multi: Add utxo restriction for batchchannel openings.

Add utxo restrictions for psbt internal wallet funded lightning channels. This also includes batchopening channels backed by the internal wallet.
2025-09-20 04:21:37 +02:00 · 2024-03-30 17:03:09 +00:00
parent 62a52b4d7c
commit ab7634b276
5 changed files with 79 additions and 7 deletions
--- a/lnrpc/walletrpc/walletkit_server.go
+++ b/lnrpc/walletrpc/walletkit_server.go
@@ -1551,21 +1551,82 @@ func (w *WalletKit) fundPsbtInternalWallet(account string,
 				return err
 			}

+			// filterFn makes sure utxos which are unconfirmed and
+			// still used by the sweeper are not used.
+			filterFn := func(u *lnwallet.Utxo) bool {
+				// Confirmed utxos are always allowed.
+				if u.Confirmations > 0 {
+					return true
+				}
+
+				// Unconfirmed utxos in use by the sweeper are
+				// not stable to use because they can be
+				// replaced.
+				if w.cfg.Sweeper.IsSweeperOutpoint(u.OutPoint) {
+					log.Warnf("Cannot use unconfirmed "+
+						"utxo=%v because it is "+
+						"unstable and could be "+
+						"replaced", u.OutPoint)
+
+					return false
+				}
+
+				return true
+			}
+
+			eligible := fn.Filter(filterFn, utxos)
+
 			// Validate all inputs against our known list of UTXOs
 			// now.
-			err = verifyInputsUnspent(packet.UnsignedTx.TxIn, utxos)
+			err = verifyInputsUnspent(
+				packet.UnsignedTx.TxIn, eligible,
+			)
 			if err != nil {
 				return err
 			}
 		}

+		// currentHeight is needed to determine whether the internal
+		// wallet utxo is still unconfirmed.
+		_, currentHeight, err := w.cfg.Chain.GetBestBlock()
+		if err != nil {
+			return fmt.Errorf("unable to retrieve current "+
+				"height: %v", err)
+		}
+
+		// restrictUnstableUtxos is a filter function which disallows
+		// the usage of unconfirmed outputs published (still in use) by
+		// the sweeper.
+		restrictUnstableUtxos := func(utxo wtxmgr.Credit) bool {
+			// Wallet utxos which are unmined have a height
+			// of -1.
+			if utxo.Height != -1 && utxo.Height <= currentHeight {
+				// Confirmed utxos are always allowed.
+				return true
+			}
+
+			// Utxos used by the sweeper are not used for
+			// channel openings.
+			allowed := !w.cfg.Sweeper.IsSweeperOutpoint(
+				utxo.OutPoint,
+			)
+			if !allowed {
+				log.Warnf("Cannot use unconfirmed "+
+					"utxo=%v because it is "+
+					"unstable and could be "+
+					"replaced", utxo.OutPoint)
+			}
+
+			return allowed
+		}
+
 		// We made sure the input from the user is as sane as possible.
 		// We can now ask the wallet to fund the TX. This will not yet
 		// lock any coins but might still change the wallet DB by
 		// generating a new change address.
 		changeIndex, err := w.cfg.Wallet.FundPsbt(
-			packet, minConfs, feeSatPerKW, account,
-			keyScope, strategy,
+			packet, minConfs, feeSatPerKW, account, keyScope,
+			strategy, restrictUnstableUtxos,
 		)
 		if err != nil {
 			return fmt.Errorf("wallet couldn't fund PSBT: %w", err)