Add Confidential MPT (XLS-0096) Phase 1 faulty transaction workloads#59
Draft
manasip-prog wants to merge 2 commits into
Draft
Add Confidential MPT (XLS-0096) Phase 1 faulty transaction workloads#59manasip-prog wants to merge 2 commits into
manasip-prog wants to merge 2 commits into
Conversation
Implements 5 faulty/rejection-only handlers for Confidential MPT fuzzing: - ConfidentialMPTMergeInbox: fake MPT ID, non-holder, issuer-as-holder, invalid flags, non-owner auth - ConfidentialMPTConvert: garbage/wrong-length proofs, ciphertexts, blinding factors, zero amount, negative amount, overflow, point-not-on-curve, key-without-proof, proof-without-key, invalid flags, non-owner auth - ConfidentialMPTSend: garbage/wrong-length proofs, ciphertexts, commitments, self-send, fake MPT ID, non-participant, send-to-issuer, invalid flags, non-owner auth - ConfidentialMPTConvertBack: garbage/wrong-length proofs, ciphertexts, commitments, fake MPT ID, negative/overflow/overdraw amounts, invalid flags, non-owner auth - ConfidentialMPTClawback: garbage/wrong-length proofs, ciphertexts, non-issuer, self-clawback, fake MPT ID, negative/overflow amounts, invalid flags, non-owner auth ~50 unique mutations across all handlers covering structural, cryptographic blob, and semantic fault categories. Uses raw JSON-RPC submission (_submit_raw) to bypass xrpl-py client-side validation, allowing deliberately malformed transactions to reach rippled server-side validation. Files: - workload/src/workload/transactions/confidential_mpt.py (new) - workload/src/workload/params.py (confidential generators) - workload/src/workload/transactions/__init__.py (REGISTRY) - workload/src/workload/transactions/tickets.py (_TICKET_EXCLUDED) - scripts/check-imports, scripts/check-endpoints - 5 test_composer shell scripts
Overflow amount mutations (values > 2^63) cause rippled's JSON parser to reject the request, raising XRPLRequestFailureException in xrpl-py. Catch it in _submit_raw so the tx_submitted assertion still fires instead of bubbling up as a warning to the endpoint handler.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Phase 1 (faulty/rejection-only) transaction handlers for Confidential MPT (XLS-0096) fuzzing. These handlers generate deliberately malformed transactions to exercise rippled's server-side validation paths.
Transaction Types
/confidential/merge_inbox/random/confidential/convert/random/confidential/send/random/confidential/convert_back/random/confidential/clawback/randomDesign
_submit_rawviaGenericRequest) to bypass xrpl-py client-side validation, allowing deliberately malformed transactions to reach rippled's server-side validationnon_owner_submission(Account A signs, Account B in tx) to testtefBAD_AUTH_submit_rawcatchesXRPLExceptionfrom overflow amount mutations (values > 2^63) so thetx_submittedassertion still firesLocal Test Results
Tested against standalone rippled (
xrpld-3.2.0-b0) with the 4-terminal local setup (rippled, ledger_accept loop, workload server, curl).Verification Checks
check-importscheck-endpointsseenassertions fireXRPLRequestFailureExceptioncaught in_submit_rawSubmitted Events (from SDK JSONL)
Assertion Hits
Note on Engine Results
The local rippled (
xrpld-3.2.0-b0) does not yet include the Confidential MPT amendment, so all transactions returninvalidParams(Field 'tx_json.TransactionType' has invalid data). This confirms the workload code is solid — no crashes, proper submission flow. Actual rejection testing (temMALFORMED,tefBAD_AUTH, etc.) requires a rippled built from theconfidential-mptbranch, which is the target environment in Antithesis.Files Changed
workload/src/workload/transactions/confidential_mpt.py— 5 handlers (~490 lines)workload/src/workload/params.py— 12 new confidential generatorsworkload/src/workload/transactions/__init__.py— 5 REGISTRY entriesworkload/src/workload/transactions/tickets.py— 5_TICKET_EXCLUDEDentriesscripts/check-imports,scripts/check-endpoints— updatedtest_composer/all_transactions/Phase 2 (Future)
Valid transaction handlers require the
mpt-cryptolibrary for real ZK proofs and will be added in a follow-up PR once the library is available.Pull Request opened by Augment Code with guidance from the PR author