Proposed 1.6.0-b5

.clang-format

@@ -18,7 +18,7 @@ AlwaysBreakBeforeMultilineStrings: true
 AlwaysBreakTemplateDeclarations: true
 BinPackArguments: false
 BinPackParameters: false
-BraceWrapping:   
+BraceWrapping:
   AfterClass:      true
   AfterControlStatement: true
   AfterEnum:       false
@@ -43,8 +43,8 @@ Cpp11BracedListStyle: true
 DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
-ForEachMacros:   [ foreach,   Q_FOREACH,  BOOST_FOREACH ]
-IncludeCategories: 
+ForEachMacros:   [ Q_FOREACH,  BOOST_FOREACH ]
+IncludeCategories:
   - Regex:           '^<(BeastConfig)'
     Priority:        0
   - Regex:           '^<(ripple)/'
@@ -84,4 +84,4 @@ SpacesInParentheses: false
 SpacesInSquareBrackets: false
 Standard:        Cpp11
 TabWidth:        8
-UseTab:          Never
+UseTab:          Never

Builds/CMake/RippledCore.cmake

@@ -114,7 +114,8 @@ target_sources (xrpl_core PRIVATE
   src/ripple/crypto/impl/RFC1751.cpp
   src/ripple/crypto/impl/csprng.cpp
   src/ripple/crypto/impl/ec_key.cpp
-  src/ripple/crypto/impl/openssl.cpp)
+  src/ripple/crypto/impl/openssl.cpp
+  src/ripple/crypto/impl/secure_erase.cpp)
 
 add_library (Ripple::xrpl_core ALIAS xrpl_core)
 target_include_directories (xrpl_core
@@ -168,6 +169,7 @@ install (
     src/ripple/crypto/GenerateDeterministicKey.h
     src/ripple/crypto/RFC1751.h
     src/ripple/crypto/csprng.h
+    src/ripple/crypto/secure_erase.h
   DESTINATION include/ripple/crypto)
 install (
   FILES
@@ -267,7 +269,6 @@ install (
     src/ripple/beast/crypto/detail/ripemd_context.h
     src/ripple/beast/crypto/detail/sha2_context.h
     src/ripple/beast/crypto/ripemd.h
-    src/ripple/beast/crypto/secure_erase.h
     src/ripple/beast/crypto/sha2.h
   DESTINATION include/ripple/beast/crypto)
 install (
@@ -433,7 +434,6 @@ target_sources (rippled PRIVATE
   src/ripple/basics/impl/BasicConfig.cpp
   src/ripple/basics/impl/PerfLogImp.cpp
   src/ripple/basics/impl/ResolverAsio.cpp
-  src/ripple/basics/impl/Sustain.cpp
   src/ripple/basics/impl/UptimeClock.cpp
   src/ripple/basics/impl/make_SSLContext.cpp
   src/ripple/basics/impl/mulDiv.cpp

Builds/containers/shared/rippled.service

@@ -1,12 +1,12 @@
 [Unit]
 Description=Ripple Daemon
+After=network-online.target
+Wants=network-online.target
 
 [Service]
 Type=simple
 ExecStart=/opt/ripple/bin/rippled --net --silent --conf /etc/opt/ripple/rippled.cfg
-# Default KillSignal can be used if/when rippled handles SIGTERM
-KillSignal=SIGINT
-Restart=no
+Restart=on-failure
 User=rippled
 Group=rippled
 LimitNOFILE=65536

SECURITY.md

@@ -19,7 +19,7 @@ We urge you to examine our code carefully and responsibly, and to disclose any i
 
 Responsible investigation includes, but isn't limited to, the following:
 
-- Not performing tests on the main network. If testing is necessary, use the testnet or devnet.
+- Not performing tests on the main network. If testing is necessary, use the [Testnet or Devnet](https://xrpl.org/xrp-testnet-faucet.html).
 - Not targeting physical security measures, or attempting to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.
 - Investigating bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to the XRP Ledger and the broader ecosystem.
 
@@ -31,7 +31,7 @@ information below.
 
 Your report should include the following:
 
-- Your contact information (typically, an email);
+- Your contact information (typically, an email address);
 - The description of the vulnerability;
 - The attack scenario (if any);
 - The steps to reproduce the vulnerability;
@@ -56,13 +56,13 @@ Once we receive a report, we:
 
 We will triage and respond to your disclosure within 24 hours. Beyond that, we will work to analyze the issue in more detail, formulate, develop and test a fix.
 
