
+            }
+            // Direct send: redeeming IOUs and/or sending own IOUs.
+            if (auto const ter = doCredit(senderID, receiverID, amount, false))
+                return ter;
+            actual += amount;
+            // Do not add amount to takeFromSender, because doCredit took
+            // it.
+
+            continue;
+        }
+
+        // Sending 3rd party: transit.
+
+        // Calculate the amount to transfer accounting
+        // for any transfer fees if the fee is not waived:
+        STAmount actualSend = (waiveFee == WaiveTransferFee::Yes || issue.native())
+            ? amount
+            : multiply(amount, transferRate(view, amount));
+        actual += actualSend;
+        takeFromSender += actualSend;
+
+        JLOG(j.debug()) << name << "> " << to_string(senderID) << " - > " << to_string(receiverID)
+                        << " : deliver=" << amount.getFullText()
+                        << " cost=" << actualSend.getFullText();
+
+        if (TER const terResult = doCredit(issuer, receiverID, amount, true))
+            return terResult;
+    }
+
+    if (senderID != issuer && takeFromSender)
+    {
+        if (TER const terResult = doCredit(senderID, issuer, takeFromSender, true))
+            return terResult;
+    }
+
+    return tesSUCCESS;
+}
+
+// Send regardless of limits.
+// --> receivers: Amount/currency/issuer to deliver to receivers.
+// <-- saActual: Amount actually cost to sender.  Sender pays fees.
+static TER
+rippleSendMultiIOU(
+    ApplyView& view,
+    AccountID const& senderID,
+    Issue const& issue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(!isXRP(senderID), "xrpl::rippleSendMultiIOU : sender is not XRP");
+
+    auto doCredit = [&view, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool checkIssuer) {
+        return rippleCreditIOU(view, senderID, receiverID, amount, checkIssuer, j);
+    };
+
+    return doSendMulti(
+        "rippleSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+}
+
+static TER
+rippleCreditMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    beast::Journal j)
+{
+    // Do not check MPT authorization here - it must have been checked earlier
+    auto const mptID = keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID());
+    auto const& issuer = saAmount.getIssuer();
+    auto sleIssuance = view.peek(mptID);
+    if (!sleIssuance)
+        return tecOBJECT_NOT_FOUND;
+    if (uSenderID == issuer)
+    {
+        (*sleIssuance)[sfOutstandingAmount] += saAmount.mpt().value();
+        view.update(sleIssuance);
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uSenderID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            auto const amt = sle->getFieldU64(sfMPTAmount);
+            auto const pay = saAmount.mpt().value();
+            if (amt < pay)
+                return tecINSUFFICIENT_FUNDS;
+            (*sle)[sfMPTAmount] = amt - pay;
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    if (uReceiverID == issuer)
+    {
+        auto const outstanding = sleIssuance->getFieldU64(sfOutstandingAmount);
+        auto const redeem = saAmount.mpt().value();
+        if (outstanding >= redeem)
+        {
+            sleIssuance->setFieldU64(sfOutstandingAmount, outstanding - redeem);
+            view.update(sleIssuance);
+        }
+        else
+            return tecINTERNAL;  // LCOV_EXCL_LINE
+    }
+    else
+    {
+        auto const mptokenID = keylet::mptoken(mptID.key, uReceiverID);
+        if (auto sle = view.peek(mptokenID))
+        {
+            (*sle)[sfMPTAmount] += saAmount.mpt().value();
+            view.update(sle);
+        }
+        else
+            return tecNO_AUTH;
+    }
+
+    return tesSUCCESS;
+}
+
+static TER
+rippleSendMPT(
+    ApplyView& view,
+    AccountID const& uSenderID,
+    AccountID const& uReceiverID,
+    STAmount const& saAmount,
+    STAmount& saActual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    XRPL_ASSERT(uSenderID != uReceiverID, "xrpl::rippleSendMPT : sender is not receiver");
+
+    // Safe to get MPT since rippleSendMPT is only called by accountSendMPT
+    auto const& issuer = saAmount.getIssuer();
+
+    auto const sle = view.read(keylet::mptIssuance(saAmount.get<MPTIssue>().getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    if (uSenderID == issuer || uReceiverID == issuer)
+    {
+        // if sender is issuer, check that the new OutstandingAmount will not
+        // exceed MaximumAmount
+        if (uSenderID == issuer)
+        {
+            auto const sendAmount = saAmount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        // Direct send: redeeming MPTs and/or sending own MPTs.
+        auto const ter = rippleCreditMPT(view, uSenderID, uReceiverID, saAmount, j);
+        if (ter != tesSUCCESS)
+            return ter;
+        saActual = saAmount;
+        return tesSUCCESS;
+    }
+
+    // Sending 3rd party MPTs: transit.
+    saActual = (waiveFee == WaiveTransferFee::Yes)
+        ? saAmount
+        : multiply(saAmount, transferRate(view, saAmount.get<MPTIssue>().getMptID()));
+
+    JLOG(j.debug()) << "rippleSendMPT> " << to_string(uSenderID) << " - > "
+                    << to_string(uReceiverID) << " : deliver=" << saAmount.getFullText()
+                    << " cost=" << saActual.getFullText();
+
+    if (auto const terResult = rippleCreditMPT(view, issuer, uReceiverID, saAmount, j);
+        terResult != tesSUCCESS)
+        return terResult;
+
+    return rippleCreditMPT(view, uSenderID, issuer, saActual, j);
+}
+
+static TER
+rippleSendMultiMPT(
+    ApplyView& view,
+    AccountID const& senderID,
+    MPTIssue const& mptIssue,
+    MultiplePaymentDestinations const& receivers,
+    STAmount& actual,
+    beast::Journal j,
+    WaiveTransferFee waiveFee)
+{
+    auto const sle = view.read(keylet::mptIssuance(mptIssue.getMptID()));
+    if (!sle)
+        return tecOBJECT_NOT_FOUND;
+
+    auto preMint = [&](AccountID const& issuer,
+                       STAmount const& takeFromSender,
+                       STAmount const& amount) -> TER {
+        // if sender is issuer, check that the new OutstandingAmount will
+        // not exceed MaximumAmount
+        if (senderID == issuer)
+        {
+            XRPL_ASSERT_PARTS(
+                takeFromSender == beast::zero,
+                "rippler::rippleSendMultiMPT",
+                "sender == issuer, takeFromSender == zero");
+            auto const sendAmount = amount.mpt().value();
+            auto const maximumAmount = sle->at(~sfMaximumAmount).value_or(maxMPTokenAmount);
+            if (sendAmount > maximumAmount ||
+                sle->getFieldU64(sfOutstandingAmount) > maximumAmount - sendAmount)
+                return tecPATH_DRY;
+        }
+
+        return tesSUCCESS;
+    };
+    auto doCredit =
+        [&view, j](
+            AccountID const& senderID, AccountID const& receiverID, STAmount const& amount, bool) {
+            return rippleCreditMPT(view, senderID, receiverID, amount, j);
+        };
+
+    return doSendMulti(
+        "rippleSendMultiMPT",
+        view,
+        senderID,
+        mptIssue,
+        receivers,
+        actual,
+        j,
+        waiveFee,
+        doCredit,
+        preMint);
+}
+
 TER
 cleanupOnAccountDelete(
     ApplyView& view,

src/libxrpl/ledger/helpers/OfferHelpers.cpp

@@ -21,7 +21,7 @@ offerDelete(ApplyView& view, std::shared_ptr<SLE> const& sle, beast::Journal j)
     if (!sle)
         return tesSUCCESS;
     auto offerIndex = sle->key();
-    auto owner = sle->getAccountID(sfAccount);
+    auto const owner = sle->getAccountID(sfAccount);
 
     // Detect legacy directories.
     uint256 const uDirectory = sle->getFieldH256(sfBookDirectory);

src/libxrpl/ledger/helpers/RippleStateHelpers.cpp

@@ -579,7 +579,7 @@ requireAuth(ReadView const& view, Issue const& issue, AccountID const& account,
     return tesSUCCESS;
 }
 
-TER
+[[nodiscard]] TER
 canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, AccountID const& to)
 {
     if (issue.native())
@@ -617,7 +617,7 @@ canTransfer(ReadView const& view, Issue const& issue, AccountID const& from, Acc
 //
 //------------------------------------------------------------------------------
 
-TER
+[[nodiscard]] TER
 addEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,
@@ -671,7 +671,7 @@ addEmptyHolding(
         journal);
 }
 
-TER
+[[nodiscard]] TER
 removeEmptyHolding(
     ApplyView& view,
     AccountID const& accountID,

src/libxrpl/ledger/helpers/TokenHelpers.cpp

@@ -938,6 +938,85 @@ accountSendMultiIOU(
                << receivers.size() << " receivers.";
     }
 
+    auto doCredit = [&view, &sender, &receivers, j](
+                        AccountID const& senderID,
+                        AccountID const& receiverID,
+                        STAmount const& amount,
+                        bool /*checkIssuer*/) -> TER {
+        if (!senderID)
+        {
+            SLE::pointer receiver =
+                receiverID != beast::zero ? view.peek(keylet::account(receiverID)) : SLE::pointer();
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU> " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+
+            if (receiver)
+            {
+                // Increment XRP balance.
+                auto const rcvBal = receiver->getFieldAmount(sfBalance);
+                receiver->setFieldAmount(sfBalance, rcvBal + amount);
+                view.creditHook(xrpAccount(), receiverID, amount, -rcvBal);
+
+                view.update(receiver);
+            }
+
+            if (auto stream = j.trace())
+            {
+                std::string receiver_bal("-");
+
+                if (receiver)
+                    receiver_bal = receiver->getFieldAmount(sfBalance).getFullText();
+
+                stream << "accountSendMultiIOU< " << to_string(senderID) << " -> "
+                       << to_string(receiverID) << " (" << receiver_bal
+                       << ") : " << amount.getFullText();
+            }
+            return tesSUCCESS;
+        }
+        // Sender
+        if (sender)
+        {
+            if (sender->getFieldAmount(sfBalance) < amount)
+            {
+                return TER{tecFAILED_PROCESSING};
+            }
+            else
+            {
+                auto const sndBal = sender->getFieldAmount(sfBalance);
+                view.creditHook(senderID, xrpAccount(), amount, sndBal);
+
+                // Decrement XRP balance.
+                sender->setFieldAmount(sfBalance, sndBal - amount);
+                view.update(sender);
+            }
+        }
+
+        if (auto stream = j.trace())
+        {
+            std::string sender_bal("-");
+
+            if (sender)
+                sender_bal = sender->getFieldAmount(sfBalance).getFullText();
+
+            stream << "accountSendMultiIOU< " << to_string(senderID) << " (" << sender_bal
+                   << ") -> " << receivers.size() << " receivers.";
+        }
+
+        return tesSUCCESS;
+    };
+    return doSendMulti(
+        "accountSendMultiIOU", view, senderID, issue, receivers, actual, j, waiveFee, doCredit);
+
     // Failures return immediately.
     STAmount takeFromSender{issue};
     for (auto const& r : receivers)

src/test/app/HashRouter_test.cpp

@@ -394,33 +394,6 @@ class HashRouter_test : public beast::unit_test::suite
         BEAST_EXPECT(!any(HF::UNDEFINED));
     }
 
-    void
-    testProcessPeer()
-    {
-        using namespace std::chrono_literals;
-        TestStopwatch stopwatch;
-        HashRouter router(getSetup(5s, 5s), stopwatch);
-        uint256 const key(1);
-        HashRouter::PeerShortID peer1 = 1;
-        HashRouter::PeerShortID peer2 = 2;
-        auto const timeout = 2s;
-
-        BEAST_EXPECT(router.shouldProcessForPeer(key, peer1, timeout));
-        BEAST_EXPECT(!router.shouldProcessForPeer(key, peer1, timeout));
-        ++stopwatch;
-        BEAST_EXPECT(!router.shouldProcessForPeer(key, peer1, timeout));
-        BEAST_EXPECT(router.shouldProcessForPeer(key, peer2, timeout));
-        BEAST_EXPECT(!router.shouldProcessForPeer(key, peer2, timeout));
-        ++stopwatch;
-        BEAST_EXPECT(router.shouldProcessForPeer(key, peer1, timeout));
-        BEAST_EXPECT(!router.shouldProcessForPeer(key, peer2, timeout));
-        ++stopwatch;
-        BEAST_EXPECT(router.shouldProcessForPeer(key, peer2, timeout));
-        ++stopwatch;
-        BEAST_EXPECT(router.shouldProcessForPeer(key, peer1, timeout));
-        BEAST_EXPECT(!router.shouldProcessForPeer(key, peer2, timeout));
-    }
-
 public:
     void
     run() override
@@ -433,7 +406,6 @@ public:
         testProcess();
         testSetup();
         testFlagsOps();
-        testProcessPeer();
     }
 };
 

src/test/app/LedgerReplay_test.cpp

@@ -339,11 +339,6 @@ public:
     {
         return false;
     }
-    std::set<std::optional<uint64_t>>
-    releaseRequestCookies(uint256 const& requestHash) override
-    {
-        return {};
-    }
 
     [[nodiscard]] std::string const&
     fingerprint() const override

src/test/beast/LexicalCast_test.cpp

@@ -24,7 +24,7 @@ public:
     testInteger(IntType in)
     {
         std::string s;
-        IntType out(in + 1);
+        IntType out = static_cast<IntType>(~in);  // Ensure out != in
 
         expect(lexicalCastChecked(s, in));
         expect(lexicalCastChecked(out, s));

src/test/overlay/ProtocolVersion_test.cpp

@@ -63,8 +63,8 @@ public:
                 negotiateProtocolVersion("RTXP/1.2, XRPL/2.0, XRPL/2.1") == make_protocol(2, 1));
             BEAST_EXPECT(negotiateProtocolVersion("XRPL/2.2") == make_protocol(2, 2));
             BEAST_EXPECT(
-                negotiateProtocolVersion("RTXP/1.2, XRPL/2.2, XRPL/2.3, XRPL/2.4, XRPL/999.999") ==
-                make_protocol(2, 3));
+                negotiateProtocolVersion("RTXP/1.2, XRPL/2.2, XRPL/2.3, XRPL/999.999") ==
+                make_protocol(2, 2));
             BEAST_EXPECT(negotiateProtocolVersion("XRPL/999.999, WebSocket/1.0") == std::nullopt);
             BEAST_EXPECT(negotiateProtocolVersion("") == std::nullopt);
         }

src/test/overlay/reduce_relay_test.cpp

@@ -190,11 +190,6 @@ public:
     removeTxQueue(uint256 const&) override
     {
     }
-    std::set<std::optional<uint64_t>>
-    releaseRequestCookies(uint256 const& requestHash) override
-    {
-        return {};
-    }
 };
 
 /** Manually advanced clock. */

src/tests/libxrpl/CMakeLists.txt

@@ -8,9 +8,12 @@ add_custom_target(xrpl.tests)
 
 # Test helpers
 add_library(xrpl.helpers.test STATIC)
-target_sources(xrpl.helpers.test PRIVATE helpers/TestSink.cpp)
+target_sources(
+    xrpl.helpers.test
+    PRIVATE helpers/Account.cpp helpers/TestSink.cpp helpers/TxTest.cpp
+)
 target_include_directories(xrpl.helpers.test PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
-target_link_libraries(xrpl.helpers.test PRIVATE xrpl.libxrpl)
+target_link_libraries(xrpl.helpers.test PUBLIC xrpl.libxrpl gtest::gtest)
 
 # Common library dependencies for the rest of the tests.
 add_library(xrpl.imports.test INTERFACE)
@@ -32,6 +35,10 @@ xrpl_add_test(json)
 target_link_libraries(xrpl.test.json PRIVATE xrpl.imports.test)
 add_dependencies(xrpl.tests xrpl.test.json)
 
