ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature-deepfreeze

Browse Source
This commit is contained in:
Denis Angell
2025-07-08 09:04:21 +02:00
parent 1233694b6c
commit 2be38b05f3
22 changed files with 2376 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/ripple/app/paths/TrustLine.h
View File

@@ -139,6 +139,13 @@ public:
return mFlags & (mViewLowest ? lsfLowFreeze : lsfHighFreeze);
}
/** Have we set the deep freeze flag on our peer */
bool
getDeepFreeze() const
{
return mFlags & (mViewLowest ? lsfLowDeepFreeze : lsfHighDeepFreeze);
}
/** Has the peer set the freeze flag on us */
bool
getFreezePeer() const
@@ -146,6 +153,13 @@ public:
return mFlags & (!mViewLowest ? lsfLowFreeze : lsfHighFreeze);
}
/** Has the peer set the deep freeze flag on us */
bool
getDeepFreezePeer() const
{
return mFlags & (!mViewLowest ? lsfLowDeepFreeze : lsfHighDeepFreeze);
}
STAmount const&
getBalance() const
{

6
src/ripple/app/paths/impl/StepChecks.h
View File

@@ -52,6 +52,12 @@ checkFreeze(
{
return terNO_LINE;
}
// Unlike normal freeze, a deep frozen trust line acts the same
// regardless of which side froze it
if (sle->isFlag(lsfHighDeepFreeze) || sle->isFlag(lsfLowDeepFreeze))
{
return terNO_LINE;
}
}
return tesSUCCESS;

1
src/ripple/app/tx/impl/CashCheck.cpp
View File

@@ -392,6 +392,7 @@ CashCheck::doApply()
false, // authorize account
(sleDst->getFlags() & lsfDefaultRipple) == 0,
false, // freeze trust line
false, // deep freeze trust line
initialBalance, // zero initial balance
Issue(currency, account_), // limit of zero
0, // quality in

26
src/ripple/app/tx/impl/CreateOffer.cpp
View File

@@ -275,6 +275,32 @@ CreateOffer::checkAcceptAsset(
}
}
// An account can not create a trustline to itself, so no line can exist
// to be frozen. Additionally, an issuer can always accept its own
// issuance.
if (issue.account == id)
{
return tesSUCCESS;
}
auto const trustLine =
view.read(keylet::line(id, issue.account, issue.currency));
if (!trustLine)
{
return tesSUCCESS;
}
// There's no difference which side enacted deep freeze, accepting
// tokens shouldn't be possible.
bool const deepFrozen =
(*trustLine)[sfFlags] & (lsfLowDeepFreeze | lsfHighDeepFreeze);
if (deepFrozen)
{
return tecFROZEN;
}
return tesSUCCESS;
}

296
src/ripple/app/tx/impl/InvariantCheck.cpp
View File

@@ -560,6 +560,302 @@ NoXRPTrustLines::finalize(
//------------------------------------------------------------------------------
void
NoDeepFreezeTrustLinesWithoutFreeze::visitEntry(
bool,
std::shared_ptr<SLE const> const&,
std::shared_ptr<SLE const> const& after)
{
if (after && after->getType() == ltRIPPLE_STATE)
{
std::uint32_t const uFlags = after->getFieldU32(sfFlags);
bool const lowFreeze = uFlags & lsfLowFreeze;
bool const lowDeepFreeze = uFlags & lsfLowDeepFreeze;
bool const highFreeze = uFlags & lsfHighFreeze;
bool const highDeepFreeze = uFlags & lsfHighDeepFreeze;
deepFreezeWithoutFreeze_ =
(lowDeepFreeze && !lowFreeze) || (highDeepFreeze && !highFreeze);
}
}
bool
NoDeepFreezeTrustLinesWithoutFreeze::finalize(
STTx const&,
TER const,
XRPAmount const,
ReadView const&,
beast::Journal const& j)
{
if (!deepFreezeWithoutFreeze_)
return true;
JLOG(j.fatal()) << "Invariant failed: a trust line with deep freeze flag "
"without normal freeze was created";
return false;
}
//------------------------------------------------------------------------------
void
TransfersNotFrozen::visitEntry(
bool isDelete,
std::shared_ptr<SLE const> const& before,
std::shared_ptr<SLE const> const& after)
{
/*
* A trust line freeze state alone doesn't determine if a transfer is
* frozen. The transfer must be examined "end-to-end" because both sides of
* the transfer may have different freeze states and freeze impact depends
* on the transfer direction. This is why first we need to track the
* transfers using IssuerChanges senders/receivers.
*
* Only in validateIssuerChanges, after we collected all changes can we
* determine if the transfer is valid.
*/
if (!isValidEntry(before, after))
{
return;
}
auto const balanceChange = calculateBalanceChange(before, after, isDelete);
if (balanceChange.signum() == 0)
{
return;
}
recordBalanceChanges(after, balanceChange);
}
bool
TransfersNotFrozen::finalize(
STTx const& tx,
TER const ter,
XRPAmount const fee,
ReadView const& view,
beast::Journal const& j)
{
/*
* We check this invariant regardless of deep freeze amendment status,
* allowing for detection and logging of potential issues even when the
* amendment is disabled.
*
* If an exploit that allows moving frozen assets is discovered,
* we can alert operators who monitor fatal messages and trigger assert in
* debug builds for an early warning.
*
* In an unlikely event that an exploit is found, this early detection
* enables encouraging the UNL to expedite deep freeze amendment activation
* or deploy hotfixes via new amendments. In case of a new amendment, we'd
* only have to change this line setting 'enforce' variable.
* enforce = view.rules().enabled(featureDeepFreeze) ||
* view.rules().enabled(fixFreezeExploit);
*/
[[maybe_unused]] bool const enforce =
view.rules().enabled(featureDeepFreeze);
for (auto const& [issue, changes] : balanceChanges_)
{
auto const issuerSle = findIssuer(issue.account, view);
// It should be impossible for the issuer to not be found, but check
// just in case so rippled doesn't crash in release.
if (!issuerSle)
{
assert(enforce);
if (enforce)
{
return false;
}
continue;
}
if (!validateIssuerChanges(issuerSle, changes, tx, j, enforce))
{
return false;
}
}
return true;
}
bool
TransfersNotFrozen::isValidEntry(
std::shared_ptr<SLE const> const& before,
std::shared_ptr<SLE const> const& after)
{
// `after` can never be null, even if the trust line is deleted.
assert(after);
if (!after)
{
return false;
}
if (after->getType() == ltACCOUNT_ROOT)
{
possibleIssuers_.emplace(after->at(sfAccount), after);
return false;
}
/* While LedgerEntryTypesMatch invariant also checks types, all invariants
* are processed regardless of previous failures.
*
* This type check is still necessary here because it prevents potential
* issues in subsequent processing.
*/
return after->getType() == ltRIPPLE_STATE &&
(!before || before->getType() == ltRIPPLE_STATE);
}
STAmount
TransfersNotFrozen::calculateBalanceChange(
std::shared_ptr<SLE const> const& before,
std::shared_ptr<SLE const> const& after,
bool isDelete)
{
auto const getBalance = [](auto const& line, auto const& other, bool zero) {
STAmount amt =
line ? line->at(sfBalance) : other->at(sfBalance).zeroed();
return zero ? amt.zeroed() : amt;
};
/* Trust lines can be created dynamically by other transactions such as
* Payment and OfferCreate that cross offers. Such trust line won't be
* created frozen, but the sender might be, so the starting balance must be
* treated as zero.
*/
auto const balanceBefore = getBalance(before, after, false);
/* Same as above, trust lines can be dynamically deleted, and for frozen
* trust lines, payments not involving the issuer must be blocked. This is
* achieved by treating the final balance as zero when isDelete=true to
* ensure frozen line restrictions are enforced even during deletion.
*/
auto const balanceAfter = getBalance(after, before, isDelete);
return balanceAfter - balanceBefore;
}
void
TransfersNotFrozen::recordBalance(Issue const& issue, BalanceChange change)
{
assert(change.balanceChangeSign);
auto& changes = balanceChanges_[issue];
if (change.balanceChangeSign < 0)
changes.senders.emplace_back(std::move(change));
else
changes.receivers.emplace_back(std::move(change));
}
void
TransfersNotFrozen::recordBalanceChanges(
std::shared_ptr<SLE const> const& after,
STAmount const& balanceChange)
{
auto const balanceChangeSign = balanceChange.signum();
auto const currency = after->at(sfBalance).getCurrency();
// Change from low account's perspective, which is trust line default
recordBalance(
{currency, after->at(sfHighLimit).getIssuer()},
{after, balanceChangeSign});
// Change from high account's perspective, which reverses the sign.
recordBalance(
{currency, after->at(sfLowLimit).getIssuer()},
{after, -balanceChangeSign});
}
std::shared_ptr<SLE const>
TransfersNotFrozen::findIssuer(AccountID const& issuerID, ReadView const& view)
{
if (auto it = possibleIssuers_.find(issuerID); it != possibleIssuers_.end())
{
return it->second;
}
return view.read(keylet::account(issuerID));
}
bool
TransfersNotFrozen::validateIssuerChanges(
std::shared_ptr<SLE const> const& issuer,
IssuerChanges const& changes,
STTx const& tx,
beast::Journal const& j,
bool enforce)
{
if (!issuer)
{
return false;
}
bool const globalFreeze = issuer->isFlag(lsfGlobalFreeze);
if (changes.receivers.empty() || changes.senders.empty())
{
/* If there are no receivers, then the holder(s) are returning
* their tokens to the issuer. Likewise, if there are no
* senders, then the issuer is issuing tokens to the holder(s).
* This is allowed regardless of the issuer's freeze flags. (The
* holder may have contradicting freeze flags, but that will be
* checked when the holder is treated as issuer.)
*/
return true;
}
for (auto const& actors : {changes.senders, changes.receivers})
{
for (auto const& change : actors)
{
bool const high = change.line->at(sfLowLimit).getIssuer() ==
issuer->at(sfAccount);
if (!validateFrozenState(
change, high, tx, j, enforce, globalFreeze))
{
return false;
}
}
}
return true;
}
bool
TransfersNotFrozen::validateFrozenState(
BalanceChange const& change,
bool high,
STTx const& tx,
beast::Journal const& j,
bool enforce,
bool globalFreeze)
{
bool const freeze = change.balanceChangeSign < 0 &&
change.line->isFlag(high ? lsfLowFreeze : lsfHighFreeze);
bool const deepFreeze =
change.line->isFlag(high ? lsfLowDeepFreeze : lsfHighDeepFreeze);
bool const frozen = globalFreeze || deepFreeze || freeze;
// bool const isAMMLine = change.line->isFlag(lsfAMMNode);
if (!frozen)
{
return true;
}
JLOG(j.fatal()) << "Invariant failed: Attempting to move frozen funds for "
<< tx.getTransactionID();
assert(enforce);
if (enforce)
{
return false;
}
return true;
}
//------------------------------------------------------------------------------
void
ValidNewAccountRoot::visitEntry(
bool,

108
src/ripple/app/tx/impl/InvariantCheck.h
View File

@@ -242,6 +242,114 @@ public:
beast::Journal const&);
};
/**
* @brief Invariant: Trust lines with deep freeze flag are not allowed if normal
* freeze flag is not set.
*
* We iterate all the trust lines created by this transaction and ensure
* that they don't have deep freeze flag set without normal freeze flag set.
*/
class NoDeepFreezeTrustLinesWithoutFreeze
{
bool deepFreezeWithoutFreeze_ = false;
public:
void
visitEntry(
bool,
std::shared_ptr<SLE const> const&,
std::shared_ptr<SLE const> const&);
bool
finalize(
STTx const&,
TER const,
XRPAmount const,
ReadView const&,
beast::Journal const&);
};
/**
* @brief Invariant: frozen trust line balance change is not allowed.
*
* We iterate all affected trust lines and ensure that they don't have
* unexpected change of balance if they're frozen.
*/
class TransfersNotFrozen
{
struct BalanceChange
{
std::shared_ptr<SLE const> const line;
int const balanceChangeSign;
};
struct IssuerChanges
{
std::vector<BalanceChange> senders;
std::vector<BalanceChange> receivers;
};
using ByIssuer = std::map<Issue, IssuerChanges>;
ByIssuer balanceChanges_;
std::map<AccountID, std::shared_ptr<SLE const> const> possibleIssuers_;
public:
void
visitEntry(
bool,
std::shared_ptr<SLE const> const&,
std::shared_ptr<SLE const> const&);
bool
finalize(
STTx const&,
TER const,
XRPAmount const,
ReadView const&,
beast::Journal const&);
private:
bool
isValidEntry(
std::shared_ptr<SLE const> const& before,
std::shared_ptr<SLE const> const& after);
STAmount
calculateBalanceChange(
std::shared_ptr<SLE const> const& before,
std::shared_ptr<SLE const> const& after,
bool isDelete);
void
recordBalance(Issue const& issue, BalanceChange change);
void
recordBalanceChanges(
std::shared_ptr<SLE const> const& after,
STAmount const& balanceChange);
std::shared_ptr<SLE const>
findIssuer(AccountID const& issuerID, ReadView const& view);
bool
validateIssuerChanges(
std::shared_ptr<SLE const> const& issuer,
IssuerChanges const& changes,
STTx const& tx,
beast::Journal const& j,
bool enforce);
bool
validateFrozenState(
BalanceChange const& change,
bool high,
STTx const& tx,
beast::Journal const& j,
bool enforce,
bool globalFreeze);
};
/**
* @brief Invariant: offers should be for non-negative amounts and must not
* be XRP to XRP.

66
src/ripple/app/tx/impl/NFTokenAcceptOffer.cpp
View File

@@ -268,6 +268,16 @@ NFTokenAcceptOffer::preclaim(PreclaimContext const& ctx)
ctx.j) < needed)
return tecINSUFFICIENT_FUNDS;
}
// Make sure that we are allowed to hold what the taker will pay us.
// This is a similar approach taken by usual offers.
if (!needed.native())
{
auto const result = checkAcceptAsset(
ctx.view, ctx.flags, (*so)[sfOwner], ctx.j, needed.issue());
if (result != tesSUCCESS)
return result;
}
}
return tesSUCCESS;
@@ -453,4 +463,60 @@ NFTokenAcceptOffer::doApply()
return tecINTERNAL;
}
TER
NFTokenAcceptOffer::checkAcceptAsset(
ReadView const& view,
ApplyFlags const flags,
AccountID const id,
beast::Journal const j,
Issue const& issue)
{
// Only valid for custom currencies
if (!view.rules().enabled(featureDeepFreeze))
{
return tesSUCCESS;
}
assert(!isXRP(issue.currency));
auto const issuerAccount = view.read(keylet::account(issue.account));
if (!issuerAccount)
{
JLOG(j.debug())
<< "delay: can't receive IOUs from non-existent issuer: "
<< to_string(issue.account);
return tecNO_ISSUER;
}
// An account can not create a trustline to itself, so no line can exist
// to be frozen. Additionally, an issuer can always accept its own
// issuance.
if (issue.account == id)
{
return tesSUCCESS;
}
auto const trustLine =
view.read(keylet::line(id, issue.account, issue.currency));
if (!trustLine)
{
return tesSUCCESS;
}
// There's no difference which side enacted deep freeze, accepting
// tokens shouldn't be possible.
bool const deepFrozen =
(*trustLine)[sfFlags] & (lsfLowDeepFreeze | lsfHighDeepFreeze);
if (deepFrozen)
{
return tecFROZEN;
}
return tesSUCCESS;
}
} // namespace ripple

8
src/ripple/app/tx/impl/NFTokenAcceptOffer.h
View File

@@ -38,6 +38,14 @@ private:
std::shared_ptr<SLE> const& buy,
std::shared_ptr<SLE> const& sell);
static TER
checkAcceptAsset(
ReadView const& view,
ApplyFlags const flags,
AccountID const id,
beast::Journal const j,
Issue const& issue);
public:
static constexpr ConsequencesFactoryType ConsequencesFactory{Normal};

