Transfers confidential MPT tokens between holders privately. More...
#include <ConfidentialMPTSend.h>
Public Types | |
| enum class | ConsequencesFactoryType { Normal , Blocker , Custom } |
Public Member Functions | |
| ConfidentialMPTSend (ApplyContext &ctx) | |
| TER | doApply () override |
| void | visitInvariantEntry (bool isDelete, std::shared_ptr< SLE const > const &before, std::shared_ptr< SLE const > const &after) override |
| bool | finalizeInvariants (STTx const &tx, TER result, XRPAmount fee, ReadView const &view, beast::Journal const &j) override |
| Check transaction-specific post-conditions after all entries have been visited. | |
| ApplyResult | operator() () |
| Process the transaction. | |
| ApplyView & | view () |
| ApplyView const & | view () const |
| TER | checkInvariants (TER result, XRPAmount fee) |
| Check all invariants for the current transaction. | |
Static Public Member Functions | |
| static bool | checkExtraFeatures (PreflightContext const &ctx) |
| static NotTEC | preflight (PreflightContext const &ctx) |
| static XRPAmount | calculateBaseFee (ReadView const &view, STTx const &tx) |
| static TER | preclaim (PreclaimContext const &ctx) |
| static NotTEC | checkSeqProxy (ReadView const &view, STTx const &tx, beast::Journal j) |
| static NotTEC | checkPriorTxAndLastLedger (PreclaimContext const &ctx) |
| static TER | checkFee (PreclaimContext const &ctx, XRPAmount baseFee) |
| static NotTEC | checkSign (PreclaimContext const &ctx) |
| static NotTEC | checkBatchSign (PreclaimContext const &ctx) |
| static XRPAmount | calculateBaseFee (ReadView const &view, STTx const &tx, std::uint32_t extraBaseFeeMultiplier) |
| template<class T> | |
| static NotTEC | invokePreflight (PreflightContext const &ctx) |
| template<> | |
| NotTEC | invokePreflight (PreflightContext const &ctx) |
| template<> | |
| NotTEC | invokePreflight (PreflightContext const &ctx) |
| static NotTEC | checkGranularSemantics (ReadView const &view, STTx const &tx, std::unordered_set< GranularPermissionType > const &heldGranularPermissions) |
| This function can be overridden to introduce additional semantic constraints beyond the granular template validation for granular permissions. | |
| template<class T> | |
| static NotTEC | invokeCheckPermission (ReadView const &view, STTx const &tx) |
| Checks whether the transaction is authorized to be executed by the delegated account. | |
| static TER | ticketDelete (ApplyView &view, AccountID const &account, uint256 const &ticketIndex, beast::Journal j) |
Static Public Attributes | |
| static constexpr auto | kConsequencesFactory = ConsequencesFactoryType::Normal |
Protected Member Functions | |
| TER | apply () |
| virtual void | preCompute () |
| virtual void | visitInvariantEntry (bool isDelete, SLE::const_ref before, SLE::const_ref after)=0 |
| Inspect a single ledger entry modified by this transaction. | |
Static Protected Member Functions | |
| static NotTEC | checkSign (ReadView const &view, ApplyFlags flags, std::optional< uint256 const > const &parentBatchId, AccountID const &idAccount, STObject const &sigObject, beast::Journal const j) |
| static XRPAmount | minimumFee (ServiceRegistry ®istry, XRPAmount baseFee, Fees const &fees, ApplyFlags flags) |
| Compute the minimum fee required to process a transaction with a given baseFee based on the current server load. | |
| static XRPAmount | calculateOwnerReserveFee (ReadView const &view, STTx const &tx) |
| static std::uint32_t | getFlagsMask (PreflightContext const &ctx) |
| static NotTEC | preflightSigValidated (PreflightContext const &ctx) |
| static bool | validDataLength (std::optional< Slice > const &slice, std::size_t maxLength) |
| template<class T> | |
| static bool | validNumericRange (std::optional< T > value, T max, T min=T{}) |
| template<class T, class Unit> | |
| static bool | validNumericRange (std::optional< T > value, unit::ValueUnit< Unit, T > max, unit::ValueUnit< Unit, T > min=unit::ValueUnit< Unit, T >{}) |
| template<class T> | |
| static bool | validNumericMinimum (std::optional< T > value, T min=T{}) |
| Minimum will usually be zero. | |
| template<class T, class Unit> | |
| static bool | validNumericMinimum (std::optional< T > value, unit::ValueUnit< Unit, T > min=unit::ValueUnit< Unit, T >{}) |
| Minimum will usually be zero. | |
Protected Attributes | |
| ApplyContext & | ctx_ |
| beast::WrappedSink | sink_ |
| beast::Journal const | j_ |
| AccountID const | accountID_ |
| XRPAmount | preFeeBalance_ {} |
Private Member Functions | |
| std::pair< TER, XRPAmount > | reset (XRPAmount fee) |
| Reset the context, discarding any changes made and adjust the fee. | |
| TER | consumeSeqProxy (SLE::pointer const &sleAccount) |
| TER | payFee () |
| std::tuple< TER, XRPAmount, bool > | processPersistentChanges (TER result, XRPAmount fee) |
| void | trapTransaction (uint256) const |
| TER | checkTransactionInvariants (TER result, XRPAmount fee) |
| Check transaction-specific invariants only. | |
Static Private Member Functions | |
| static NotTEC | checkPermission (ReadView const &view, STTx const &tx, std::unordered_set< GranularPermissionType > &heldGranularPermissions) |
| static NotTEC | checkSingleSign (ReadView const &view, AccountID const &idSigner, AccountID const &idAccount, SLE::const_pointer sleAccount, beast::Journal const j) |
| static NotTEC | checkMultiSign (ReadView const &view, ApplyFlags flags, AccountID const &id, STObject const &sigObject, beast::Journal const j) |
| static NotTEC | preflight1 (PreflightContext const &ctx, std::uint32_t flagMask) |
| Performs early sanity checks on the account and fee fields. | |
| static NotTEC | preflight2 (PreflightContext const &ctx) |
| Checks whether the signature appears valid. | |
| static NotTEC | preflightUniversal (PreflightContext const &ctx) |
| Universal validations. | |
Detailed Description
Transfers confidential MPT tokens between holders privately.
This transaction enables private token transfers where the transfer amount is hidden from public view. Both sender and recipient must have initialized confidential balances. The transaction provides encrypted amounts for all parties (sender, destination, issuer, and optionally auditor) along with zero-knowledge proofs that verify correctness without revealing the amount.
- Cryptographic Operations:
- Multi-Ciphertext Equality Proof: Verifies that all encrypted amounts (sender, destination, issuer, auditor) encrypt the same plaintext value.
- Amount Pedersen Linkage Proof: Verifies that the amount commitment correctly links to the sender's encrypted amount.
- Balance Pedersen Linkage Proof: Verifies that the balance commitment correctly links to the sender's encrypted spending balance.
- Bulletproof Range Proof: Verifies remaining balance and transfer amount are non-negative.
- Note
- Funds are deposited into the destination's inbox, not spending balance. The recipient must call ConfidentialMPTMergeInbox to make received funds spendable.
Definition at line 33 of file tx/transactors/token/ConfidentialMPTSend.h.
Member Enumeration Documentation
◆ ConsequencesFactoryType
|
stronginherited |
| Enumerator | |
|---|---|
| Normal | |
| Blocker | |
| Custom | |
Definition at line 129 of file Transactor.h.
Constructor & Destructor Documentation
◆ ConfidentialMPTSend()
|
explicit |
Definition at line 38 of file tx/transactors/token/ConfidentialMPTSend.h.
Member Function Documentation
◆ checkExtraFeatures()
|
static |
Definition at line 26 of file ConfidentialMPTSend.cpp.