+xrpl_add_test(tx)
+target_link_libraries(xrpl.test.tx PRIVATE xrpl.imports.test)
+add_dependencies(xrpl.tests xrpl.test.tx)
+
 xrpl_add_test(protocol_autogen)
 target_link_libraries(xrpl.test.protocol_autogen PRIVATE xrpl.imports.test)
 add_dependencies(xrpl.tests xrpl.test.protocol_autogen)

src/tests/libxrpl/helpers/Account.cpp

@@ -0,0 +1,19 @@
+#include <helpers/Account.h>
+
+#include <xrpl/protocol/KeyType.h>
+#include <xrpl/protocol/PublicKey.h>
+#include <xrpl/protocol/SecretKey.h>
+#include <xrpl/protocol/Seed.h>
+
+namespace xrpl::test {
+
+Account const Account::master{"masterpassphrase"};
+
+Account::Account(std::string_view name, KeyType type)
+    : name_(name)
+    , keyPair_(generateKeyPair(type, generateSeed(name_)))
+    , id_(calcAccountID(keyPair_.first))
+{
+}
+
+}  // namespace xrpl::test

src/tests/libxrpl/helpers/Account.h

@@ -0,0 +1,81 @@
+#pragma once
+
+#include <xrpl/protocol/AccountID.h>
+#include <xrpl/protocol/KeyType.h>
+#include <xrpl/protocol/PublicKey.h>
+#include <xrpl/protocol/SecretKey.h>
+
+#include <string>
+#include <string_view>
+#include <utility>
+
+namespace xrpl::test {
+
+/**
+ * @brief A test account with cryptographic keys.
+ *
+ * Generates keys deterministically from a name, making tests reproducible.
+ * The same name always produces the same AccountID and keys.
+ */
+class Account
+{
+public:
+    /**
+     * @brief The master account that holds all XRP in genesis.
+     *
+     * This account is created in the genesis ledger with all 100 billion XRP.
+     * It uses the well-known seed "masterpassphrase".
+     */
+    static Account const master;
+
+    /**
+     * @brief Create an account from a name.
+     *
+     * Keys are derived deterministically from the name.
+     *
+     * @param name Human-readable name for the account.
+     * @param type Key type to use (defaults to secp256k1).
+     */
+    explicit Account(std::string_view name, KeyType type = KeyType::secp256k1);
+
+    /** @brief Return the human-readable name. */
+    std::string const&
+    name() const noexcept
+    {
+        return name_;
+    }
+
+    /** @brief Return the AccountID. */
+    AccountID const&
+    id() const noexcept
+    {
+        return id_;
+    }
+
+    /** @brief Return the public key. */
+    PublicKey const&
+    pk() const noexcept
+    {
+        return keyPair_.first;
+    }
+
+    /** @brief Return the secret key. */
+    SecretKey const&
+    sk() const noexcept
+    {
+        return keyPair_.second;
+    }
+
+    /** @brief Implicit conversion to AccountID. */
+    operator AccountID const&() const noexcept
+    {
+        return id_;
+    }
+
+private:
+    std::string name_;
+    std::pair<PublicKey, SecretKey> keyPair_;
+    AccountID id_;
+};
+
+}  // namespace xrpl::test

src/tests/libxrpl/helpers/IOU.h

@@ -0,0 +1,132 @@
+#pragma once
+
+#include <xrpl/basics/Number.h>
+#include <xrpl/protocol/Asset.h>
+#include <xrpl/protocol/Issue.h>
+#include <xrpl/protocol/STAmount.h>
+#include <xrpl/protocol/UintTypes.h>
+
+#include <helpers/Account.h>
+
+#include <concepts>
+#include <string>
+#include <string_view>
+#include <type_traits>
+
+namespace xrpl::test {
+
+/**
+ * @brief Represents an IOU (issued currency) for testing.
+ *
+ * Provides a clear, explicit API for creating currencies issued by an account.
+ * This replaces the cryptic `Account::operator[]` from the jtx framework.
+ *
+ * @code
+ *     Account gw("gateway");
+ *     IOU USD("USD", gw);
+ *
+ *     auto issue = USD.issue();      // Get the Issue
+ *     auto asset = USD.asset();      // Get the Asset
+ *     auto amt = USD.amount(100);    // Get STAmount of 100 USD
+ * @endcode
+ */
+class IOU
+{
+public:
+    /**
+     * @brief Construct an IOU from a currency code and issuing account.
+     * @param currencyCode A 3-character ISO currency code (e.g., "USD").
+     * @param issuer The account that issues this currency.
+     */
+    IOU(std::string_view currencyCode, Account const& issuer)
+        : currency_(to_currency(std::string(currencyCode))), issuer_(issuer.id())
+    {
+        XRPL_ASSERT(!isXRP(currency_), "IOU: currency code must not resolve to XRP");
+    }
+
+    /**
+     * @brief Construct an IOU from a Currency and issuing account.
+     * @param currency The Currency object.
+     * @param issuer The account that issues this currency.
+     */
+    IOU(Currency currency, Account const& issuer)
+        : currency_(std::move(currency)), issuer_(issuer.id())
+    {
+        XRPL_ASSERT(!isXRP(currency_), "IOU: currency code must not resolve to XRP");
+    }
+
+    /**
+     * @brief Get the Issue (currency + issuer pair).
+     * @return An Issue object representing this IOU.
+     */
+    [[nodiscard]] Issue
+    issue() const
+    {
+        return Issue{currency_, issuer_};
+    }
+
+    /**
+     * @brief Get the Asset.
+     * @return An Asset object representing this IOU.
+     */
+    [[nodiscard]] Asset
+    asset() const
+    {
+        return Asset{issue()};
+    }
+
+    /**
+     * @brief Create an STAmount of this IOU.
+     *
+     * Works with any arithmetic type (int, double, etc.) by converting
+     * to string and parsing. This matches the jtx IOU behaviour.
+     *
+     * @tparam T An arithmetic type.
+     * @param value The amount as any arithmetic type.
+     * @return An STAmount representing value units of this IOU.
+     */
+    template <typename T>
+        requires std::is_arithmetic_v<T>
+    [[nodiscard]] STAmount
+    amount(T value) const
+    {
+        return amountFromString(issue(), to_string(value));
+    }
+
+    /**
+     * @brief Create an STAmount of this IOU from a Number.
+     * @param value The amount as a Number.
+     * @return An STAmount representing value units of this IOU.
+     */
+    [[nodiscard]] STAmount
+    amount(Number const& value) const
+    {
+        return STAmount{issue(), value};
+    }
+
+    /**
+     * @brief Get the currency.
+     * @return The currency.
+     */
+    [[nodiscard]] Currency const&
+    currency() const
+    {
+        return currency_;
+    }
+
+    /**
+     * @brief Get the issuer account ID.
+     * @return The issuer's AccountID.
+     */
+    [[nodiscard]] AccountID const&
+    issuer() const
+    {
+        return issuer_;
+    }
+
+private:
+    Currency currency_;
+    AccountID issuer_;
+};
+
+}  // namespace xrpl::test

src/tests/libxrpl/helpers/TestFamily.h

@@ -0,0 +1,111 @@
+#pragma once
+
+#include <xrpl/basics/chrono.h>
+#include <xrpl/nodestore/DummyScheduler.h>
+#include <xrpl/nodestore/Manager.h>
+#include <xrpl/shamap/Family.h>
+
+#include <memory>
+
+namespace xrpl {
+namespace test {
+
+/** Test implementation of Family for unit tests.
+
+    Uses an in-memory NodeStore database and simple caches.
+    The missingNode methods throw since tests shouldn't encounter missing nodes.
+*/
+class TestFamily : public Family
+{
+private:
+    std::unique_ptr<NodeStore::Database> db_;
+    TestStopwatch clock_;
+    std::shared_ptr<FullBelowCache> fbCache_;
+    std::shared_ptr<TreeNodeCache> tnCache_;
+    NodeStore::DummyScheduler scheduler_;
+    beast::Journal j_;
+
+public:
+    explicit TestFamily(beast::Journal j)
+        : fbCache_(std::make_shared<FullBelowCache>("TestFamily full below cache", clock_, j))
+        , tnCache_(
+              std::make_shared<TreeNodeCache>(
+                  "TestFamily tree node cache",
+                  65536,
+                  std::chrono::minutes{1},
+                  clock_,
+                  j))
+        , j_(j)
+    {
+        Section config;
+        config.set("type", "memory");
+        config.set("path", "TestFamily");
+        db_ = NodeStore::Manager::instance().make_Database(megabytes(4), scheduler_, 1, config, j);
+    }
+
+    NodeStore::Database&
+    db() override
+    {
+        return *db_;
+    }
+
+    NodeStore::Database const&
+    db() const override
+    {
+        return *db_;
+    }
+
+    beast::Journal const&
+    journal() override
+    {
+        return j_;
+    }
+
+    std::shared_ptr<FullBelowCache>
+    getFullBelowCache() override
+    {
+        return fbCache_;
+    }
+
+    std::shared_ptr<TreeNodeCache>
+    getTreeNodeCache() override
+    {
+        return tnCache_;
+    }
+
+    void
+    sweep() override
+    {
+        fbCache_->sweep();
+        tnCache_->sweep();
+    }
+
+    void
+    missingNodeAcquireBySeq(std::uint32_t refNum, uint256 const& nodeHash) override
+    {
+        Throw<std::runtime_error>("TestFamily: missing node (by seq)");
+    }
+
+    void
+    missingNodeAcquireByHash(uint256 const& refHash, std::uint32_t refNum) override
+    {
+        Throw<std::runtime_error>("TestFamily: missing node (by hash)");
+    }
+
+    void
+    reset() override
+    {
+        fbCache_->reset();
+        tnCache_->reset();
+    }
+
+    /** Access the test clock for time manipulation in tests. */
+    TestStopwatch&
+    clock()
+    {
+        return clock_;
+    }
+};
+
+}  // namespace test
+}  // namespace xrpl

src/tests/libxrpl/helpers/TestServiceRegistry.h

@@ -0,0 +1,378 @@
+#pragma once
+
+#include <xrpl/basics/Log.h>
+#include <xrpl/basics/chrono.h>
+#include <xrpl/core/HashRouter.h>
+#include <xrpl/core/NetworkIDService.h>
+#include <xrpl/core/ServiceRegistry.h>
+#include <xrpl/ledger/PendingSaves.h>
+#include <xrpl/server/LoadFeeTrack.h>
+
+#include <boost/asio/io_context.hpp>
+
+#include <helpers/TestFamily.h>
+#include <helpers/TestSink.h>
+
+#include <optional>
+#include <stdexcept>
+
+namespace xrpl {
+namespace test {
+
+/** Logs implementation that creates TestSink instances. */
+class TestLogs : public Logs
+{
+public:
+    explicit TestLogs(beast::severities::Severity level = beast::severities::kWarning) : Logs(level)
+    {
+    }
+
+    std::unique_ptr<beast::Journal::Sink>
+    makeSink(std::string const&, beast::severities::Severity threshold) override
+    {
+        return std::make_unique<TestSink>(threshold);
+    }
+};
+
+/** Simple NetworkIDService implementation for tests. */
+class TestNetworkIDService final : public NetworkIDService
+{
+public:
+    explicit TestNetworkIDService(std::uint32_t networkID = 0) : networkID_(networkID)
+    {
+    }
+
+    [[nodiscard]] std::uint32_t
+    getNetworkID() const noexcept override
+    {
+        return networkID_;
+    }
+
+private:
+    std::uint32_t networkID_;
+};
+
+/** Test implementation of ServiceRegistry for unit tests.
+
+    This class provides real implementations for services that can be
+    instantiated from libxrpl (such as Logs, io_context, caches), and
+    throws std::logic_error for services that require the full Application.
+
+    Tests can subclass this to provide additional services they need.
+*/
+class TestServiceRegistry : public ServiceRegistry
+{
+    TestLogs logs_{beast::severities::kWarning};
+    boost::asio::io_context io_context_;
+    TestFamily family_{logs_.journal("TestFamily")};
+    LoadFeeTrack feeTrack_{logs_.journal("LoadFeeTrack")};
+    TestNetworkIDService networkIDService_;
+    HashRouter hashRouter_{HashRouter::Setup{}, stopwatch()};
+    NodeCache tempNodeCache_{
+        "TempNodeCache",
+        16384,
+        std::chrono::minutes{1},
+        stopwatch(),
+        logs_.journal("TaggedCache")};
+    CachedSLEs cachedSLEs_{
+        "CachedSLEs",
+        16384,
+        std::chrono::minutes{1},
+        stopwatch(),
+        logs_.journal("TaggedCache")};
+    PendingSaves pendingSaves_;
+    std::optional<uint256> trapTxID_;
+
+public:
+    TestServiceRegistry() = default;
+    ~TestServiceRegistry() override = default;
+
+    // Core infrastructure services
+    CollectorManager&
+    getCollectorManager() override
+    {
+        throw std::logic_error("TestServiceRegistry::getCollectorManager() not implemented");
+    }
+
+    Family&
+    getNodeFamily() override
+    {
+        return family_;
+    }
+
+    TimeKeeper&
+    getTimeKeeper() override
+    {
+        throw std::logic_error("TestServiceRegistry::timeKeeper() not implemented");
+    }
+
+    JobQueue&
+    getJobQueue() override
+    {
+        throw std::logic_error("TestServiceRegistry::getJobQueue() not implemented");
+    }
+
+    NodeCache&
+    getTempNodeCache() override
+    {
+        return tempNodeCache_;
+    }
+
+    CachedSLEs&
+    getCachedSLEs() override
+    {
+        return cachedSLEs_;
+    }
+
+    NetworkIDService&
+    getNetworkIDService() override
+    {
+        return networkIDService_;
+    }
+
+    // Protocol and validation services
+    AmendmentTable&
+    getAmendmentTable() override
+    {
+        throw std::logic_error("TestServiceRegistry::getAmendmentTable() not implemented");
+    }
+
+    HashRouter&
+    getHashRouter() override
+    {
+        return hashRouter_;
+    }
+
+    LoadFeeTrack&
+    getFeeTrack() override
+    {
+        return feeTrack_;
+    }
+
+    LoadManager&
+    getLoadManager() override
+    {
+        throw std::logic_error("TestServiceRegistry::getLoadManager() not implemented");
+    }
+
+    RCLValidations&
+    getValidations() override
+    {
+        throw std::logic_error("TestServiceRegistry::getValidations() not implemented");
+    }
+
+    ValidatorList&
+    getValidators() override
+    {
+        throw std::logic_error("TestServiceRegistry::validators() not implemented");
+    }
+
+    ValidatorSite&
+    getValidatorSites() override
+    {
+        throw std::logic_error("TestServiceRegistry::validatorSites() not implemented");
+    }
+
+    ManifestCache&
+    getValidatorManifests() override
+    {
+        throw std::logic_error("TestServiceRegistry::validatorManifests() not implemented");
+    }
+
+    ManifestCache&
+    getPublisherManifests() override
+    {
+        throw std::logic_error("TestServiceRegistry::publisherManifests() not implemented");
+    }
+
+    // Network services
+    Overlay&
+    getOverlay() override
+    {
+        throw std::logic_error("TestServiceRegistry::overlay() not implemented");
+    }
+
+    Cluster&
+    getCluster() override
+    {
+        throw std::logic_error("TestServiceRegistry::cluster() not implemented");
+    }
+
+    PeerReservationTable&
+    getPeerReservations() override
+    {
+        throw std::logic_error("TestServiceRegistry::peerReservations() not implemented");
+    }
+
+    Resource::Manager&
+    getResourceManager() override
+    {
+        throw std::logic_error("TestServiceRegistry::getResourceManager() not implemented");
+    }
+
+    // Storage services
+    NodeStore::Database&
+    getNodeStore() override
+    {
+        throw std::logic_error("TestServiceRegistry::getNodeStore() not implemented");
+    }
+
+    SHAMapStore&
+    getSHAMapStore() override
+    {
+        throw std::logic_error("TestServiceRegistry::getSHAMapStore() not implemented");
+    }
+
+    RelationalDatabase&
+    getRelationalDatabase() override
+    {
+        throw std::logic_error("TestServiceRegistry::getRelationalDatabase() not implemented");
+    }
+
+    // Ledger services
+    InboundLedgers&
+    getInboundLedgers() override
+    {
+        throw std::logic_error("TestServiceRegistry::getInboundLedgers() not implemented");
+    }
+
+    InboundTransactions&
+    getInboundTransactions() override
+    {
+        throw std::logic_error("TestServiceRegistry::getInboundTransactions() not implemented");
+    }
+
+    TaggedCache<uint256, AcceptedLedger>&
+    getAcceptedLedgerCache() override
+    {
+        throw std::logic_error("TestServiceRegistry::getAcceptedLedgerCache() not implemented");
+    }
+
+    LedgerMaster&
+    getLedgerMaster() override
+    {
+        throw std::logic_error("TestServiceRegistry::getLedgerMaster() not implemented");
+    }
+
+    LedgerCleaner&
+    getLedgerCleaner() override
+    {
+        throw std::logic_error("TestServiceRegistry::getLedgerCleaner() not implemented");
+    }
+
+    LedgerReplayer&
+    getLedgerReplayer() override
+    {
+        throw std::logic_error("TestServiceRegistry::getLedgerReplayer() not implemented");
+    }
+
+    PendingSaves&
+    getPendingSaves() override
+    {
+        return pendingSaves_;
+    }
+
+    OpenLedger&
+    getOpenLedger() override
+    {
+        throw std::logic_error("TestServiceRegistry::openLedger() not implemented");
+    }
+
+    OpenLedger const&
+    getOpenLedger() const override
+    {
+        throw std::logic_error("TestServiceRegistry::openLedger() const not implemented");
+    }
+
+    // Transaction and operation services
+    NetworkOPs&
+    getOPs() override
+    {
+        throw std::logic_error("TestServiceRegistry::getOPs() not implemented");
+    }
+
+    OrderBookDB&
+    getOrderBookDB() override
+    {
+        throw std::logic_error("TestServiceRegistry::getOrderBookDB() not implemented");
+    }
+
+    TransactionMaster&
+    getMasterTransaction() override
+    {
+        throw std::logic_error("TestServiceRegistry::getMasterTransaction() not implemented");
+    }
+
+    TxQ&
+    getTxQ() override
+    {
+        throw std::logic_error("TestServiceRegistry::getTxQ() not implemented");
+    }
+
+    PathRequestManager&
+    getPathRequestManager() override
+    {
+        throw std::logic_error("TestServiceRegistry::getPathRequestManager() not implemented");
+    }
+
+    // Server services
+    ServerHandler&
+    getServerHandler() override
+    {
+        throw std::logic_error("TestServiceRegistry::getServerHandler() not implemented");
+    }
+
+    perf::PerfLog&
+    getPerfLog() override
+    {
+        throw std::logic_error("TestServiceRegistry::getPerfLog() not implemented");
+    }
+
+    // Configuration and state
+    bool
+    isStopping() const override
+    {
+        return false;
+    }
+
+    beast::Journal
+    getJournal(std::string const& name) override
+    {
+        return logs_.journal(name);
+    }
+
+    boost::asio::io_context&
+    getIOContext() override
+    {
+        return io_context_;
+    }
+
+    Logs&
+    getLogs() override
+    {
+        return logs_;
+    }
+
+    std::optional<uint256> const&
+    getTrapTxID() const override
+    {
+        return trapTxID_;
+    }
+
+    DatabaseCon&
+    getWalletDB() override
+    {
+        throw std::logic_error("TestServiceRegistry::getWalletDB() not implemented");
+    }
+
+    // Temporary: Get the underlying Application
+    Application&
+    getApp() override
+    {
+        throw std::logic_error(
+            "TestServiceRegistry::app() not implemented - no Application available in tests");
+    }
+};
+
+}  // namespace test
+}  // namespace xrpl

