feat: Add MPT support to DEX

[gregtatcam]

High Level Overview of Change

Add MPT support to DEX

Context of Change

Implements XLS-82d

Adds MPT support for the following transactions:

• Payment
• OfferCreate
• CheckCash
• All AMM transactions
• Pathfinding

Retires FlowCross feature.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Performance (increase or change in throughput and/or latency)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

Test Plan

Extended MPToken unit-test to test for basic MPT interactions with DEX.

[codecov]

Codecov Report

❌ Patch coverage is 88.97804% with 261 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.6%. Comparing base (2502bef) to head (97189fb).
⚠️ Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/libxrpl/tx/paths/MPTEndpointStep.cpp	73.3%	87 Missing ⚠️
src/libxrpl/tx/invariants/MPTInvariant.cpp	76.9%	18 Missing ⚠️
src/libxrpl/tx/paths/PaySteps.cpp	87.9%	16 Missing ⚠️
src/libxrpl/tx/transactors/check/CheckCash.cpp	88.1%	15 Missing ⚠️
src/libxrpl/tx/transactors/dex/AMMWithdraw.cpp	87.6%	11 Missing ⚠️
src/libxrpl/ledger/helpers/TokenHelpers.cpp	90.4%	9 Missing ⚠️
include/xrpl/protocol/AmountConversions.h	78.9%	8 Missing ⚠️
src/libxrpl/protocol/STParsedJSON.cpp	81.1%	7 Missing ⚠️
src/libxrpl/tx/transactors/dex/AMMClawback.cpp	85.7%	7 Missing ⚠️
src/libxrpl/tx/transactors/dex/AMMCreate.cpp	92.6%	7 Missing ⚠️
... and 28 more

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #5285     +/-   ##
=========================================
+ Coverage     81.5%   81.6%   +0.1%     
=========================================
  Files          999    1004      +5     
  Lines        74458   75962   +1504     
  Branches      7553    7631     +78     
=========================================
+ Hits         60653   61967   +1314     
- Misses       13805   13995    +190     

Files with missing lines	Coverage Δ
include/xrpl/ledger/OrderBookDB.h	100.0% <ø> (ø)
include/xrpl/ledger/PaymentSandbox.h	100.0% <100.0%> (ø)
include/xrpl/ledger/View.h	100.0% <ø> (ø)
include/xrpl/ledger/helpers/RippleStateHelpers.h	100.0% <ø> (ø)
include/xrpl/protocol/AMMCore.h	100.0% <ø> (ø)
include/xrpl/protocol/Asset.h	97.7% <100.0%> (+1.4%)	⬆️
include/xrpl/protocol/Concepts.h	100.0% <100.0%> (ø)
include/xrpl/protocol/LedgerFormats.h	100.0% <ø> (ø)
include/xrpl/protocol/MPTAmount.h	90.9% <100.0%> (-9.1%)	⬇️
include/xrpl/protocol/MPTIssue.h	100.0% <100.0%> (ø)
... and 127 more

... and 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[shawnxie999]

haven't reviewed the changes but one invariant would be good to have is to ensure that the amount changed for OutstandingBalance in MPTokenIssuance should equal the net change of all the MPTokens modified in the transaction

[shawnxie999]

nit - can exclude line coverage

[shawnxie999]

nit - exclude line cov

[shawnxie999]

nit - exclude line cov

[shawnxie999]

nit - exclude cov

[shawnxie999]

this isn't covered. I believe this function's callers already checked for locking before they reache here so it's unreachable. should be fine to exclude cov but worth double checking

[shawnxie999]

nit - senderBalance is a better name since both sender and receiver can be holders

[shawnxie999]

allowOverflow = (allowOverflow == AllowMPTOverflow::Yes && mptokensV2)
^ is checking for mptokensV2 necessary? AllowMPTOverflow is introduced in this amendment and has a default of No for existing call sites

[gregtatcam]

Offer and AMMOffer must set the overflow to Yes. So we have to check if the amendment is enabled.

[github-actions]

All conflicts have been resolved. Assigned reviewers can now start or resume their review.

[github-actions]

This PR has conflicts, please resolve them in order for the PR to be reviewed.

[github-actions]

All conflicts have been resolved. Assigned reviewers can now start or resume their review.

[gregtatcam]

/ai-review

[xrplf-ai-reviewer]

ℹ️ Note: This is a large diff (1,119,614 chars). Complex issues deep in the diff may receive less attention.

