Skip to content

Conversation

@ffranr
Copy link
Contributor

@ffranr ffranr commented Nov 25, 2025

This PR adds a new pre-broadcast validation step to the ChainPorter so that input proofs on pre-anchored send packages are validated before the anchor transaction is broadcast. Broadcasting is a non-reversible action, so we now fail early when a package carries invalid input proofs.

  • Add new ChainPorter state SendStateVerifyPreBroadcast to run input-proof validation before broadcasting the anchor transaction.
  • Pre-anchored send packages now start in this state instead of SendStateStorePreBroadcast.
  • Refactor and extend tapchannel proof-handling so that input proofs are fully finalized before validation. This includes:
    • Shared reanchoring logic (reanchorAssetOutputs) to anchor proofs to the actual commitment transaction.
    • New helpers (updateProofsFromShortChanID, Proof.TaprootOutputScript) to populate and derive the data required for correct input-proof construction.
    • Block/tx lookup via the new ChainBridge.GetBlockByHeight path to avoid per-caller duplication.
  • These tapchannel changes are required for the input proofs to pass the new validation state.

Notes

@gemini-code-assist
Copy link

Summary of Changes

Hello @ffranr, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the robustness of asset transfers by implementing an early validation step for input proofs within the ChainPorter's state machine. By verifying the integrity of proofs before an anchor transaction is broadcast, the system can prevent the irreversible broadcasting of invalid packages. This change is supported by extensive refactoring of proof handling logic in tapchannel, including new helper functions for reanchoring proofs to actual commitment transactions and a new chain bridge method for block lookups by height, ensuring all necessary proof data is correctly finalized for validation.

Highlights

  • Early Proof Validation: Introduced a new SendStateVerifyPreBroadcast state in the ChainPorter to validate input proofs on pre-anchored send packages before broadcasting the anchor transaction, preventing invalid broadcasts.
  • Refactored Proof Handling: Enhanced tapchannel proof handling with shared reanchoring logic (reanchorAssetOutputs), new helpers (updateProofsFromShortChanID, Proof.TaprootOutputScript), and a ChainBridge.GetBlockByHeight method to ensure input proofs are fully finalized before validation.
  • Dependency Update: Updated the lnd dependency to a specific fork in go.mod and go.sum.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@ffranr ffranr moved this from 🆕 New to 👀 In review in Taproot-Assets Project Board Nov 25, 2025
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a valuable pre-broadcast validation step for asset sends, enhancing the robustness of the ChainPorter by verifying input proofs before the anchor transaction is broadcast. The refactoring of proof-handling logic into new helpers like reanchorAssetOutputs and updateProofsFromShortChanID improves code structure and maintainability. My review includes a critical comment regarding a temporary dependency in go.mod that should be removed, along with suggestions to address code duplication and a misleading comment for better clarity and maintainability.

@ffranr ffranr force-pushed the wip/add-chainporter-validation/add-proof-validation-state branch from 21585ab to e966327 Compare November 25, 2025 01:06
Introduce a new state in the ChainPorter state machine to perform
pre-broadcast validation on the send package. Currently, it validates
only input proofs. Additional validation steps will be added in the
future.
Pre-anchored send packages now begin in the SendStateVerifyPreBroadcast
state instead of SendStateStorePreBroadcast. This ensures that
pre-broadcast validation is performed before storing the package or
anchor transaction broadcast.
- Add updateProofsFromShortChanID to populate transition proofs using
  a channel's funding outpoint (block hash, txid, tx index).
- Share block lookup logic via ChainBridge to avoid redundant code in
  each caller.
- Use the helper in aux sweeper and closer to populate funding proofs
  consistently.
Add TaprootOutputScript method to the Proof type to derive the
Taproot output script and taproot key anchoring the proof using its
inclusion path.
@ffranr ffranr force-pushed the wip/add-chainporter-validation/add-proof-validation-state branch from e966327 to 70e3645 Compare November 25, 2025 01:10
@coveralls
Copy link

coveralls commented Nov 25, 2025

Pull Request Test Coverage Report for Build 19735582954

Details

  • 76 of 277 (27.44%) changed or added relevant lines in 11 files are covered.
  • 79 unchanged lines in 20 files lost coverage.
  • Overall coverage decreased (-0.05%) to 56.564%

Changes Missing Coverage Covered Lines Changed/Added Lines %
tapgarden/mock.go 1 2 50.0%
rpcserver.go 5 9 55.56%
tapchannel/aux_funding_controller.go 0 4 0.0%
universe/supplycommit/mock.go 0 7 0.0%
proof/proof.go 19 30 63.33%
tapchannel/aux_closer.go 0 11 0.0%
lndservices/chain_bridge.go 10 22 45.45%
tapfreighter/chain_porter.go 38 51 74.51%
tapchannel/proof_utils.go 0 62 0.0%
tapchannel/aux_sweeper.go 0 76 0.0%
Files with Coverage Reduction New Missed Lines %
address/mock.go 2 95.11%
asset/asset.go 2 80.21%
commitment/tap.go 2 85.19%
mssmt/compacted_tree.go 2 77.65%
tapchannel/aux_closer.go 2 1.21%
tapchannel/aux_sweeper.go 2 1.42%
tapdb/mssmt.go 2 90.45%
tapdb/sqlc/mssmt.sql.go 2 48.34%
tapdb/sqlc/transfers.sql.go 2 82.65%
tapdb/universe.go 2 80.81%
Totals Coverage Status
Change from base Build 19707991000: -0.05%
Covered Lines: 64690
Relevant Lines: 114367

💛 - Coveralls

@ffranr
Copy link
Contributor Author

ffranr commented Nov 25, 2025

LiT CI job is failing because litd will also need LND bump to lightningnetwork/lnd#10391

@jtobin jtobin requested review from GeorgeTsagk and jtobin November 25, 2025 05:59
@ffranr ffranr force-pushed the wip/add-chainporter-validation/add-proof-validation-state branch from 70e3645 to c4ddbf6 Compare November 25, 2025 17:08
Copy link
Member

@jtobin jtobin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another great add. 🙏 LGTM modulo the requisite LND bump and matching replace.. uh, replacement.

I also wound up putting together an itest case while reviewing this that might be worth pulling in (see the linked PR).

- Update lnd dependency to a version that includes the new
  CommitTxBlockHeight field in the ResolutionReq struct.
Introduce reanchorAssetOutputs to centralize the logic for anchoring
proofs to the actual commitment transaction. This function sets the
correct output index in the inclusion proof by matching the asset's
Taproot output in the transaction.

Used to keep proof reanchoring consistent across aux_sweeper and
aux_closer by reusing a shared anchoring path.
@ffranr ffranr force-pushed the wip/add-chainporter-validation/add-proof-validation-state branch from c4ddbf6 to 815021f Compare November 27, 2025 12:02
@ffranr ffranr requested a review from jtobin November 27, 2025 13:37
Copy link
Member

@jtobin jtobin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

(I clocked the associated itest as taking 23s to run on my M4 MacBook Air, so probably longer in CI -- probably not worth pulling in purely as a regression defence.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: 👀 In review

Development

Successfully merging this pull request may close these issues.

4 participants