src/tests/libxrpl/helpers/TxTest.cpp

@@ -0,0 +1,252 @@
+#include <helpers/TxTest.h>
+
+#include <xrpl/basics/base_uint.h>
+#include <xrpl/basics/chrono.h>
+#include <xrpl/basics/contract.h>
+#include <xrpl/ledger/ApplyView.h>
+#include <xrpl/ledger/CanonicalTXSet.h>
+#include <xrpl/ledger/Ledger.h>
+#include <xrpl/ledger/OpenView.h>
+#include <xrpl/ledger/ReadView.h>
+#include <xrpl/protocol/AccountID.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/Fees.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/SField.h>
+#include <xrpl/protocol/STLedgerEntry.h>
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/TER.h>
+#include <xrpl/protocol_autogen/ledger_entries/AccountRoot.h>
+#include <xrpl/protocol_autogen/ledger_entries/RippleState.h>
+#include <xrpl/protocol_autogen/transactions/AccountSet.h>
+#include <xrpl/protocol_autogen/transactions/Payment.h>
+#include <xrpl/tx/apply.h>
+
+#include <helpers/Account.h>
+#include <helpers/IOU.h>
+
+#include <cstdint>
+#include <memory>
+#include <optional>
+#include <stdexcept>
+#include <utility>
+#include <vector>
+
+namespace xrpl::test {
+
+//------------------------------------------------------------------------------
+// Feature helpers
+//------------------------------------------------------------------------------
+
+FeatureBitset
+allFeatures()
+{
+    static FeatureBitset const features = [] {
+        auto const& sa = allAmendments();
+        std::vector<uint256> feats;
+        feats.reserve(sa.size());
+        for ([[maybe_unused]] auto const& [name, _] : sa)
+        {
+            if (auto const f = getRegisteredFeature(name); f.has_value())
+                feats.push_back(*f);
+        }
+        return FeatureBitset(feats);
+    }();
+    return features;
+}
+
+//------------------------------------------------------------------------------
+// TxTest
+//------------------------------------------------------------------------------
+
+TxTest::TxTest(std::optional<FeatureBitset> features)
+{
+    // Convert FeatureBitset to unordered_set for Rules constructor
+    auto const featureBits = features.value_or(allFeatures());
+    foreachFeature(featureBits, [&](uint256 const& f) { featureSet_.insert(f); });
+
+    // Create rules with the specified features
+    rules_.emplace(featureSet_);
+
+    // Default fees for testing
+    Fees const fees{XRPAmount{10}, XRPAmount{10000000}, XRPAmount{2000000}};
+
+    // Create a genesis ledger as the base
+    closedLedger_ = std::make_shared<Ledger>(
+        create_genesis,
+        // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+        *rules_,
+        fees,
+        std::vector<uint256>{featureSet_.begin(), featureSet_.end()},
+        registry_.getNodeFamily());
+
+    // Initialize time from the genesis ledger
+    now_ = closedLedger_->header().closeTime;
+
+    // Create an open view on top of the genesis ledger
+    openLedger_ =
+        std::make_shared<OpenView>(open_ledger, closedLedger_.get(), *rules_, closedLedger_);
+}
+
+bool
+TxTest::isEnabled(uint256 const& feature) const
+{
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    return rules_->enabled(feature);
+}
+
+Rules const&
+TxTest::getRules() const
+{
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    return *rules_;
+}
+
+[[nodiscard]] TxResult
+TxTest::submit(std::shared_ptr<STTx const> stx)
+{
+    auto result = apply(registry_, *openLedger_, *stx, tapNONE, registry_.getJournal("apply"));
+
+    // Track successfully applied transactions for canonical reordering on close
+    // We make a copy since the TransactionBase doesn't own the STTx
+    if (result.applied)
+        pendingTxs_.push_back(stx);
+
+    return TxResult{
+        .ter = result.ter,
+        .applied = result.applied,
+        .metadata = std::move(result).metadata,
+        .tx = std::move(stx)};
+}
+
+void
+TxTest::createAccount(Account const& account, XRPAmount xrp, uint32_t accountFlags)
+{
+    auto const paymentTer =
+        submit(transactions::PaymentBuilder{Account::master, account, xrp}, Account::master).ter;
+
+    if (paymentTer != tesSUCCESS)
+    {
+        throw std::runtime_error("TxTest::createAccount: failed to create account");
+    }
+
+    close();
+
+    if (accountFlags != 0)
+    {
+        auto const accountSetTer =
+            submit(transactions::AccountSetBuilder{account}.setSetFlag(accountFlags), account).ter;
+        if (accountSetTer != tesSUCCESS)
+        {
+            throw std::runtime_error("TxTest::createAccount: failed to set account flags");
+        }
+        close();
+    }
+}
+
+ledger_entries::AccountRoot
+TxTest::getAccountRoot(AccountID const& id) const
+{
+    auto const sle = getOpenLedger().read(keylet::account(id));
+    if (!sle)
+        Throw<std::runtime_error>("TxTest::getAccountRoot: account not found");
+    return ledger_entries::AccountRoot{std::const_pointer_cast<SLE const>(sle)};
+}
+
+OpenView&
+TxTest::getOpenLedger()
+{
+    return *openLedger_;
+}
+
+OpenView const&
+TxTest::getOpenLedger() const
+{
+    return *openLedger_;
+}
+
+ReadView const&
+TxTest::getClosedLedger() const
+{
+    return *closedLedger_;
+}
+
+void
+TxTest::close()
+{
+    // Build a new closed ledger from the previous closed ledger,
+    // similar to how buildLedgerImpl works:
+    // 1. Create a new Ledger from the previous closed ledger
+    // 2. Re-apply transactions in canonical order
+    // 3. Mark it as accepted/immutable
+
+    auto const& prevLedger = *closedLedger_;
+
+    auto const ledgerCloseTime = now_ + prevLedger.header().closeTimeResolution;
+
+    now_ = ledgerCloseTime;
+
+    auto newLedger = std::make_shared<Ledger>(prevLedger, ledgerCloseTime);
+
+    CanonicalTXSet txSet(prevLedger.header().hash);
+    for (auto const& tx : pendingTxs_)
+        txSet.insert(tx);
+
+    {
+        OpenView accum(&*newLedger);
+        for (auto const& [key, tx] : txSet)
+        {
+            auto result = apply(registry_, accum, *tx, tapNONE, registry_.getJournal("apply"));
+            if (!result.applied)
+            {
+                throw std::runtime_error("TxTest::close: failed to apply transaction");
+            }
+        }
+        accum.apply(*newLedger);
+    }
+
+    newLedger->setAccepted(ledgerCloseTime, newLedger->header().closeTimeResolution, true);
+
+    closedLedger_ = newLedger;
+
+    pendingTxs_.clear();
+
+    openLedger_ =
+        // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+        std::make_shared<OpenView>(open_ledger, closedLedger_.get(), *rules_, closedLedger_);
+}
+
+void
+TxTest::advanceTime(NetClock::duration duration)
+{
+    now_ += duration;
+}
+
+NetClock::time_point
+TxTest::getCloseTime() const
+{
+    return now_;
+}
+
+STAmount
+TxTest::getBalance(AccountID const& account, IOU const& iou) const
+{
+    auto const sle = openLedger_->read(keylet::line(account, iou.issue()));
+    if (!sle)
+        return STAmount{iou.issue(), 0};
+
+    auto const rippleState = ledger_entries::RippleState{sle};
+
+    auto balance = rippleState.getBalance();
+    if (iou.issue().account == account)
+    {
+        throw std::logic_error("TxTest::getBalance: account is issuer");
+    }
+
+    balance.get<Issue>().account = iou.issue().account;
+    if (account > iou.issue().account)
+        balance.negate();
+    return balance;
+}
+
+}  // namespace xrpl::test

src/tests/libxrpl/helpers/TxTest.h

@@ -0,0 +1,364 @@
+#pragma once
+
+#include <xrpl/basics/Number.h>
+#include <xrpl/basics/chrono.h>
+#include <xrpl/beast/utility/Journal.h>
+#include <xrpl/core/ServiceRegistry.h>
+#include <xrpl/ledger/ApplyViewImpl.h>
+#include <xrpl/ledger/Ledger.h>
+#include <xrpl/ledger/OpenView.h>
+#include <xrpl/protocol/Feature.h>
+#include <xrpl/protocol/LedgerFormats.h>
+#include <xrpl/protocol/Rules.h>
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/TER.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/protocol/XRPAmount.h>
+#include <xrpl/protocol_autogen/TransactionBuilderBase.h>
+#include <xrpl/protocol_autogen/ledger_entries/AccountRoot.h>
+#include <xrpl/tx/applySteps.h>
+
+#include <helpers/Account.h>
+#include <helpers/IOU.h>
+#include <helpers/TestServiceRegistry.h>
+
+#include <cmath>
+#include <concepts>
+#include <memory>
+#include <optional>
+#include <stdexcept>
+#include <type_traits>
+#include <unordered_set>
+#include <vector>
+
+namespace xrpl::test {
+
+//------------------------------------------------------------------------------
+// Amount helpers
+//------------------------------------------------------------------------------
+
+/**
+ * @brief Convert XRP to drops (integral types).
+ * @param xrp The amount in XRP.
+ * @return The equivalent amount in drops as XRPAmount.
+ */
+template <std::integral T>
+constexpr XRPAmount
+XRP(T xrp)
+{
+    return XRPAmount{static_cast<std::int64_t>(xrp) * DROPS_PER_XRP.drops()};
+}
+
+/**
+ * @brief Convert XRP to drops (floating point types).
+ * @param xrp The amount in XRP (may be fractional).
+ * @return The equivalent amount in drops as XRPAmount.
+ */
+template <std::floating_point T>
+XRPAmount
+XRP(T xrp)
+{
+    return XRPAmount{static_cast<std::int64_t>(std::round(xrp * DROPS_PER_XRP.drops()))};
+}
+
+/**
+ * @brief Convert XRP to drops (Number type).
+ * @param xrp The amount in XRP as a Number.
+ * @return The equivalent amount in drops as XRPAmount.
+ */
+inline XRPAmount
+XRP(Number const& xrp)
+{
+    return XRPAmount{static_cast<std::int64_t>(xrp * DROPS_PER_XRP.drops())};
+}
+
+//------------------------------------------------------------------------------
+// Flag helpers
+//------------------------------------------------------------------------------
+
+/**
+ * @brief Convert AccountSet flag (asf) to LedgerState flag (lsf).
+ * @param asf The AccountSet flag value.
+ * @return The corresponding LedgerState flag.
+ * @throws std::runtime_error if the flag is not supported.
+ *
+ * Supported flags:
+ *   asfRequireDest, asfRequireAuth, asfDisallowXRP, asfDisableMaster,
+ *   asfNoFreeze, asfGlobalFreeze, asfDefaultRipple, asfDepositAuth,
+ *   asfAllowTrustLineClawback, asfDisallowIncomingCheck,
+ *   asfDisallowIncomingNFTokenOffer, asfDisallowIncomingPayChan,
+ *   asfDisallowIncomingTrustline, asfAllowTrustLineLocking
+ */
+constexpr std::uint32_t
+asfToLsf(std::uint32_t asf)
+{
+    switch (asf)
+    {
+        case asfRequireDest:
+            return lsfRequireDestTag;
+        case asfRequireAuth:
+            return lsfRequireAuth;
+        case asfDisallowXRP:
+            return lsfDisallowXRP;
+        case asfDisableMaster:
+            return lsfDisableMaster;
+        case asfNoFreeze:
+            return lsfNoFreeze;
+        case asfGlobalFreeze:
+            return lsfGlobalFreeze;
+        case asfDefaultRipple:
+            return lsfDefaultRipple;
+        case asfDepositAuth:
+            return lsfDepositAuth;
+        case asfAllowTrustLineClawback:
+            return lsfAllowTrustLineClawback;
+        case asfDisallowIncomingCheck:
+            return lsfDisallowIncomingCheck;
+        case asfDisallowIncomingNFTokenOffer:
+            return lsfDisallowIncomingNFTokenOffer;
+        case asfDisallowIncomingPayChan:
+            return lsfDisallowIncomingPayChan;
+        case asfDisallowIncomingTrustline:
+            return lsfDisallowIncomingTrustline;
+        case asfAllowTrustLineLocking:
+            return lsfAllowTrustLineLocking;
+        default:
+            throw std::runtime_error("Unknown asf flag");
+    }
+}
+
+//------------------------------------------------------------------------------
+// Feature helpers
+//------------------------------------------------------------------------------
+
+/**
+ * @brief Returns all testable amendments.
+ * @note This is similar to jtx::testable_amendments() but for the TxTest framework.
+ */
+FeatureBitset
+allFeatures();
+
+//------------------------------------------------------------------------------
+// TxResult
+//------------------------------------------------------------------------------
+
+/**
+ * @brief Result of a transaction submission in TxTest.
+ *
+ * Contains the TER code, whether the transaction was applied,
+ * optional metadata, and a reference to the submitted transaction.
+ * Use standard gtest macros (EXPECT_EQ, EXPECT_TRUE, etc.) to verify results.
+ */
+struct TxResult
+{
+    TER ter;                        /**< The transaction engine result code. */
+    bool applied;                   /**< Whether the transaction was applied to the ledger. */
+    std::optional<TxMeta> metadata; /**< Transaction metadata, if available. */
+    std::shared_ptr<STTx const> tx; /**< Pointer to the submitted transaction. */
+};
+
+/**
+ * @brief A lightweight transaction testing harness.
+ *
+ * Unlike the JTx framework which requires a full Application and RPC layer,
+ * TxTest applies transactions directly to an OpenView using the transactor
+ * pipeline (preflight -> preclaim -> doApply).
+ *
+ * This makes it suitable for:
+ * - Unit testing individual transactors
+ * - Testing transaction validation logic
+ * - Fast, focused tests without full server infrastructure
+ *
+ * @code
+ *     TxTest env;
+ *     env.submit(paymentTx).expectSuccess();
+ *     env.submit(badTx).expectTer(tecNO_ENTRY);
+ * @endcode
+ */
+class TxTest
+{
+public:
+    /**
+     * @brief Construct a TxTest environment.
+     *
+     * Creates a genesis ledger and an open view on top of it.
+     *
+     * @param features Optional set of features to enable. If not specified,
+     *                 uses all testable amendments.
+     */
+    explicit TxTest(std::optional<FeatureBitset> features = std::nullopt);
+
+    /**
+     * @brief Check if a feature is enabled.
+     * @param feature The feature to check.
+     * @return True if the feature is enabled.
+     */
+    [[nodiscard]] bool
+    isEnabled(uint256 const& feature) const;
+
+    /**
+     * @brief Get the current rules.
+     * @return The current consensus rules.
+     */
+    [[nodiscard]] Rules const&
+    getRules() const;
+
+    /**
+     * @brief Submit a transaction from a builder.
+     *
+     * Convenience overload that accepts transaction builders.
+     * Automatically sets sequence and fee before submission.
+     *
+     * @tparam T A type derived from TransactionBuilderBase.
+     * @param builder The transaction builder.
+     * @param signer The account to sign with.
+     * @return TxResult containing the result code, applied status, and metadata.
+     */
+    template <typename T>
+        requires std::
+            derived_from<std::decay_t<T>, transactions::TransactionBuilderBase<std::decay_t<T>>>
+        [[nodiscard]] TxResult
+        submit(T&& builder, Account const& signer)
+    {
+        auto const& obj = builder.getSTObject();
+        auto accountId = obj[sfAccount];
+        // Only set sequence if not using a ticket (ticket sets sequence to 0)
+        if (!obj.isFieldPresent(sfTicketSequence))
+        {
+            builder.setSequence(getAccountRoot(accountId).getSequence());
+        }
+        else
+        {
+            builder.setSequence(0);
+        }
+        builder.setFee(XRPAmount(10));
+        return submit(builder.build(signer.pk(), signer.sk()).getSTTx());
+    }
+
+    /**
+     * @brief Submit a transaction to the open ledger.
+     *
+     * Applies the transaction through the full transactor pipeline:
+     * preflight -> preclaim -> doApply -> invariant checks
+     *
+     * Invariant checks are automatically run after doApply. If any
+     * invariant fails, the result will be tecINVARIANT_FAILED.
+     *
+     * @param stx The transaction to submit.
+     * @return TxResult containing the result code, applied status, and metadata.
+     */
+    [[nodiscard]] TxResult
+    submit(std::shared_ptr<STTx const> stx);
+
+    /**
+     * @brief Create a new account in the ledger.
+     *
+     * Sends a Payment from the master account to create and fund the account.
+     * Closes the ledger after creation. If accountFlags is non-zero, submits
+     * an AccountSet transaction and closes again.
+     *
+     * @param account The account to create.
+     * @param xrp The initial XRP balance.
+     * @param accountFlags Optional account flags to set. Defaults to 0
+     *        (no flags).
+     */
+    void
+    createAccount(Account const& account, XRPAmount xrp, uint32_t accountFlags = 0);
+
+    /**
+     * @brief Get the account root object from the current open ledger.
+     * @param id The account ID.
+     * @return The AccountRoot ledger entry.
+     * @throws std::runtime_error if the account does not exist.
+     * @todo Once we make keylet strongly typed, we can ditch this method.
+     */
+    [[nodiscard]] ledger_entries::AccountRoot
+    getAccountRoot(AccountID const& id) const;
+
+    /**
+     * @brief Get the current open ledger view.
+     * @return A mutable reference to the open ledger.
+     */
+    [[nodiscard]] OpenView&
+    getOpenLedger();
+
+    /**
+     * @brief Get the current open ledger view (const).
+     * @return A const reference to the open ledger.
+     */
+    [[nodiscard]] OpenView const&
+    getOpenLedger() const;
+
+    /**
+     * @brief Get the closed (base) ledger view.
+     * @return A const reference to the closed ledger.
+     */
+    [[nodiscard]] ReadView const&
+    getClosedLedger() const;
+
+    /**
+     * @brief Close the current ledger.
+     *
+     * Creates a new closed ledger from the current open ledger.
+     * All pending transactions are re-applied in canonical order.
+     */
+    void
+    close();
+
+    /**
+     * @brief Advance time without closing the ledger.
+     *
+     * Useful for testing time-dependent features like escrow release
+     * times or offer expirations.
+     *
+     * @param duration The amount of time to advance.
+     */
+    void
+    advanceTime(NetClock::duration duration);
+
+    /**
+     * @brief Get the current ledger close time.
+     * @return The current close time.
+     */
+    [[nodiscard]] NetClock::time_point
+    getCloseTime() const;
+
+    /**
+     * @brief Get the balance of an IOU for an account.
+     *
+     * Returns the balance from the perspective of the specified account.
+     * If the trust line doesn't exist, returns zero.
+     *
+     * @param account The account to check.
+     * @param iou The IOU to check the balance for.
+     * @return The balance as an STAmount.
+     * @todo Once we make keylet strongly typed, we can ditch this method.
+     */
+    [[nodiscard]] STAmount
+    getBalance(AccountID const& account, IOU const& iou) const;
+
+    /**
+     * @brief Get the service registry.
+     * @return A reference to the service registry.
+     */
+    ServiceRegistry&
+    getServiceRegistry()
+    {
+        return registry_;
+    }
+
+private:
+    TestServiceRegistry registry_;
+    std::unordered_set<uint256, beast::uhash<>> featureSet_;
+    std::optional<Rules> rules_;
+    std::shared_ptr<Ledger const> closedLedger_;
+    std::shared_ptr<OpenView> openLedger_;
+
+    /** Transactions submitted to the open ledger, for canonical reordering on close. */
+    std::vector<std::shared_ptr<STTx const>> pendingTxs_;
+
+    /** Current time (can be advanced arbitrarily for testing). */
+    NetClock::time_point now_;
+};
+
+}  // namespace xrpl::test

