[Amendment] If you set a destination on an NFT offer, only that destination can settle through brokerage (fix #4373) #4399
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dangell7
changed the title
dangell7
changed the title
NFTokenAcceptOffer Change the way destination is used.
dangell7
force-pushed
the
xls20brokerfix
branch
2 times, most recently
from
9e58900 to
aa730fb
Compare
dangell7
changed the title
NFTokenAcceptOffer Change the way destination is used.fixNFTokenBrokerAccept If you set a destination on the offer, only that destination can settle through brokerage.
nixer89
reviewed
Jan 31, 2023
dangell7
force-pushed
the
xls20brokerfix
branch
from
aa730fb to
9cd2375
Compare
|
@intelliot : this bug really hurts people out there. I request that this fix is included in the next planned release. This PR solves the issue 4373 |
|
Pending any issues that come up during reviews, I think this should go into the next release. These are some example transactions that are a result of this issue: https://bithomp.com/explorer/BA4F42227EC87C5447B94E3FFD376D58B562601C413B103B6EB1FEC3621F72D0 |
dangell7
force-pushed
the
xls20brokerfix
branch
2 times, most recently
from
281c8db to
17f70d0
Compare
dangell7
requested review from
nixer89
and removed request for
ledhed2222,
scottschurr and
RichardAH
dangell7
force-pushed
the
xls20brokerfix
branch
2 times, most recently
from
61888ec to
2664f83
Compare
|
@bharathchari Would it be OK for this to be rolled into the same NFT bugfix amendment that is currently in development? i.e. this branch: https://github.com/XRPLF/rippled/tree/feature/nft-fixes - which will likely include #4380 and #4403, if approved. Or, should this be its own amendment? |
I think this would be okay. Maybe we can then rename the amendment, away from |
scottschurr
approved these changes
Feb 4, 2023
There was a problem hiding this comment.
👍 Looks like a reasonable solution to the problem to me. Nice work with the unit tests.
I did leave comments on a few things that I think might be improvements, but they needn't hold up this pull request. Those changes can be made at your discretion. Thanks for the contribution!
ledhed2222
reviewed
Feb 13, 2023
ledhed2222
reviewed
Feb 13, 2023
| *dest != ctx.tx[sfAccount]) | ||
| { | ||
| return tecNO_PERMISSION; | ||
| } |
There was a problem hiding this comment.
it's not a blocker, but you are checking the rule twice when you could check it just once with some conditional re-ordering
There was a problem hiding this comment.
I refactored this if you want to check it out.
There was a problem hiding this comment.
it's better looking to me! this is fine for merge, but IMO I would do this to remove a level of indentation:
if (ctx.view.rules().enabled(fixUnburnableNFToken))
{
if (*dest != ctx.tx[sfAccount])
return tecNO_PERMISSION;
}
else if (*dest != so->at(sfOwner) && *dest != ctx.tx[sfAccount])
return tecNFTOKEN_BUY_SELL_MISMATCH;
ledhed2222
reviewed
Feb 13, 2023
ledhed2222
reviewed
Feb 13, 2023
ledhed2222
approved these changes
Feb 13, 2023
|
@ledhed2222 made the suggested changes. Thank you for reviewing |
This was referenced Feb 13, 2023
ledhed2222
reviewed
Feb 13, 2023
| // the destination must be the buyer or the broker. | ||
| if (*dest != bo->at(sfOwner) && *dest != ctx.tx[sfAccount]) | ||
| return tecNFTOKEN_BUY_SELL_MISMATCH; | ||
| } |
ledhed2222
reviewed
Feb 13, 2023
| @@ -5088,4 +5121,4 @@ class NFToken_test : public beast::unit_test::suite | |||
|
|
|||
| BEAST_DEFINE_TESTSUITE_PRIO(NFToken, tx, ripple, 2); | |||
|
|
|||
| } // namespace ripple | |||
| } // namespace ripple | |||
There was a problem hiding this comment.
