staticaddr: psbt withdrawals #1043
Conversation
Summary of ChangesHello @hieblmi, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the static address withdrawal mechanism by integrating Partially Signed Bitcoin Transactions (PSBTs). It introduces a new RPC for PSBT-based withdrawals and refactors several core utility functions into a dedicated package, streamlining the process of cooperative transaction signing and improving modularity within the codebase. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new RPC endpoint for PSBT-based withdrawals, ServerPsbtWithdrawDeposits, which enhances the flexibility and security of the withdrawal process by allowing the client to construct the transaction and the server to provide only the necessary signatures. The changes involve significant refactoring, moving common utility functions to a new staticutil package, and updating the withdrawal manager to use the new PSBT flow. The introduction of staticutil improves code organization and reusability. Overall, the changes are well-structured and align with best practices for handling Bitcoin transactions.
| // Do some sanity checks. | ||
| txHash := withdrawalTx.TxHash() | ||
| if !bytes.Equal(txHash.CloneBytes(), sigResp.Txid) { | ||
| return nil, nil, errors.New("txid doesn't match") | ||
| } | ||
|
|
||
| // Next we'll get our sweep tx signatures. | ||
| prevOutFetcher := txscript.NewMultiPrevOutFetcher(prevOuts) | ||
| _, err = m.signMusig2Tx( | ||
| ctx, prevOutFetcher, outpoints, m.cfg.Signer, withdrawalTx, | ||
| withdrawalSessions, coopServerNonces, | ||
| ) | ||
| if err != nil { | ||
| return nil, err | ||
| if len(sigResp.SigningInfo) != len(deposits) { | ||
| return nil, nil, errors.New("invalid number of " + | ||
| "deposit signatures") |
There was a problem hiding this comment.
Adding sanity checks for the returned txid and the length of SigningInfo from the server is a critical security and correctness measure. It ensures that the server's response matches the client's expectations and prevents potential manipulation or errors.
There was a problem hiding this comment.
What is your point? The checks are in place. Do you suggest additional checks?
There was a problem hiding this comment.
I propose to check not only the length, but also that they have the same elements (1:1 matching). That each deposit got one record in sigResp.SigningInfo.
Please also add a test checking this situation.
hieblmi
force-pushed
the
withdraw-psbt
branch
4 times, most recently
from
94c5f92 to
e387361
Compare
hieblmi
force-pushed
the
withdraw-psbt
branch
7 times, most recently
from
edc5090 to
97d8733
Compare
|
|
||
| message ServerPsbtWithdrawRequest { | ||
| // The withdrawal psbt. | ||
| bytes withdrawal_psbt = 1; |
There was a problem hiding this comment.
nit: comment that txscript.SigHashDefault will be enforced by default.
hieblmi
force-pushed
the
withdraw-psbt
branch
from
97d8733 to
d9531ac
Compare
hieblmi
force-pushed
the
withdraw-psbt
branch
from
d9531ac to
bacabe1
Compare
|
@hieblmi, remember to re-request review from reviewers when ready |
starius
left a comment
starius
left a comment
There was a problem hiding this comment.
LGTM! 🚀
Added several comments.
| // Do some sanity checks. | ||
| txHash := withdrawalTx.TxHash() | ||
| if !bytes.Equal(txHash.CloneBytes(), sigResp.Txid) { | ||
| return nil, nil, errors.New("txid doesn't match") | ||
| } | ||
|
|
||
| // Next we'll get our sweep tx signatures. | ||
| prevOutFetcher := txscript.NewMultiPrevOutFetcher(prevOuts) | ||
| _, err = m.signMusig2Tx( | ||
| ctx, prevOutFetcher, outpoints, m.cfg.Signer, withdrawalTx, | ||
| withdrawalSessions, coopServerNonces, | ||
| ) | ||
| if err != nil { | ||
| return nil, err | ||
| if len(sigResp.SigningInfo) != len(deposits) { | ||
| return nil, nil, errors.New("invalid number of " + | ||
| "deposit signatures") |
There was a problem hiding this comment.
I propose to check not only the length, but also that they have the same elements (1:1 matching). That each deposit got one record in sigResp.SigningInfo.
Please also add a test checking this situation.
|
|
||
| // ToWireOutpoints converts lnrpc.OutPoint protos into wire.OutPoint structs so | ||
| // they can be consumed by lower level transaction building code. | ||
| func ToWireOutpoints(outpoints []*lnrpc.OutPoint) ([]wire.OutPoint, error) { |
There was a problem hiding this comment.
This function is not used and not tested.
| // selects the deposits that are needed to cover the amount requested without | ||
| // leaving a dust change. It returns an error if the sum of deposits minus dust | ||
| // is less than the requested amount. | ||
| func SelectDeposits(deposits []*deposit.Deposit, amount int64) ( |
There was a problem hiding this comment.
The function is not used and not tested.
| addrParams, err := m.cfg.AddressManager.GetStaticAddressParameters(ctx) | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } | ||
|
|
||
| staticAddress, err := m.cfg.AddressManager.GetStaticAddress(ctx) | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } |
There was a problem hiding this comment.
This makes two DB queries. It could be one: staticAddress can be built from addrParams. We can factor out a function from address.Manager.GetStaticAddress which converts params to address. Or just merge two methods GetStaticAddressParameters and GetStaticAddress together and return both things at once.
There was a problem hiding this comment.
I totally agree. These methods will be removed in the follow-up PR for multi addresses so i think we can leave them for now.
|
|
||
| // CreateMusig2Session creates a musig2 session for the deposit. | ||
| func CreateMusig2Session(ctx context.Context, | ||
| signer lndclient.SignerClient, addrParams *address.Parameters, |
There was a problem hiding this comment.
Idea: can we move address.Parameters to script package and reuse it and this function.
| // transaction. | ||
| func (m *Manager) signMusig2Tx(ctx context.Context, | ||
| prevOutFetcher *txscript.MultiPrevOutFetcher, outpoints []wire.OutPoint, | ||
| prevOutFetcher *txscript.MultiPrevOutFetcher, |
There was a problem hiding this comment.
Add tests for signMusig2Tx.
When sigInfo is missing an entry for one of the deposits, the call should error (no partial return). Build a dummy tx with two inputs, provide sessions for both, but only one SigningInfo entry; expect error.
When sigInfo has all expected keys but one maps to the wrong index (mismatched depositsToIdx), ensure it errors.
|
|
||
| case *btcutil.AddressTaproot: | ||
| weightEstimator.AddP2TROutput() | ||
| func CalculateWithdrawalTxValaues(deposits []*deposit.Deposit, |
| func CalculateWithdrawalTxValaues(deposits []*deposit.Deposit, | ||
| localAmount btcutil.Amount, feeRate chainfee.SatPerKWeight, | ||
| withdrawalAddress btcutil.Address, | ||
| commitmentType lnrpc.CommitmentType) (btcutil.Amount, btcutil.Amount, |
There was a problem hiding this comment.
Add a table test for CalculateWithdrawalTxValues covering: insufficient funds after dust/fee, negative change, and min-channel-size guard.
3 participants
This PR a new rpc for withdrawals via psbts,