src/tests/libxrpl/tx/AccountSet.cpp

@@ -0,0 +1,804 @@
+#include <xrpl/protocol_autogen/transactions/AccountSet.h>
+
+#include <xrpl/basics/Slice.h>
+#include <xrpl/basics/base_uint.h>
+#include <xrpl/beast/utility/Zero.h>
+#include <xrpl/core/ServiceRegistry.h>
+#include <xrpl/ledger/helpers/DirectoryHelpers.h>
+#include <xrpl/protocol/Indexes.h>
+#include <xrpl/protocol/KeyType.h>
+#include <xrpl/protocol/LedgerFormats.h>
+#include <xrpl/protocol/Quality.h>
+#include <xrpl/protocol/Rate.h>
+#include <xrpl/protocol/SField.h>
+#include <xrpl/protocol/STArray.h>
+#include <xrpl/protocol/STObject.h>
+#include <xrpl/protocol/STTx.h>
+#include <xrpl/protocol/SecretKey.h>
+#include <xrpl/protocol/TER.h>
+#include <xrpl/protocol/TxFlags.h>
+#include <xrpl/protocol_autogen/ledger_entries/AccountRoot.h>
+#include <xrpl/protocol_autogen/transactions/Payment.h>
+#include <xrpl/protocol_autogen/transactions/SetRegularKey.h>
+#include <xrpl/protocol_autogen/transactions/SignerListSet.h>
+#include <xrpl/protocol_autogen/transactions/TicketCreate.h>
+#include <xrpl/protocol_autogen/transactions/TrustSet.h>
+
+#include <gtest/gtest.h>
+#include <helpers/Account.h>
+#include <helpers/IOU.h>
+#include <helpers/TxTest.h>
+
+#include <algorithm>
+#include <cstddef>
+#include <cstdint>
+#include <initializer_list>
+#include <limits>
+#include <memory>
+#include <string>
+#include <string_view>
+#include <utility>
+#include <vector>
+
+namespace xrpl::test {
+
+TEST(AccountSet, NullAccountSet)
+{
+    TxTest env;
+
+    Account const alice("alice");
+    env.createAccount(alice, XRP(10));
+
+    auto& view = env.getOpenLedger();
+
+    // ask for the ledger entry - account root, to check its flags
+    auto sle = view.read(keylet::account(alice));
+
+    EXPECT_NE(sle, nullptr);
+    ledger_entries::AccountRoot const accountRoot(sle);
+    EXPECT_EQ(accountRoot.getFlags(), 0);
+}
+
+TEST(AccountSet, MostFlags)
+{
+    Account const alice("alice");
+
+    TxTest env;
+    env.createAccount(alice, XRP(10000));
+
+    // Give alice a regular key so she can legally set and clear
+    // her asfDisableMaster flag.
+    Account const aliceRegularKey{"aliceRegularKey", KeyType::secp256k1};
+
+    env.createAccount(aliceRegularKey, XRP(10000));
+    env.close();
+
+    EXPECT_EQ(
+        env.submit(transactions::SetRegularKeyBuilder{alice}.setRegularKey(aliceRegularKey), alice)
+            .ter,
+        tesSUCCESS);
+    env.close();
+
+    auto testFlags = [&alice, &aliceRegularKey, &env](
+                         std::initializer_list<std::uint32_t> goodFlags) {
+        std::uint32_t const orig_flags = env.getAccountRoot(alice).getFlags();
+        for (std::uint32_t flag{1u}; flag < std::numeric_limits<std::uint32_t>::digits; ++flag)
+        {
+            if (flag == asfNoFreeze)
+            {
+                // The asfNoFreeze flag can't be cleared.  It is tested
+                // elsewhere.
+                continue;
+            }
+            if (flag == asfAuthorizedNFTokenMinter)
+            {
+                // The asfAuthorizedNFTokenMinter flag requires the
+                // presence or absence of the sfNFTokenMinter field in
+                // the transaction.  It is tested elsewhere.
+                continue;
+            }
+
+            if (flag == asfDisallowIncomingCheck || flag == asfDisallowIncomingPayChan ||
+                flag == asfDisallowIncomingNFTokenOffer || flag == asfDisallowIncomingTrustline)
+            {
+                // These flags are part of the DisallowIncoming amendment
+                // and are tested elsewhere
+                continue;
+            }
+            if (flag == asfAllowTrustLineClawback)
+            {
+                // The asfAllowTrustLineClawback flag can't be cleared.  It
+                // is tested elsewhere.
+                continue;
+            }
+            if (flag == asfAllowTrustLineLocking)
+            {
+                // These flags are part of the AllowTokenLocking amendment
+                // and are tested elsewhere
+                continue;
+            }
+            if (std::ranges::find(goodFlags, flag) != goodFlags.end())
+            {
+                // Good flag
+                EXPECT_FALSE(env.getAccountRoot(alice).isFlag(asfToLsf(flag)));
+
+                EXPECT_EQ(
+                    env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(flag), alice).ter,
+                    tesSUCCESS);
+                env.close();
+
+                EXPECT_TRUE(env.getAccountRoot(alice).isFlag(asfToLsf(flag)));
+
+                EXPECT_EQ(
+                    env.submit(
+                           transactions::AccountSetBuilder{alice}.setClearFlag(flag),
+                           aliceRegularKey)
+                        .ter,
+                    tesSUCCESS);
+                env.close();
+
+                EXPECT_FALSE(env.getAccountRoot(alice).isFlag(asfToLsf(flag)));
+
+                std::uint32_t const now_flags = env.getAccountRoot(alice).getFlags();
+                EXPECT_EQ(now_flags, orig_flags);
+            }
+            else
+            {
+                // Bad flag
+                EXPECT_EQ(env.getAccountRoot(alice).getFlags(), orig_flags);
+                EXPECT_EQ(
+                    env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(flag), alice).ter,
+                    tesSUCCESS);
+                env.close();
+                EXPECT_EQ(env.getAccountRoot(alice).getFlags(), orig_flags);
+
+                EXPECT_EQ(
+                    env.submit(
+                           transactions::AccountSetBuilder{alice}.setClearFlag(flag),
+                           aliceRegularKey)
+                        .ter,
+                    tesSUCCESS);
+                env.close();
+                EXPECT_EQ(env.getAccountRoot(alice).getFlags(), orig_flags);
+            }
+        }
+    };
+    testFlags({
+        asfRequireDest,
+        asfRequireAuth,
+        asfDisallowXRP,
+        asfGlobalFreeze,
+        asfDisableMaster,
+        asfDefaultRipple,
+        asfDepositAuth,
+    });
+}
+
+TEST(AccountSet, SetAndResetAccountTxnID)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+
+    std::uint32_t const orig_flags = env.getAccountRoot(alice).getFlags();
+
+    // asfAccountTxnID is special and not actually set as a flag,
+    // so we check the field presence instead
+    EXPECT_FALSE(env.getAccountRoot(alice).hasAccountTxnID());
+
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfAccountTxnID), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(env.getAccountRoot(alice).hasAccountTxnID());
+
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setClearFlag(asfAccountTxnID), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(env.getAccountRoot(alice).hasAccountTxnID());
+
+    std::uint32_t const now_flags = env.getAccountRoot(alice).getFlags();
+    EXPECT_EQ(now_flags, orig_flags);
+}
+
+TEST(AccountSet, SetNoFreeze)
+{
+    TxTest env;
+    Account const alice("alice");
+    Account const eric("eric");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // Set eric as alice's regular key (eric doesn't need to be funded)
+    EXPECT_EQ(
+        env.submit(transactions::SetRegularKeyBuilder{alice}.setRegularKey(eric), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    // Verify alice doesn't have NoFreeze flag
+    EXPECT_FALSE(env.getAccountRoot(alice).isFlag(lsfNoFreeze));
+
+    // Setting NoFreeze with regular key should fail - requires master key
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfNoFreeze), eric).ter,
+        tecNEED_MASTER_KEY);
+    env.close();
+
+    // Setting NoFreeze with master key should succeed
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfNoFreeze), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    // Verify alice now has NoFreeze flag
+    EXPECT_TRUE(env.getAccountRoot(alice).isFlag(lsfNoFreeze));
+
+    // Try to clear NoFreeze - transaction succeeds but flag remains set
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setClearFlag(asfNoFreeze), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    // Verify flag is still set (NoFreeze cannot be cleared once set)
+    EXPECT_TRUE(env.getAccountRoot(alice).isFlag(lsfNoFreeze));
+}
+
+TEST(AccountSet, Domain)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // The Domain field is represented as the hex string of the lowercase
+    // ASCII of the domain. For example, the domain example.com would be
+    // represented as "6578616d706c652e636f6d".
+    //
+    // To remove the Domain field from an account, send an AccountSet with
+    // the Domain set to an empty string.
+    std::string const domain = "example.com";
+
+    // Set domain
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setDomain(makeSlice(domain)), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(env.getAccountRoot(alice).hasDomain());
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    EXPECT_EQ(*env.getAccountRoot(alice).getDomain(), makeSlice(domain));
+
+    // Clear domain by setting empty
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setDomain(Slice{}), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(env.getAccountRoot(alice).hasDomain());
+
+    // The upper limit on the length is 256 bytes
+    // (defined as DOMAIN_BYTES_MAX in SetAccount)
+    // test the edge cases: 255, 256, 257.
+    std::size_t const maxLength = 256;
+    for (std::size_t len = maxLength - 1; len <= maxLength + 1; ++len)
+    {
+        std::string const domain2 = std::string(len - domain.length() - 1, 'a') + "." + domain;
+
+        EXPECT_EQ(domain2.length(), len);
+
+        if (len <= maxLength)
+        {
+            EXPECT_EQ(
+                env.submit(
+                       transactions::AccountSetBuilder{alice}.setDomain(makeSlice(domain2)), alice)
+                    .ter,
+                tesSUCCESS);
+            env.close();
+
+            // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+            EXPECT_EQ(*env.getAccountRoot(alice).getDomain(), makeSlice(domain2));
+        }
+        else
+        {
+            EXPECT_EQ(
+                env.submit(
+                       transactions::AccountSetBuilder{alice}.setDomain(makeSlice(domain2)), alice)
+                    .ter,
+                telBAD_DOMAIN);
+            env.close();
+        }
+    }
+}
+
+TEST(AccountSet, MessageKey)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // Generate a random ed25519 key pair for the message key
+    auto const rkp = randomKeyPair(KeyType::ed25519);
+
+    // Set the message key
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setMessageKey(rkp.first.slice()), alice)
+            .ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(env.getAccountRoot(alice).hasMessageKey());
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    EXPECT_EQ(*env.getAccountRoot(alice).getMessageKey(), rkp.first.slice());
+
+    // Clear the message key by setting to empty
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setMessageKey(Slice{}), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(env.getAccountRoot(alice).hasMessageKey());
+
+    // Try to set an invalid public key - should fail
+    using namespace std::string_literals;
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}.setMessageKey(
+                   makeSlice("NOT_REALLY_A_PUBKEY"s)),
+               alice)
+            .ter,
+        telBAD_PUBLIC_KEY);
+}
+
+TEST(AccountSet, WalletID)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    std::string_view const locator =
+        "9633EC8AF54F16B5286DB1D7B519EF49EEFC050C0C8AC4384F1D88ACD1BFDF05";
+    uint256 locatorHash{};
+    EXPECT_TRUE(locatorHash.parseHex(locator));
+
+    // Set the wallet locator
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setWalletLocator(locatorHash), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(env.getAccountRoot(alice).hasWalletLocator());
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    EXPECT_EQ(*env.getAccountRoot(alice).getWalletLocator(), locatorHash);
+
+    // Clear the wallet locator by setting to zero
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setWalletLocator(beast::zero), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(env.getAccountRoot(alice).hasWalletLocator());
+}
+
+TEST(AccountSet, EmailHash)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    std::string_view const mh = "5F31A79367DC3137FADA860C05742EE6";
+    uint128 emailHash{};
+    EXPECT_TRUE(emailHash.parseHex(mh));
+
+    // Set the email hash
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setEmailHash(emailHash), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(env.getAccountRoot(alice).hasEmailHash());
+    // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+    EXPECT_EQ(*env.getAccountRoot(alice).getEmailHash(), emailHash);
+
+    // Clear the email hash by setting to zero
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setEmailHash(beast::zero), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(env.getAccountRoot(alice).hasEmailHash());
+}
+
+TEST(AccountSet, TransferRate)
+{
+    struct TestCase
+    {
+        double set;
+        TER code;
+        double get;
+    };
+
+    // Test data: {rate to set, expected TER, expected stored rate}
+    std::vector<TestCase> const testData = {
+        {1.0, tesSUCCESS, 1.0},
+        {1.1, tesSUCCESS, 1.1},
+        {2.0, tesSUCCESS, 2.0},
+        {2.1, temBAD_TRANSFER_RATE, 2.0},  // > 2.0 is invalid
+        {0.0, tesSUCCESS, 1.0},            // 0 clears the rate (default = 1.0)
+        {2.0, tesSUCCESS, 2.0},
+        {0.9, temBAD_TRANSFER_RATE, 2.0},  // < 1.0 is invalid
+    };
+
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    for (auto const& r : testData)
+    {
+        auto const rateValue = static_cast<std::uint32_t>(QUALITY_ONE * r.set);
+
+        EXPECT_EQ(
+            env.submit(transactions::AccountSetBuilder{alice}.setTransferRate(rateValue), alice)
+                .ter,
+            r.code);
+        env.close();
+
+        // If the field is not present, expect the default value (1.0)
+        if (!env.getAccountRoot(alice).hasTransferRate())
+        {
+            EXPECT_EQ(r.get, 1.0);
+        }
+        else
+        {
+            // NOLINTNEXTLINE(bugprone-unchecked-optional-access)
+            EXPECT_EQ(
+                *env.getAccountRoot(alice).getTransferRate(),
+                static_cast<std::uint32_t>(r.get * QUALITY_ONE));
+        }
+    }
+}
+
+TEST(AccountSet, BadInputs)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // Setting and clearing the same flag is invalid
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfDisallowXRP)
+                   .setClearFlag(asfDisallowXRP),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfRequireAuth)
+                   .setClearFlag(asfRequireAuth),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfRequireDest)
+                   .setClearFlag(asfRequireDest),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    // Setting asf flag while also using corresponding tf flag is invalid
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfDisallowXRP)
+                   .setFlags(tfAllowXRP),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfRequireAuth)
+                   .setFlags(tfOptionalAuth),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfRequireDest)
+                   .setFlags(tfOptionalDestTag),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    // Using invalid flags (mask) is invalid
+    EXPECT_EQ(
+        env.submit(
+               transactions::AccountSetBuilder{alice}
+                   .setSetFlag(asfRequireDest)
+                   .setFlags(tfAccountSetMask),
+               alice)
+            .ter,
+        temINVALID_FLAG);
+
+    // Disabling master key without an alternative key is invalid
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfDisableMaster), alice).ter,
+        tecNO_ALTERNATIVE_KEY);
+}
+
+TEST(AccountSet, RequireAuthWithDir)
+{
+    TxTest env;
+    Account const alice("alice");
+    Account const bob("bob");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // alice should have an empty directory
+    EXPECT_TRUE(dirIsEmpty(env.getClosedLedger(), keylet::ownerDir(alice.id())));
+
+    // Give alice a signer list, then there will be stuff in the directory
+    // Build the SignerEntries array
+    STArray signerEntries(1);
+    {
+        signerEntries.push_back(STObject::makeInnerObject(sfSignerEntry));
+        STObject& entry = signerEntries.back();
+        entry[sfAccount] = bob.id();
+        entry[sfSignerWeight] = std::uint16_t{1};
+    }
+
+    EXPECT_EQ(
+        env.submit(
+               transactions::SignerListSetBuilder{alice, 1}.setSignerEntries(signerEntries), alice)
+            .ter,
+        tesSUCCESS);
+    env.close();
+
+    EXPECT_FALSE(dirIsEmpty(env.getClosedLedger(), keylet::ownerDir(alice.id())));
+
+    // Setting RequireAuth should fail because alice has owner objects
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfRequireAuth), alice).ter,
+        tecOWNERS);
+
+    // Remove the signer list (quorum = 0, no entries)
+    EXPECT_EQ(env.submit(transactions::SignerListSetBuilder{alice, 0}, alice).ter, tesSUCCESS);
+    env.close();
+
+    EXPECT_TRUE(dirIsEmpty(env.getClosedLedger(), keylet::ownerDir(alice.id())));
+
+    // Now setting RequireAuth should succeed
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setSetFlag(asfRequireAuth), alice).ter,
+        tesSUCCESS);
+}
+
+TEST(AccountSet, Ticket)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // Get alice's current sequence - the ticket will be created at seq + 1
+    std::uint32_t const aliceSeqBefore = env.getAccountRoot(alice.id()).getSequence();
+    std::uint32_t const ticketSeq = aliceSeqBefore + 1;
+
+    // Create a ticket
+    EXPECT_EQ(env.submit(transactions::TicketCreateBuilder{alice, 1}, alice).ter, tesSUCCESS);
+    env.close();
+
+    // Verify alice has 1 owner object (the ticket)
+    EXPECT_EQ(env.getAccountRoot(alice.id()).getOwnerCount(), 1u);
+    // Verify ticket exists
+    EXPECT_TRUE(env.getClosedLedger().exists(keylet::ticket(alice.id(), ticketSeq)));
+
+    // Try using a ticket that alice doesn't have
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setTicketSequence(ticketSeq + 1), alice)
+            .ter,
+        terPRE_TICKET);
+    env.close();
+
+    // Verify ticket still exists
+    EXPECT_TRUE(env.getClosedLedger().exists(keylet::ticket(alice.id(), ticketSeq)));
+
+    // Get alice's sequence before using the ticket
+    std::uint32_t const aliceSeq = env.getAccountRoot(alice.id()).getSequence();
+
+    // Actually use alice's ticket (noop AccountSet)
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setTicketSequence(ticketSeq), alice).ter,
+        tesSUCCESS);
+    env.close();
+
+    // Verify ticket is consumed (no owner objects)
+    EXPECT_EQ(env.getAccountRoot(alice.id()).getOwnerCount(), 0u);
+    EXPECT_FALSE(env.getClosedLedger().exists(keylet::ticket(alice.id(), ticketSeq)));
+
+    // Verify alice's sequence did NOT advance (ticket use doesn't increment seq)
+    EXPECT_EQ(env.getAccountRoot(alice.id()).getSequence(), aliceSeq);
+
+    // Try re-using a ticket that alice already used
+    EXPECT_EQ(
+        env.submit(transactions::AccountSetBuilder{alice}.setTicketSequence(ticketSeq), alice).ter,
+        tefNO_TICKET);
+}
+
+TEST(AccountSet, BadSigningKey)
+{
+    TxTest env;
+    Account const alice("alice");
+
+    env.createAccount(alice, XRP(10000));
+    env.close();
+
+    // Build a valid transaction first, then corrupt the signing key
+    auto stx = transactions::AccountSetBuilder{alice}
+                   .setSequence(env.getAccountRoot(alice.id()).getSequence())
+                   .setFee(XRPAmount{10})
+                   .build(alice.pk(), alice.sk())
+                   .getSTTx();
+
+    // Create a copy with a bad signing key
+    STObject obj = *stx;
+    obj.setFieldVL(sfSigningPubKey, makeSlice(std::string("badkey")));
+
+    auto result = env.submit(std::make_shared<STTx>(std::move(obj)));
+    EXPECT_EQ(result.ter, temBAD_SIGNATURE);
+    EXPECT_FALSE(result.applied);
+}
+
+TEST(AccountSet, Gateway)
+{
+    Account const alice("alice");
+    Account const bob("bob");
+    Account const gw("gateway");
+    IOU const USD("USD", gw);
+
+    // Test gateway with a variety of allowed transfer rates
+    for (double transferRate = 1.0; transferRate <= 2.0; transferRate += 0.03125)
+    {
+        TxTest env;
+
+        env.createAccount(gw, XRP(10000), asfDefaultRipple);
+        env.createAccount(alice, XRP(10000), asfDefaultRipple);
+        env.createAccount(bob, XRP(10000), asfDefaultRipple);
+        env.close();
+
+        // Set up trust lines: alice and bob trust gw for USD
+        EXPECT_EQ(
+            env.submit(transactions::TrustSetBuilder{alice}.setLimitAmount(USD.amount(10)), alice)
+                .ter,
+            tesSUCCESS);
+        EXPECT_EQ(
+            env.submit(transactions::TrustSetBuilder{bob}.setLimitAmount(USD.amount(10)), bob).ter,
+            tesSUCCESS);
+        env.close();
+
+        // Set transfer rate on the gateway
+        EXPECT_EQ(
+            env.submit(
+                   transactions::AccountSetBuilder{gw}.setTransferRate(
+                       static_cast<std::uint32_t>(transferRate * QUALITY_ONE)),
+                   gw)
+                .ter,
+            tesSUCCESS);
+        env.close();
+
+        // Calculate the amount with transfer rate applied
+        auto const amount = USD.amount(1);
+        Rate const rate(static_cast<std::uint32_t>(transferRate * QUALITY_ONE));
+        auto const amountWithRate = multiply(amount, rate);
+
+        // Gateway pays alice 10 USD
+        EXPECT_EQ(
+            env.submit(transactions::PaymentBuilder{gw, alice, USD.amount(10)}, gw).ter,
+            tesSUCCESS);
+        env.close();
+
+        // Alice pays bob 1 USD (with sendmax to cover transfer fee)
+        EXPECT_EQ(
+            env.submit(
+                   transactions::PaymentBuilder{alice, bob, USD.amount(1)}.setSendMax(
+                       USD.amount(10)),
+                   alice)
+                .ter,
+            tesSUCCESS);
+        env.close();
+
+        // Check balances
+        EXPECT_EQ(env.getBalance(alice.id(), USD), USD.amount(10) - amountWithRate);
+        EXPECT_EQ(env.getBalance(bob.id(), USD), USD.amount(1));
+    }
+
+    // Test out-of-bounds legacy transfer rates (4.0 and 4.294967295)
+    // These require direct ledger modification since the transactor blocks them
+    for (std::uint32_t const transferRate : {4000000000U, 4294967295U})
+    {
+        TxTest env;
+        env.createAccount(gw, XRP(10000), asfDefaultRipple);
+        env.createAccount(alice, XRP(10000), asfDefaultRipple);
+        env.createAccount(bob, XRP(10000), asfDefaultRipple);
+        env.close();
+
+        // Set up trust lines
+        EXPECT_EQ(
+            env.submit(transactions::TrustSetBuilder{alice}.setLimitAmount(USD.amount(10)), alice)
+                .ter,
+            tesSUCCESS);
+        EXPECT_EQ(
+            env.submit(transactions::TrustSetBuilder{bob}.setLimitAmount(USD.amount(10)), bob).ter,
+            tesSUCCESS);
+        env.close();
+
+        // Set an acceptable transfer rate first (we'll hack it later)
+        EXPECT_EQ(
+            env.submit(
+                   transactions::AccountSetBuilder{gw}.setTransferRate(
+                       static_cast<std::uint32_t>(2.0 * QUALITY_ONE)),
+                   gw)
+                .ter,
+            tesSUCCESS);
+        env.close();
+
+        // Directly modify the ledger to set an out-of-bounds transfer rate
+        // This bypasses the transactor's validation
+        auto& view = env.getOpenLedger();
+        auto slePtr = view.read(keylet::account(gw.id()));
+        ASSERT_NE(slePtr, nullptr);
+        auto sleCopy = std::make_shared<SLE>(*slePtr);
+        (*sleCopy)[sfTransferRate] = transferRate;
+        view.rawReplace(sleCopy);
+
+        // Calculate the amount with the legacy transfer rate
+        auto const amount = USD.amount(1);
+        auto const amountWithRate = multiply(amount, Rate(transferRate));
+
+        // Gateway pays alice 10 USD
+        EXPECT_EQ(
+            env.submit(transactions::PaymentBuilder{gw, alice, USD.amount(10)}, gw).ter,
+            tesSUCCESS);
+
+        // Alice pays bob 1 USD
+        EXPECT_EQ(
+            env.submit(
+                   transactions::PaymentBuilder{alice, bob, amount}.setSendMax(USD.amount(10)),
+                   alice)
+                .ter,
+            tesSUCCESS);
+
+        // Check balances
+        EXPECT_EQ(env.getBalance(alice.id(), USD), USD.amount(10) - amountWithRate);
+        EXPECT_EQ(env.getBalance(bob.id(), USD), amount);
+    }
+}
+
+}  // namespace xrpl::test

