Single Asset Vault

[Bronek]

High Level Overview of Change

This is implementation of XLS-65 Single Asset Vault. First draft was implemented by @thejohnfreeman in #5147

Context of Change

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Performance (increase or change in throughput and/or latency)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

[gregtatcam]

I got compile error on MAC M1 Sequoia 15.1.1, apple clang 16.0.0

xrpl/json/json_value.h:705:5: error: constexpr function's return type 'Value' is not a literal type
705 |     operator()(T&& t) const
xrpl/json/json_value.h:148:7: note: 'Value' is not literal because it is not an aggregate and has no constexpr constructors other than copy or move constructors
148 | class Value

[gregtatcam]

There are a few warnings, of which the most common is:

xrpl/protocol/STIssue.h:49:5: warning: definition of implicit copy constructor for 'STIssue' is deprecated because it has a user-declared copy assignment operator [-Wdeprecated-copy]
   49 |     operator=(STIssue const& rhs) = default; 

And once the compile error is fixed (remove constexpr in to_json_fn::operator() return value), there are VaultDelete unit-tests failures.

[Bronek]

There are a few warnings, of which the most common is:

xrpl/protocol/STIssue.h:49:5: warning: definition of implicit copy constructor for 'STIssue' is deprecated because it has a user-declared copy assignment operator [-Wdeprecated-copy]
   49 |     operator=(STIssue const& rhs) = default; 

And once the compile error is fixed (remove constexpr in to_json_fn::operator() return value), there are VaultDelete unit-tests failures.

This is fixed now. The VaultDelete still needs to be fixed, but for the time being I've commented the failing test out. Compilation errors in clang 16 fixed, also simplified json_value.h a little.

[codecov]

Codecov Report

Attention: Patch coverage is 75.51582% with 178 lines in your changes missing coverage. Please review.

Project coverage is 78.0%. Comparing base (ed4870c) to head (02dec4f).

Files with missing lines	Patch %	Lines
src/xrpld/app/misc/CredentialHelpers.cpp	21.6%	40 Missing ⚠️
src/xrpld/ledger/detail/View.cpp	85.1%	21 Missing ⚠️
src/xrpld/app/tx/detail/VaultDeposit.cpp	70.8%	19 Missing ⚠️
src/xrpld/app/tx/detail/VaultCreate.cpp	78.8%	18 Missing ⚠️
src/xrpld/app/tx/detail/VaultClawback.cpp	69.8%	16 Missing ⚠️
src/xrpld/app/tx/detail/VaultSet.cpp	68.9%	14 Missing ⚠️
src/xrpld/app/tx/detail/VaultWithdraw.cpp	70.7%	12 Missing ⚠️
src/xrpld/app/tx/detail/VaultDelete.cpp	80.0%	9 Missing ⚠️
src/libxrpl/protocol/STNumber.cpp	77.1%	8 Missing ⚠️
src/xrpld/app/tx/detail/MPTokenAuthorize.cpp	78.9%	4 Missing ⚠️
... and 6 more

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #5224     +/-   ##
=========================================
- Coverage     78.0%   78.0%   -0.0%     
=========================================
  Files          789     801     +12     
  Lines        67007   67593    +586     
  Branches      8110    8175     +65     
=========================================
+ Hits         52274   52707    +433     
- Misses       14733   14886    +153     

Files with missing lines	Coverage Δ
include/xrpl/json/json_value.h	98.5% <ø> (ø)
include/xrpl/protocol/AMMCore.h	100.0% <ø> (ø)
include/xrpl/protocol/Asset.h	95.2% <100.0%> (+0.5%)	⬆️
include/xrpl/protocol/Feature.h	100.0% <ø> (ø)
include/xrpl/protocol/IOUAmount.h	100.0% <ø> (ø)
include/xrpl/protocol/Indexes.h	100.0% <100.0%> (ø)
include/xrpl/protocol/MPTAmount.h	100.0% <ø> (ø)
include/xrpl/protocol/MPTIssue.h	100.0% <100.0%> (ø)
include/xrpl/protocol/SField.h	100.0% <ø> (ø)
include/xrpl/protocol/STAmount.h	95.5% <100.0%> (+0.3%)	⬆️
... and 44 more

... and 6 files with indirect coverage changes

[gregtatcam]

I took a first pass at the review. It looks overall pretty good.
I still need to review the Vault unit-tests.

[gregtatcam]

AssetTotal, AssetAvailable, LossUnrealized are marked as required in the specifications.

[gregtatcam]

Also, AssetTotal, AssetMaximum, and AssetAvailable are plural in the specifications - AssetsTotal, AssetsMaximum, and AssetsAvailable.

[gregtatcam]

NVM the first comment. These fields have a default value.

[gregtatcam]

Are these three fields slated for SAV v1 and just not implemented yet?

[thejohnfreeman]

• ShareTotal is not going to be implemented. We decided to just use the bookkeeping in mptIssuance(vault.sfMPTIssuanceID).sfOutstandingAmount. However, the RPC for ledger_object (or whatever it's called) needs to join that field in the result.
• Right now, there is only one WithdrawalPolicy. IMO, it can be added (and tested) once a second is introduced.
• PermissionedDomainID is planned for v1, but isn't yet available in develop. Its PR (Permissioned Domains (XLS-80d) #5161) needs to be merged with this branch.

[gregtatcam]

According to the specs there should be a check added for a frozen trustline.

[gregtatcam]

Why is this block of code commented out?

[thejohnfreeman]

I was in the middle of tracking down a bug in this transaction.

[gregtatcam]

consider renaming to ammAccountId to emphasize that this AMM's pseudo account.

[gregtatcam]

Should add comments for the Vault.

[gregtatcam]

If we do decide to go ahead with these changes (here and in MPTokenIssuance[Create,Destroy] then any return code changes have to be amendment gated. It makes sense for @shawnxie999 to review.

[gregtatcam]

This is copied from the original implementation of amountFromString() but this check is missing:

 if ((match[2].length() + match[4].length()) > 32)
    Throw<std::runtime_error>("Number '" + amount + "' is overlong");

[thejohnfreeman]

I don't have access to the Slack any more, but I had asked about this there and explained why I left it out.

[Bronek]

thanks @thejohnfreeman , I found it

separately, that function has a CHECKME about its length check. it checks that the non-fractional and fractional strings do not concatenate longer than 32 characters. the CHECKME asks if that should be 16 characters. I'm guessing this check is to make sure the base-10 digit string can be parsed into an unsigned integer 64 bits long, but both of those lengths are wrong. 2^64 - 1 has a decimal representation that is 20 digits long. of course you can't put just any digits in those 20 places, but this length check seems misguided anyway, because the parsing is handled by beast::lexicalCastThrow, which will throw if the string overflows 64 bits unsigned. am I reading this right?

[gregtatcam]

I think the following unit-tests are missing:

• Vault feature disabled for all transactors
• Invalid flags for all transactors (except for set:tfVaultPrivate)
• Insufficient fee (except for create)
• Vault is not found (except for delete)
• Set:
  • Data too large
• Deposit:
  • Deposit into private vault
  • Amount to deposit is not the vault's asset
  • Checking for the reserve if the depositor doesn't have MPToken for the Vault shares
• Withdraw
  • Amount to withdraw is not the vault's asset
  • Vault is private
• Clawback:
  • Amount to clawback is not the vault's asset
  • Insufficient funds to withdraw