missing a newline but not a blocker
ledhed2222
added
the
Passed
|
Feel free to open a new PR for any styling nitpicks - or just leave them alone. Either way is fine :) |
kennyzlei
pushed a commit
that referenced
this pull request
Feb 13, 2023
…4399) Without this amendment, for NFTs using broker mode, if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction. Also, if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction. This is not ideal and is misleading. Instead, with this amendment: If you set a destination, that destination needs to be the account settling the transaction. So, the broker must be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers. If users want their offers open to the public, then they should not set a destination. On the other hand, if users want to limit who can settle the offers, then they would set a destination. Unit tests: 1. The broker cannot broker a destination offer to the buyer and the buyer must accept the sell offer. (0 transfer) 2. If the broker is the destination, the broker will take the difference. (broker mode)
kennyzlei
pushed a commit
that referenced
this pull request
Feb 13, 2023
…4399) Without this amendment, for NFTs using broker mode, if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction. Also, if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction. This is not ideal and is misleading. Instead, with this amendment: If you set a destination, that destination needs to be the account settling the transaction. So, the broker must be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers. If users want their offers open to the public, then they should not set a destination. On the other hand, if users want to limit who can settle the offers, then they would set a destination. Unit tests: 1. The broker cannot broker a destination offer to the buyer and the buyer must accept the sell offer. (0 transfer) 2. If the broker is the destination, the broker will take the difference. (broker mode) Signed-off-by: Kenny Lei <[email protected]>
kennyzlei
pushed a commit
that referenced
this pull request
Feb 13, 2023
…4399) Without this amendment, for NFTs using broker mode, if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction. Also, if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction. This is not ideal and is misleading. Instead, with this amendment: If you set a destination, that destination needs to be the account settling the transaction. So, the broker must be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers. If users want their offers open to the public, then they should not set a destination. On the other hand, if users want to limit who can settle the offers, then they would set a destination. Unit tests: 1. The broker cannot broker a destination offer to the buyer and the buyer must accept the sell offer. (0 transfer) 2. If the broker is the destination, the broker will take the difference. (broker mode)
kennyzlei
pushed a commit
that referenced
this pull request
Feb 13, 2023
…4399) Without this amendment, for NFTs using broker mode, if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction. Also, if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction. This is not ideal and is misleading. Instead, with this amendment: If you set a destination, that destination needs to be the account settling the transaction. So, the broker must be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers. If users want their offers open to the public, then they should not set a destination. On the other hand, if users want to limit who can settle the offers, then they would set a destination. Unit tests: 1. The broker cannot broker a destination offer to the buyer and the buyer must accept the sell offer. (0 transfer) 2. If the broker is the destination, the broker will take the difference. (broker mode)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
…ctionality * upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
ximinez
added a commit
to ximinez/rippled
that referenced
this pull request
Feb 15, 2023
…tpage * upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
dangell7
added a commit
to Transia-RnD/rippled
that referenced
this pull request
Mar 5, 2023
…RPLF#4399) Without this amendment, for NFTs using broker mode, if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction. Also, if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction. This is not ideal and is misleading. Instead, with this amendment: If you set a destination, that destination needs to be the account settling the transaction. So, the broker must be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers. If users want their offers open to the public, then they should not set a destination. On the other hand, if users want to limit who can settle the offers, then they would set a destination. Unit tests: 1. The broker cannot broker a destination offer to the buyer and the buyer must accept the sell offer. (0 transfer) 2. If the broker is the destination, the broker will take the difference. (broker mode)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
High Level Overview of Change
Currently with NFTs using broker mode if the sell offer contains a destination and that destination is the buyer account, anyone can broker the transaction.
It is also true that if a buy offer contains a destination and that destination is the seller account, anyone can broker the transaction.
Imo this is not ideal and is misleading to everyone.
The comments in the code are;
This is misleading because the broker is the account submitting the transaction. Its anyone. Again, if the buyer specified a destination and that destination is the seller, anyone can settle the tx. I don't think that makes sense.
I believe the goal should be; If you set a destination, that destination needs to be the person settling the transaction.
This PR introduces a fix amendment called
fixNFTokenBrokerAccept.Context of Change
The changes made now force the broker to be the destination if they want to settle. If the buyer is the destination, then the buyer must accept the sell offer, as you cannot broker your own offers.
If users want their offers open to the public then not setting a destination would be the recommended way. Inversely, if users want to limit who can settle the offers, then they would set a destination.
This PR fixes #4373.
Type of Change
Test Plan
I also added a test function to show one of the more recent issues. There are 2 things tested.