src/tests/libxrpl/tx/main.cpp

@@ -0,0 +1,8 @@
+#include <gtest/gtest.h>
+
+int
+main(int argc, char** argv)
+{
+    ::testing::InitGoogleTest(&argc, argv);
+    return RUN_ALL_TESTS();
+}

src/xrpld/app/consensus/RCLConsensus.cpp

@@ -1052,7 +1052,7 @@ void
 RCLConsensus::Adaptor::updateOperatingMode(std::size_t const positions) const
 {
     if ((positions == 0u) && app_.getOPs().isFull())
-        app_.getOPs().setMode(OperatingMode::CONNECTED, "updateOperatingMode: no positions");
+        app_.getOPs().setMode(OperatingMode::CONNECTED);
 }
 
 void

src/xrpld/app/ledger/InboundLedger.h

@@ -172,22 +172,4 @@ private:
     std::unique_ptr<PeerSet> mPeerSet;
 };
 
-inline std::string
-to_string(InboundLedger::Reason reason)
-{
-    using enum InboundLedger::Reason;
-    switch (reason)
-    {
-        case HISTORY:
-            return "HISTORY";
-        case GENERIC:
-            return "GENERIC";
-        case CONSENSUS:
-            return "CONSENSUS";
-        default:
-            UNREACHABLE("ripple::to_string(InboundLedger::Reason) : unknown value");
-            return "unknown";
-    }
-}
-
 }  // namespace xrpl

src/xrpld/app/ledger/detail/InboundLedger.cpp

@@ -385,14 +385,7 @@ InboundLedger::onTimer(bool wasProgress, ScopedLockType&)
 
     if (!wasProgress)
     {
-        if (checkLocal())
-        {
-            // Done. Something else (probably consensus) built the ledger
-            // locally while waiting for data (or possibly before requesting)
-            XRPL_ASSERT(isDone(), "ripple::InboundLedger::onTimer : done");
-            JLOG(journal_.info()) << "Finished while waiting " << hash_;
-            return;
-        }
+        checkLocal();
 
         mByHash = true;
 

src/xrpld/app/ledger/detail/InboundLedgers.cpp

@@ -6,7 +6,6 @@
 #include <xrpld/overlay/PeerSet.h>
 
 #include <xrpl/basics/Blob.h>
-#include <xrpl/basics/CanProcess.h>
 #include <xrpl/basics/DecayingSample.h>
 #include <xrpl/basics/Log.h>
 #include <xrpl/basics/Slice.h>
@@ -79,78 +78,10 @@ public:
             XRPL_ASSERT(
                 hash.isNonZero(), "xrpl::InboundLedgersImp::acquire::doAcquire : nonzero hash");
 
-            bool const needNetworkLedger = app_.getOPs().isNeedNetworkLedger();
-            bool const shouldAcquire = [&]() {
-                if (!needNetworkLedger)
-                    return true;
-                if (reason == InboundLedger::Reason::GENERIC)
-                    return true;
-                if (reason == InboundLedger::Reason::CONSENSUS)
-                    return true;
-                return false;
-            }();
-
-            std::stringstream ss;
-            ss << "InboundLedger::acquire: "
-               << "Request: " << to_string(hash) << ", " << seq
-               << " NeedNetworkLedger: " << (needNetworkLedger ? "yes" : "no")
-               << " Reason: " << to_string(reason)
-               << " Should acquire: " << (shouldAcquire ? "true." : "false.");
-
-            /*  Acquiring ledgers is somewhat expensive. It requires lots of
-             *  computation and network communication. Avoid it when it's not
-             *  appropriate. Every validation from a peer for a ledger that
-             *  we do not have locally results in a call to this function: even
-             *  if we are moments away from validating the same ledger.
-             */
-            bool const shouldBroadcast = [&]() {
-                // If the node is not in "full" state, it needs to sync to
-                // the network, and doesn't have the necessary tx's and
-                // ledger entries to build the ledger.
-                bool const isFull = app_.getOPs().isFull();
-                // If everything else is ok, don't try to acquire the ledger
-                // if the requested seq is in the near future relative to
-                // the validated ledger. If the requested ledger is between
-                // 1 and 19 inclusive ledgers ahead of the valid ledger this
-                // node has not built it yet, but it's possible/likely it
-                // has the tx's necessary to build it and get caught up.
-                // Plus it might not become validated. On the other hand, if
-                // it's more than 20 in the future, this node should request
-                // it so that it can jump ahead and get caught up.
-                LedgerIndex const validSeq = app_.getLedgerMaster().getValidLedgerIndex();
-                constexpr std::size_t lagLeeway = 20;
-                bool const nearFuture = (seq > validSeq) && (seq < validSeq + lagLeeway);
-                // If everything else is ok, don't try to acquire the ledger
-                // if the request is related to consensus. (Note that
-                // consensus calls usually pass a seq of 0, so nearFuture
-                // will be false other than on a brand new network.)
-                bool const consensus = reason == InboundLedger::Reason::CONSENSUS;
-                ss << " Evaluating whether to broadcast requests to peers"
-                   << ". full: " << (isFull ? "true" : "false") << ". ledger sequence " << seq
-                   << ". Valid sequence: " << validSeq << ". Lag leeway: " << lagLeeway
-                   << ". request for near future ledger: " << (nearFuture ? "true" : "false")
-                   << ". Consensus: " << (consensus ? "true" : "false");
-
-                // If the node is not synced, send requests.
-                if (!isFull)
-                    return true;
-                // If the ledger is in the near future, do NOT send requests.
-                // This node is probably about to build it.
-                if (nearFuture)
-                    return false;
-                // If the request is because of consensus, do NOT send requests.
-                // This node is probably about to build it.
-                if (consensus)
-                    return false;
-                return true;
-            }();
-            ss << ". Would broadcast to peers? " << (shouldBroadcast ? "true." : "false.");
-
-            if (!shouldAcquire)
-            {
-                JLOG(j_.debug()) << "Abort(rule): " << ss.str();
+            // probably not the right rule
+            if (app_.getOPs().isNeedNetworkLedger() && (reason != InboundLedger::Reason::GENERIC) &&
+                (reason != InboundLedger::Reason::CONSENSUS))
                 return {};
-            }
 
             bool isNew = true;
             std::shared_ptr<InboundLedger> inbound;
@@ -158,7 +89,6 @@ public:
                 ScopedLockType sl(mLock);
                 if (stopping_)
                 {
-                    JLOG(j_.debug()) << "Abort(stopping): " << ss.str();
                     return {};
                 }
 
