Single Asset Vault

[Bronek]

High Level Overview of Change

This is implementation of XLS-65 Single Asset Vault. First draft was implemented by @thejohnfreeman in #5147

Context of Change

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Performance (increase or change in throughput and/or latency)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

[gregtatcam]

I got compile error on MAC M1 Sequoia 15.1.1, apple clang 16.0.0

xrpl/json/json_value.h:705:5: error: constexpr function's return type 'Value' is not a literal type
705 |     operator()(T&& t) const
xrpl/json/json_value.h:148:7: note: 'Value' is not literal because it is not an aggregate and has no constexpr constructors other than copy or move constructors
148 | class Value

[gregtatcam]

There are a few warnings, of which the most common is:

xrpl/protocol/STIssue.h:49:5: warning: definition of implicit copy constructor for 'STIssue' is deprecated because it has a user-declared copy assignment operator [-Wdeprecated-copy]
   49 |     operator=(STIssue const& rhs) = default; 

And once the compile error is fixed (remove constexpr in to_json_fn::operator() return value), there are VaultDelete unit-tests failures.

[Bronek]

There are a few warnings, of which the most common is:

xrpl/protocol/STIssue.h:49:5: warning: definition of implicit copy constructor for 'STIssue' is deprecated because it has a user-declared copy assignment operator [-Wdeprecated-copy]
   49 |     operator=(STIssue const& rhs) = default; 

And once the compile error is fixed (remove constexpr in to_json_fn::operator() return value), there are VaultDelete unit-tests failures.

This is fixed now. The VaultDelete still needs to be fixed, but for the time being I've commented the failing test out. Compilation errors in clang 16 fixed, also simplified json_value.h a little.

[codecov]

Codecov Report

Attention: Patch coverage is 75.19873% with 156 lines in your changes missing coverage. Please review.

Project coverage is 77.9%. Comparing base (49e0d54) to head (241429b).

Files with missing lines	Patch %	Lines
src/xrpld/ledger/detail/View.cpp	69.4%	41 Missing ⚠️
src/xrpld/app/tx/detail/VaultDelete.cpp	31.8%	30 Missing ⚠️
src/xrpld/app/tx/detail/VaultClawback.cpp	70.8%	14 Missing ⚠️
src/xrpld/app/tx/detail/VaultDeposit.cpp	77.8%	12 Missing ⚠️
src/xrpld/app/tx/detail/VaultWithdraw.cpp	70.7%	12 Missing ⚠️
src/xrpld/app/tx/detail/VaultCreate.cpp	87.5%	9 Missing ⚠️
src/libxrpl/protocol/STNumber.cpp	77.1%	8 Missing ⚠️
src/xrpld/app/tx/detail/VaultSet.cpp	80.0%	6 Missing ⚠️
src/xrpld/app/tx/detail/MPTokenAuthorize.cpp	78.9%	4 Missing ⚠️
src/xrpld/app/tx/detail/MPTokenIssuanceDestroy.cpp	77.8%	4 Missing ⚠️
... and 7 more

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #5224     +/-   ##
=========================================
- Coverage     77.9%   77.9%   -0.0%     
=========================================
  Files          783     795     +12     
  Lines        66707   67202    +495     
  Branches      8140    8179     +39     
=========================================
+ Hits         51964   52317    +353     
- Misses       14743   14885    +142     

Files with missing lines	Coverage Δ
include/xrpl/json/json_value.h	98.5% <ø> (ø)
include/xrpl/protocol/AMMCore.h	100.0% <ø> (ø)
include/xrpl/protocol/Asset.h	95.2% <100.0%> (+0.5%)	⬆️
include/xrpl/protocol/Feature.h	100.0% <ø> (ø)
include/xrpl/protocol/IOUAmount.h	100.0% <ø> (ø)
include/xrpl/protocol/Indexes.h	100.0% <100.0%> (ø)
include/xrpl/protocol/MPTAmount.h	100.0% <ø> (ø)
include/xrpl/protocol/MPTIssue.h	100.0% <100.0%> (ø)
include/xrpl/protocol/SField.h	100.0% <ø> (ø)
include/xrpl/protocol/STAmount.h	95.4% <100.0%> (+0.3%)	⬆️
... and 44 more

... and 8 files with indirect coverage changes

[gregtatcam]

I took a first pass at the review. It looks overall pretty good.
I still need to review the Vault unit-tests.

[gregtatcam]

Why were these moved? It's not a big deal, but unless there is some motivation, I think it's better to keep the code unchanged rather than move it around. It's just easier to see what was actually changed. Just something to consider.

[thejohnfreeman]

I moved them to keep the entries in order of tag value (the second macro argument).

[gregtatcam]

AssetTotal, AssetAvailable, LossUnrealized are marked as required in the specifications.

[gregtatcam]

Also, AssetTotal, AssetMaximum, and AssetAvailable are plural in the specifications - AssetsTotal, AssetsMaximum, and AssetsAvailable.

[gregtatcam]

NVM the first comment. These fields have a default value.

[gregtatcam]

Are these three fields slated for SAV v1 and just not implemented yet?

[thejohnfreeman]

• ShareTotal is not going to be implemented. We decided to just use the bookkeeping in mptIssuance(vault.sfMPTIssuanceID).sfOutstandingAmount. However, the RPC for ledger_object (or whatever it's called) needs to join that field in the result.
• Right now, there is only one WithdrawalPolicy. IMO, it can be added (and tested) once a second is introduced.
• PermissionedDomainID is planned for v1, but isn't yet available in develop. Its PR (Permissioned Domains (XLS-80d) #5161) needs to be merged with this branch.

[gregtatcam]

According to the specs there should be a check added for a frozen trustline.

[gregtatcam]

Should check for nullptr.

[gregtatcam]

Why is this block of code commented out?

[thejohnfreeman]

I was in the middle of tracking down a bug in this transaction.

[gregtatcam]

consider renaming to ammAccountId to emphasize that this AMM's pseudo account.

[gregtatcam]

Should add comments for the Vault.

[gregtatcam]

If we do decide to go ahead with these changes (here and in MPTokenIssuance[Create,Destroy] then any return code changes have to be amendment gated. It makes sense for @shawnxie999 to review.

[gregtatcam]

This is copied from the original implementation of amountFromString() but this check is missing:

 if ((match[2].length() + match[4].length()) > 32)
    Throw<std::runtime_error>("Number '" + amount + "' is overlong");

[thejohnfreeman]

I don't have access to the Slack any more, but I had asked about this there and explained why I left it out.

[gregtatcam]

I think the following unit-tests are missing:

• Vault feature disabled for all transactors
• Invalid flags for all transactors (except for set:tfVaultPrivate)
• Insufficient fee (except for create)
• Vault is not found (except for delete)
• Set:
  • Data too large
• Deposit:
  • Deposit into private vault
  • Amount to deposit is not the vault's asset
  • Checking for the reserve if the depositor doesn't have MPToken for the Vault shares
• Withdraw
  • Amount to withdraw is not the vault's asset
  • Vault is private
• Clawback:
  • Amount to clawback is not the vault's asset
  • Insufficient funds to withdraw