fix: Add MPT/DEX assorted fixes

[gregtatcam]

High Level Overview of Change

• ValidMPTTransfer, check for valid MPTLocked, MPTCanTrade, MPTCanTransfer.
• Replace canTrade with canTransfer in CheckCreate/Cash (Check is not DEX tx).
• Change tecFROZEN to tecLOCKED for locked MPT.
• Replace checkMPTTxAllowed() with canMPTTradeAndTransfer().
• Fix double adjustOwnerCount() in AMMWithdraw.
• Extend the unit-tests.

[xrplf-ai-reviewer]

Removed canTrade() creation-time guard needs audit — see inline comment at line 167.

Review by Claude Opus 4.6 · Prompt: V14

[xrplf-ai-reviewer]

Removed canTrade() check replaced with unconditional success — verify IOU tradeability is still enforced elsewhere at creation time.

The old code returned canTrade(ctx.view, ctx.tx[sfSendMax].asset()) here, which gated check creation on asset tradeability. The MPT path now has an explicit canTransfer guard (lines 148–153), but the IOU visitor branch (lines 103–135) should be audited to confirm an equivalent check exists. Dropping this shifts all IOU trade enforcement to cash time, creating a single point of failure if CheckCash is ever bypassed or misconfigured.

[gregtatcam]

This is not an issue. canTrade() was added for MPT/DEX feature. canTrade() returns tesSUCCESS for Issue. Since CheckCreate is not a DEX transaction, this logic is reverted to pre MPT/DEX code-base; i.e., return tesSUCCESS. canTransfer() is added only for MPTIssue to check if MPTCanTransfer flag is enabled.

[shawnxie999]

do we possibly want to include requireAuth as well?

[gregtatcam]

Sure. This is going to be a check for the receivers only, right?

[shawnxie999]

Would it also make sense to check for sender as well? Both should have auth when transferring

[gregtatcam]

The problem with send is that the send object could be deleted, in which case requireAuth fails. I can call it with WeakAuth, but it still might fail. The only thing that I can do if it's deleted is to check for MPTRequireAuth flag on the MPTokenIssuance and if set then check MPTAuthorized flag on before object. If the latter is not set then the invariant fails.

[xrplf-ai-reviewer]

Compile error (undeclared txnType) flagged in MPTInvariant.cpp; potential missing trading-restriction enforcement in CheckCreate.cpp — see inline comments.

Review by Claude Opus 4.6 · Prompt: V14

[xrplf-ai-reviewer]

txnType is captured by reference but never declared in scope — won't compile. Declare it before the lambda:

    auto const txnType = tx.getTxnType();
    auto const isDEX = [&tx, &txnType] {

[xrplf-ai-reviewer]

Unconditional tesSUCCESS replaces the prior canTrade call — confirm IOU trading restrictions are enforced elsewhere.

[gregtatcam]

This is correct change.

[xrplf-ai-reviewer]

Looked through this one

Potential validation gap at line 167 — the unconditional canTrade call for all asset types was replaced with tesSUCCESS; the IOU path may be missing an equivalent check. See inline.

---

Review by ReviewBot 🤖

Review by Claude Opus 4.6 · Prompt: V14

[xrplf-ai-reviewer]

canTrade was previously called unconditionally for all asset types — confirm it was a no-op for IOU assets, or add an IOU branch validation to avoid silently dropping that check.

[codecov]

Codecov Report

❌ Patch coverage is 99.21875% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 81.6%. Comparing base (6a0ce46) to head (e85f010).
⚠️ Report is 7 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/libxrpl/tx/invariants/MPTInvariant.cpp	98.2%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #6855     +/-   ##
=========================================
- Coverage     81.6%   81.6%   -0.0%     
=========================================
  Files         1010    1010             
  Lines        75973   76030     +57     
  Branches      7610    7604      -6     
=========================================
+ Hits         61993   62038     +45     
- Misses       13980   13992     +12     

Files with missing lines	Coverage Δ
include/xrpl/tx/invariants/InvariantCheck.h	100.0% <ø> (ø)
src/libxrpl/ledger/helpers/MPTokenHelpers.cpp	96.1% <100.0%> (+<0.1%)	⬆️
src/libxrpl/ledger/helpers/TokenHelpers.cpp	95.4% <100.0%> (+0.1%)	⬆️
src/libxrpl/tx/transactors/check/CheckCash.cpp	90.6% <100.0%> (+<0.1%)	⬆️
src/libxrpl/tx/transactors/check/CheckCreate.cpp	99.1% <100.0%> (+0.1%)	⬆️
src/libxrpl/tx/transactors/dex/AMMClawback.cpp	98.1% <100.0%> (+2.6%)	⬆️
src/libxrpl/tx/transactors/dex/AMMCreate.cpp	90.9% <100.0%> (+0.1%)	⬆️
src/libxrpl/tx/transactors/dex/AMMDeposit.cpp	96.4% <100.0%> (+0.3%)	⬆️
src/libxrpl/tx/transactors/dex/AMMWithdraw.cpp	94.3% <100.0%> (+0.2%)	⬆️
src/libxrpl/tx/transactors/dex/OfferCreate.cpp	93.3% <100.0%> (+0.1%)	⬆️
... and 1 more

... and 6 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[shawnxie999]

nit - this comment can probably be removed/changed

[shawnxie999]

Could we combine the auth checks with the freeze logic here? That way we wouldn’t need separate frozen and reqAuth booleans—we could instead use a single illegalTransfer boolean that covers both cases. (it probably doesn't hurt to check auth for the sender)

[xrplf-ai-reviewer]

LGTM - clean fixes across the board.

Review by Claude Opus 4.6 · Prompt: V14

[shawnxie999]

lgtm

[xrplf-ai-reviewer]

LGTM - solid fixes.

Review by Claude Opus 4.6 · Prompt: V15

[xrplf-ai-reviewer]

LGTM - solid fixes across MPT/DEX handling.

Review by Claude Opus 4.6 · Prompt: V15

[github-actions]

This PR has conflicts, please resolve them in order for the PR to be reviewed.