@@ -177,51 +107,47 @@ public:
                     ++mCounter;
                 }
             }
-            ss << " IsNew: " << (isNew ? "true" : "false");
 
             if (inbound->isFailed())
-            {
-                JLOG(j_.debug()) << "Abort(failed): " << ss.str();
                 return {};
-            }
 
             if (!isNew)
                 inbound->update(seq);
 
             if (!inbound->isComplete())
-            {
-                JLOG(j_.debug()) << "InProgress: " << ss.str();
                 return {};
-            }
 
-            JLOG(j_.debug()) << "Complete: " << ss.str();
             return inbound->getLedger();
         };
         using namespace std::chrono_literals;
-        return perf::measureDurationAndLog(doAcquire, "InboundLedgersImp::acquire", 500ms, j_);
+        std::shared_ptr<Ledger const> ledger =
+            perf::measureDurationAndLog(doAcquire, "InboundLedgersImp::acquire", 500ms, j_);
+
+        return ledger;
     }
 
     void
     acquireAsync(uint256 const& hash, std::uint32_t seq, InboundLedger::Reason reason) override
     {
-        if (CanProcess const check{acquiresMutex_, pendingAcquires_, hash})
+        std::unique_lock lock(acquiresMutex_);
+        try
         {
-            try
-            {
-                acquire(hash, seq, reason);
-            }
-            catch (std::exception const& e)
-            {
-                JLOG(j_.warn()) << "Exception thrown for acquiring new inbound ledger " << hash
-                                << ": " << e.what();
-            }
-            catch (...)
-            {
-                JLOG(j_.warn()) << "Unknown exception thrown for acquiring new "
-                                   "inbound ledger "
-                                << hash;
-            }
+            if (pendingAcquires_.contains(hash))
+                return;
+            pendingAcquires_.insert(hash);
+            scope_unlock const unlock(lock);
+            acquire(hash, seq, reason);
         }
+        catch (std::exception const& e)
+        {
+            JLOG(j_.warn()) << "Exception thrown for acquiring new inbound ledger " << hash << ": "
+                            << e.what();
+        }
+        catch (...)
+        {
+            JLOG(j_.warn()) << "Unknown exception thrown for acquiring new inbound ledger " << hash;
+        }
+        pendingAcquires_.erase(hash);
     }
 
     std::shared_ptr<InboundLedger>

src/xrpld/app/ledger/detail/LedgerMaster.cpp

@@ -965,9 +965,8 @@ LedgerMaster::checkAccept(std::shared_ptr<Ledger const> const& ledger)
         return;
     }
 
-    JLOG(m_journal.info()) << "Advancing accepted ledger to " << ledger->header().seq << " ("
-                           << to_short_string(ledger->header().hash) << ") with >= " << minVal
-                           << " validations";
+    JLOG(m_journal.info()) << "Advancing accepted ledger to " << ledger->header().seq
+                           << " with >= " << minVal << " validations";
 
     ledger->setValidated();
     ledger->setFull();

src/xrpld/app/ledger/detail/TimeoutCounter.cpp

@@ -25,8 +25,7 @@ TimeoutCounter::TimeoutCounter(
     QueueJobParameter&& jobParameter,
     beast::Journal journal)
     : app_(app)
-    , sink_(journal, to_short_string(hash) + " ")
-    , journal_(sink_)
+    , journal_(journal)
     , hash_(hash)
     , timerInterval_(interval)
     , queueJobParameter_(std::move(jobParameter))
@@ -42,7 +41,6 @@ TimeoutCounter::setTimer(ScopedLockType& sl)
 {
     if (isDone())
         return;
-    JLOG(journal_.debug()) << "Setting timer for " << timerInterval_.count() << "ms";
     timer_.expires_after(timerInterval_);
     timer_.async_wait([wptr = pmDowncast()](boost::system::error_code const& ec) {
         if (ec == boost::asio::error::operation_aborted)
@@ -50,10 +48,6 @@ TimeoutCounter::setTimer(ScopedLockType& sl)
 
         if (auto ptr = wptr.lock())
         {
-            JLOG(ptr->journal_.debug())
-                << "timer: ec: " << ec
-                << " (operation_aborted: " << boost::asio::error::operation_aborted << " - "
-                << (ec == boost::asio::error::operation_aborted ? "aborted" : "other") << ")";
             ScopedLockType sl(ptr->mtx_);
             ptr->queueJob(sl);
         }

src/xrpld/app/ledger/detail/TimeoutCounter.h

@@ -3,7 +3,6 @@
 #include <xrpld/app/main/Application.h>
 
 #include <xrpl/beast/utility/Journal.h>
-#include <xrpl/beast/utility/WrappedSink.h>
 #include <xrpl/core/Job.h>
 
 #include <boost/asio/basic_waitable_timer.hpp>
@@ -104,7 +103,6 @@ protected:
     // Used in this class for access to boost::asio::io_context and
     // xrpl::Overlay. Used in subtypes for the kitchen sink.
     Application& app_;
-    beast::WrappedSink sink_;
     beast::Journal journal_;
     mutable std::recursive_mutex mtx_;
 

src/xrpld/app/main/BasicApp.cpp

@@ -12,10 +12,10 @@ BasicApp::BasicApp(std::size_t numberOfThreads)
     work_.emplace(boost::asio::make_work_guard(io_context_));
     threads_.reserve(numberOfThreads);
 
-    while ((numberOfThreads--) != 0u)
+    for (std::size_t i = 0; i < numberOfThreads; ++i)
     {
-        threads_.emplace_back([this, numberOfThreads]() {
-            beast::setCurrentThreadName("io svc #" + std::to_string(numberOfThreads));
+        threads_.emplace_back([this, i]() {
+            beast::setCurrentThreadName("io svc #" + std::to_string(i));
             this->io_context_.run();
         });
     }

src/xrpld/app/misc/NetworkOPs.cpp

@@ -35,7 +35,6 @@
 #include <xrpld/rpc/MPTokenIssuanceID.h>
 #include <xrpld/rpc/ServerHandler.h>
 
-#include <xrpl/basics/CanProcess.h>
 #include <xrpl/basics/Log.h>
 #include <xrpl/basics/ToString.h>
 #include <xrpl/basics/UnorderedContainers.h>
@@ -486,7 +485,7 @@ public:
     isFull() override;
 
     void
-    setMode(OperatingMode om, char const* reason) override;
+    setMode(OperatingMode om) override;
 
     bool
     isBlocked() override;
@@ -924,7 +923,7 @@ NetworkOPsImp::strOperatingMode(bool const admin /* = false */) const
 inline void
 NetworkOPsImp::setStandAlone()
 {
-    setMode(OperatingMode::FULL, "setStandAlone");
+    setMode(OperatingMode::FULL);
 }
 
 inline void
@@ -1067,7 +1066,7 @@ NetworkOPsImp::processHeartbeatTimer()
         {
             if (mMode != OperatingMode::DISCONNECTED)
             {
-                setMode(OperatingMode::DISCONNECTED, "Heartbeat: insufficient peers");
+                setMode(OperatingMode::DISCONNECTED);
                 std::stringstream ss;
                 ss << "Node count (" << numPeers << ") has fallen "
                    << "below required minimum (" << minPeerCount_ << ").";
@@ -1091,7 +1090,7 @@ NetworkOPsImp::processHeartbeatTimer()
 
         if (mMode == OperatingMode::DISCONNECTED)
         {
-            setMode(OperatingMode::CONNECTED, "Heartbeat: sufficient peers");
+            setMode(OperatingMode::CONNECTED);
             JLOG(m_journal.info()) << "Node count (" << numPeers << ") is sufficient.";
             CLOG(clog.ss()) << "setting mode to CONNECTED based on " << numPeers << " peers. ";
         }
@@ -1102,11 +1101,11 @@ NetworkOPsImp::processHeartbeatTimer()
         CLOG(clog.ss()) << "mode: " << strOperatingMode(origMode, true);
         if (mMode == OperatingMode::SYNCING)
         {
-            setMode(OperatingMode::SYNCING, "Heartbeat: check syncing");
+            setMode(OperatingMode::SYNCING);
         }
         else if (mMode == OperatingMode::CONNECTED)
         {
-            setMode(OperatingMode::CONNECTED, "Heartbeat: check connected");
+            setMode(OperatingMode::CONNECTED);
         }
         auto newMode = mMode.load();
         if (origMode != newMode)
@@ -1810,7 +1809,7 @@ void
 NetworkOPsImp::setAmendmentBlocked()
 {
     amendmentBlocked_ = true;
-    setMode(OperatingMode::CONNECTED, "setAmendmentBlocked");
+    setMode(OperatingMode::CONNECTED);
 }
 
 inline bool
@@ -1841,7 +1840,7 @@ void
 NetworkOPsImp::setUNLBlocked()
 {
     unlBlocked_ = true;
-    setMode(OperatingMode::CONNECTED, "setUNLBlocked");
+    setMode(OperatingMode::CONNECTED);
 }
 
 inline void
@@ -1941,7 +1940,7 @@ NetworkOPsImp::checkLastClosedLedger(Overlay::PeerSequence const& peerList, uint
 
     if ((mMode == OperatingMode::TRACKING) || (mMode == OperatingMode::FULL))
     {
-        setMode(OperatingMode::CONNECTED, "check LCL: not on consensus ledger");
+        setMode(OperatingMode::CONNECTED);
     }
 
     if (consensus)
@@ -2029,8 +2028,8 @@ NetworkOPsImp::beginConsensus(
         // this shouldn't happen unless we jump ledgers
         if (mMode == OperatingMode::FULL)
         {
-            JLOG(m_journal.warn()) << "beginConsensus Don't have LCL, going to tracking";
-            setMode(OperatingMode::TRACKING, "beginConsensus: No LCL");
+            JLOG(m_journal.warn()) << "Don't have LCL, going to tracking";
+            setMode(OperatingMode::TRACKING);
             CLOG(clog) << "beginConsensus Don't have LCL, going to tracking. ";
         }
 
@@ -2158,7 +2157,7 @@ NetworkOPsImp::endConsensus(std::unique_ptr<std::stringstream> const& clog)
         // validations we have for LCL.  If the ledger is good enough, go to
         // TRACKING - TODO
         if (!needNetworkLedger_)
-            setMode(OperatingMode::TRACKING, "endConsensus: check tracking");
+            setMode(OperatingMode::TRACKING);
     }
 
     if (((mMode == OperatingMode::CONNECTED) || (mMode == OperatingMode::TRACKING)) &&
@@ -2171,7 +2170,7 @@ NetworkOPsImp::endConsensus(std::unique_ptr<std::stringstream> const& clog)
         if (registry_.get().getTimeKeeper().now() <
             (current->header().parentCloseTime + 2 * current->header().closeTimeResolution))
         {
-            setMode(OperatingMode::FULL, "endConsensus: check full");
+            setMode(OperatingMode::FULL);
         }
     }
 
@@ -2183,7 +2182,7 @@ NetworkOPsImp::consensusViewChange()
 {
     if ((mMode == OperatingMode::FULL) || (mMode == OperatingMode::TRACKING))
     {
-        setMode(OperatingMode::CONNECTED, "consensusViewChange");
+        setMode(OperatingMode::CONNECTED);
     }
 }
 
@@ -2487,7 +2486,7 @@ NetworkOPsImp::pubPeerStatus(std::function<Json::Value(void)> const& func)
 }
 
 void
-NetworkOPsImp::setMode(OperatingMode om, char const* reason)
+NetworkOPsImp::setMode(OperatingMode om)
 {
     using namespace std::chrono_literals;
     if (om == OperatingMode::CONNECTED)
@@ -2507,12 +2506,11 @@ NetworkOPsImp::setMode(OperatingMode om, char const* reason)
     if (mMode == om)
         return;
 
-    auto const sink = om < mMode ? m_journal.warn() : m_journal.info();
     mMode = om;
 
     accounting_.mode(om);
 
-    JLOG(sink) << "STATE->" << strOperatingMode() << " - " << reason;
+    JLOG(m_journal.info()) << "STATE->" << strOperatingMode();
     pubServer();
 }
 
@@ -2521,24 +2519,36 @@ NetworkOPsImp::recvValidation(std::shared_ptr<STValidation> const& val, std::str
 {
     JLOG(m_journal.trace()) << "recvValidation " << val->getLedgerHash() << " from " << source;
 
+    std::unique_lock lock(validationsMutex_);
+    BypassAccept bypassAccept = BypassAccept::no;
+    try
     {
-        CanProcess const check(validationsMutex_, pendingValidations_, val->getLedgerHash());
-        try
+        if (pendingValidations_.contains(val->getLedgerHash()))
         {
-            BypassAccept bypassAccept = check ? BypassAccept::no : BypassAccept::yes;
-            handleNewValidation(registry_.app(), val, source, bypassAccept, m_journal);
+            bypassAccept = BypassAccept::yes;
         }
-        catch (std::exception const& e)
+        else
         {
-            JLOG(m_journal.warn()) << "Exception thrown for handling new validation "
-                                   << val->getLedgerHash() << ": " << e.what();
-        }
-        catch (...)
-        {
-            JLOG(m_journal.warn())
-                << "Unknown exception thrown for handling new validation " << val->getLedgerHash();
+            pendingValidations_.insert(val->getLedgerHash());
         }
+        scope_unlock const unlock(lock);
+        handleNewValidation(registry_.get().getApp(), val, source, bypassAccept, m_journal);
     }
+    catch (std::exception const& e)
+    {
+        JLOG(m_journal.warn()) << "Exception thrown for handling new validation "
+                               << val->getLedgerHash() << ": " << e.what();
+    }
+    catch (...)
+    {
+        JLOG(m_journal.warn()) << "Unknown exception thrown for handling new validation "
+                               << val->getLedgerHash();
+    }
+    if (bypassAccept == BypassAccept::no)
+    {
+        pendingValidations_.erase(val->getLedgerHash());
+    }
+    lock.unlock();
 
     pubValidation(val);
 

src/xrpld/overlay/Peer.h

@@ -17,7 +17,6 @@ enum class ProtocolFeature {
     ValidatorListPropagation,
     ValidatorList2Propagation,
     LedgerReplay,
-    LedgerDataCookies
 };
 
 /** Represents a peer connection in the overlay. */
@@ -117,13 +116,6 @@ public:
 
     [[nodiscard]] virtual bool
     txReduceRelayEnabled() const = 0;
-
-    //
-    // Messages
-    //
-
-    virtual std::set<std::optional<uint64_t>>
-    releaseRequestCookies(uint256 const& requestHash) = 0;
 };
 
 }  // namespace xrpl

src/xrpld/overlay/detail/PeerImp.cpp

@@ -113,8 +113,6 @@ std::chrono::seconds constexpr peerTimerInterval{60};
 /** The timeout for a shutdown timer */
 std::chrono::seconds constexpr shutdownTimerInterval{5};
 
-/** How often we process duplicate incoming TMGetLedger messages */
-std::chrono::seconds constexpr getledgerInterval{15};
 }  // namespace
 
 // TODO: Remove this exclusion once unit tests are added after the hotfix
@@ -569,8 +567,6 @@ PeerImp::supportsFeature(ProtocolFeature f) const
             return protocol_ >= make_protocol(2, 2);
         case ProtocolFeature::LedgerReplay:
             return ledgerReplayEnabled_;
-        case ProtocolFeature::LedgerDataCookies:
-            return protocol_ >= make_protocol(2, 3);
     }
     return false;
 }
@@ -1552,9 +1548,8 @@ PeerImp::handleTransaction(
 void
 PeerImp::onMessage(std::shared_ptr<protocol::TMGetLedger> const& m)
 {
-    auto badData = [&](std::string const& msg, bool chargefee = true) {
-        if (chargefee)
-            fee_.update(Resource::feeInvalidData, "get_ledger " + msg);
+    auto badData = [&](std::string const& msg) {
+        fee_.update(Resource::feeInvalidData, "get_ledger " + msg);
         JLOG(p_journal_.warn()) << "TMGetLedger: " << msg;
     };
     auto const itype{m->itype()};
@@ -1652,68 +1647,11 @@ PeerImp::onMessage(std::shared_ptr<protocol::TMGetLedger> const& m)
         }
     }
 
