Fix touchy "funds are conserved" assertion in LoanPay

[ximinez]

• Add poorly named "Yield Theft via Rounding Manipulation" test

High Level Overview of Change

IOU rounding when a Vault and a Loan are at significantly different scales can lead to the appearance of lost funds. An assertion in LoanPay wants funds to be "conserved", but that isn't always possible.

Context of Change

The new unit test testYieldTheftRounding was submitted as a finding in ImmuneFi's attackathon. Due to earlier changes in how overpayments are calculated, the "theft" is now a non-issue, but the assertion still was causing problems.

Update the rounding to improve accuracy, and calculate the amounts in a few different ways so if one still rounds unexpectedly, one of the others will not. This sounds weird, and it is, but IOU rounding can be weird. "Sometimes you eat the bear, and sometimes the bear eats you."

Type of Change

• Bug fix (non-breaking change which fixes an issue)

[codecov]

Codecov Report

❌ Patch coverage is 98.36066% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 79.3%. Comparing base (564a351) to head (08170ff).
⚠️ Report is 3 commits behind head on ximinez/release-3.1.0-rc2.

Files with missing lines	Patch %	Lines
src/xrpld/app/tx/detail/LoanPay.cpp	98.3%	1 Missing ⚠️

Additional details and impacted files

@@                     Coverage Diff                     @@
##           ximinez/release-3.1.0-rc2   #6231     +/-   ##
===========================================================
- Coverage                       79.4%   79.3%   -0.0%     
===========================================================
  Files                            839     839             
  Lines                          71716   71772     +56     
  Branches                        8254    8271     +17     
===========================================================
+ Hits                           56914   56950     +36     
- Misses                         14802   14822     +20     

Files with missing lines	Coverage Δ
include/xrpl/protocol/STAmount.h	96.2% <ø> (ø)
src/xrpld/app/misc/detail/LendingHelpers.cpp	89.0% <100.0%> (+0.9%)	⬆️
src/xrpld/app/tx/detail/LoanPay.cpp	95.8% <98.3%> (+0.5%)	⬆️

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Tapanito]

Suggested change

	assetsAvailableAfter <= *assetsTotalProxy,
	assetsAvailableAfter <= assetsTotalAfter,

[Tapanito]

nit:

Suggested change

	JLOG(j_.warn()) << "LoanPay: Vault assets available unchanged after "
	"rounding: Before: "
	<< assetsAvailableBefore
	<< ", After: " << assetsAvailableAfter;
	JLOG(j_.warn())
	<< "LoanPay: Vault assets available unchanged after rounding: "
	<< "Before: " << assetsAvailableBefore
	<< ", After: " << assetsAvailableAfter;

[Tapanito]

Suggested change

	if (assetsAvailableAfter > *assetsTotalProxy)
	{
	// Assets available are not allowed to be larger than assets total.
	// LCOV_EXCL_START
	JLOG(j_.fatal())
	<< "LoanPay: Vault assets available must not be greater "
	"than assets outstanding. Available: "
	<< assetsAvailableAfter << ", Total: " << *assetsTotalProxy;
	if (assetsAvailableAfter > assetsTotalAfter)
	{
	// Assets available are not allowed to be larger than assets total.
	// LCOV_EXCL_START
	JLOG(j_.fatal())
	<< "LoanPay: Vault assets available must not be greater "
	"than assets outstanding. Available: "
	<< assetsAvailableAfter << ", Total: " << assetsTotalAfter;

[Tapanito]

I understand that you're using the 3 / 4 division to create a threshold that is an order of magnitude, but perhaps the magic numbers are better place somewhere else, or at least provided as a constant variable? Future generations (most likely one of us), might find this confusing.

[gregtatcam]

How about using withinRelativeDistance()?

[Tapanito]

The tricky thing is how does one determine an acceptable delta?

[Tapanito]

Perhaps this change can be done separately, but wouldn't enforcing that there is no absolute balance change, is better served in Loan invariant?

[Tapanito]

nit:

Suggested change

	JLOG(j_.warn())
	<< "LoanPay: Vault assets expected change, but unchanged after "
	"rounding: Before: "
	<< assetsTotalBefore << ", After: " << assetsTotalAfter
	<< ", ValueChange: " << paymentParts->valueChange;
	JLOG(j_.warn()) << "LoanPay: Vault assets total expected change, but "
	"unchanged after rounding: "
	<< "Before: " << assetsTotalBefore
	<< ", After: " << assetsTotalAfter
	<< ", ValueChange: " << paymentParts->valueChange;

[Tapanito]

Can we remove these logs?

[Tapanito]

These too

[Tapanito]

And these

[Tapanito]

I understand that this is copy pasted code, but it seems that this can be simplified.

The vault.deposit and loanBroker.coverDeposits are already performed in the createVaultAndBroker method. Thus these two operations can be removed, by passing the appropriate values to createVaultAndBroker, a few lines above.

[gregtatcam]

Could you please expand on the balance scale logic? Suppose min = 7 and max = 9 and it's IOU. Then new max = 9 + (9 - 7) = 11. Why is it a better scale? I would have expected the lowest scale to be the best.

[shawnxie999]

currently these checks are in DEBUG mode. Do we want to bring some checks into RELEASE?