tapdb: filter orphan utxos with missing signing information

Added filtering to exclude orphan UTXOs with missing signing information (KeyFamily=0 and KeyIndex=0). These UTXOs were created in prior versions that didn't store this information, causing LND to fail when signing.

Author: darioAnongba

tapdb/assets_store.go

@@ -188,6 +188,13 @@ type (
 	QueryBurnsFilters = sqlc.QueryBurnsParams
 )
 
+const (
+	// MaxOrphanUTXOs is the maximum number of orphan UTXOs that can be
+	// fetched at once. This limit prevents transactions from becoming too
+	// large when sweeping orphan UTXOs.
+	MaxOrphanUTXOs = 20
+)
+
 // ActiveAssetsStore is a sub-set of the main sqlc.Querier interface that
 // contains methods related to querying the set of confirmed assets.
 type ActiveAssetsStore interface {
@@ -1340,6 +1347,12 @@ func (a *AssetStore) FetchOrphanUTXOs(ctx context.Context) (
 		}
 
 		for _, u := range utxos {
+			if len(results) >= MaxOrphanUTXOs {
+				log.DebugS(ctx, "reached max orphan UTXOs "+
+					"limit", "limit", MaxOrphanUTXOs)
+				break
+			}
+
 			if len(u.LeaseOwner) > 0 &&
 				u.LeaseExpiry.Valid &&
 				u.LeaseExpiry.Time.UTC().After(now) {
@@ -1351,6 +1364,17 @@ func (a *AssetStore) FetchOrphanUTXOs(ctx context.Context) (
 				continue
 			}
 
+			// Skip UTXOs with missing signing information. In prior
+			// versions, we didn't store KeyFamily and KeyIndex for
+			// orphan UTXOs. If both are 0, LND will fail to sign
+			// the transaction.
+			if u.KeyFamily == 0 && u.KeyIndex == 0 {
+				log.DebugS(ctx, "skipping orphan utxo with "+
+					"missing signing info",
+					"raw_key", fmt.Sprintf("%x", u.RawKey))
+				continue
+			}
+
 			var anchorPoint wire.OutPoint
 			err := readOutPoint(
 				bytes.NewReader(u.Outpoint), 0, 0, &anchorPoint,

tapdb/assets_store_test.go

@@ -3383,3 +3383,289 @@ func TestUpsertAssetsWithSplitCommitments(t *testing.T) {
 		})
 	}
 }
+
+// TestFetchOrphanUTXOs tests that FetchOrphanUTXOs correctly:
+// 1. Filters out UTXOs with missing signing info (KeyFamily=0 AND KeyIndex=0)
+// 2. Limits the number of returned UTXOs to MaxOrphanUTXOs
+func TestFetchOrphanUTXOs(t *testing.T) {
+	t.Parallel()
+
+	_, assetsStore, db := newAssetStore(t)
+	ctx := context.Background()
+
+	// Helper to create a tombstone asset (zero value with NUMS key).
+	createTombstoneAsset := func(gen asset.Genesis) *asset.Asset {
+		return asset.NewAssetNoErr(
+			t, gen, 0, 0, 0, asset.NUMSScriptKey, nil,
+		)
+	}
+
+	// Helper to insert a managed UTXO with an internal key that has
+	// specific KeyFamily and KeyIndex values.
+	insertOrphanUTXO := func(
+		keyFamily, keyIndex int32,
+	) (wire.OutPoint, *btcec.PublicKey) {
+
+		internalKey := test.RandPubKey(t)
+
+		// Insert the internal key with specific KeyFamily and KeyIndex.
+		_, err := db.UpsertInternalKey(ctx, sqlc.UpsertInternalKeyParams{
+			RawKey:    internalKey.SerializeCompressed(),
+			KeyFamily: keyFamily,
+			KeyIndex:  keyIndex,
+		})
+		require.NoError(t, err)
+
+		// Create a chain transaction.
+		anchorTx := wire.NewMsgTx(2)
+		anchorTx.AddTxIn(&wire.TxIn{
+			PreviousOutPoint: test.RandOp(t),
+		})
+		anchorTx.AddTxOut(&wire.TxOut{
+			PkScript: bytes.Repeat([]byte{0x01}, 34),
+			Value:    1000,
+		})
+
+		txBytes, err := fn.Serialize(anchorTx)
+		require.NoError(t, err)
+
+		txHash := anchorTx.TxHash()
+		chainTxID, err := db.UpsertChainTx(ctx, sqlc.UpsertChainTxParams{
+			Txid:        txHash[:],
+			RawTx:       txBytes,
+			BlockHeight: sql.NullInt32{Int32: 100, Valid: true},
+		})
+		require.NoError(t, err)
+
+		outpoint := wire.OutPoint{
+			Hash:  txHash,
+			Index: 0,
+		}
+		outpointBytes, err := encodeOutpoint(outpoint)
+		require.NoError(t, err)
+
+		// Insert the managed UTXO.
+		_, err = db.UpsertManagedUTXO(ctx, sqlc.UpsertManagedUTXOParams{
+			RawKey:           internalKey.SerializeCompressed(),
+			Outpoint:         outpointBytes,
+			AmtSats:          1000,
+			TaprootAssetRoot: test.RandBytes(32),
+			MerkleRoot:       test.RandBytes(32),
+			TxnID:            chainTxID,
+		})
+		require.NoError(t, err)
+
+		// Create and insert a tombstone asset for this UTXO.
+		gen := asset.RandGenesis(t, asset.Normal)
+		gen.FirstPrevOut = outpoint
+		tombstone := createTombstoneAsset(gen)
+
+		assetCommitment, err := commitment.NewAssetCommitment(tombstone)
+		require.NoError(t, err)
+
+		tapCommitment, err := commitment.NewTapCommitment(
+			nil, assetCommitment,
+		)
+		require.NoError(t, err)
+
+		txMerkleProof, err := proof.NewTxMerkleProof(
+			[]*wire.MsgTx{anchorTx}, 0,
+		)
+		require.NoError(t, err)
+
+		assetProof := proof.Proof{
+			AnchorTx:      *anchorTx,
+			BlockHeight:   100,
+			TxMerkleProof: *txMerkleProof,
+			Asset:         *tombstone,
+			InclusionProof: proof.TaprootProof{
+				OutputIndex: 0,
+				InternalKey: internalKey,
+			},
+		}
+
+		proofBlob, err := proof.EncodeAsProofFile(&assetProof)
+		require.NoError(t, err)
+
+		err = assetsStore.ImportProofs(
+			ctx, proof.MockVerifierCtx, false,
+			&proof.AnnotatedProof{
+				AssetSnapshot: &proof.AssetSnapshot{
+					AnchorTx:          anchorTx,
+					InternalKey:       internalKey,
+					Asset:             tombstone,
+					ScriptRoot:        tapCommitment,
+					AnchorBlockHeight: 100,
+				},
+				Blob: proofBlob,
+			},
+		)
+		require.NoError(t, err)
+
+		return outpoint, internalKey
+	}
+
+	// Test 1: Filter out UTXOs with missing signing info.
+	t.Run("filters missing signing info", func(t *testing.T) {
+		// Insert a UTXO with valid signing info.
+		validOutpoint, _ := insertOrphanUTXO(212, 5)
+
+		// Insert a UTXO with missing signing info (KeyFamily=0,
+		// KeyIndex=0).
+		_, _ = insertOrphanUTXO(0, 0)
+
+		// Fetch orphan UTXOs - should only return the valid one.
+		orphans, err := assetsStore.FetchOrphanUTXOs(ctx)
+		require.NoError(t, err)
+
+		// Should only have 1 orphan (the one with valid signing info).
+		require.Len(t, orphans, 1)
+		require.Equal(t, validOutpoint, orphans[0].OutPoint)