-While we commit to responding with 24 hours of your initial report with our triage assesment, we cannot guarantee a response time for the remaining steps. We will communicate with you throughout this process, letting you know where we are and keeping you updated on the timeframe.
+While we commit to responding with 24 hours of your initial report with our triage assessment, we cannot guarantee a response time for the remaining steps. We will communicate with you throughout this process, letting you know where we are and keeping you updated on the timeframe.
 
 ## Bug Bounty Program
 
-[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`rippled`](https://github.com/ripple/rippled) (and other related projects, like [`ripple-lib`](https://github.com/ripple/ripple-lib).
+[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`rippled`](https://github.com/ripple/rippled) (and other related projects, like [`ripple-lib`](https://github.com/ripple/ripple-lib)).
 
-This program allows us to recognise and reward individuals or groups that identify and report bugs. In summary, order to qualify for a bounty, the bug must be:
+This program allows us to recognize and reward individuals or groups that identify and report bugs. In summary, order to qualify for a bounty, the bug must be:
 
 1. **In scope**. Only bugs in software under the scope of the program qualify. Currently, that means `rippled` and `ripple-lib`.
 2. **Relevant**. A security issue, posing a danger to user funds, privacy or the operation of the XRP Ledger.
@@ -83,7 +83,7 @@ To report a qualifying bug, please send a detailed report to:
 |Long Key ID  | `0xCD49A0AFC57929BE`                                |
 |Fingerprint  | `24E6 3B02 37E0 FA9C 5E96 8974 CD49 A0AF C579 29BE` |
 
