Skip to content

AccountDelete: Add explicit guard for AMM pseudo-accounts via sfAMMID #6662

New issue
New issue
Open
Open
AccountDelete: Add explicit guard for AMM pseudo-accounts via sfAMMID#6662
Labels
AI TriageBugs and fixes that have been triaged via AI initiatives
@mvadari

Description

@mvadari
mvadari
opened on Mar 26, 2026

Issue Description

In AccountDelete (src/libxrpl/tx/transactors/account/AccountDelete.cpp), AMM pseudo-accounts are protected from deletion only incidentally: the ltAMM ledger entry type is absent from the nonObligationDeleter switch (lines 175–200), so nullptr is returned, which causes tecHAS_OBLIGATIONS. This protection is a side-effect of the switch's default case, not an explicit design guard.

If ltAMM is ever added to nonObligationDeleter in a future refactor (e.g., for cleanup purposes), the protection silently disappears.

Steps to Reproduce

Not currently exploitable — AMM accounts cannot be deleted today.

Expected Result

Add an explicit check in AccountDelete::preclaim to reject deletion of AMM pseudo-accounts:

if (sleAccount->isFieldPresent(sfAMMID))
    return tecHAS_OBLIGATIONS;

This makes the intent explicit and future-proof.

Actual Result

Protection relies on ltAMM being absent from the nonObligationDeleter switch — an implicit, fragile invariant.

Environment

All versions with AMM support (XLS-30).

Supporting Files

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    AI TriageBugs and fixes that have been triaged via AI initiatives

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions