feat(ic-icrc1-ledger): add icrc152_mint and icrc152_burn endpoints

bogwar · claude · bogwar · commit 2ee4fcca3c4e · 2026-03-04T19:59:58.000+01:00
- Add Icrc152MintArgs/Icrc152MintError and Icrc152BurnArgs/Icrc152BurnError types
- Add icrc152_mint and icrc152_burn #[update] endpoints
  - Enforce controller-only authorization via ic_cdk::api::is_controller
  - Guard behind the icrc152 feature flag (returns GenericError when disabled)
  - Validate: non-anonymous account, non-zero amount, not minting account (burn)
  - Map apply_transaction errors to typed endpoint errors
- Update icrc3_supported_block_types to include 122burn and 122mint
- Update icrc1_supported_standards to include ICRC-152
- Update ledger.did with new types and service endpoints

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/rs/ledger_suite/icrc1/ledger/ledger.did b/rs/ledger_suite/icrc1/ledger/ledger.did
@@ -548,6 +548,35 @@ type GetIndexPrincipalError = variant {
   }
 };
 
+type Icrc152MintArgs = record {
+  to : Account;
+  amount : nat;
+  created_at_time : opt nat64;
+  reason : opt text
+};
+
+type Icrc152MintError = variant {
+  Unauthorized : text;
+  InvalidAccount : text;
+  Duplicate : record { duplicate_of : nat };
+  GenericError : record { error_code : nat; message : text }
+};
+
+type Icrc152BurnArgs = record {
+  from : Account;
+  amount : nat;
+  created_at_time : opt nat64;
+  reason : opt text
+};
+
+type Icrc152BurnError = variant {
+  Unauthorized : text;
+  InvalidAccount : text;
+  InsufficientBalance : record { balance : nat };
+  Duplicate : record { duplicate_of : nat };
+  GenericError : record { error_code : nat; message : text }
+};
+
 service : (ledger_arg : LedgerArg) -> {
   archives : () -> (vec ArchiveInfo) query;
   get_transactions : (GetTransactionsRequest) -> (GetTransactionsResponse) query;
@@ -581,5 +610,8 @@ service : (ledger_arg : LedgerArg) -> {
 
   icrc106_get_index_principal : () -> (GetIndexPrincipalResult) query;
 
+  icrc152_mint : (Icrc152MintArgs) -> (variant { Ok : nat; Err : Icrc152MintError });
+  icrc152_burn : (Icrc152BurnArgs) -> (variant { Ok : nat; Err : Icrc152BurnError });
+
   is_ledger_ready : () -> (bool) query
 }
diff --git a/rs/ledger_suite/icrc1/ledger/src/main.rs b/rs/ledger_suite/icrc1/ledger/src/main.rs
@@ -2,8 +2,8 @@
 #[cfg(feature = "canbench-rs")]
 mod benches;
 
-use candid::Principal;
 use candid::types::number::Nat;
+use candid::{CandidType, Principal};
 use ic_canister_log::{declare_log_buffer, export, log};
 use ic_cdk::api::stable::StableReader;
 use ic_http_types::{HttpRequest, HttpResponse, HttpResponseBuilder};
@@ -67,6 +67,7 @@ use icrc_ledger_types::{
     icrc2::transfer_from::{TransferFromArgs, TransferFromError},
 };
 use num_traits::{ToPrimitive, bounds::Bounded};
+use serde::{Deserialize, Serialize};
 use serde_bytes::ByteBuf;
 use std::{
     cell::RefCell,
@@ -776,6 +777,10 @@ fn supported_standards() -> Vec<StandardRecord> {
             name: "ICRC-106".to_string(),
             url: "https://github.com/dfinity/ICRC/pull/106".to_string(),
         },
+        StandardRecord {
+            name: "ICRC-152".to_string(),
+            url: "https://github.com/dfinity/ICRC/blob/main/ICRCs/ICRC-152.md".to_string(),
+        },
     ];
     standards
 }
@@ -954,6 +959,14 @@ fn icrc3_supported_block_types() -> Vec<icrc_ledger_types::icrc3::blocks::Suppor
             url: "https://github.com/dfinity/ICRC-1/blob/main/standards/ICRC-2/README.md"
                 .to_string(),
         },
+        SupportedBlockType {
+            block_type: "122burn".to_string(),
+            url: "https://github.com/dfinity/ICRC/blob/main/ICRCs/ICRC-122.md".to_string(),
+        },
+        SupportedBlockType {
+            block_type: "122mint".to_string(),
+            url: "https://github.com/dfinity/ICRC/blob/main/ICRCs/ICRC-122.md".to_string(),
+        },
     ]
 }
 
