Disallow mutation when COA not empty

Author: yinyiqian1

src/test/app/ConfidentialTransfer_test.cpp

@@ -2397,6 +2397,68 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
         // todo: test zkp verification failure
     }
 
+    void
+    testBlockingMutation(FeatureBitset features)
+    {
+        testcase("disallow mutation when there's confidential OA");
+        using namespace test::jtx;
+
+        Env env{*this, features};
+        Account const alice("alice");
+        Account const bob("bob");
+        MPTTester mptAlice(env, alice, {.holders = {bob}});
+
+        mptAlice.create(
+            {.flags = tfMPTCanTransfer | tfMPTCanLock | tfMPTCanClawback,
+             .mutableFlags = tmfMPTCanMutateMetadata |
+                 tmfMPTCanMutateTransferFee | tmfMPTCanMutateCanLock});
+
+        mptAlice.authorize({.account = bob});
+        mptAlice.pay(alice, bob, 1000);
+        mptAlice.generateKeyPair(alice);
+        mptAlice.generateKeyPair(bob);
+
+        mptAlice.set({.account = alice, .pubKey = mptAlice.getPubKey(alice)});
+
+        // muatation is allowed because confidential outstanding amount is 0.
+        mptAlice.set({.account = alice, .metadata = "test"});
+
+        // bob convert 100
+        mptAlice.convert({
+            .account = bob,
+            .amt = 100,
+            .proof = "123",
+            .holderPubKey = mptAlice.getPubKey(bob),
+        });
+        BEAST_EXPECT(mptAlice.getIssuanceConfidentialBalance() == 100);
+
+        // can not mutate metadata
+        mptAlice.set(
+            {.account = alice, .metadata = "modify", .err = tecNO_PERMISSION});
+
+        // can not mutate transfer fee
+        mptAlice.set(
+            {.account = alice, .transferFee = 50, .err = tecNO_PERMISSION});
+
+        // can not mutate flags
+        mptAlice.set(
+            {.account = alice,
+             .mutableFlags = tmfMPTClearCanLock,
+             .err = tecNO_PERMISSION});
+
+        // clawback all confidential balance and make COA to 0
+        mptAlice.confidentialClaw({
+            .account = alice,
+            .holder = bob,
+            .amt = 100,
+            .proof = "123",
+        });
+        BEAST_EXPECT(mptAlice.getIssuanceConfidentialBalance() == 0);
+
+        // now we can mutate because COA is 0
+        mptAlice.set({.account = alice, .metadata = "modify"});
+    }
+
     void
     testWithFeats(FeatureBitset features)
     {
@@ -2426,6 +2488,8 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
         testConvertBack(features);
         testConvertBackPreflight(features);
         testConvertBackPreclaim(features);
+
+        testBlockingMutation(features);
     }
 
 public:

src/test/app/MPToken_test.cpp

@@ -590,7 +590,8 @@ class MPToken_test : public beast::unit_test::suite
                  .err = temINVALID_FLAG});
 
             if (!features[featureSingleAssetVault] &&
-                !features[featureDynamicMPT])
+                !features[featureDynamicMPT] &&
+                !features[featureConfidentialTransfer])
             {
                 // test invalid flags - nothing is being changed
                 mptAlice.set(

src/xrpld/app/tx/detail/MPTokenIssuanceSet.cpp

@@ -240,6 +240,20 @@ MPTokenIssuanceSet::preclaim(PreclaimContext const& ctx)
         }
     }
 
+    auto const mutableFlags = ctx.tx[~sfMutableFlags];
+    auto const metadata = ctx.tx[~sfMPTokenMetadata];
+    auto const transferFee = ctx.tx[~sfTransferFee];
+    auto const isMutate = mutableFlags || metadata || transferFee;
+
+    if (ctx.view.rules().enabled(featureConfidentialTransfer) && isMutate)
+    {
+        std::uint64_t const confidentialOA =
+            (*sleMptIssuance)[~sfConfidentialOutstandingAmount].value_or(0);
+
+        if (confidentialOA > 0)
+            return tecNO_PERMISSION;
+    }
+
     // sfMutableFlags is soeDEFAULT, defaulting to 0 if not specified on
     // the ledger.
     auto const currentMutableFlags =
@@ -249,7 +263,7 @@ MPTokenIssuanceSet::preclaim(PreclaimContext const& ctx)
         return currentMutableFlags & mutableFlag;
     };
 
-    if (auto const mutableFlags = ctx.tx[~sfMutableFlags])
+    if (mutableFlags)
     {
         if (std::any_of(
                 mptMutabilityFlags.begin(),
@@ -261,17 +275,16 @@ MPTokenIssuanceSet::preclaim(PreclaimContext const& ctx)
             return tecNO_PERMISSION;
     }
 
-    if (!isMutableFlag(lsmfMPTCanMutateMetadata) &&
-        ctx.tx.isFieldPresent(sfMPTokenMetadata))
+    if (!isMutableFlag(lsmfMPTCanMutateMetadata) && metadata)
         return tecNO_PERMISSION;
 
-    if (auto const fee = ctx.tx[~sfTransferFee])
+    if (transferFee)
     {
         // A non-zero TransferFee is only valid if the lsfMPTCanTransfer flag
         // was previously enabled (at issuance or via a prior mutation). Setting
         // it by tmfMPTSetCanTransfer in the current transaction does not meet
         // this requirement.
-        if (fee > 0u && !sleMptIssuance->isFlag(lsfMPTCanTransfer))
+        if (transferFee > 0u && !sleMptIssuance->isFlag(lsfMPTCanTransfer))
             return tecNO_PERMISSION;
 
         if (!isMutableFlag(lsmfMPTCanMutateTransferFee))