fix: Add zero domainID check for permissionedDomain

[yinyiqian1]

Because Ledger::read() asserts on zero keys, view.read(keylet::permissionedDomain(domainID)) must only be called with a non-zero domainID. This PR adds guarded validation for zero DomainID in OfferCreate and Payment, plus a defensive check in permissioned_dex::accountInDomain().
Although the asserts are only triggered in debug build, it is still worth adding the defensive check.

• Add preflight checks for OfferCreate and Payment so a zero DomainID returns temMALFORMED.
• Add check in permissioned_dex::accountInDomain() to avoid constructing a zero-key PermissionedDomain keylet.
• The changes are guarded by fixCleanup3_2_0

High Level Overview of Change

Context of Change

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

[Copilot]

Pull request overview

This PR hardens Permissioned DEX DomainID handling to prevent Ledger::read() from being called with a zero key (which triggers UNREACHABLE in assert-enabled builds). It adds preflight validation to reject a zero sfDomainID on OfferCreate and Payment, and adds a defensive guard in permissioned_dex::accountInDomain(), all gated by fixCleanup3_2_0.

Changes:

• Add temMALFORMED preflight rejection when sfDomainID == 0 for OfferCreate and Payment (when fixCleanup3_2_0 is enabled).
• Add a defensive early-return in permissioned_dex::accountInDomain() to avoid constructing a zero-key PermissionedDomain keylet.
• Extend PermissionedDEX_test coverage to assert temMALFORMED for zero DomainID, and run relevant tests both with and without fixCleanup3_2_0.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
src/test/app/PermissionedDEX_test.cpp	Adds regression tests for zero DomainID preflight behavior and runs OfferCreate/Payment tests with/without fixCleanup3_2_0.
src/libxrpl/tx/transactors/payment/Payment.cpp	Rejects sfDomainID == 0 as temMALFORMED in preflight (gated by fixCleanup3_2_0).
src/libxrpl/tx/transactors/dex/OfferCreate.cpp	Rejects sfDomainID == 0 as temMALFORMED in preflight (gated by fixCleanup3_2_0).
src/libxrpl/ledger/helpers/PermissionedDEXHelpers.cpp	Adds a defensive check to avoid view.read(keylet::permissionedDomain(0)) (gated by fixCleanup3_2_0).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.4%. Comparing base (2f3558c) to head (fd8b3a5).

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #7362     +/-   ##
=========================================
- Coverage     82.4%   82.4%   -0.0%     
=========================================
  Files         1011    1011             
  Lines        76477   76484      +7     
  Branches      7322    7316      -6     
=========================================
- Hits         63005   63004      -1     
- Misses       13472   13480      +8     

Files with missing lines	Coverage Δ
.../libxrpl/ledger/helpers/PermissionedDEXHelpers.cpp	96.7% <100.0%> (+0.1%)	⬆️
src/libxrpl/tx/transactors/dex/OfferCreate.cpp	93.4% <100.0%> (+<0.1%)	⬆️
src/libxrpl/tx/transactors/payment/Payment.cpp	93.8% <100.0%> (+0.1%)	⬆️

... and 6 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[PeterChen13579]

Looks good to me

[Kassaking7]

LGTM :D

[bthomee]

@yinyiqian1 is this ready to merge?

[yinyiqian1]

@yinyiqian1 is this ready to merge?

Yes. Thanks for reminding. Just added the label