@@ -1020,6 +1033,220 @@ fn icrc103_get_allowances(arg: GetAllowancesArgs) -> Result<Allowances, GetAllow
     ))
 }
 
+// ── ICRC-152: privileged supply-change endpoints ─────────────────────────────
+
+#[derive(Clone, Debug, CandidType, Deserialize, Serialize)]
+pub struct Icrc152MintArgs {
+    pub to: Account,
+    pub amount: Nat,
+    pub created_at_time: Option<u64>,
+    pub reason: Option<String>,
+}
+
+#[derive(Clone, Debug, CandidType, Deserialize, Serialize)]
+pub enum Icrc152MintError {
+    Unauthorized(String),
+    InvalidAccount(String),
+    Duplicate { duplicate_of: Nat },
+    GenericError { error_code: Nat, message: String },
+}
+
+#[derive(Clone, Debug, CandidType, Deserialize, Serialize)]
+pub struct Icrc152BurnArgs {
+    pub from: Account,
+    pub amount: Nat,
+    pub created_at_time: Option<u64>,
+    pub reason: Option<String>,
+}
+
+#[derive(Clone, Debug, CandidType, Deserialize, Serialize)]
+pub enum Icrc152BurnError {
+    Unauthorized(String),
+    InvalidAccount(String),
+    InsufficientBalance { balance: Nat },
+    Duplicate { duplicate_of: Nat },
+    GenericError { error_code: Nat, message: String },
+}
+
+#[update]
+async fn icrc152_mint(arg: Icrc152MintArgs) -> Result<Nat, Icrc152MintError> {
+    let caller = ic_cdk::api::caller();
+
+    if !ic_cdk::api::is_controller(&caller) {
+        return Err(Icrc152MintError::Unauthorized(
+            "caller is not a controller".to_string(),
+        ));
+    }
+
+    let enabled = Access::with_ledger(|l| l.feature_flags().icrc152);
+    if !enabled {
+        return Err(Icrc152MintError::GenericError {
+            error_code: Nat::from(4u64),
+            message: "ICRC-152 is not enabled on this ledger".to_string(),
+        });
+    }
+
+    if arg.to.owner == Principal::anonymous() {
+        return Err(Icrc152MintError::InvalidAccount(
+            "anonymous account not allowed".to_string(),
+        ));
+    }
+
+    let amount = match Tokens::try_from(arg.amount) {
+        Ok(n) => n,
+        Err(_) => {
+            return Err(Icrc152MintError::GenericError {
+                error_code: Nat::from(0u64),
+                message: "amount too large".to_string(),
+            });
+        }
+    };
+
+    if Tokens::is_zero(&amount) {
+        return Err(Icrc152MintError::GenericError {
+            error_code: Nat::from(0u64),
+            message: "amount must be greater than zero".to_string(),
+        });
+    }
+
+    let block_idx = Access::with_ledger_mut(|ledger| {
+        let now = TimeStamp::from_nanos_since_unix_epoch(ic_cdk::api::time());
+        let created_at_time = arg
+            .created_at_time
+            .map(TimeStamp::from_nanos_since_unix_epoch);
+
+        if &arg.to == ledger.minting_account() {
+            return Err(Icrc152MintError::InvalidAccount(
+                "cannot mint to the minting account".to_string(),
+            ));
+        }
+
+        let tx = Transaction {
+            operation: Operation::AuthorizedMint {
+                to: arg.to,
+                amount,
+                caller,
+                reason: arg.reason,
+            },
+            created_at_time: created_at_time.map(|t| t.as_nanos_since_unix_epoch()),
+            memo: None,
+        };
+
+        let (block_idx, _) =
+            apply_transaction(ledger, tx, now, Tokens::zero()).map_err(|e| match e {
+                CoreTransferError::TxTooOld { .. } => Icrc152MintError::GenericError {
+                    error_code: Nat::from(1u64),
+                    message: "transaction too old".to_string(),
+                },
+                CoreTransferError::TxCreatedInFuture { .. } => Icrc152MintError::GenericError {
+                    error_code: Nat::from(2u64),
+                    message: "transaction created in the future".to_string(),
+                },
+                CoreTransferError::TxDuplicate { duplicate_of } => Icrc152MintError::Duplicate {
+                    duplicate_of: Nat::from(duplicate_of),
+                },
+                e => Icrc152MintError::GenericError {
+                    error_code: Nat::from(0u64),
+                    message: format!("{e:?}"),
+                },
+            })?;
+        Ok(block_idx)
+    })?;
+
+    ic_cdk::api::set_certified_data(&Access::with_ledger(Ledger::root_hash));
+    archive_blocks::<Access>(&LOG, MAX_MESSAGE_SIZE).await;
+    Ok(Nat::from(block_idx))
+}
+
+#[update]
+async fn icrc152_burn(arg: Icrc152BurnArgs) -> Result<Nat, Icrc152BurnError> {
+    let caller = ic_cdk::api::caller();
+
+    if !ic_cdk::api::is_controller(&caller) {
+        return Err(Icrc152BurnError::Unauthorized(
+            "caller is not a controller".to_string(),
+        ));
+    }
+
+    let enabled = Access::with_ledger(|l| l.feature_flags().icrc152);
+    if !enabled {
+        return Err(Icrc152BurnError::GenericError {
+            error_code: Nat::from(4u64),
+            message: "ICRC-152 is not enabled on this ledger".to_string(),
+        });
+    }
+
+    if arg.from.owner == Principal::anonymous() {
+        return Err(Icrc152BurnError::InvalidAccount(
+            "anonymous account not allowed".to_string(),
+        ));
+    }
+
+    let amount = match Tokens::try_from(arg.amount) {
+        Ok(n) => n,
+        Err(_) => {
+            return Err(Icrc152BurnError::GenericError {
+                error_code: Nat::from(0u64),
+                message: "amount too large".to_string(),
+            });
+        }
+    };
+
+    if Tokens::is_zero(&amount) {
+        return Err(Icrc152BurnError::GenericError {
+            error_code: Nat::from(0u64),
+            message: "amount must be greater than zero".to_string(),
+        });
+    }
+
+    let block_idx = Access::with_ledger_mut(|ledger| {
+        let now = TimeStamp::from_nanos_since_unix_epoch(ic_cdk::api::time());
+        let created_at_time = arg
+            .created_at_time
+            .map(TimeStamp::from_nanos_since_unix_epoch);
+
+        let tx = Transaction {
+            operation: Operation::AuthorizedBurn {
+                from: arg.from,
+                amount,
+                caller,
+                reason: arg.reason,
+            },
+            created_at_time: created_at_time.map(|t| t.as_nanos_since_unix_epoch()),
+            memo: None,
+        };
+
+        let (block_idx, _) =
+            apply_transaction(ledger, tx, now, Tokens::zero()).map_err(|e| match e {
+                CoreTransferError::InsufficientFunds { balance } => {
+                    Icrc152BurnError::InsufficientBalance {
+                        balance: balance.into(),
+                    }
+                }
+                CoreTransferError::TxTooOld { .. } => Icrc152BurnError::GenericError {
+                    error_code: Nat::from(1u64),
+                    message: "transaction too old".to_string(),
+                },
+                CoreTransferError::TxCreatedInFuture { .. } => Icrc152BurnError::GenericError {
+                    error_code: Nat::from(2u64),
+                    message: "transaction created in the future".to_string(),
+                },
+                CoreTransferError::TxDuplicate { duplicate_of } => Icrc152BurnError::Duplicate {
+                    duplicate_of: Nat::from(duplicate_of),
+                },
+                e => Icrc152BurnError::GenericError {
+                    error_code: Nat::from(0u64),
+                    message: format!("{e:?}"),
+                },
+            })?;
+        Ok(block_idx)
+    })?;
+
+    ic_cdk::api::set_certified_data(&Access::with_ledger(Ledger::root_hash));
+    archive_blocks::<Access>(&LOG, MAX_MESSAGE_SIZE).await;
+    Ok(Nat::from(block_idx))
+}
+
 candid::export_service!();
 
 #[query]