14
src/ripple/app/tx/impl/OfferStream.cpp
View File

@@ -256,6 +256,20 @@ TOfferStreamBase<TIn, TOut>::step()
continue;
}
bool const deepFrozen = isDeepFrozen(
view_,
offer_.owner(),
offer_.issueIn().currency,
offer_.issueIn().account);
if (deepFrozen)
{
JLOG(j_.trace())
<< "Removing deep frozen unfunded offer " << entry->key();
permRmOffer(entry->key());
offer_ = TOffer<TIn, TOut>{};
continue;
}
// Calculate owner funds
ownerFunds_ = accountFundsHelper(
view_,

139
src/ripple/app/tx/impl/SetTrust.cpp
View File

@@ -25,6 +25,42 @@
#include <ripple/protocol/Quality.h>
#include <ripple/protocol/st.h>
namespace {
uint32_t
computeFreezeFlags(
uint32_t uFlags,
bool bHigh,
bool bNoFreeze,
bool bSetFreeze,
bool bClearFreeze,
bool bSetDeepFreeze,
bool bClearDeepFreeze)
{
if (bSetFreeze && !bClearFreeze && !bNoFreeze)
{
uFlags |= (bHigh ? ripple::lsfHighFreeze : ripple::lsfLowFreeze);
}
else if (bClearFreeze && !bSetFreeze)
{
uFlags &= ~(bHigh ? ripple::lsfHighFreeze : ripple::lsfLowFreeze);
}
if (bSetDeepFreeze && !bClearDeepFreeze && !bNoFreeze)
{
uFlags |=
(bHigh ? ripple::lsfHighDeepFreeze : ripple::lsfLowDeepFreeze);
}
else if (bClearDeepFreeze && !bSetDeepFreeze)
{
uFlags &=
~(bHigh ? ripple::lsfHighDeepFreeze : ripple::lsfLowDeepFreeze);
}
return uFlags;
}
} // namespace
namespace ripple {
NotTEC
@@ -44,6 +80,16 @@ SetTrust::preflight(PreflightContext const& ctx)
return temINVALID_FLAG;
}
if (!ctx.rules.enabled(featureDeepFreeze))
{
// Even though the deep freeze flags are included in the
// `tfTrustSetMask`, they are not valid if the amendment is not enabled.
if (uTxFlags & (tfSetDeepFreeze | tfClearDeepFreeze))
{
return temINVALID_FLAG;
}
}
STAmount const saLimitAmount(tx.getFieldAmount(sfLimitAmount));
if (!isLegalNet(saLimitAmount))
@@ -142,6 +188,58 @@ SetTrust::preclaim(PreclaimContext const& ctx)
return tecNO_PERMISSION;
}
// Checking all freeze/deep freeze flag invariants.
if (ctx.view.rules().enabled(featureDeepFreeze))
{
bool const bNoFreeze = sle->isFlag(lsfNoFreeze);
bool const bSetFreeze = (uTxFlags & tfSetFreeze);
bool const bSetDeepFreeze = (uTxFlags & tfSetDeepFreeze);
if (bNoFreeze && (bSetFreeze || bSetDeepFreeze))
{
// Cannot freeze the trust line if NoFreeze is set
return tecNO_PERMISSION;
}
bool const bClearFreeze = (uTxFlags & tfClearFreeze);
bool const bClearDeepFreeze = (uTxFlags & tfClearDeepFreeze);
if ((bSetFreeze || bSetDeepFreeze) &&
(bClearFreeze || bClearDeepFreeze))
{
// Freezing and unfreezing in the same transaction should be
// illegal
return tecNO_PERMISSION;
}
bool const bHigh = id > uDstAccountID;
// Fetching current state of trust line
auto const sleRippleState =
ctx.view.read(keylet::line(id, uDstAccountID, currency));
std::uint32_t uFlags =
sleRippleState ? sleRippleState->getFieldU32(sfFlags) : 0u;
// Computing expected trust line state
uFlags = computeFreezeFlags(
uFlags,
bHigh,
bNoFreeze,
bSetFreeze,
bClearFreeze,
bSetDeepFreeze,
bClearDeepFreeze);
auto const frozen = uFlags & (bHigh ? lsfHighFreeze : lsfLowFreeze);
auto const deepFrozen =
uFlags & (bHigh ? lsfHighDeepFreeze : lsfLowDeepFreeze);
// Trying to set deep freeze on not already frozen trust line must
// fail. This also checks that clearing normal freeze while deep
// frozen must not work
if (deepFrozen && !frozen)
{
return tecNO_PERMISSION;
}
}
return tesSUCCESS;
}
@@ -157,7 +255,7 @@ SetTrust::doApply()
Currency const currency(saLimitAmount.getCurrency());
AccountID uDstAccountID(saLimitAmount.getIssuer());
// true, iff current is high account.
// true, if current is high account.
bool const bHigh = account_ > uDstAccountID;
auto const sle = view().peek(keylet::account(account_));
@@ -202,13 +300,15 @@ SetTrust::doApply()
bool const bClearNoRipple = (uTxFlags & tfClearNoRipple);
bool const bSetFreeze = (uTxFlags & tfSetFreeze);
bool const bClearFreeze = (uTxFlags & tfClearFreeze);
bool const bSetDeepFreeze = (uTxFlags & tfSetDeepFreeze);
bool const bClearDeepFreeze = (uTxFlags & tfClearDeepFreeze);
auto viewJ = ctx_.app.journal("View");
// Trust lines to self are impossible but because of the old bug there are
// two on 19-02-2022. This code was here to allow those trust lines to be
// deleted. The fixTrustLinesToSelf fix amendment will remove them when it
// enables so this code will no longer be needed.
// Trust lines to self are impossible but because of the old bug there
// are two on 19-02-2022. This code was here to allow those trust lines
// to be deleted. The fixTrustLinesToSelf fix amendment will remove them
// when it enables so this code will no longer be needed.
if (!view().rules().enabled(fixTrustLinesToSelf) &&
account_ == uDstAccountID)
{
@@ -368,14 +468,16 @@ SetTrust::doApply()
uFlagsOut &= ~(bHigh ? lsfHighNoRipple : lsfLowNoRipple);
}
if (bSetFreeze && !bClearFreeze && !sle->isFlag(lsfNoFreeze))
{
uFlagsOut |= (bHigh ? lsfHighFreeze : lsfLowFreeze);
}
else if (bClearFreeze && !bSetFreeze)
{
uFlagsOut &= ~(bHigh ? lsfHighFreeze : lsfLowFreeze);
}
// Have to use lsfNoFreeze to maintain pre-deep freeze behavior
bool const bNoFreeze = sle->isFlag(lsfNoFreeze);
uFlagsOut = computeFreezeFlags(
uFlagsOut,
bHigh,
bNoFreeze,
bSetFreeze,
bClearFreeze,
bSetDeepFreeze,
bClearDeepFreeze);
if (QUALITY_ONE == uLowQualityOut)
uLowQualityOut = 0;
@@ -459,7 +561,7 @@ SetTrust::doApply()
else if (bReserveIncrease && mPriorBalance < reserveCreate)
{
JLOG(j_.trace())
<< "Delay transaction: Insufficent reserve to add trust line.";
<< "Delay transaction: Insufficient reserve to add trust line.";
// Another transaction could provide XRP to the account and then
// this transaction would succeed.
@@ -475,10 +577,10 @@ SetTrust::doApply()
// Line does not exist.
else if (
!saLimitAmount && // Setting default limit.
(!bQualityIn || !uQualityIn) && // Not setting quality in or setting
// default quality in.
(!bQualityOut || !uQualityOut) && // Not setting quality out or setting
// default quality out.
(!bQualityIn || !uQualityIn) && // Not setting quality in or
// setting default quality in.
(!bQualityOut || !uQualityOut) && // Not setting quality out or
// setting default quality out.
(!bSetAuth))
{
JLOG(j_.trace())
@@ -515,6 +617,7 @@ SetTrust::doApply()
bSetAuth,
bSetNoRipple && !bClearNoRipple,
bSetFreeze && !bClearFreeze,
bSetDeepFreeze,
saBalance,
saLimitAllow, // Limit for who is being charged.
uQualityIn,

