Introduce AMM support (XLS-30d)

[gregtatcam]

High Level Overview of Change

XLS-30d Specification

Adds AMM core functionality InstanceCreate, Deposit, Withdraw, Governance, Auctioning
and payment engine integration.

Context of Change

Adds Transactors for InstanceCreate, Deposit, Withdraw, Governance, and Auctioning.
Adds AMM Root Account, trustline for each IOU AMM token, trustline to track Liquidity Provider Tokens (LPT),
and ltAMM object to track fee votes, auction slot bids, AMM tokens pair, total outstanding tokens balance, and
AMMID to AMM RootAccountID mapping.
New classes are added to facilitate AMM integration into the payment engine. BookStep uses these classes
to infer if AMM liquidity can be consumed.
A new RPC method amm_info is added to fetch the pool and
LPT balances.
A new Number class is added to facilitate AMM formula implementation. IOUAmount and STAmount use
Number arithmetic. A fixUniversalNumber amendment is added.
featureAMM, fixUniversalNumber, and featureFlowCross amendments are required to support AMM.

Type of Change

• [ x] New feature (non-breaking change which adds functionality)

Test Plan

AMM unit tests are added for all core functionality features.

[nbougalis]

Requesting reviews from @seelabs and Aanchal Malhotra; I can't mark them as reviewers.

[wojake]

@aanchal4: Please review the PR

[sublimator]

What's AMM ? Any docs for the curious?

[wojake]

@sublimator:
Proposal: XRPLF/XRPL-Standards#78
Doc (request access and you'll be granted in): https://docs.google.com/document/d/1cPnAtdt6ekCc7tQCA7UQQhKD3W3dNQr3fFzPyQGQ5-M/edit#heading=h.ls4o33ii8o1

[sublimator]

@wojake
Thanks

[seelabs]

Nice job on this!

Let me start by staying that since there are a lot of comments, they can come across as abrupt or demanding. I don't mean them as such. Mentally put a "Please consider..." in front of every comment and a "...if I understood correctly" at the end. It gets too wordy if I actually do that, but I also don't want to the comments to be read harshly - I don't mean them to be.

Some thoughts apart from the inline code comments:

Is there a paper explaining why offers are sized by a Fibonacci sequence? I understand it may be beneficial to create synthetic offers with increasing sizes, but I don't understand why Fibonacci was chosen. Why not double every time? Why not some other function? How was growth by Fibonacci chosen? Was there a mathematical exploration of the different growth functions and what the trade-offs were? What are the trade-offs that were considered?

The handling of const gave me pause in this patch. There are things marked const that are do not appear to be "logical const". Mutable is used to work around this. I think it's important to resolve this.

Our style guide says we shouldn't trigger exceptions on user input. This patch probably violates this, but I don't actually object too strongly (I think we should relax that style guide). However, we do need to make sure the new exceptions are handled correctly.

Whenever we change a sle, we need to make sure we call update. I'm not sure this is done in all cases. I tagged one possible case, but it's worth it to audit the other transactors to make sure we're doing this.

I understand why the AMM is a regular account, but I don't love that it acts in special ways that are fragile. In particular, it doesn't use a reserve, and more problematically, it can't be deposited to.

Don't define function inline in classes - it makes it harder to see the interface.

In optional, prefer * to .value

[cjcobb23]

Can we move this file to xrpl_core, so we can access the functions in clio?

[cjcobb23]

Actually, I realized we can't move everything in this file into xrpl_core, but we can probably move things like calcAccountID and calcAMMGroupHash

[gregtatcam]

Moved relevant API's to xrpl_core.

[wojake]

I'd like to propose an additional check on AMMCreate transactions:
If Asset1 || Asset2 == AMMToken: throw temBAD_CURRENCY

We shouldn't allow AMM tokens to be a depositable asset on an AMM Instance as they wouldn't be volatile and it's odd to offer them for sale at an algorithmic price that doesn't know their underlying value in their respective AMM.

While an AMM Instance isn't able to construct an AMMCreate transaction and create a new pool for their AMM token (i.e. xAMMToken & USD/Bistamp), an IOU issuer could construct an AMMCreate transaction and create a pool for their IOU with an AMM token (i.e. USD/Bitstamp & xAMMToken).

To add on to my suggestion, there actually might be a small number of users who would use this pool (AMMToken&IOU) but it would be incredibly inconsistent for us to facilitate it as a feature. Disk space is a commodity on the ledger and it should be treated as such.

[effofexx]

I'd like to suggest an alternate method of calculating the amount of LPTokens being burned and refunded to the previous slot-holder in AMMBid.cpp. I apologize in advance for the lengthy message but I'm a little rusty with C++ and want to ensure my understanding of the code is correct, as well as explain my line of thinking.

First, I'd like to explain my understanding/assumptions. As an example, I will use the case where a slot-holder is outbid during the first interval, but I think my suggestion at the end would still be applicable for the other intervals as well.

My Understanding/Assumptions:

During the first interval:

• timeSlot = 0

• fractionUsed = 0.05

• fractionRemaining = 0.95

• payPrice = pricePurchased * 1.05 (i.e. X * 1.05)

• Amount of LPTokens burned (line 283) = payPrice * 0.05

• Amount of LPTokens refunded previous to slot-holder (line 292) = payPrice * 0.95

However, when representing the refund in terms of what the previous slot-holder paid (X), the refund is:
fractionRemaining * payPrice = 0.95 * X * 1.05 = X * 0.9975

Potential Issue:

Since timeSlot is an int, the values above are true at any point during the first interval the current slot-holder was outbid, even if only seconds after acquiring the slot. Is that the intent? The comment on line 286 suggests the previous owner should get a full refund, and the proposal suggests the refund is calculated on a pro-rata basis without mentioning interval increments.

