Support PermissionDelegation Amendment XLS-74d XLS-75d

[yinyiqian1]

There's a change in the spec, so please refer the new spec:
The PR for spec change: XRPLF/XRPL-Standards#257

Original spec:
XRPLF/XRPL-Standards#217
XRPLF/XRPL-Standards#218

This amendment is called PermissionDelegation

1. DelegateSet transaction is added so that a delegating account can give permission to delegated account to send transaction on his behalf.

{
    TransactionType: "DelegateSet",
    Account: "rDelegating......",
    Authorize: "rDelegated......",
    Permissions: [{Permission: {PermissionValue: "Payment"}}],
}

2. Ledger object Delegate is created, its keylet is hashed from delegating and delegated account.

3. optional common field Delegate is added, to indicate that a transaction is a delegating transaction.
   The following transaction is a delegating transaction, Delegate account is the sender of the transaction and will sign this transaction, Account is the delegating account,

{
    Transaction: "Payment",
    Account: "rDelegating......",
    Amount: "1000000000",
    Destination: "r......",
    Delegate: "rDelegated......"
}

4. Added a checkPermission function to check if the delegated account is authorized to send the transaction. And it can be extended in each sub-transactor to check the granular permissions.

5. the delegated account pays the fee

6. can query account_objects of the delegating account to see the permissions he owns.

7. A delegate transaction can be multi-signed by the delegated account's signer list

High Level Overview of Change

Context of Change

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Performance (increase or change in throughput and/or latency)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

[ximinez]

Preliminary partial review. I know you're still working on this, but a few things jumped out at me, and I wanted to bring them to your attention before you go down a problematic path.

[codecov]

Codecov Report

Attention: Patch coverage is 99.77578% with 1 line in your changes missing coverage. Please review.

Project coverage is 78.2%. Comparing base (c4308b2) to head (647ae72).
Report is 2 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/libxrpl/protocol/Permissions.cpp	97.7%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #5354     +/-   ##
=========================================
+ Coverage     78.1%   78.2%   +0.1%     
=========================================
  Files          795     800      +5     
  Lines        68598   68969    +371     
  Branches      8278    8280      +2     
=========================================
+ Hits         53593   53961    +368     
- Misses       15005   15008      +3     

Files with missing lines	Coverage Δ
include/xrpl/protocol/Indexes.h	100.0% <ø> (ø)
include/xrpl/protocol/detail/ledger_entries.macro	100.0% <100.0%> (ø)
include/xrpl/protocol/detail/permissions.macro	100.0% <100.0%> (ø)
include/xrpl/protocol/detail/transactions.macro	100.0% <100.0%> (ø)
src/libxrpl/protocol/Indexes.cpp	98.1% <100.0%> (+<0.1%)	⬆️
src/libxrpl/protocol/InnerObjectFormats.cpp	100.0% <100.0%> (ø)
src/libxrpl/protocol/STInteger.cpp	86.4% <100.0%> (+1.9%)	⬆️
src/libxrpl/protocol/STParsedJSON.cpp	70.0% <100.0%> (+0.8%)	⬆️
src/libxrpl/protocol/TxFormats.cpp	100.0% <ø> (ø)
src/xrpld/app/misc/detail/DelegateUtils.cpp	100.0% <100.0%> (ø)
... and 18 more

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shawnxie999]

Also, I propose that we shouldn't need to squash commits. Commits makes it easier for the reviewers to keep track of the changes, and they will all be squashed in the end anyways. Also, the audit relies on a particular commit hash, so it's best to keep the commit history as authentic as possible.

[shawnxie999]

I think this list should be updated with batch txn as well when the times comes, since I don't know whether it makes sense to delegate someone else to do a batch. what do you think @mvadari @dangell7

[mvadari]

Agreed (though difficult to make it happen without waiting for one of the two PRs to merge first)

[dangell7]

I do agree that it should be prohibited but we should wait till batch is merged. Also if ed's comment was implemented it would need to be added in the transactor instead. I like that approach tbh.

[yinyiqian1]

@dangell7 ed agrees not to force overridding the checkPermission function. Since it's checked on the DelegateSet level and all transactions need to be authorized by the delegating account through DelegateSet transaction before a delegated account can send delegating transactions

[yinyiqian1]

I got some suggestion from the security audit that I should use whitelist for the supported transactions, which is safer. I added enum delegatable {enabled, disabled} and put it in the transactions.macro. These safety sensitive transactions are delegatable::disabled. And the system-generated transaction types are disabled as well. For newly added transactions in the future, developers can choose to disable delegation through transactions.macro

[gregtatcam]

I got compile error when building with unity on. Non unity build compiles fine.

Could you also please fix a couple of unused variable warning as well?

One is in protocol/Permissions.cpp:76. Just add [[maybe_unused]]. Second is app/tx/detail/InvariantCheck.cpp. Can add (void)enforce; for this one.

/Users/user/Work/Projects/rippled-acct-prms/src/test/app/SetRegularKey_test.cpp:64:27: error: reference to 'disabled' is ambiguous
64 | env(regkey(alice, disabled));
| ^
/Users/user/Work/Projects/rippled-acct-prms/build/modules/xrpl.libxrpl.protocol/xrpl/protocol/Permissions.h:50:29: note: candidate found by name lookup is 'ripple::disabled'
50 | enum delegatable { enabled, disabled };
| ^
/Users/user/Work/Projects/rippled-acct-prms/src/test/jtx/tags.h:50:25: note: candidate found by name lookup is 'ripple::test::jtx::disabled'
50 | static disabled_t const disabled;
| ^
In file included from /Users/user/Work/Projects/rippled-acct-prms/build/CMakeFiles/rippled.dir/Unity/unity_21_cxx.cxx:37:
/Users/user/Work/Projects/rippled-acct-prms/src/test/app/SetRegularKey_test.cpp:99:27: error: reference to 'disabled' is ambiguous
99 | env(regkey(alice, disabled));
| ^
/Users/user/Work/Projects/rippled-acct-prms/build/modules/xrpl.libxrpl.protocol/xrpl/protocol/Permissions.h:50:29: note: candidate found by name lookup is 'ripple::disabled'
50 | enum delegatable { enabled, disabled };
| ^
/Users/user/Work/Projects/rippled-acct-prms/src/test/jtx/tags.h:50:25: note: candidate found by name lookup is 'ripple::test::jtx::disabled'
50 | static disabled_t const disabled;
| ^
In file included from /Users/user/Work/Projects/rippled-acct-prms/build/CMakeFiles/rippled.dir/Unity/unity_21_cxx.cxx:37:
/Users/user/Work/Projects/rippled-acct-prms/src/test/app/SetRegularKey_test.cpp:129:27: error: reference to 'disabled' is ambiguous
129 | env(regkey(alice, disabled), ter(tecNO_ALTERNATIVE_KEY));
| ^
/Users/user/Work/Projects/rippled-acct-prms/build/modules/xrpl.libxrpl.protocol/xrpl/protocol/Permissions.h:50:29: note: candidate found by name lookup is 'ripple::disabled'
50 | enum delegatable { enabled, disabled };
| ^
/Users/user/Work/Projects/rippled-acct-prms/src/test/jtx/tags.h:50:25: note: candidate found by name lookup is 'ripple::test::jtx::disabled'
50 | static disabled_t const disabled;
| ^
In file included from /Users/user/Work/Projects/rippled-acct-prms/build/CMakeFiles/rippled.dir/Unity/unity_21_cxx.cxx:37:
/Users/user/Work/Projects/rippled-acct-prms/src/test/app/SetRegularKey_test.cpp:131:27: error: reference to 'disabled' is ambiguous
131 | env(regkey(alice, disabled));
| ^
/Users/user/Work/Projects/rippled-acct-prms/build/modules/xrpl.libxrpl.protocol/xrpl/protocol/Permissions.h:50:29: note: candidate found by name lookup is 'ripple::disabled'
50 | enum delegatable { enabled, disabled };
| ^
/Users/user/Work/Projects/rippled-acct-prms/src/test/jtx/tags.h:50:25: note: candidate found by name lookup is 'ripple::test::jtx::disabled'
50 | static disabled_t const disabled;
| ^
In file included from /Users/user/Work/Projects/rippled-acct-prms/build/CMakeFiles/rippled.dir/Unity/unity_21_cxx.cxx:37:
/Users/user/Work/Projects/rippled-acct-prms/src/test/app/SetRegularKey_test.cpp:243:27: error: reference to 'disabled' is ambiguous
243 | env(regkey(alice, disabled), sig(alie), ticket::use(--ticketSeq));
| ^
/Users/user/Work/Projects/rippled-acct-prms/build/modules/xrpl.libxrpl.protocol/xrpl/protocol/Permissions.h:50:29: note: candidate found by name lookup is 'ripple::disabled'
50 | enum delegatable { enabled, disabled };
| ^
/Users/user/Work/Projects/rippled-acct-prms/src/test/jtx/tags.h:50:25: note: candidate found by name lookup is 'ripple::test::jtx::disabled'
50 | static disabled_t const disabled;

[yinyiqian1]

@gregtatcam

I got compile error when building with unity on. Non unity build compiles fine.

Could you also please fix a couple of unused variable warning as well?

One is in protocol/Permissions.cpp:76. Just add [[maybe_unused]]. Second is app/tx/detail/InvariantCheck.cpp. Can add (void)enforce; for this one.

updated

[gregtatcam]

👍 LGTM

I have a few minor comments for your consideration,