1
src/ripple/app/tx/impl/URIToken.cpp
View File

@@ -832,6 +832,7 @@ URIToken::doApply()
false, // authorize account
(sleOwner->getFlags() & lsfDefaultRipple) == 0,
false, // freeze trust line
false, // deepfreeze trust line
*dstAmt, // initial balance zero
Issue(
purchaseAmount.getCurrency(),

18
src/ripple/ledger/View.h
View File

@@ -88,6 +88,13 @@ isFrozen(
Currency const& currency,
AccountID const& issuer);
[[nodiscard]] bool
isDeepFrozen(
ReadView const& view,
AccountID const& account,
Currency const& currency,
AccountID const& issuer);
// Returns the amount an account can spend without going into debt.
//
// <-- saAmount: amount of currency held by account. May be negative.
@@ -343,6 +350,7 @@ trustCreate(
const bool bAuth, // --> authorize account.
const bool bNoRipple, // --> others cannot ripple through
const bool bFreeze, // --> funds cannot leave
bool bDeepFreeze, // --> can neither receive nor send funds
STAmount const& saBalance, // --> balance of account being set.
// Issuer should be noAccount()
STAmount const& saLimit, // --> limit for account being set.
@@ -661,6 +669,15 @@ trustTransferAllowed(
if (p == issue.account)
continue;
if (isDeepFrozen(view, p, issue.currency, issue.account))
{
JLOG(j.trace()) << "trustTransferAllowed: "
// << "parties=[" << parties << "], "
<< "issuer: " << issue.account << " "
<< "has deep freeze on party: " << p;
return tecFROZEN;
}
auto const line =
view.read(keylet::line(p, issue.account, issue.currency));
if (!line)
@@ -971,6 +988,7 @@ trustTransferLockedBalance(
false, // authorize account
(sleDstAcc->getFlags() & lsfDefaultRipple) == 0,
false, // freeze trust line
false, // deep freeze trust line
dstAmt, // initial balance
Issue(currency, dstAccID), // limit of zero
0, // quality in

60
src/ripple/ledger/impl/View.cpp
View File

@@ -219,6 +219,26 @@ isFrozen(
return false;
}
bool
isDeepFrozen(
ReadView const& view,
AccountID const& account,
Currency const& currency,
AccountID const& issuer)
{
if (isXRP(currency))
return false;
if (issuer == account)
return false;
auto const sle = view.read(keylet::line(account, issuer, currency));
if (!sle)
return false;
return sle->isFlag(lsfHighDeepFreeze) || sle->isFlag(lsfLowDeepFreeze);
}
STAmount
accountHolds(
ReadView const& view,
@@ -236,17 +256,22 @@ accountHolds(
// IOU: Return balance on trust line modulo freeze
auto const sle = view.read(keylet::line(account, issuer, currency));
if (!sle)
{
amount.clear({currency, issuer});
}
else if (
(zeroIfFrozen == fhZERO_IF_FROZEN) &&
isFrozen(view, account, currency, issuer))
{
amount.clear(Issue(currency, issuer));
}
else
auto const allowBalance = [&]() {
if (!sle)
return false;
if (zeroIfFrozen == fhZERO_IF_FROZEN)
{
if (isFrozen(view, account, currency, issuer) ||
isDeepFrozen(view, account, currency, issuer))
{
return false;
}
}
return true;
}();
if (allowBalance)
{
amount = sle->getFieldAmount(sfBalance);
if (account > issuer)
@@ -279,6 +304,10 @@ accountHolds(
amount.setIssuer(issuer);
}
else
{
amount.clear(Issue{currency, issuer});
}
JLOG(j.trace()) << "accountHolds:"
<< " account=" << to_string(account)
<< " amount=" << amount.getFullText();
@@ -769,6 +798,7 @@ trustCreate(
const bool bAuth, // --> authorize account.
const bool bNoRipple, // --> others cannot ripple through
const bool bFreeze, // --> funds cannot leave
const bool bDeepFreeze, // --> can neither receive nor send funds
STAmount const& saBalance, // --> balance of account being set.
// Issuer should be noAccount()
STAmount const& saLimit, // --> limit for account being set.
@@ -850,7 +880,11 @@ trustCreate(
}
if (bFreeze)
{
uFlags |= (!bSetHigh ? lsfLowFreeze : lsfHighFreeze);
uFlags |= (bSetHigh ? lsfHighFreeze : lsfLowFreeze);
}
if (bDeepFreeze)
{
uFlags |= (bSetHigh ? lsfHighDeepFreeze : lsfLowDeepFreeze);
}
if ((slePeer->getFlags() & lsfDefaultRipple) == 0)
@@ -1140,6 +1174,7 @@ rippleCredit(
false,
noRipple,
false,
false,
saBalance,
saReceiverLimit,
0,
@@ -1464,6 +1499,7 @@ issueIOU(
false,
noRipple,
false,
false,
final_balance,
limit,
0,

3
src/ripple/protocol/Feature.h
View File

@@ -74,7 +74,7 @@ namespace detail {
// Feature.cpp. Because it's only used to reserve storage, and determine how
// large to make the FeatureBitset, it MAY be larger. It MUST NOT be less than
// the actual number of amendments. A LogicError on startup will verify this.
static constexpr std::size_t numFeatures = 81;
static constexpr std::size_t numFeatures = 82;
/** Amendments that this server supports and the default voting behavior.
Whether they are enabled depends on the Rules defined in the validated
@@ -369,6 +369,7 @@ extern uint256 const fixXahauV3;
extern uint256 const fix20250131;
extern uint256 const featureHookCanEmit;
extern uint256 const fixRewardClaimFlags;
extern uint256 const featureDeepFreeze;
} // namespace ripple

6
src/ripple/protocol/LedgerFormats.h
View File

@@ -299,8 +299,10 @@ enum LedgerSpecificFlags {
lsfHighAuth = 0x00080000,
lsfLowNoRipple = 0x00100000,
lsfHighNoRipple = 0x00200000,
lsfLowFreeze = 0x00400000, // True, low side has set freeze flag
lsfHighFreeze = 0x00800000, // True, high side has set freeze flag
lsfLowFreeze = 0x00400000, // True, low side has set freeze flag
lsfHighFreeze = 0x00800000, // True, high side has set freeze flag
lsfLowDeepFreeze = 0x02000000, // True, low side has set deep freeze flag
lsfHighDeepFreeze = 0x04000000, // True, high side has set deep freeze flag
// ltSIGNER_LIST
lsfOneOwnerCount = 0x00010000, // True, uses only one OwnerCount

4
src/ripple/protocol/TxFlags.h
View File

@@ -120,10 +120,12 @@ enum TrustSetFlags : uint32_t {
tfClearNoRipple = 0x00040000,
tfSetFreeze = 0x00100000,
tfClearFreeze = 0x00200000,
tfSetDeepFreeze = 0x00400000,
tfClearDeepFreeze = 0x00800000
};
constexpr std::uint32_t tfTrustSetMask =
~(tfUniversal | tfSetfAuth | tfSetNoRipple | tfClearNoRipple | tfSetFreeze |
tfClearFreeze);
tfClearFreeze | tfSetDeepFreeze | tfClearDeepFreeze);
// EnableAmendment flags:
enum EnableAmendmentFlags : std::uint32_t {

1
src/ripple/protocol/impl/Feature.cpp
View File

@@ -475,6 +475,7 @@ REGISTER_FIX (fixXahauV3, Supported::yes, VoteBehavior::De
REGISTER_FIX (fix20250131, Supported::yes, VoteBehavior::DefaultYes);
REGISTER_FEATURE(HookCanEmit, Supported::yes, VoteBehavior::DefaultNo);
REGISTER_FIX (fixRewardClaimFlags, Supported::yes, VoteBehavior::DefaultYes);
REGISTER_FEATURE(DeepFreeze, Supported::yes, VoteBehavior::DefaultNo);
// The following amendments are obsolete, but must remain supported
// because they could potentially get enabled.