◆ preflight()
|
static |
Definition at line 32 of file ConfidentialMPTSend.cpp.
◆ calculateBaseFee() [1/2]
|
static |
Definition at line 95 of file ConfidentialMPTSend.cpp.
◆ preclaim()
|
static |
Definition at line 156 of file ConfidentialMPTSend.cpp.
◆ doApply()
|
overridevirtual |
Implements xrpl::Transactor.
Definition at line 277 of file ConfidentialMPTSend.cpp.
◆ visitInvariantEntry() [1/2]
|
override |
Definition at line 427 of file ConfidentialMPTSend.cpp.
◆ finalizeInvariants()
|
nodiscardoverridevirtual |
Check transaction-specific post-conditions after all entries have been visited.
Called once after every modified ledger entry has been passed to visitInvariantEntry. Returns true if all transaction-specific invariants hold, or false to fail the transaction with tecINVARIANT_FAILED.
- Parameters
-
tx the transaction being applied. result the tentative TER result so far. fee the fee consumed by the transaction. view read-only view of the ledger after the transaction. j journal for logging invariant failures.
- Returns
- true if all invariants pass; false otherwise.
Implements xrpl::Transactor.
Definition at line 435 of file ConfidentialMPTSend.cpp.
◆ operator()()
|
inherited |
Process the transaction.
Definition at line 1318 of file Transactor.cpp.
◆ view() [1/2]
|
inherited |
Definition at line 136 of file Transactor.h.
◆ view() [2/2]
|
nodiscardinherited |
Definition at line 142 of file Transactor.h.
◆ checkInvariants()
Check all invariants for the current transaction.
Runs transaction-specific invariants first (visitInvariantEntry + finalizeInvariants), then protocol-level invariants. Both layers always run; the worst failure code is returned.
- Parameters
-
result the tentative TER from transaction processing. fee the fee consumed by the transaction.
- Returns
- the final TER after all invariant checks.
Definition at line 1301 of file Transactor.cpp.
◆ checkSeqProxy()
|
staticinherited |
Definition at line 487 of file Transactor.cpp.
◆ checkPriorTxAndLastLedger()
|
staticinherited |
Definition at line 552 of file Transactor.cpp.
◆ checkFee()
|
staticinherited |
Definition at line 400 of file Transactor.cpp.
◆ checkSign() [1/2]
|
staticinherited |
Definition at line 771 of file Transactor.cpp.
◆ checkSign() [2/2]
|
staticprotectedinherited |
Definition at line 705 of file Transactor.cpp.
◆ checkBatchSign()
|
staticinherited |
Definition at line 779 of file Transactor.cpp.
◆ calculateBaseFee() [2/2]
|
staticinherited |
Definition at line 360 of file Transactor.cpp.
◆ invokePreflight() [1/3]
|
staticinherited |
Definition at line 530 of file Transactor.h.
◆ invokePreflight() [2/3]
|
staticinherited |
◆ invokePreflight() [3/3]
|
staticinherited |
Definition at line 33 of file Change.cpp.
◆ checkGranularSemantics()
|
staticinherited |
This function can be overridden to introduce additional semantic constraints beyond the granular template validation for granular permissions.
It is called by the base invokeCheckPermission method only after the transaction has successfully passed checkGranularSandbox.
Definition at line 238 of file Transactor.h.
◆ invokeCheckPermission()
|
staticinherited |
Checks whether the transaction is authorized to be executed by the delegated account.
This function enforces the strict permission check hierarchy. It is explicitly designed NOT to be overridden. Derived transactors must instead implement checkGranularSemantics to add custom validation logic for granular permissions.
The evaluation proceeds as follows:
- If transaction-level permission is granted, the function immediately returns tesSUCCESS.
- If transaction-level permission is not granted, the function checks whether the transaction matches the granular permission template defined in permissions.macro. If it does, it then calls checkGranularSemantics to perform any additional, fine-grained validation.
