fix amendment: flag check for credentials

[oleks-rip]

High Level Overview of Change

Add transaction flag checking functionality for Credentials

Context of Change

CredentialCreate / CredentialAccept / CredentialDelete transactions will check sfFlags field in preflight()

Type of Change

• Bug fix (non-breaking change which fixes an issue)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.2%. Comparing base (8103459) to head (80e9e62).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff           @@
##           develop   #5250   +/-   ##
=======================================
  Coverage     78.1%   78.2%           
=======================================
  Files          790     790           
  Lines        67622   67638   +16     
  Branches      8163    8163           
=======================================
+ Hits         52844   52862   +18     
+ Misses       14778   14776    -2     

Files with missing lines	Coverage Δ
include/xrpl/protocol/Feature.h	100.0% <ø> (ø)
src/xrpld/app/tx/detail/Credentials.cpp	96.9% <100.0%> (+0.2%)	⬆️
src/xrpld/app/tx/detail/SetSignerList.cpp	91.8% <100.0%> (+0.2%)	⬆️

... and 2 files with indirect coverage changes

[dangell7]

The flag check is also missing on other transactions. Should we add the flag check to other transactions as well? I believe the other one is SignerListSet.

[Bronek]

@dangell7 makes sense, but it should be a different amendment (we do not want this amendment to be rejected by operators, because of compatibility anxiety)

[mvadari]

@dangell7 makes sense, but it should be a different amendment (we do not want this amendment to be rejected by operators, because of compatibility anxiety)

I disagree @Bronek - I think we should cover everything in one amendment.

[Bronek]

@dangell7 makes sense, but it should be a different amendment (we do not want this amendment to be rejected by operators, because of compatibility anxiety)

I disagree @Bronek - I think we should cover everything in one amendment.

Fair enough. I am not going to oppose strongly, just wary of scope creep.

[mvadari]

@dangell7 makes sense, but it should be a different amendment (we do not want this amendment to be rejected by operators, because of compatibility anxiety)

I disagree @Bronek - I think we should cover everything in one amendment.

Fair enough. I am not going to oppose strongly, just wary of scope creep.

My concern is about amendment count creep - needing a separate amendment just to add one additional check feels kind of dumb. Agree that scope creep is a concern, but IMO this slight scope creep is fine (and I wouldn't want to expand it further).

New name is good. I have not done a full review, so I'm not going to approve. Since my issue has been addressed, I'm just going to dismiss my review.

[mvadari]

Suggested change

	XRPL_FIX (TransactionFlags, Supported::yes, VoteBehavior::DefaultNo)
	XRPL_FIX (InvalidFlags, Supported::yes, VoteBehavior::DefaultNo)

Something like this maybe? So it's clearer what's being fixed

[oleks-rip]

Not so clear - it feels like we testing flag values themselves if they are valid or not.

[mvadari]

Right, so you're now actually erroring for invalid flags.

[oleks-rip]

Not exact. One case - Transaction can fail with valid flag, which not processing by it, that's what we are testing.
And another case when someone can create flag value that is not acceptable as a single flag. For example binary value 011. Or value that is already occupied.

[mvadari]

I'm thinking from the perspective of someone who sees fixTransactionFlags by itself and doesn't look into the code (which will be the vast majority of people). That's confusing to me. vs fixInvalidFlags is clearer to me about what it's fixing - flags that are invalid are being handled properly now.

[oleks-rip]

Exact the same reason, but opposite conclusion for me :-) fixInvalidFlags is dedicated to flags type/values checks, and fixTransactionFlags directly point that it has something to do with flags in transactions

[mvadari]

What if we combine them? fixInvalidTxFlags

[oleks-rip]

I think "fix invalid" is a bit overkill phrase. Fixing something is implying that it is invalid/incorrect/wrong. So fixInvalidFlags is equal to fixFlags by its meaning. Which is less informative than fixTransactionFlags.

[brettmollin]

For the community I think I would err on the side of over kill and go with fixInvalidTxFlags

[oleks-rip]

ok

[oleks-rip]

@Bronek @mvadari there is also Change transaction which doesn't check for flag combination (but use some of them). But this tx is not so common, it doesn't documented on the SITE and I didn't found it usage. Do you know more about it and should it check for flags or not?

[Bronek]

@Bronek @mvadari there is also Change transaction which doesn't check for flag combination (but use some of them). But this tx is not so common, it doesn't documented on the SITE and I didn't found it usage. Do you know more about it and should it check for flags or not?

It is a pseudo-transaction, responsible for all of:

using EnableAmendment = Change;
using SetFee = Change;
using UNLModify = Change;

I agree we should enforce its flags, and since this PR has mutated to enforcing flags perhaps it is also the right place to add enforcement to this PR.

There is a caveat: the enforcement of flags (as seen in this PR) is subject to amendment voting, and this Change transaction, as seen above, is a key part of the amendment voting process, so we could potentially break amendment voting by voting this change in. Would be good to have a 3rd opinion here, maybe @JoelKatz can comment.

[ximinez]

I agree we should enforce its flags, and since this PR has mutated to enforcing flags perhaps it is also the right place to add enforcement to this PR.

There is a caveat: the enforcement of flags (as seen in this PR) is subject to amendment voting, and this Change transaction, as seen above, is a key part of the amendment voting process, so we could potentially break amendment voting by voting this change in. Would be good to have a 3rd opinion here, maybe @JoelKatz can comment.

It wouldn't hurt to add the check, as long as it's gated by the amendment. Technically, amendments are not active until the ledger after the EnableAmendment is processed.

However, it's probably not necessary, because there are only two ways a node is ever going to process a pseudo-transaction:

1. It generates it itself.
2. It is in the proposed transaction set from a majority of the UNL. Each of the UNL nodes are going to generate the transaction itself.

In other words, user input is never going to result in a valid pseudo-transaction, so they are much less likely to have invalid flags.

Conclusion: It may not be necessary, but it wouldn't hurt.

[oleks-rip]

Conclusion: It may not be necessary, but it wouldn't hurt.

So better skip it to not to introduce some hidden bug

[oleks-rip]

ready to merge