2
src/ripple/protocol/jss.h
View File

@@ -344,6 +344,8 @@ JSS(force); // in: catalogue
JSS(forward); // in: AccountTx
JSS(freeze); // out: AccountLines
JSS(freeze_peer); // out: AccountLines
JSS(deep_freeze); // out: AccountLines
JSS(deep_freeze_peer); // out: AccountLines
JSS(frozen_balances); // out: GatewayBalances
JSS(full); // in: LedgerClearer, handlers/Ledger
JSS(full_reply); // out: PathFind

4
src/ripple/rpc/handlers/AccountLines.cpp
View File

@@ -74,6 +74,10 @@ addLine(Json::Value& jsonLines, RPCTrustLine const& line)
jPeer[jss::freeze] = true;
if (line.getFreezePeer())
jPeer[jss::freeze_peer] = true;
if (line.getDeepFreeze())
jPeer[jss::deep_freeze] = true;
if (line.getDeepFreezePeer())
jPeer[jss::deep_freeze_peer] = true;
}
// {

1477
src/test/app/Freeze_test.cpp
View File

File diff suppressed because it is too large Load Diff

194
src/test/ledger/Invariants_test.cpp
View File

@@ -30,6 +30,15 @@ namespace ripple {
class Invariants_test : public beast::unit_test::suite
{
// The optional Preclose function is used to process additional transactions
// on the ledger after creating two accounts, but before closing it, and
// before the Precheck function. These should only be valid functions, and
// not direct manipulations. Preclose is not commonly used.
using Preclose = std::function<bool(
test::jtx::Account const& a,
test::jtx::Account const& b,
test::jtx::Env& env)>;
// this is common setup/method for running a failing invariant check. The
// precheck function is used to manipulate the ApplyContext with view
// changes that will cause the check to fail.
@@ -44,9 +53,9 @@ class Invariants_test : public beast::unit_test::suite
Precheck const& precheck,
XRPAmount fee = XRPAmount{},
STTx tx = STTx{ttACCOUNT_SET, [](STObject&) {}},
std::initializer_list<TER> ters = {
tecINVARIANT_FAILED,
tefINVARIANT_FAILED})
std::initializer_list<TER> ters =
{tecINVARIANT_FAILED, tefINVARIANT_FAILED},
Preclose const& preclose = {})
{
using namespace test::jtx;
Env env{*this};
@@ -218,6 +227,183 @@ class Invariants_test : public beast::unit_test::suite
});
}
void
testNoDeepFreezeTrustLinesWithoutFreeze()
{
using namespace test::jtx;
testcase << "trust lines with deep freeze flag without freeze "
"not allowed";
doInvariantCheck(
{{"a trust line with deep freeze flag without normal freeze was "
"created"}},
[](Account const& A1, Account const& A2, ApplyContext& ac) {
auto const sleNew = std::make_shared<SLE>(
keylet::line(A1, A2, A1["USD"].currency));
sleNew->setFieldAmount(sfLowLimit, A1["USD"](0));
sleNew->setFieldAmount(sfHighLimit, A1["USD"](0));
std::uint32_t uFlags = 0u;
uFlags |= lsfLowDeepFreeze;
sleNew->setFieldU32(sfFlags, uFlags);
ac.view().insert(sleNew);
return true;
});
doInvariantCheck(
{{"a trust line with deep freeze flag without normal freeze was "
"created"}},
[](Account const& A1, Account const& A2, ApplyContext& ac) {
auto const sleNew = std::make_shared<SLE>(
keylet::line(A1, A2, A1["USD"].currency));
sleNew->setFieldAmount(sfLowLimit, A1["USD"](0));
sleNew->setFieldAmount(sfHighLimit, A1["USD"](0));
std::uint32_t uFlags = 0u;
uFlags |= lsfHighDeepFreeze;
sleNew->setFieldU32(sfFlags, uFlags);
ac.view().insert(sleNew);
return true;
});
doInvariantCheck(
{{"a trust line with deep freeze flag without normal freeze was "
"created"}},
[](Account const& A1, Account const& A2, ApplyContext& ac) {
auto const sleNew = std::make_shared<SLE>(
keylet::line(A1, A2, A1["USD"].currency));
sleNew->setFieldAmount(sfLowLimit, A1["USD"](0));
sleNew->setFieldAmount(sfHighLimit, A1["USD"](0));
std::uint32_t uFlags = 0u;
uFlags |= lsfLowDeepFreeze | lsfHighDeepFreeze;
sleNew->setFieldU32(sfFlags, uFlags);
ac.view().insert(sleNew);
return true;
});
doInvariantCheck(
{{"a trust line with deep freeze flag without normal freeze was "
"created"}},
[](Account const& A1, Account const& A2, ApplyContext& ac) {
auto const sleNew = std::make_shared<SLE>(
keylet::line(A1, A2, A1["USD"].currency));
sleNew->setFieldAmount(sfLowLimit, A1["USD"](0));
sleNew->setFieldAmount(sfHighLimit, A1["USD"](0));
std::uint32_t uFlags = 0u;
uFlags |= lsfLowDeepFreeze | lsfHighFreeze;
sleNew->setFieldU32(sfFlags, uFlags);
ac.view().insert(sleNew);
return true;
});
doInvariantCheck(
{{"a trust line with deep freeze flag without normal freeze was "
"created"}},
[](Account const& A1, Account const& A2, ApplyContext& ac) {
auto const sleNew = std::make_shared<SLE>(
keylet::line(A1, A2, A1["USD"].currency));
sleNew->setFieldAmount(sfLowLimit, A1["USD"](0));
sleNew->setFieldAmount(sfHighLimit, A1["USD"](0));
std::uint32_t uFlags = 0u;
uFlags |= lsfLowFreeze | lsfHighDeepFreeze;
sleNew->setFieldU32(sfFlags, uFlags);
ac.view().insert(sleNew);
return true;
});
}
void
testTransfersNotFrozen()
{
using namespace test::jtx;
testcase << "transfers when frozen";
Account G1{"G1"};
// Helper function to establish the trustlines
auto const createTrustlines =
[&](Account const& A1, Account const& A2, Env& env) {
// Preclose callback to establish trust lines with gateway
env.fund(XRP(1000), G1);
env.trust(G1["USD"](10000), A1);
env.trust(G1["USD"](10000), A2);
env.close();
env(pay(G1, A1, G1["USD"](1000)));
env(pay(G1, A2, G1["USD"](1000)));
env.close();
return true;
};
auto const A1FrozenByIssuer =
[&](Account const& A1, Account const& A2, Env& env) {
createTrustlines(A1, A2, env);
env(trust(G1, A1["USD"](10000), tfSetFreeze));
env.close();
return true;
};
auto const A1DeepFrozenByIssuer =
[&](Account const& A1, Account const& A2, Env& env) {
A1FrozenByIssuer(A1, A2, env);
env(trust(G1, A1["USD"](10000), tfSetDeepFreeze));
env.close();
return true;
};
auto const changeBalances = [&](Account const& A1,
Account const& A2,
ApplyContext& ac,
int A1Balance,
int A2Balance) {
auto const sleA1 = ac.view().peek(keylet::line(A1, G1["USD"]));
auto const sleA2 = ac.view().peek(keylet::line(A2, G1["USD"]));
sleA1->setFieldAmount(sfBalance, G1["USD"](A1Balance));
sleA2->setFieldAmount(sfBalance, G1["USD"](A2Balance));
ac.view().update(sleA1);
ac.view().update(sleA2);
};
// test: imitating frozen A1 making a payment to A2.
doInvariantCheck(
{{"Attempting to move frozen funds"}},
[&](Account const& A1, Account const& A2, ApplyContext& ac) {
changeBalances(A1, A2, ac, -900, -1100);
return true;
},
XRPAmount{},
STTx{ttPAYMENT, [](STObject& tx) {}},
{tecINVARIANT_FAILED, tefINVARIANT_FAILED},
A1FrozenByIssuer);
// test: imitating deep frozen A1 making a payment to A2.
doInvariantCheck(
{{"Attempting to move frozen funds"}},
[&](Account const& A1, Account const& A2, ApplyContext& ac) {
changeBalances(A1, A2, ac, -900, -1100);
return true;
},
XRPAmount{},
STTx{ttPAYMENT, [](STObject& tx) {}},
{tecINVARIANT_FAILED, tefINVARIANT_FAILED},
A1DeepFrozenByIssuer);
// test: imitating A2 making a payment to deep frozen A1.
doInvariantCheck(
{{"Attempting to move frozen funds"}},
[&](Account const& A1, Account const& A2, ApplyContext& ac) {
changeBalances(A1, A2, ac, -1100, -900);
return true;
},
XRPAmount{},
STTx{ttPAYMENT, [](STObject& tx) {}},
{tecINVARIANT_FAILED, tefINVARIANT_FAILED},
A1DeepFrozenByIssuer);
}
void
testXRPBalanceCheck()
{
@@ -454,6 +640,8 @@ public:
testAccountRootsNotRemoved();
testTypesMatch();
testNoXRPTrustLine();
testNoDeepFreezeTrustLinesWithoutFreeze();
testTransfersNotFrozen();
testXRPBalanceCheck();
testTransactionFeeCheck();
testNoBadOffers();