-The full PGP key for this address, which is also available on several key servers (e.g. on [keys.gnupg.net](https://keys.gnupg.net), is: 
+The full PGP key for this address, which is also available on several key servers (e.g. on [keys.gnupg.net](https://keys.gnupg.net)), is: 
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBFUwGHYBEAC0wpGpBPkd8W1UdQjg9+cEFzeIEJRaoZoeuJD8mofwI5Ejnjdt
@@ -147,6 +147,3 @@ KsSr9lbHEtQFRzGuBKwt6UlSFv9vPWWJkJit5XDKAlcKuGXj0J8OlltToocGElkF
 =spg4
 -----END PGP PUBLIC KEY BLOCK-----
 ```
-
-
-

bin/getRippledInfo

@@ -1,5 +1,12 @@
 #!/usr/bin/env bash
 
+# This script generates information about your rippled installation
+# and system. It can be used to help debug issues that you may face
+# in your installation. While this script endeavors to not display any 
+# sensitive information, it is recommended that you read the output
+# before sharing with any third parties.
+
+
 rippled_exe=/opt/ripple/bin/rippled
 conf_file=/etc/opt/ripple/rippled.cfg
 

src/ripple/app/consensus/RCLConsensus.cpp

@@ -32,11 +32,13 @@
 #include <ripple/app/misc/TxQ.h>
 #include <ripple/app/misc/ValidatorKeys.h>
 #include <ripple/app/misc/ValidatorList.h>
+#include <ripple/basics/random.h>
 #include <ripple/beast/core/LexicalCast.h>
 #include <ripple/consensus/LedgerTiming.h>
 #include <ripple/nodestore/DatabaseShard.h>
 #include <ripple/overlay/Overlay.h>
 #include <ripple/overlay/predicates.h>
+#include <ripple/protocol/BuildInfo.h>
 #include <ripple/protocol/Feature.h>
 #include <ripple/protocol/digest.h>
 
@@ -85,7 +87,14 @@ RCLConsensus::Adaptor::Adaptor(
     , nodeID_{validatorKeys.nodeID}
     , valPublic_{validatorKeys.publicKey}
     , valSecret_{validatorKeys.secretKey}
+    , valCookie_{
+          rand_int<std::uint64_t>(1, std::numeric_limits<std::uint64_t>::max())}
 {
+    assert(valCookie_ != 0);
+
+    JLOG(j_.info()) << "Consensus engine started"
+                    << " (Node: " << to_string(nodeID_)
+                    << ", Cookie: " << valCookie_ << ")";
 }
 
 boost::optional<RCLCxLedger>
@@ -160,7 +169,7 @@ RCLConsensus::Adaptor::share(RCLCxTx const& tx)
         msg.set_status(protocol::tsNEW);
         msg.set_receivetimestamp(
             app_.timeKeeper().now().time_since_epoch().count());
-        app_.overlay().foreach (send_always(
+        app_.overlay().foreach(send_always(
             std::make_shared<Message>(msg, protocol::mtTRANSACTION)));
     }
     else
@@ -700,7 +709,7 @@ RCLConsensus::Adaptor::notify(
     }
     s.set_firstseq(uMin);
     s.set_lastseq(uMax);
-    app_.overlay().foreach (
+    app_.overlay().foreach(
         send_always(std::make_shared<Message>(s, protocol::mtSTATUS_CHANGE)));
     JLOG(j_.trace()) << "send status change to peer";
 }
@@ -753,41 +762,68 @@ RCLConsensus::Adaptor::validate(
     bool proposing)
 {
     using namespace std::chrono_literals;
+
     auto validationTime = app_.timeKeeper().closeTime();
     if (validationTime <= lastValidationTime_)
         validationTime = lastValidationTime_ + 1s;
     lastValidationTime_ = validationTime;
 
-    STValidation::FeeSettings fees;
-    std::vector<uint256> amendments;
-
-    auto const& feeTrack = app_.getFeeTrack();
-    std::uint32_t fee =
-        std::max(feeTrack.getLocalFee(), feeTrack.getClusterFee());
-
-    if (fee > feeTrack.getLoadBase())
-        fees.loadFee = fee;
-
-    // next ledger is flag ledger
-    if (((ledger.seq() + 1) % 256) == 0)
-    {
-        // Suggest fee changes and new features
-        feeVote_->doValidation(ledger.ledger_, fees);
-        amendments = app_.getAmendmentTable().doValidation(
-            getEnabledAmendments(*ledger.ledger_));
-    }
-
     auto v = std::make_shared<STValidation>(
-        ledger.id(),
-        ledger.seq(),
-        txns.id(),
-        validationTime,
+        lastValidationTime_,
         valPublic_,
         valSecret_,
         nodeID_,
-        proposing /* full if proposed */,
-        fees,
-        amendments);
+        [&](STValidation& v) {
+            v.setFieldH256(sfLedgerHash, ledger.id());
+            v.setFieldH256(sfConsensusHash, txns.id());
+
+            v.setFieldU32(sfLedgerSequence, ledger.seq());
+
+            if (proposing)
+                v.setFlag(vfFullValidation);
+
+            if (ledger.ledger_->rules().enabled(featureHardenedValidations))
+            {
+                // Attest to the hash of what we consider to be the last fully
+                // validated ledger. This may be the hash of the ledger we are
+                // validating here, and that's fine.
+                if (auto const vl = ledgerMaster_.getValidatedLedger())
+                    v.setFieldH256(sfValidatedHash, vl->info().hash);
+
+                v.setFieldU64(sfCookie, valCookie_);
+
+                // Report our server version every flag ledger:
+                if ((ledger.seq() + 1) % 256 == 0)
+                    v.setFieldU64(
+                        sfServerVersion, BuildInfo::getEncodedVersion());
+            }
+
+            // Report our load
+            {
+                auto const& ft = app_.getFeeTrack();
+                auto const fee = std::max(ft.getLocalFee(), ft.getClusterFee());
+                if (fee > ft.getLoadBase())
+                    v.setFieldU32(sfLoadFee, fee);
+            }
+
+            // If the next ledger is a flag ledger, suggest fee changes and
+            // new features:
+            if ((ledger.seq() + 1) % 256 == 0)
+            {
+                // Fees:
+                feeVote_->doValidation(ledger.ledger_->fees(), v);
+
+                // Amendments
+                // FIXME: pass `v` and have the function insert the array
+                // directly?
+                auto const amendments = app_.getAmendmentTable().doValidation(
+                    getEnabledAmendments(*ledger.ledger_));
+
+                if (!amendments.empty())
+                    v.setFieldV256(
+                        sfAmendments, STVector256(sfAmendments, amendments));
+            }
+        });
 
     // suppress it if we receive it
     app_.getHashRouter().addSuppression(

src/ripple/app/consensus/RCLConsensus.h

@@ -66,6 +66,9 @@ class RCLConsensus
         PublicKey const valPublic_;
         SecretKey const valSecret_;
 
+        // A randomly selected non-zero value used to tag our validations
+        std::uint64_t const valCookie_;
+
         // Ledger we most recently needed to acquire
         LedgerHash acquiringLedger_;
         ConsensusParms parms_;

src/ripple/app/consensus/RCLCxPeerPos.cpp

@@ -78,8 +78,8 @@ proposalUniqueId(
     Slice const& signature)
 {
     Serializer s(512);
-    s.add256(proposeHash);
-    s.add256(previousLedger);
+    s.addBitString(proposeHash);
+    s.addBitString(previousLedger);
     s.add32(proposeSeq);
     s.add32(closeTime.time_since_epoch().count());
     s.addVL(publicKey);