Several high-severity issues flagged inline: null dereference in removeDeletedMPTs, use-after-free race in AssetCache::getMPTs, potential server crash in NFTokenUtils via .get<Issue>() on MPT amounts, and a 0.1% tolerance applied to integer-denominated MPT amounts in checkNear. Additional correctness concerns around deleteAMMMPToken missing outstanding-amount accounting, strict aliasing UB in getMPTIssuer, uninitialized outstanding array, auto-authorization bypass in AMMCreate, and missing MPT issuer validation in path JSON parsing.

Review by Claude Opus 4.6 · Prompt: V12

[xrplf-ai-reviewer]

MPT gets IOU-style 0.1% tolerance instead of exact equality like XRP. Both are integer-denominated assets — under-delivery up to 0.1% would silently pass checkNear.

[xrplf-ai-reviewer]

Copy-paste bug: log says removeDeletedTrustLines but this is removeDeletedMPTs.

Suggested change

	JLOG(viewJ.error()) << "removeDeletedTrustLines: deleted mpts exceed 2 " << mpts.size();
	JLOG(viewJ.error()) << "removeDeletedMPTs: deleted mpts exceed 2 " << mpts.size();

[xrplf-ai-reviewer]

Null dereference if view.peek() returns nullptr: (*sleState)[sfIssuer] crashes.

Suggested change

	deleteAMMMPToken(view, sleState, (*sleState)[sfIssuer], viewJ) != tesSUCCESS)
	sleState && deleteAMMMPToken(view, sleState, (*sleState)[sfIssuer], viewJ) != tesSUCCESS)

[xrplf-ai-reviewer]

Strict aliasing violation: reinterpret_cast from uint8_t* to AccountID const* is UB. In a consensus system, compiler-version-dependent behavior is a real risk. Use std::memcpy or std::bit_cast.

[xrplf-ai-reviewer]

outstanding lacks a default initializer unlike mptAmount{0}. Default-construction yields indeterminate values.

Suggested change

	std::array<std::int64_t, After + 1> outstanding;
	std::array<std::int64_t, After + 1> outstanding{};

See: std::array

[xrplf-ai-reviewer]

When mpt_issuance_id is present but no issuer field, uIssuer stays as zero-AccountID. The issuer check only fires when issuer IS provided. Fix: auto-populate uIssuer from the MPTID when isMPT and no issuer was supplied.

[gregtatcam]

Issuer can be a path element. If it's not included in the path then it should not be set.

[xrplf-ai-reviewer]

curAsset = Issue{} sets a zero-account issuer when transitioning from MPT to Currency. If curAsset.getIssuer() is used before a subsequent account/issuer node sets it, the zero issuer propagates into step construction. Is this intentional?

[gregtatcam]

The issuer is set in the code block right after this transition.

[xrplf-ai-reviewer]

lastAsset.getPathAsset() != deliver compares PathAsset vs Asset — previously this only compared currencies. If operator!= also compares issuers, path normalization behavior changes and could affect payment routing correctness. Verify the semantics match the original intent.

[gregtatcam]

For currencies it compares the currency only. For MPT, it compares MPTID, which must include the issuer.

[xrplf-ai-reviewer]

TOffer::send() unconditionally passes AllowMPTOverflow::Yes. DEX offer settlement can temporarily cause MPT sfOutstandingAmount to exceed sfMaximumAmount. Is there reconciliation logic ensuring final outstanding stays within bounds?

[gregtatcam]

The logic balances it out. MPTInvariant has the ultimate overflow check.

[xrplf-ai-reviewer]

Typo in doc comment: 10 should be to.

Suggested change

	* changes OutstandingAmount 10 1,000USD.
	* changes OutstandingAmount to 1,000USD.

[github-actions]

This PR has conflicts, please resolve them in order for the PR to be reviewed.

[github-actions]

All conflicts have been resolved. Assigned reviewers can now start or resume their review.

[shawnxie999]

nit - exclude line cov

[gregtatcam]

Why should it be excluded?

[shawnxie999]

hmm its seems codecov is complaining that this line is not covered

[shawnxie999]

nit - exclude line cov for all returns

[shawnxie999]

nit - exclude line cov

[shawnxie999]

nit - might be worth adding a comment that this code will not be reachable, as executing forward direction should not be limiting since the reverse direction already did the job