8
src/test/rpc/AccountLinesRPC_test.cpp
View File

@@ -149,6 +149,12 @@ public:
// Set flags on gw2 trust lines so we can look for them.
env(trust(alice, gw2Currency(0), gw2, tfSetNoRipple | tfSetFreeze));
env(trust(
alice,
gw2Currency(0),
gw2,
tfSetNoRipple | tfSetFreeze | tfSetDeepFreeze));
}
env.close();
LedgerInfo const ledger58Info = env.closed()->info();
@@ -325,6 +331,7 @@ public:
gw2.human() + R"("})");
auto const& line = lines[jss::result][jss::lines][0u];
BEAST_EXPECT(line[jss::freeze].asBool() == true);
BEAST_EXPECT(line[jss::deep_freeze].asBool() == true);
BEAST_EXPECT(line[jss::no_ripple].asBool() == true);
BEAST_EXPECT(line[jss::peer_authorized].asBool() == true);
}
@@ -340,6 +347,7 @@ public:
alice.human() + R"("})");
auto const& lineA = linesA[jss::result][jss::lines][0u];
BEAST_EXPECT(lineA[jss::freeze_peer].asBool() == true);
BEAST_EXPECT(lineA[jss::deep_freeze_peer].asBool() == true);
BEAST_EXPECT(lineA[jss::no_ripple_peer].asBool() == true);
BEAST_EXPECT(lineA[jss::authorized].asBool() == true);