+
+		// Verify the signing info is correct.
+		require.Equal(
+			t, keychain.KeyFamily(212),
+			orphans[0].InternalKey.Family,
+		)
+		require.Equal(t, uint32(5), orphans[0].InternalKey.Index)
+	})
+}
+
+// TestFetchOrphanUTXOsLimit tests that FetchOrphanUTXOs respects the
+// MaxOrphanUTXOs limit.
+func TestFetchOrphanUTXOsLimit(t *testing.T) {
+	t.Parallel()
+
+	_, assetsStore, db := newAssetStore(t)
+	ctx := context.Background()
+
+	// Helper to create a tombstone asset (zero value with NUMS key).
+	createTombstoneAsset := func(gen asset.Genesis) *asset.Asset {
+		return asset.NewAssetNoErr(
+			t, gen, 0, 0, 0, asset.NUMSScriptKey, nil,
+		)
+	}
+
+	// Helper to insert a managed UTXO with valid signing info.
+	insertOrphanUTXO := func(keyFamily, keyIndex int32) wire.OutPoint {
+		internalKey := test.RandPubKey(t)
+
+		// Insert the internal key with valid KeyFamily and KeyIndex.
+		_, err := db.UpsertInternalKey(ctx, sqlc.UpsertInternalKeyParams{
+			RawKey:    internalKey.SerializeCompressed(),
+			KeyFamily: keyFamily,
+			KeyIndex:  keyIndex,
+		})
+		require.NoError(t, err)
+
+		// Create a chain transaction.
+		anchorTx := wire.NewMsgTx(2)
+		anchorTx.AddTxIn(&wire.TxIn{
+			PreviousOutPoint: test.RandOp(t),
+		})
+		anchorTx.AddTxOut(&wire.TxOut{
+			PkScript: bytes.Repeat([]byte{0x01}, 34),
+			Value:    1000,
+		})
+
+		txBytes, err := fn.Serialize(anchorTx)
+		require.NoError(t, err)
+
+		txHash := anchorTx.TxHash()
+		chainTxID, err := db.UpsertChainTx(ctx, sqlc.UpsertChainTxParams{
+			Txid:        txHash[:],
+			RawTx:       txBytes,
+			BlockHeight: sql.NullInt32{Int32: 100, Valid: true},
+		})
+		require.NoError(t, err)
+
+		outpoint := wire.OutPoint{
+			Hash:  txHash,
+			Index: 0,
+		}
+		outpointBytes, err := encodeOutpoint(outpoint)
+		require.NoError(t, err)
+
+		// Insert the managed UTXO.
+		_, err = db.UpsertManagedUTXO(ctx, sqlc.UpsertManagedUTXOParams{
+			RawKey:           internalKey.SerializeCompressed(),
+			Outpoint:         outpointBytes,
+			AmtSats:          1000,
+			TaprootAssetRoot: test.RandBytes(32),
+			MerkleRoot:       test.RandBytes(32),
+			TxnID:            chainTxID,
+		})
+		require.NoError(t, err)
+
+		// Create and insert a tombstone asset for this UTXO.
+		gen := asset.RandGenesis(t, asset.Normal)
+		gen.FirstPrevOut = outpoint
+		tombstone := createTombstoneAsset(gen)
+
+		assetCommitment, err := commitment.NewAssetCommitment(tombstone)
+		require.NoError(t, err)
+
+		tapCommitment, err := commitment.NewTapCommitment(
+			nil, assetCommitment,
+		)
+		require.NoError(t, err)
+
+		txMerkleProof, err := proof.NewTxMerkleProof(
+			[]*wire.MsgTx{anchorTx}, 0,
+		)
+		require.NoError(t, err)
+
+		assetProof := proof.Proof{
+			AnchorTx:      *anchorTx,
+			BlockHeight:   100,
+			TxMerkleProof: *txMerkleProof,
+			Asset:         *tombstone,
+			InclusionProof: proof.TaprootProof{
+				OutputIndex: 0,
+				InternalKey: internalKey,
+			},
+		}
+
+		proofBlob, err := proof.EncodeAsProofFile(&assetProof)
+		require.NoError(t, err)
+
+		err = assetsStore.ImportProofs(
+			ctx, proof.MockVerifierCtx, false,
+			&proof.AnnotatedProof{
+				AssetSnapshot: &proof.AssetSnapshot{
+					AnchorTx:          anchorTx,
+					InternalKey:       internalKey,
+					Asset:             tombstone,
+					ScriptRoot:        tapCommitment,
+					AnchorBlockHeight: 100,
+				},
+				Blob: proofBlob,
+			},
+		)
+		require.NoError(t, err)
+
+		return outpoint
+	}
+
+	// Insert more than MaxOrphanUTXOs orphan UTXOs.
+	numToInsert := MaxOrphanUTXOs + 10
+	for i := 0; i < numToInsert; i++ {
+		// Use varying KeyFamily and KeyIndex values (all valid, i.e.,
+		// not both 0).
+		insertOrphanUTXO(int32(i+1), int32(i+1))
+	}
+
+	// Fetch orphan UTXOs - should be limited to MaxOrphanUTXOs.
+	orphans, err := assetsStore.FetchOrphanUTXOs(ctx)
+	require.NoError(t, err)
+
+	// Should be capped at MaxOrphanUTXOs.
+	require.Len(t, orphans, MaxOrphanUTXOs)
+
+	// Verify all returned UTXOs have valid signing info.
+	for _, orphan := range orphans {
+		// Neither should be 0 (our test inserts with i+1 values).
+		require.NotZero(t, orphan.InternalKey.Family)
+		require.NotZero(t, orphan.InternalKey.Index)
+	}
+}