Definition at line 261 of file Transactor.h.
◆ ticketDelete()
|
staticinherited |
Definition at line 597 of file Transactor.cpp.
◆ apply()
|
protectedinherited |
Definition at line 669 of file Transactor.cpp.
◆ preCompute()
|
protectedvirtualinherited |
Reimplemented in xrpl::Change, and xrpl::SignerListSet.
Definition at line 663 of file Transactor.cpp.
◆ visitInvariantEntry() [2/2]
|
protectedpure virtualinherited |
Inspect a single ledger entry modified by this transaction.
Called once for every SLE created, modified, or deleted by the transaction, before finalizeInvariants. Implementations should accumulate whatever state they need to verify transaction-specific post-conditions.
- Parameters
-
isDelete true if the entry was erased from the ledger. before the entry's state before the transaction (nullptr for newly created entries). after the entry's state as supplied by the apply logic for this transaction. For deletions, this is the SLE being erased and is not guaranteed to be null; callers must use isDelete rather than after == nullptr to detect deletions.
Implemented in xrpl::AccountDelete, xrpl::AccountSet, xrpl::AMMBid, xrpl::AMMClawback, xrpl::AMMCreate, xrpl::AMMDelete, xrpl::AMMDeposit, xrpl::AMMVote, xrpl::AMMWithdraw, xrpl::Batch, xrpl::BridgeModify, xrpl::Change, xrpl::CheckCancel, xrpl::CheckCash, xrpl::CheckCreate, xrpl::Clawback, xrpl::CredentialAccept, xrpl::CredentialCreate, xrpl::CredentialDelete, xrpl::DelegateSet, xrpl::DepositPreauth, xrpl::DIDDelete, xrpl::DIDSet, xrpl::EscrowCancel, xrpl::EscrowCreate, xrpl::EscrowFinish, xrpl::LedgerStateFix, xrpl::LoanBrokerCoverClawback, xrpl::LoanBrokerCoverDeposit, xrpl::LoanBrokerCoverWithdraw, xrpl::LoanBrokerDelete, xrpl::LoanBrokerSet, xrpl::LoanDelete, xrpl::LoanManage, xrpl::LoanPay, xrpl::LoanSet, xrpl::MPTokenAuthorize, xrpl::MPTokenIssuanceCreate, xrpl::MPTokenIssuanceDestroy, xrpl::MPTokenIssuanceSet, xrpl::NFTokenAcceptOffer, xrpl::NFTokenBurn, xrpl::NFTokenCancelOffer, xrpl::NFTokenCreateOffer, xrpl::NFTokenMint, xrpl::NFTokenModify, xrpl::OfferCancel, xrpl::OfferCreate, xrpl::OracleDelete, xrpl::OracleSet, xrpl::Payment, xrpl::PaymentChannelClaim, xrpl::PaymentChannelCreate, xrpl::PaymentChannelFund, xrpl::PermissionedDomainDelete, xrpl::PermissionedDomainSet, xrpl::SetRegularKey, xrpl::SignerListSet, xrpl::TicketCreate, xrpl::TrustSet, xrpl::VaultClawback, xrpl::VaultCreate, xrpl::VaultDelete, xrpl::VaultDeposit, xrpl::VaultSet, xrpl::VaultWithdraw, xrpl::XChainAddAccountCreateAttestation, xrpl::XChainAddClaimAttestation, xrpl::XChainClaim, xrpl::XChainCommit, xrpl::XChainCreateAccountCommit, xrpl::XChainCreateBridge, and xrpl::XChainCreateClaimID.
◆ minimumFee()
|
staticprotectedinherited |
Compute the minimum fee required to process a transaction with a given baseFee based on the current server load.
- Parameters
-
registry The service registry. baseFee The base fee of a candidate transaction
- See also
- xrpl::calculateBaseFee
- Parameters
-
fees Fee settings from the current ledger flags Transaction processing fees
Definition at line 390 of file Transactor.cpp.
◆ calculateOwnerReserveFee()
|
staticprotectedinherited |
Definition at line 370 of file Transactor.cpp.
◆ getFlagsMask()
|
staticprotectedinherited |
Definition at line 300 of file Transactor.cpp.
◆ preflightSigValidated()
|
staticprotectedinherited |
Definition at line 306 of file Transactor.cpp.
◆ validDataLength()
|
staticprotectedinherited |
Definition at line 292 of file Transactor.cpp.
◆ validNumericRange() [1/2]
|
staticprotectedinherited |
Definition at line 559 of file Transactor.h.
◆ validNumericRange() [2/2]
|
staticprotectedinherited |
Definition at line 568 of file Transactor.h.
◆ validNumericMinimum() [1/2]
|
staticprotectedinherited |
Minimum will usually be zero.
Definition at line 578 of file Transactor.h.
◆ validNumericMinimum() [2/2]
|
staticprotectedinherited |
Minimum will usually be zero.
Definition at line 587 of file Transactor.h.
◆ checkPermission()
|
staticprivateinherited |
Definition at line 312 of file Transactor.cpp.
◆ reset()
Reset the context, discarding any changes made and adjust the fee.
- Parameters
-
fee The transaction fee to be charged.
- Returns
- A pair containing the transaction result and the actual fee charged.
Definition at line 1098 of file Transactor.cpp.
◆ consumeSeqProxy()
|
privateinherited |
Definition at line 580 of file Transactor.cpp.
◆ payFee()
|
privateinherited |
Definition at line 467 of file Transactor.cpp.
◆ processPersistentChanges()
|
privateinherited |
Definition at line 1155 of file Transactor.cpp.
◆ checkSingleSign()
|
staticprivateinherited |
Definition at line 823 of file Transactor.cpp.
◆ checkMultiSign()
|
staticprivateinherited |
Definition at line 855 of file Transactor.cpp.
◆ trapTransaction()
|
privateinherited |
Definition at line 1149 of file Transactor.cpp.
◆ preflight1()
|
staticprivateinherited |
Performs early sanity checks on the account and fee fields.
(And passes flagMask to preflight0)
Do not try to call preflight1 from preflight() in derived classes. See the description of invokePreflight for details.
Definition at line 173 of file Transactor.cpp.
◆ preflight2()
|
staticprivateinherited |
Checks whether the signature appears valid.
Do not try to call preflight2 from preflight() in derived classes. See the description of invokePreflight for details.
Definition at line 237 of file Transactor.cpp.
◆ preflightUniversal()
|
staticprivateinherited |
Universal validations.
-
Do not try to call preflightUniversal from preflight() in derived classes. See the description of invokePreflight for details.
Definition at line 273 of file Transactor.cpp.
◆ checkTransactionInvariants()
|
nodiscardprivateinherited |
Check transaction-specific invariants only.
Walks every modified ledger entry via visitInvariantEntry, then calls finalizeInvariants on the derived transactor. Returns tecINVARIANT_FAILED if any transaction invariant is violated.
- Parameters
-
result the tentative TER from transaction processing. fee the fee consumed by the transaction.
- Returns
- the original result if all invariants pass, or tecINVARIANT_FAILED otherwise.
Definition at line 1267 of file Transactor.cpp.
Member Data Documentation
◆ kConsequencesFactory
|
staticconstexpr |
Definition at line 36 of file tx/transactors/token/ConfidentialMPTSend.h.
◆ ctx_
|
protectedinherited |
Definition at line 116 of file Transactor.h.
◆ sink_
|
protectedinherited |
Definition at line 117 of file Transactor.h.
◆ j_
|
protectedinherited |
Definition at line 118 of file Transactor.h.
◆ accountID_
|
protectedinherited |
Definition at line 120 of file Transactor.h.
◆ preFeeBalance_
|
protectedinherited |
Definition at line 121 of file Transactor.h.
Generated by
1.16.1