-    // Drop duplicate requests from the same peer for at least
-    // `getLedgerInterval` seconds.
-    // Append a little junk to prevent the hash of an incoming messsage
-    // from matching the hash of the same outgoing message.
-    // `shouldProcessForPeer` does not distingish between incoming and
-    // outgoing, and some of the message relay logic checks the hash to see
-    // if the message has been relayed already. If the hashes are the same,
-    // a duplicate will be detected when sending the message is attempted,
-    // so it will fail.
-    auto const messageHash = sha512Half(*m, nullptr);
-    // Request cookies are not included in the hash. Track them here.
-    auto const requestCookie = [&m]() -> std::optional<uint64_t> {
-        if (m->has_requestcookie())
-            return m->requestcookie();
-        return std::nullopt;
-    }();
-    auto const [inserted, pending] = [&] {
-        std::lock_guard lock{cookieLock_};
-        auto& cookies = messageRequestCookies_[messageHash];
-        bool const pending = !cookies.empty();
-        return std::pair{cookies.emplace(requestCookie).second, pending};
-    }();
-    // Check if the request has been seen from this peer.
-    if (!app_.getHashRouter().shouldProcessForPeer(messageHash, id_, getledgerInterval))
-    {
-        // This request has already been seen from this peer.
-        // Has it been seen with this request cookie (or lack thereof)?
-
-        if (inserted)
-        {
-            // This is a duplicate request, but with a new cookie. When a
-            // response is ready, one will be sent for each request cookie.
-            JLOG(p_journal_.debug())
-                << "TMGetLedger: duplicate request with new request cookie: "
-                << requestCookie.value_or(0) << ". Job pending: " << (pending ? "yes" : "no")
-                << ": " << messageHash;
-            if (pending)
-            {
-                // Don't bother queueing up a new job if other requests are
-                // already pending. This should limit entries in the job queue
-                // to one per peer per unique request.
-                JLOG(p_journal_.debug()) << "TMGetLedger: Suppressing recvGetLedger job, since one "
-                                            "is pending: "
-                                         << messageHash;
-                return;
-            }
-        }
-        else
-        {
-            // Don't punish nodes that don't know any better
-            return badData(
-                "duplicate request: " + to_string(messageHash),
-                supportsFeature(ProtocolFeature::LedgerDataCookies));
-        }
-    }
-
     // Queue a job to process the request
-    JLOG(p_journal_.debug()) << "TMGetLedger: Adding recvGetLedger job: " << messageHash;
     std::weak_ptr<PeerImp> const weak = shared_from_this();
-    app_.getJobQueue().addJob(jtLEDGER_REQ, "RcvGetLedger", [weak, m, messageHash]() {
+    app_.getJobQueue().addJob(jtLEDGER_REQ, "RcvGetLedger", [weak, m]() {
         if (auto peer = weak.lock())
-            peer->processLedgerRequest(m, messageHash);
+            peer->processLedgerRequest(m);
     });
 }
 
@@ -1820,9 +1758,8 @@ PeerImp::onMessage(std::shared_ptr<protocol::TMReplayDeltaResponse> const& m)
 void
 PeerImp::onMessage(std::shared_ptr<protocol::TMLedgerData> const& m)
 {
-    auto badData = [&](std::string const& msg, bool charge = true) {
-        if (charge)
-            fee_.update(Resource::feeInvalidData, msg);
+    auto badData = [&](std::string const& msg) {
+        fee_.update(Resource::feeInvalidData, msg);
         JLOG(p_journal_.warn()) << "TMLedgerData: " << msg;
     };
 
@@ -1879,96 +1816,23 @@ PeerImp::onMessage(std::shared_ptr<protocol::TMLedgerData> const& m)
         return;
     }
 
-    auto const messageHash = sha512Half(*m);
-    if (!app_.getHashRouter().addSuppressionPeer(messageHash, id_))
+    // If there is a request cookie, attempt to relay the message
+    if (m->has_requestcookie())
     {
-        // Don't punish nodes that don't know any better
-        return badData(
-            "Duplicate message: " + to_string(messageHash),
-            supportsFeature(ProtocolFeature::LedgerDataCookies));
-    }
-
-    bool const routed =
-        m->has_directresponse() || m->responsecookies_size() || m->has_requestcookie();
-
-    {
-        // Check if this message needs to be forwarded to one or more peers.
-        // Maximum of one of the relevant fields should be populated.
-        XRPL_ASSERT(
-            !m->has_requestcookie() || !m->responsecookies_size(),
-            "ripple::PeerImp::onMessage(TMLedgerData) : valid cookie fields");
-
-        // Make a copy of the response cookies, then wipe the list so it can be
-        // forwarded cleanly
-        auto const responseCookies = m->responsecookies();
-        m->clear_responsecookies();
-        // Flag indicating if this response should be processed locally,
-        // possibly in addition to being forwarded.
-        bool const directResponse = m->has_directresponse() && m->directresponse();
-        m->clear_directresponse();
-
-        auto const relay = [this, m, &messageHash](auto const cookie) {
-            if (auto peer = overlay_.findPeerByShortID(cookie))
-            {
-                XRPL_ASSERT(
-                    !m->has_requestcookie() && !m->responsecookies_size(),
-                    "ripple::PeerImp::onMessage(TMLedgerData) relay : no "
-                    "cookies");
-                if (peer->supportsFeature(ProtocolFeature::LedgerDataCookies))
-                    // Setting this flag is not _strictly_ necessary for peers
-                    // that support it if there are no cookies included in the
-                    // message, but it is more accurate.
-                    m->set_directresponse(true);
-                else
-                    m->clear_directresponse();
-                peer->send(std::make_shared<Message>(*m, protocol::mtLEDGER_DATA));
-            }
-            else
-                JLOG(p_journal_.info()) << "Unable to route TX/ledger data reply to peer ["
-                                        << cookie << "]: " << messageHash;
-        };
-        // If there is a request cookie, attempt to relay the message
-        if (m->has_requestcookie())
+        if (auto peer = overlay_.findPeerByShortID(m->requestcookie()))
         {
-            XRPL_ASSERT(
-                responseCookies.empty(),
-                "ripple::PeerImp::onMessage(TMLedgerData) : no response "
-                "cookies");
             m->clear_requestcookie();
-            relay(m->requestcookie());
-            if (!directResponse && responseCookies.empty())
-                return;
+            peer->send(std::make_shared<Message>(*m, protocol::mtLEDGER_DATA));
         }
-        // If there's a list of request cookies, attempt to relay the message to
-        // all of them.
-        if (responseCookies.size())
+        else
         {
-            for (auto const cookie : responseCookies)
-                relay(cookie);
-            if (!directResponse)
-                return;
-        }
-    }
-
-    // Now that any forwarding is done check the base message (data only, no
-    // routing info for duplicates)
-    if (routed)
-    {
-        m->clear_directresponse();
-        XRPL_ASSERT(
-            !m->has_requestcookie() && !m->responsecookies_size(),
-            "ripple::PeerImp::onMessage(TMLedgerData) : no cookies");
-        auto const baseMessageHash = sha512Half(*m);
-        if (!app_.getHashRouter().addSuppressionPeer(baseMessageHash, id_))
-        {
-            // Don't punish nodes that don't know any better
-            return badData(
-                "Duplicate message: " + to_string(baseMessageHash),
-                supportsFeature(ProtocolFeature::LedgerDataCookies));
+            JLOG(p_journal_.info()) << "Unable to route TX/ledger data reply";
         }
+        return;
     }
 
     uint256 const ledgerHash{m->ledgerhash()};
+
     // Otherwise check if received data for a candidate transaction set
     if (m->type() == protocol::liTS_CANDIDATE)
     {
@@ -3295,21 +3159,16 @@ PeerImp::checkValidation(
 // the TX tree with the specified root hash.
 //
 static std::shared_ptr<PeerImp>
-getPeerWithTree(
-    OverlayImpl& ov,
-    uint256 const& rootHash,
-    PeerImp const* skip,
-    std::function<bool(Peer::id_t)> shouldProcessCallback)
+getPeerWithTree(OverlayImpl& ov, uint256 const& rootHash, PeerImp const* skip)
 {
     std::shared_ptr<PeerImp> ret;
     int retScore = 0;
 
-    XRPL_ASSERT(shouldProcessCallback, "ripple::getPeerWithTree : callback provided");
     ov.for_each([&](std::shared_ptr<PeerImp>&& p) {
         if (p->hasTxSet(rootHash) && p.get() != skip)
         {
             auto score = p->getScore(true);
-            if (!ret || (score > retScore && shouldProcessCallback(p->id())))
+            if (!ret || (score > retScore))
             {
                 ret = std::move(p);
                 retScore = score;
@@ -3328,18 +3187,16 @@ getPeerWithLedger(
     OverlayImpl& ov,
     uint256 const& ledgerHash,
     LedgerIndex ledger,
-    PeerImp const* skip,
-    std::function<bool(Peer::id_t)> shouldProcessCallback)
+    PeerImp const* skip)
 {
     std::shared_ptr<PeerImp> ret;
     int retScore = 0;
 
-    XRPL_ASSERT(shouldProcessCallback, "ripple::getPeerWithLedger : callback provided");
     ov.for_each([&](std::shared_ptr<PeerImp>&& p) {
         if (p->hasLedger(ledgerHash, ledger) && p.get() != skip)
         {
             auto score = p->getScore(true);
-            if (!ret || (score > retScore && shouldProcessCallback(p->id())))
+            if (!ret || (score > retScore))
             {
                 ret = std::move(p);
                 retScore = score;
@@ -3353,8 +3210,7 @@ getPeerWithLedger(
 void
 PeerImp::sendLedgerBase(
     std::shared_ptr<Ledger const> const& ledger,
-    protocol::TMLedgerData& ledgerData,
-    PeerCookieMap const& destinations)
+    protocol::TMLedgerData& ledgerData)
 {
     JLOG(p_journal_.trace()) << "sendLedgerBase: Base data";
 
@@ -3384,92 +3240,14 @@ PeerImp::sendLedgerBase(
         }
     }
 
-    sendToMultiple(ledgerData, destinations);
-}
-
-void
-PeerImp::sendToMultiple(protocol::TMLedgerData& ledgerData, PeerCookieMap const& destinations)
-{
-    bool foundSelf = false;
-    for (auto const& [peer, cookies] : destinations)
-    {
-        if (peer.get() == this)
-            foundSelf = true;
-        bool const multipleCookies = peer->supportsFeature(ProtocolFeature::LedgerDataCookies);
-        std::vector<std::uint64_t> sendCookies;
-
-        bool directResponse = false;
-        if (!multipleCookies)
-        {
-            JLOG(p_journal_.debug()) << "sendToMultiple: Sending " << cookies.size()
-                                     << " TMLedgerData messages to peer [" << peer->id()
-                                     << "]: " << sha512Half(ledgerData);
-        }
-        for (auto const& cookie : cookies)
-        {
-            // Unfortunately, need a separate Message object for every
-            // combination
-            if (cookie)
-            {
-                if (multipleCookies)
-                {
-                    // Save this one for later to send a single message
-                    sendCookies.emplace_back(*cookie);
-                    continue;
-                }
-
-                // Feature not supported, so send a single message with a
-                // single cookie
-                ledgerData.set_requestcookie(*cookie);
-            }
-            else
-            {
-                if (multipleCookies)
-                {
-                    // Set this flag later on the single message
-                    directResponse = true;
-                    continue;
-                }
-
-                ledgerData.clear_requestcookie();
-            }
-            XRPL_ASSERT(
-                !multipleCookies,
-                "ripple::PeerImp::sendToMultiple : ledger data cookies "
-                "unsupported");
-            auto message{std::make_shared<Message>(ledgerData, protocol::mtLEDGER_DATA)};
-            peer->send(message);
-        }
-        if (multipleCookies)
-        {
-            // Send a single message with all the cookies and/or the direct
-            // response flag, so the receiver can farm out the single message to
-            // multiple peers and/or itself
-            XRPL_ASSERT(
-                sendCookies.size() || directResponse,
-                "ripple::PeerImp::sendToMultiple : valid response options");
-            ledgerData.clear_requestcookie();
-            ledgerData.clear_responsecookies();
-            ledgerData.set_directresponse(directResponse);
-            for (auto const& cookie : sendCookies)
-                ledgerData.add_responsecookies(cookie);
-            auto message{std::make_shared<Message>(ledgerData, protocol::mtLEDGER_DATA)};
-            peer->send(message);
-
-            JLOG(p_journal_.debug())
-                << "sendToMultiple: Sent 1 TMLedgerData message to peer [" << peer->id()
-                << "]: including " << (directResponse ? "the direct response flag and " : "")
-                << sendCookies.size() << " response cookies. "
-                << ": " << sha512Half(ledgerData);
-        }
-    }
-    XRPL_ASSERT(foundSelf, "ripple::PeerImp::sendToMultiple : current peer included");
+    auto message{std::make_shared<Message>(ledgerData, protocol::mtLEDGER_DATA)};
+    send(message);
 }
 
 std::shared_ptr<Ledger const>
-PeerImp::getLedger(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash)
+PeerImp::getLedger(std::shared_ptr<protocol::TMGetLedger> const& m)
 {
-    JLOG(p_journal_.trace()) << "getLedger: Ledger " << mHash;
+    JLOG(p_journal_.trace()) << "getLedger: Ledger";
 
     std::shared_ptr<Ledger const> ledger;
 
@@ -3485,30 +3263,16 @@ PeerImp::getLedger(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 cons
             if (m->has_querytype() && !m->has_requestcookie())
             {
                 // Attempt to relay the request to a peer
-                // Note repeated messages will not relay to the same peer
-                // before `getLedgerInterval` seconds. This prevents one
-                // peer from getting flooded, and distributes the request
-                // load. If a request has been relayed to all eligible
-                // peers, then this message will not be relayed.
                 if (auto const peer = getPeerWithLedger(
-                        overlay_,
-                        ledgerHash,
-                        m->has_ledgerseq() ? m->ledgerseq() : 0,
-                        this,
-                        [&](Peer::id_t id) {
-                            return app_.getHashRouter().shouldProcessForPeer(
-                                mHash, id, getledgerInterval);
-                        }))
+                        overlay_, ledgerHash, m->has_ledgerseq() ? m->ledgerseq() : 0, this))
                 {
                     m->set_requestcookie(id());
                     peer->send(std::make_shared<Message>(*m, protocol::mtGET_LEDGER));
-                    JLOG(p_journal_.debug())
-                        << "getLedger: Request relayed to peer [" << peer->id() << "]: " << mHash;
+                    JLOG(p_journal_.debug()) << "getLedger: Request relayed to peer";
                     return ledger;
                 }
 
-                JLOG(p_journal_.trace())
-                    << "getLedger: Don't have ledger with hash " << ledgerHash << ": " << mHash;
+                JLOG(p_journal_.trace()) << "getLedger: Failed to find peer to relay request";
             }
         }
     }
@@ -3517,15 +3281,15 @@ PeerImp::getLedger(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 cons
         // Attempt to find ledger by sequence
         if (m->ledgerseq() < app_.getLedgerMaster().getEarliestFetch())
         {
-            JLOG(p_journal_.debug()) << "getLedger: Early ledger sequence request " << mHash;
+            JLOG(p_journal_.debug()) << "getLedger: Early ledger sequence request";
         }
         else
         {
             ledger = app_.getLedgerMaster().getLedgerBySeq(m->ledgerseq());
             if (!ledger)
             {
-                JLOG(p_journal_.debug()) << "getLedger: Don't have ledger with sequence "
-                                         << m->ledgerseq() << ": " << mHash;
+                JLOG(p_journal_.debug())
+                    << "getLedger: Don't have ledger with sequence " << m->ledgerseq();
             }
         }
     }
@@ -3547,29 +3311,27 @@ PeerImp::getLedger(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 cons
                     charge(Resource::feeMalformedRequest, "get_ledger ledgerSeq");
 
                 ledger.reset();
-                JLOG(p_journal_.warn())
-                    << "getLedger: Invalid ledger sequence " << ledgerSeq << ": " << mHash;
+                JLOG(p_journal_.warn()) << "getLedger: Invalid ledger sequence " << ledgerSeq;
             }
         }
         else if (ledgerSeq < app_.getLedgerMaster().getEarliestFetch())
         {
             ledger.reset();
-            JLOG(p_journal_.debug())
-                << "getLedger: Early ledger sequence request " << ledgerSeq << ": " << mHash;
+            JLOG(p_journal_.debug()) << "getLedger: Early ledger sequence request " << ledgerSeq;
         }
     }
     else
     {
-        JLOG(p_journal_.debug()) << "getLedger: Unable to find ledger " << mHash;
+        JLOG(p_journal_.debug()) << "getLedger: Unable to find ledger";
     }
 
     return ledger;
 }
 
 std::shared_ptr<SHAMap const>
-PeerImp::getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash) const
+PeerImp::getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m) const
 {
-    JLOG(p_journal_.trace()) << "getTxSet: TX set " << mHash;
+    JLOG(p_journal_.trace()) << "getTxSet: TX set";
 
     uint256 const txSetHash{m->ledgerhash()};
     std::shared_ptr<SHAMap> shaMap{app_.getInboundTransactions().getSet(txSetHash, false)};
@@ -3578,28 +3340,20 @@ PeerImp::getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const
         if (m->has_querytype() && !m->has_requestcookie())
         {
             // Attempt to relay the request to a peer
-            // Note repeated messages will not relay to the same peer
-            // before `getLedgerInterval` seconds. This prevents one
-            // peer from getting flooded, and distributes the request
-            // load. If a request has been relayed to all eligible
-            // peers, then this message will not be relayed.
-            if (auto const peer = getPeerWithTree(overlay_, txSetHash, this, [&](Peer::id_t id) {
-                    return app_.getHashRouter().shouldProcessForPeer(mHash, id, getledgerInterval);
-                }))
+            if (auto const peer = getPeerWithTree(overlay_, txSetHash, this))
             {
                 m->set_requestcookie(id());
                 peer->send(std::make_shared<Message>(*m, protocol::mtGET_LEDGER));
-                JLOG(p_journal_.debug())
-                    << "getTxSet: Request relayed to peer [" << peer->id() << "]: " << mHash;
+                JLOG(p_journal_.debug()) << "getTxSet: Request relayed";
             }
             else
             {
-                JLOG(p_journal_.debug()) << "getTxSet: Failed to find relay peer: " << mHash;
+                JLOG(p_journal_.debug()) << "getTxSet: Failed to find relay peer";
             }
         }
         else
         {
-            JLOG(p_journal_.debug()) << "getTxSet: Failed to find TX set " << mHash;
+            JLOG(p_journal_.debug()) << "getTxSet: Failed to find TX set";
         }
     }
 
