XLS-46: Dynamic Non Fungible Tokens (dNFTs)

[xVet]

High Level Overview of Change

This Amendment adds functionality to update the URI of XLS-20 NFTs by adding:

• NFTokenModify: Transactor to initiate the altering of the URI
• lsfMutable: Flag to be set in a NFTokenMint transaction to allow NFTokenModify to execute successfully on given NFT.

Context of Change

Changes and spec: XLS-46

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

Future Tasks

Test case for:

• NFTokenModify
• lsfMutable (new flag for NFTokenMint)

[xVet]

Tests are for the next commits. Tests, guards and code related to tfTrustLine/fixRemoveNFTokenAutoTrustLine are removed in my draft as well

[shawnxie999]

Also would want to point out that this change would require a Clio ETL update as well, as it introduces a new transaction. Would be happy to help 😄

[shawnxie999]

should also add
constexpr std::uint32_t const tfNFTokenModifyMask = ~tfUniversal;

[mvadari]

This is unnecessary - all the other transactions that don't have any flags just use the tfUniversalMask variable instead of creating a new one.

[shawnxie999]

True, unless new flags are looking to be added in the future 🤷

[mvadari]

Yes, but a new variable can be added then.

[shawnxie999]

need to check

    if (txFlags & tfNFTokenModifyMask)
        return temINVALID_FLAG;

[mvadari]

nit: I would call this featureDynamicNFT to be a bit more descriptive

[mvadari]

Flags are bitmasks, they should only be one bit and the number is already in hex.

Suggested change

	constexpr std::uint32_t const tfMutable = 0x00000016;
	constexpr std::uint32_t const tfMutable = 0x00000010;

[mvadari]

nit:

Suggested change

[mvadari]

nit: files should end with a newline

[mvadari]

This needs the standard license/disclaimer text (ditto for NFTokenModify.cpp)

[mvadari]

This check is unneeded - it'll be checked by TxFormats (it'll also crash when you try to fetch those values from ctx.tx if you don't use the ~ anyways)

[mvadari]

This new transaction type needs to be added to ripple/protocol/TxFormats.h and ripple/protocol/impl/TxFormats.cpp and ripple/app/tx/impl/applySteps.cpp - otherwise rippled doesn't know it exists

[shawnxie999]

I would suggest add a validation in NFTokenModify, where it returns failure if the NFT still has outstanding buy and sell offers.

Otherwise, I see two problems:

1. If the owner changes the URI and someone else accepts a current offer around the same time, the buyer may not realize that the URI has been updated, resulting in buying a NFT that they may not have want. I think we would like to avoid this confusion and potential bad act at the protocol layer.
2. From a technical perspective, the Clio ETL does not handle a edge case very well - if a NFTokenModify and NFTokenAcceptOffer occur at the the same ledger, Clio will result in data loss. This a design with the clio that hasn't considered the possibility where the URI change and a transfer of ownership can happen at the same ledger. Trying to solve this problem is rather messy to do in the Clio end, so I would prefer not go that route.

So I think adding a validation to check for offers, even though it will be some extra work as the owner would need to cancel all the offers, but that's reasonable.

Any thoughts?

[xVet]

Great point! I agree it makes totally sense to first check if offers are available and if so, to cancel them all ? Would you say, if offers available then let NFTokenModify fail or rather cancel all offers and then execute? Basically guaranteeing a successful execution either way.

Thanks for the noticing this edge scenario Shawn 🤗

[shawnxie999]

Great point! I agree it makes totally sense to first check if offers are available and if so, to cancel them all ? Would you say, if offers available then let NFTokenModify fail or rather cancel all offers and then execute? Basically guaranteeing a successful execution either way.

Thanks for the noticing this edge scenario Shawn 🤗

Both are possible solutions, I don't really have a strong opinion.

To summarize the two options:

1. NFTokenModify fails if the NFT still has offers, and does not cancel them. This should be pretty straightforward, all we need is checking if the sell and buy offer directories are empty or not.

