asset: fix split witness writeback

bhandras · bhandras · commit 6cc9a39f57ed · 2025-12-03T19:25:38.000+01:00
UpdateTxWitness mutates a pointer into a copied root asset when a split
commitment is present, so the updated TxWitness never propagates back
into SplitCommitment.RootAsset. That leaves the root witness empty and
produces invalid split proofs/transactions.

To mitigate this issue we write the updated witness back into the stored
root asset when handling split commitments, and add a regression test
that demonstrates the previous failure and now passes.
diff --git a/asset/asset.go b/asset/asset.go
@@ -1855,8 +1855,13 @@ func (a *Asset) UpdateTxWitness(prevWitnessIndex int,
 
 	targetPrevWitness := &a.PrevWitnesses[prevWitnessIndex]
 	if a.HasSplitCommitmentWitness() {
-		rootAsset := targetPrevWitness.SplitCommitment.RootAsset
-		targetPrevWitness = &rootAsset.PrevWitnesses[prevWitnessIndex]
+		// When a split commitment is present, the witness must be
+		// written back to the root asset within the split commitment
+		// itself to ensure the change is persisted.
+		rootAsset := &targetPrevWitness.SplitCommitment.RootAsset
+		rootAsset.PrevWitnesses[prevWitnessIndex].TxWitness = witness
+
+		return nil
 	}
 
 	targetPrevWitness.TxWitness = witness
diff --git a/asset/asset_test.go b/asset/asset_test.go
@@ -389,6 +389,41 @@ func TestAssetEncoding(t *testing.T) {
 	test.WriteTestVectors(t, generatedTestVectorName, testVectors)
 }
 
+// TestUpdateTxWitnessSplitCommitment ensures witnesses are written back to the
+// split commitment root asset.
+func TestUpdateTxWitnessSplitCommitment(t *testing.T) {
+	t.Parallel()
+
+	// First, create a root asset that will be the root of our split
+	// commitment. We'll nil out its witness to ensure our update is what
+	// populates it.
+	root := testRootAsset.Copy()
+	root.PrevWitnesses[0].TxWitness = nil
+
+	// Next, create the split asset which contains a split commitment
+	// pointing to our root asset.
+	split := testSplitAsset.Copy()
+	split.PrevWitnesses[0].SplitCommitment = &SplitCommitment{
+		Proof:     *mssmt.RandProof(t),
+		RootAsset: *root,
+	}
+
+	// Now, create a new witness and update the split asset.
+	newWitness := wire.TxWitness{{1, 2, 3}}
+	err := split.UpdateTxWitness(0, newWitness)
+	require.NoError(t, err)
+
+	// Finally, assert that the witness was written to the root asset within
+	// the split commitment, and that the split asset's own witness remains
+	// empty.
+	require.Equal(
+		t, newWitness,
+		split.PrevWitnesses[0].SplitCommitment.RootAsset.
+			PrevWitnesses[0].TxWitness,
+	)
+	require.Empty(t, split.PrevWitnesses[0].TxWitness)
+}
+
 // TestAltLeafEncoding runs a property test for AltLeaf validation, encoding,
 // and decoding.
 func TestAltLeafEncoding(t *testing.T) {