@@ -3607,7 +3361,7 @@ PeerImp::getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const
 }
 
 void
-PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash)
+PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m)
 {
     // Do not resource charge a peer responding to a relay
     if (!m->has_requestcookie())
@@ -3620,72 +3374,9 @@ PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, u
     bool fatLeaves{true};
     auto const itype{m->itype()};
 
-    auto getDestinations = [&] {
-        // If a ledger data message is generated, it's going to be sent to every
-        // peer that is waiting for it.
-
-        PeerCookieMap result;
-
-        std::size_t numCookies = 0;
-        {
-            // Don't do the work under this peer if this peer is not waiting for
-            // any replies
-            auto myCookies = releaseRequestCookies(mHash);
-            if (myCookies.empty())
-            {
-                JLOG(p_journal_.debug()) << "TMGetLedger: peer is no longer "
-                                            "waiting for response to request: "
-                                         << mHash;
-                return result;
-            }
-            numCookies += myCookies.size();
-            result[shared_from_this()] = myCookies;
-        }
-
-        std::set<HashRouter::PeerShortID> const peers = app_.getHashRouter().getPeers(mHash);
-        for (auto const peerID : peers)
-        {
-            // This loop does not need to be done under the HashRouter
-            // lock because findPeerByShortID and releaseRequestCookies
-            // are thread safe, and everything else is local
-            if (auto p = overlay_.findPeerByShortID(peerID))
-            {
-                auto cookies = p->releaseRequestCookies(mHash);
-                numCookies += cookies.size();
-                if (result.contains(p))
-                {
-                    // Unlikely, but if a request came in to this peer while
-                    // iterating, add the items instead of copying /
-                    // overwriting.
-                    XRPL_ASSERT(
-                        p.get() == this,
-                        "ripple::PeerImp::processLedgerRequest : found self in "
-                        "map");
-                    for (auto const& cookie : cookies)
-                        result[p].emplace(cookie);
-                }
-                else if (cookies.size())
-                    result[p] = cookies;
-            }
-        }
-
-        JLOG(p_journal_.debug()) << "TMGetLedger: Processing request for " << result.size()
-                                 << " peers. Will send " << numCookies
-                                 << " messages if successful: " << mHash;
-
-        return result;
-    };
-    // Will only populate this if we're going to do work.
-    PeerCookieMap destinations;
-
     if (itype == protocol::liTS_CANDIDATE)
     {
-        destinations = getDestinations();
-        if (destinations.empty())
-            // Nowhere to send the response!
-            return;
-
-        if (sharedMap = getTxSet(m, mHash); !sharedMap)
+        if (sharedMap = getTxSet(m); !sharedMap)
             return;
         map = sharedMap.get();
 
@@ -3693,6 +3384,8 @@ PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, u
         ledgerData.set_ledgerseq(0);
         ledgerData.set_ledgerhash(m->ledgerhash());
         ledgerData.set_type(protocol::liTS_CANDIDATE);
+        if (m->has_requestcookie())
+            ledgerData.set_requestcookie(m->requestcookie());
 
         // We'll already have most transactions
         fatLeaves = false;
@@ -3710,12 +3403,7 @@ PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, u
             return;
         }
 
-        destinations = getDestinations();
-        if (destinations.empty())
-            // Nowhere to send the response!
-            return;
-
-        if (ledger = getLedger(m, mHash); !ledger)
+        if (ledger = getLedger(m); !ledger)
             return;
 
         // Fill out the reply
@@ -3723,11 +3411,13 @@ PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, u
         ledgerData.set_ledgerhash(ledgerHash.begin(), ledgerHash.size());
         ledgerData.set_ledgerseq(ledger->header().seq);
         ledgerData.set_type(itype);
+        if (m->has_requestcookie())
+            ledgerData.set_requestcookie(m->requestcookie());
 
         switch (itype)
         {
             case protocol::liBASE:
-                sendLedgerBase(ledger, ledgerData, destinations);
+                sendLedgerBase(ledger, ledgerData);
                 return;
 
             case protocol::liTX_NODE:
@@ -3838,7 +3528,7 @@ PeerImp::processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, u
     if (ledgerData.nodes_size() == 0)
         return;
 
-    sendToMultiple(ledgerData, destinations);
+    send(std::make_shared<Message>(ledgerData, protocol::mtLEDGER_DATA));
 }
 
 int
@@ -3890,19 +3580,6 @@ PeerImp::isHighLatency() const
     return latency_ >= peerHighLatency;
 }
 
-std::set<std::optional<uint64_t>>
-PeerImp::releaseRequestCookies(uint256 const& requestHash)
-{
-    std::set<std::optional<uint64_t>> result;
-    std::lock_guard lock(cookieLock_);
-    if (messageRequestCookies_.contains(requestHash))
-    {
-        std::swap(result, messageRequestCookies_[requestHash]);
-        messageRequestCookies_.erase(requestHash);
-    }
-    return result;
-};
-
 void
 PeerImp::Metrics::add_message(std::uint64_t bytes)
 {

src/xrpld/overlay/detail/PeerImp.h

@@ -247,13 +247,6 @@ private:
     bool ledgerReplayEnabled_ = false;
     LedgerReplayMsgHandler ledgerReplayMsgHandler_;
 
-    // Track message requests and responses
-    // TODO: Use an expiring cache or something
-    using MessageCookieMap = std::map<uint256, std::set<std::optional<uint64_t>>>;
-    using PeerCookieMap = std::map<std::shared_ptr<Peer>, std::set<std::optional<uint64_t>>>;
-    std::mutex mutable cookieLock_;
-    MessageCookieMap messageRequestCookies_;
-
     friend class OverlayImpl;
 
     class Metrics
@@ -495,13 +488,6 @@ public:
         return txReduceRelayEnabled_;
     }
 
-    //
-    // Messages
-    //
-
-    std::set<std::optional<uint64_t>>
-    releaseRequestCookies(uint256 const& requestHash) override;
-
 private:
     /**
      * @brief Handles a failure associated with a specific error code.
@@ -797,22 +783,16 @@ private:
         std::shared_ptr<protocol::TMValidation> const& packet);
 
     void
-    sendLedgerBase(
-        std::shared_ptr<Ledger const> const& ledger,
-        protocol::TMLedgerData& ledgerData,
-        PeerCookieMap const& destinations);
-
-    void
-    sendToMultiple(protocol::TMLedgerData& ledgerData, PeerCookieMap const& destinations);
+    sendLedgerBase(std::shared_ptr<Ledger const> const& ledger, protocol::TMLedgerData& ledgerData);
 
     std::shared_ptr<Ledger const>
-    getLedger(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash);
+    getLedger(std::shared_ptr<protocol::TMGetLedger> const& m);
 
     std::shared_ptr<SHAMap const>
-    getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash) const;
+    getTxSet(std::shared_ptr<protocol::TMGetLedger> const& m) const;
 
     void
-    processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m, uint256 const& mHash);
+    processLedgerRequest(std::shared_ptr<protocol::TMGetLedger> const& m);
 };
 
 //------------------------------------------------------------------------------

src/xrpld/overlay/detail/PeerSet.cpp

@@ -7,9 +7,6 @@
 
 #include <xrpl/basics/Log.h>
 #include <xrpl/beast/utility/Journal.h>
-#include <xrpl/core/HashRouter.h>
-#include <xrpl/core/JobQueue.h>
-#include <xrpl/protocol/digest.h>
 
 #include <google/protobuf/message.h>
 
@@ -100,45 +97,16 @@ PeerSetImpl::sendRequest(
     std::shared_ptr<Peer> const& peer)
 {
     auto packet = std::make_shared<Message>(message, type);
-
-    auto const messageHash = [&]() {
-        auto const packetBuffer = packet->getBuffer(compression::Compressed::Off);
-        return sha512Half(Slice(packetBuffer.data(), packetBuffer.size()));
-    }();
-
-    // Allow messages to be re-sent to the same peer after a delay
-    using namespace std::chrono_literals;
-    constexpr std::chrono::seconds interval = 30s;
-
     if (peer)
     {
-        if (app_.getHashRouter().shouldProcessForPeer(messageHash, peer->id(), interval))
-        {
-            JLOG(journal_.trace()) << "Sending " << protocolMessageName(type) << " message to ["
-                                   << peer->id() << "]: " << messageHash;
-            peer->send(packet);
-        }
-        else
-            JLOG(journal_.debug()) << "Suppressing sending duplicate " << protocolMessageName(type)
-                                   << " message to [" << peer->id() << "]: " << messageHash;
+        peer->send(packet);
         return;
     }
 
     for (auto id : peers_)
     {
         if (auto p = app_.getOverlay().findPeerByShortID(id))
-        {
-            if (app_.getHashRouter().shouldProcessForPeer(messageHash, p->id(), interval))
-            {
-                JLOG(journal_.trace()) << "Sending " << protocolMessageName(type) << " message to ["
-                                       << p->id() << "]: " << messageHash;
-                p->send(packet);
-            }
-            else
-                JLOG(journal_.debug())
-                    << "Suppressing sending duplicate " << protocolMessageName(type)
-                    << " message to [" << p->id() << "]: " << messageHash;
-        }
+            p->send(packet);
     }
 }
 

src/xrpld/overlay/detail/ProtocolMessage.h

@@ -23,12 +23,6 @@ protocolMessageType(protocol::TMGetLedger const&)
     return protocol::mtGET_LEDGER;
 }
 
-inline protocol::MessageType
-protocolMessageType(protocol::TMLedgerData const&)
-{
-    return protocol::mtLEDGER_DATA;
-}
-
 inline protocol::MessageType
 protocolMessageType(protocol::TMReplayDeltaRequest const&)
 {
@@ -440,63 +434,3 @@ invokeProtocolMessage(Buffers const& buffers, Handler& handler, std::size_t& hin
 }
 
 }  // namespace xrpl
-
-namespace protocol {
-
-template <class Hasher>
-void
-hash_append(Hasher& h, TMGetLedger const& msg)
-{
-    using beast::hash_append;
-    using namespace xrpl;
-    hash_append(h, safe_cast<int>(protocolMessageType(msg)));
-    hash_append(h, safe_cast<int>(msg.itype()));
-    if (msg.has_ltype())
-        hash_append(h, safe_cast<int>(msg.ltype()));
-
-    if (msg.has_ledgerhash())
-        hash_append(h, msg.ledgerhash());
-
-    if (msg.has_ledgerseq())
-        hash_append(h, msg.ledgerseq());
-
-    for (auto const& nodeId : msg.nodeids())
-        hash_append(h, nodeId);
-    hash_append(h, msg.nodeids_size());
-
-    // Do NOT include the request cookie. It does not affect the content of the
-    // request, but only where to route the results.
-    // if (msg.has_requestcookie())
-    //    hash_append(h, msg.requestcookie());
-
-    if (msg.has_querytype())
-        hash_append(h, safe_cast<int>(msg.querytype()));
-
-    if (msg.has_querydepth())
-        hash_append(h, msg.querydepth());
-}
-
-template <class Hasher>
-void
-hash_append(Hasher& h, TMLedgerData const& msg)
-{
-    using beast::hash_append;
-    using namespace xrpl;
-    hash_append(h, safe_cast<int>(protocolMessageType(msg)));
-    hash_append(h, msg.ledgerhash());
-    hash_append(h, msg.ledgerseq());
-    hash_append(h, safe_cast<int>(msg.type()));
-    for (auto const& node : msg.nodes())
-    {
-        hash_append(h, node.nodedata());
-        if (node.has_nodeid())
-            hash_append(h, node.nodeid());
-    }
-    hash_append(h, msg.nodes_size());
-    if (msg.has_requestcookie())
-        hash_append(h, msg.requestcookie());
-    if (msg.has_error())
-        hash_append(h, safe_cast<int>(msg.error()));
-}
-
-}  // namespace protocol

src/xrpld/overlay/detail/ProtocolVersion.cpp

@@ -28,8 +28,6 @@ namespace xrpl {
 constexpr ProtocolVersion const supportedProtocolList[]{
     {2, 1},
     {2, 2},
-    // Adds TMLedgerData::responseCookies and directResponse
-    {2, 3},
 };
 
 // This ugly construct ensures that supportedProtocolList is sorted in strictly

src/xrpld/peerfinder/detail/Counts.h

@@ -8,6 +8,9 @@
 
 namespace xrpl::PeerFinder {
 
+/** Direction of a slot count adjustment. */
+enum class CountAdjustment : int { Decrement = -1, Increment = 1 };
+
 /** Manages the count of available connections for the various slots. */
 class Counts
 {
@@ -16,14 +19,14 @@ public:
     void
     add(Slot const& s)
     {
-        adjust(s, 1);
+        adjust(s, CountAdjustment::Increment);
     }
 
     /** Removes the slot state and properties from the slot counts. */
     void
     remove(Slot const& s)
     {
-        adjust(s, -1);
+        adjust(s, CountAdjustment::Decrement);
     }
 
     /** Returns `true` if the slot can become active. */
@@ -207,21 +210,40 @@ public:
 
     //--------------------------------------------------------------------------
 private:
+    /** Increments or decrements a counter based on the adjustment direction. */
+    template <typename T>
+    static void
+    adjustCounter(T& counter, CountAdjustment dir)
+    {
+        switch (dir)
+        {
+            case CountAdjustment::Increment:
+                ++counter;
+                break;
+            case CountAdjustment::Decrement:
+                --counter;
+                break;
+        }
+    }
+
     // Adjusts counts based on the specified slot, in the direction indicated.
+    // Using ++/-- instead of += on std::size_t counters avoids UBSan
+    // unsigned-integer-overflow from implicit conversion of -1 to SIZE_MAX.
+    // A decrement on a zero counter is a real bug that UBSan should catch.
     void
-    adjust(Slot const& s, int const n)
+    adjust(Slot const& s, CountAdjustment const dir)
     {
         if (s.fixed())
-            m_fixed += n;
+            adjustCounter(m_fixed, dir);
 
         if (s.reserved())
-            m_reserved += n;
+            adjustCounter(m_reserved, dir);
 
         switch (s.state())
         {
             case Slot::accept:
                 XRPL_ASSERT(s.inbound(), "xrpl::PeerFinder::Counts::adjust : input is inbound");
-                m_acceptCount += n;
+                adjustCounter(m_acceptCount, dir);
                 break;
 
             case Slot::connect:
@@ -230,28 +252,28 @@ private:
                     !s.inbound(),
                     "xrpl::PeerFinder::Counts::adjust : input is not "
                     "inbound");
-                m_attempts += n;
+                adjustCounter(m_attempts, dir);
                 break;
 
             case Slot::active:
                 if (s.fixed())
-                    m_fixed_active += n;
+                    adjustCounter(m_fixed_active, dir);
                 if (!s.fixed() && !s.reserved())
                 {
                     if (s.inbound())
                     {
-                        m_in_active += n;
+                        adjustCounter(m_in_active, dir);
                     }
                     else
                     {
-                        m_out_active += n;
+                        adjustCounter(m_out_active, dir);
                     }
                 }
-                m_active += n;
+                adjustCounter(m_active, dir);
                 break;
 
             case Slot::closing:
-                m_closingCount += n;
+                adjustCounter(m_closingCount, dir);
                 break;
 
             // LCOV_EXCL_START