2. NFTokenModify implicitly cancels all the existing offers first, and then changes the URI. However, we need to make sure the the number of existing offers is within a threshold(500), so that the metadata of the transaction won't be too huge. The code to implement this is very similar to NFTokenBurn before the activation of the amendment fixNonFungibleTokensV1_2. In preclaim of NFTokenBurn.cpp, there is a line of code :

    if (!ctx.view.rules().enabled(fixNonFungibleTokensV1_2))
    {
        // If there are too many offers, then burning the token would produce
        // too much metadata.  Disallow burning a token with too many offers.
        return nft::notTooManyOffers(ctx.view, ctx.tx[sfNFTokenID]);
    }

This code will return error if the number of offers exceeds 500, and therefore would require the owner to manually cancel them.

Similarly, NFTokenModify should cancel up to maximum of 500 offers, and then change the URI. But, if the number of offers exceeds 500, then it will simply return an error without changing anything.

Please feel free to make the call, as I think both are acceptable solutions, unless other people think otherwise. 😄

[shawnxie999]

But there is still a concern, what if, in the same ledger, the owner submits a NFTokenModify at the same time someone else creates a buy offer? If that can happen, then the buyer submits a buy offer without knowing the URI changed, and the offer wasn't cancelled because NFTokenModify and NFTokenCreateOffer occured in the same ledger (if NFTokenModify is executed before NFTokenCreateOffer in that ledger)

I'm not sure of this either and I think we may want to double check this edge case in unit test if it's something we would care about.

[tequdev]

As mentioned in the Discussion, sfAccount is a reserved common field for transaction types, it should be sfOwner.

XRPLF/XRPL-Standards#130 (comment)

[tequdev]

NonFungibleTokensV1_1 must be also enabled

[tequdev]

NFToken must be found from sfOwner.

[tequdev]

Since the URI is a required field in the Standard, this condition is always true if it is followed.

If the URI can be deleted, the URI field should be an optional field.

I think it would be appropriate to change the URI field in Standard to an optional field.
And overwrite the URI if it exists in the transaction and delete the URI if it does not.

[shawnxie999]

But there is still a concern, what if, in the same ledger, the owner submits a NFTokenModify at the same time someone else creates a buy offer? If that can happen, then the buyer submits a buy offer without knowing the URI changed, and the offer wasn't cancelled because NFTokenModify and NFTokenCreateOffer occured in the same ledger (if NFTokenModify is executed before NFTokenCreateOffer in that ledger)

I'm not sure of this either and I think we may want to double check this edge case in unit test if it's something we would care about.

To resolve this concern. I would propose an update to the spec, such that the owner can only submit a NFTokenModify transaction if the the NFT owner account has set lsfDisallowIncomingNFTokenOffer, to block any incoming offers until the URI has changed. But another concern of this approach is that it would block incoming offers for all NFTs, which may not be desirable.

[mvadari]

nit: should this method be called modifyToken to match the transaction name?

[mvadari]

The old mask should still also be used based on if fixRemoveNFTokenAutoTrustLine is enabled (this may make the mask a bit complicated, so it might be worth constructing it here instead of having several variables).

[dangell7]

But there is still a concern, what if, in the same ledger, the owner submits a NFTokenModify at the same time someone else creates a buy offer? If that can happen, then the buyer submits a buy offer without knowing the URI changed, and the offer wasn't cancelled because NFTokenModify and NFTokenCreateOffer occured in the same ledger (if NFTokenModify is executed before NFTokenCreateOffer in that ledger)
I'm not sure of this either and I think we may want to double check this edge case in unit test if it's something we would care about.

To resolve this concern. I would propose an update to the spec, such that the owner can only submit a NFTokenModify transaction if the the NFT owner account has set lsfDisallowIncomingNFTokenOffer, to block any incoming offers until the URI has changed. But another concern of this approach is that it would block incoming offers for all NFTs, which may not be desirable.

I think all of that is irrelevant as the issuer can just update the NFToken after the sale. Wether the change happens before the sale or after is irrelevant imo.

Personally I wouldn't do anything with the offers. If clio cant handle this then thats a design flaw on clio and no one should be limiting themselves because clio cant do something.

[shawnxie999]

I think all of that is irrelevant as the issuer can just update the NFToken after the sale. Wether the change happens before the sale or after is irrelevant imo.

Personally I wouldn't do anything with the offers. If clio cant handle this then thats a design flaw on clio and no one should be limiting themselves because clio cant do something.

This actually has nothing to do with clio, but yes it's only a minor detail. If everyone feels good about it, then I don't have any concern.

[mvadari]

Closing this in favor of #5048