I think the way the refund is being calculated has potential to introduce issues caused by arbitragers unfairly losing a portion of their LPTokens - possibly within mere seconds of acquiring the slot - before they have an opportunity to utlize their slot privileges. It's hard to say how much value could be lost, given we don't know what the slots will cost, or even the value of an LPToken, but this could deter potential arbitragers if the value is sufficiently high.

Suggestion:

In order to maintain the spirit of the proposal while also ensuring the previous slot-holder doesn't get refunded more than they paid, I suggest we consider calculating the amount refunded to previous owner using values based on what they paid and a more accurate representation of the amount of time they've held the slot. So the refunded amount would be something like this:
refundAmount = (1 - ((diff / intervalDuration) / nIntervals)) * pricePurchased

And line 292 would become:
toSTAmount(lpTokens.issue(), refundAmount),

Likewise, the amount to be burned on line 283 would be something like:
res = updateSlot(0, *payPrice, *payPrice - refundAmount);

There may be a more efficient way of implementing this change that I'm not aware of, but hopefully my thoughts are presented clear enough that you understand my concern.

[dangell7]

fractionRemaining * payPrice = 0.95 * X * 1.05 = X * 0.9975

Your calculation is off. fractionRemaining * payPrice = X * 0.95. You're adding an additional 1.05

[effofexx]

@dangell7 but payPrice ≠ X. What I'm doing in the bit your quoted is expanding the equation after the first equals sign.

pricePurchased is the amount the previous slot-holder paid (X). Then on line 245 computedPrice is calculated by multiplying pricePurchased by 1.05 (if the bid is made during the first interval). Then beginning on line 251 payPrice is finally defined as equal to computedPrice after checking that computedPrice is within the bounds of the defined min and max bids.

[godexsoft]

Adding a few suggestions after reviewing the transactors-related parts.

[godexsoft]

TradingFeeThreshold is set to 1000 (1%) but the whitepaper says valid value is up to 65000 (65%). I may be misunderstanding the purpose of this threshold but i thought i'd ask just in case.

[godexsoft]

Nevermind - this got updated in the whitepaper since i had this question. Seems to match now.

[godexsoft]

When dealing with optionals, constructing like {{asset, asset2}} constructs the pair by copying the assets and then moves it into the optional. This is minor but it's generally better to use std::make_optional(asset, asset2) here (and everywhere) as that guarantees copy elision and all you get is just a constructor call without having to move anything.

[gregtatcam]

Updated.

[godexsoft]

I wonder, why & here but == for other ifs below?

[gregtatcam]

Thanks, changed all to &.

[godexsoft]

Missing empty line - makes github very sad

[godexsoft]

Is this needed here?

[gregtatcam]

No, removed.

[godexsoft]

This looks familiar. Consider refactoring this out as a helper function?

[gregtatcam]

Done.

[godexsoft]

Newline needed

[godexsoft]

Out of interest, what is this for?

[godexsoft]

Nvm. I found it while looking thru the rest of the code. Apparently non-expanded files are not searchable (what a surprise 🤣) so i could not see it before.

[godexsoft]

Is this needed?

[gregtatcam]

No, removed.

[godexsoft]

The code looks well tested and inline with the codebase's overall style.
I have left a few minor comments. Most are negligible and can be ignored. Nothing noted is a show stopper IMO.

[godexsoft]

Is this the best way this exact behaviour can be expressed in code?

[gregtatcam]

Do you have suggestions? LPToken is 0x03 plus 19 bytes from the hash. I added a comment.

[godexsoft]

Consider using a struct for the 3 amounts to make it more obvious what they are meant to represent

[gregtatcam]

I'd like to keep it. It's pretty simple pool properties - amount, amount2, lptoken. There is also another function (above) that uses a subset - amount, amount2.

[godexsoft]

Minor note: MaxIterations is implicitly inline (due to constexpr). No need to explicitly seqckfu inline

[gregtatcam]

Thanks, updated.

[godexsoft]

Newline needed

[gregtatcam]

Added.

[godexsoft]

Consider moving magic numbers into some sort of constant on the class?

[gregtatcam]

Added.

[godexsoft]

Does this change not break anything in the rest of the system? i mean if it was expected to be one thing before and now it's a different thing it may lead to some issues with already existing data and what not. Just wanted to make sure you checked and confirmed this

[godexsoft]

@HowardHinnant , maybe you can clarify this. Thanks

[HowardHinnant]

Yes, this is a breaking change. And therefore this change is guarded by an amendment that must be approved prior to going into effect.

[godexsoft]

Consider adding BEAST_EXPECT_THROW_ANY(...) or similar to simplify all the boilerplate

[godexsoft]

Is it allowed to have cout logs anywhere? I'd expect only jlog logs to be pushed to the repo

[godexsoft]

Also more couts in other places in this file.

[gregtatcam]

This is for debugging. There is also a manual AMMCalc test, which is more of a tool to check the state of AMM after swap, etc.

[godexsoft]

Newline needed

[gregtatcam]

Added.

[seelabs]

Still 👍 after the latest patches

[ximinez]

Merge looks good!