Skip to content

fix(key-wallet): preserve UTXO flags across reprocessing#837

Open
xdustinface wants to merge 1 commit into
dashpay:devfrom
xdustinface:fix/preserve-utxo-flags-on-reprocess
Open

fix(key-wallet): preserve UTXO flags across reprocessing#837
xdustinface wants to merge 1 commit into
dashpay:devfrom
xdustinface:fix/preserve-utxo-flags-on-reprocess

Conversation

@xdustinface

@xdustinface xdustinface commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Summary

update_utxos rebuilds each of our outputs with a fresh Utxo::new on every reprocess of a transaction. On the mempool→block transition this silently reset flags that had already been set on an earlier pass, in particular is_instantlocked: a UTXO whose transaction received an InstantSend lock while in the mempool lost the lock flag the moment the transaction was confirmed in a block.

This carries forward the flags that must not regress when an entry for the outpoint already exists:

  • is_instantlocked and is_trusted latch monotonically. An InstantSend lock is permanent for a txid (DIP-0010) and trust only ever settles, so once either is true it stays true.
  • is_locked (the coin-reservation flag, toggled only via lock/unlock) is carried through unchanged rather than being reset.
  • is_confirmed is left freshly derived from the context so a reorg can still downgrade it.

It was latent so far because every current consumer ORs is_instantlocked with is_confirmed, and a confirmed reprocess sets is_confirmed true in the same pass. It is worth fixing on its own since is_instantlocked is now also an input to asset-lock funding selection, and a standalone consumer or a UI badge would surface the wipe.

Testing

test_full_confirmation_lifecycle now asserts the IS-lock flag survives the block-confirmation stage. The assertion fails without the fix and passes with it.

Found during CodeRabbit review of #836.

Summary by CodeRabbit

  • Bug Fixes
    • Preserved wallet UTXO lock and trust state when transactions are reprocessed, so prior status is no longer lost during updates.
    • Confirmed UTXOs still reflect the latest chain state after reprocessing, including changes from reorganizations.
    • Added coverage to ensure InstantSend lock status remains intact when a transaction moves from unconfirmed to confirmed.

`update_utxos` rebuilds each output with a fresh `Utxo::new` on every reprocess, so a mempool→block confirmation silently reset `is_instantlocked` (and `is_trusted` and any coin reservation) back to false. An InstantSend lock is permanent for a txid per DIP-0010 and trust only ever settles, so both now latch monotonically when an entry for the outpoint already exists, and the coin-reservation flag is carried through unchanged. `is_confirmed` stays freshly derived so a reorg can still downgrade it.

Addresses CodeRabbit review comment on PR dashpay#836
dashpay#836 (comment)
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

In ManagedCoreFundsAccount::update_utxos, rebuilt UTXOs now preserve is_instantlocked, is_trusted, and is_locked from any prior tracked entry with the same outpoint, while is_confirmed is still freshly derived. A test assertion verifies the InstantSend lock flag survives mempool-to-block reprocessing.

Changes

UTXO Flag Preservation

Layer / File(s) Summary
Preserve state flags across reprocessing
key-wallet/src/managed_account/managed_core_funds_account.rs, key-wallet/src/transaction_checking/wallet_checker.rs
update_utxos carries forward is_instantlocked, is_trusted, and is_locked from prior UTXO entries with matching outpoints, while is_confirmed is still recomputed; a test asserts is_instantlocked persists after confirmation reprocessing.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related issues

Suggested reviewers: llbartekll

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main fix: preserving UTXO flags during reprocessing.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.06%. Comparing base (a8a0968) to head (55d241b).
⚠️ Report is 3 commits behind head on dev.

Additional details and impacted files
@@            Coverage Diff             @@
##              dev     #837      +/-   ##
==========================================
- Coverage   73.09%   73.06%   -0.03%     
==========================================
  Files         323      323              
  Lines       72378    72384       +6     
==========================================
- Hits        52902    52888      -14     
- Misses      19476    19496      +20     
Flag Coverage Δ
core 76.94% <ø> (ø)
ffi 45.30% <ø> (-0.02%) ⬇️
rpc 20.00% <ø> (ø)
spv 90.44% <ø> (-0.12%) ⬇️
wallet 72.34% <100.00%> (+<0.01%) ⬆️
Files with missing lines Coverage Δ
.../src/managed_account/managed_core_funds_account.rs 77.02% <100.00%> (+0.29%) ⬆️
...-wallet/src/transaction_checking/wallet_checker.rs 99.22% <100.00%> (+<0.01%) ⬆️

... and 7 files with indirect coverage changes

@xdustinface

Copy link
Copy Markdown
Collaborator Author

@CodeRabbit review

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
key-wallet/src/managed_account/managed_core_funds_account.rs (1)

205-216: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider extending test coverage to is_trusted/is_locked preservation.

The companion test in wallet_checker.rs only asserts is_instantlocked survives reprocessing. Since this same merge block also latches is_trusted and carries through is_locked, an assertion covering those paths would guard against future regressions in the same spot that caused this bug.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@key-wallet/src/managed_account/managed_core_funds_account.rs` around lines
205 - 216, The reprocessing merge logic in managed_core_funds_account should be
covered by tests for the additional latched fields. Extend the existing
companion test in wallet_checker.rs (the one that already checks UTXO
reprocessing) to also assert that ManagedCoreFundsAccount’s preservation path
keeps is_trusted latched and carries is_locked through from the prior UTXO,
alongside the existing is_instantlocked check.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@key-wallet/src/managed_account/managed_core_funds_account.rs`:
- Around line 205-216: The reprocessing merge logic in
managed_core_funds_account should be covered by tests for the additional latched
fields. Extend the existing companion test in wallet_checker.rs (the one that
already checks UTXO reprocessing) to also assert that ManagedCoreFundsAccount’s
preservation path keeps is_trusted latched and carries is_locked through from
the prior UTXO, alongside the existing is_instantlocked check.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ff3f3495-2f29-45e0-a1f5-2fc99fa50a91

📥 Commits

Reviewing files that changed from the base of the PR and between a8a0968 and 55d241b.

📒 Files selected for processing (2)
  • key-wallet/src/managed_account/managed_core_funds_account.rs
  • key-wallet/src/transaction_checking/wallet_checker.rs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant