Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Safer intent GetOutpoints #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 10, 2025
Merged

Safer intent GetOutpoints #802

merged 2 commits into from
Nov 10, 2025

Conversation

@louisinger
Copy link
Collaborator

@louisinger louisinger commented Nov 10, 2025
edited by coderabbitai bot
Loading

Make sure RegisterIntent fails in case of zero-input psbt is passed.

@altafan please review

Summary by CodeRabbit

  • Bug Fixes

    • Strengthened validation to reject intents whose proofs lack transaction inputs, preventing invalid requests from progressing and avoiding downstream errors.

  • Tests

    • Added unit tests covering proofs with zero or one input to ensure no outpoints are produced and validation behaves correctly.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 10, 2025
edited
Loading

Walkthrough

RegisterIntent now rejects proofs that contain no inputs. Proof.GetOutpoints returns an empty slice when a PSBT has one or zero inputs. Tests added for GetOutpoints covering zero- and one-input PSBTs.

Changes

Cohort / File(s) Summary
Service input validation
internal/core/application/service.go		 RegisterIntent now returns an INVALID_INTENT_PSBT error when the proof yields zero outpoints (proof has no inputs); error includes PsbtMetadata with the proof TxID.
Proof outpoint guard
pkg/ark-lib/intent/proof.go		 Proof.GetOutpoints gains an early guard: when UnsignedTx has ≤1 inputs it returns an empty slice (avoids zero/negative-capacity slice allocation).
Unit tests
pkg/ark-lib/intent/proof_test.go		 New tests (TestGetOutpoints) asserting GetOutpoints returns empty slice for PSBTs with zero and one input.

Sequence Diagram(s)

sequenceDiagram
    participant Service as RegisterIntent
    participant Proof as Proof.GetOutpoints
    participant DB as IntentStore

    Service->>Proof: call GetOutpoints(proof)
    alt UnsignedTx inputs ≤ 1
        Proof-->>Service: return []
        Service->>Service: return INVALID_INTENT_PSBT (proof misses inputs, include TxID)
    else UnsignedTx inputs > 1
        Proof-->>Service: return outpoints[]
        Service->>DB: continue intent registration with outpoints
        DB-->>Service: ack
        Service-->>Client: success
    end
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Small, focused logic changes and one new unit test.
  • Pay attention to error message/content and PsbtMetadata TxID inclusion.
  • Verify test covers both zero and one input cases and that no other callers rely on prior GetOutpoints behavior.

Possibly related PRs

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Safer intent GetOutpoints' accurately describes the main change: adding validation to prevent zero-input PSBTs from being processed, making the GetOutpoints logic safer.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch getoutpoint-fix

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e02dd66 and 0a6f482.

📒 Files selected for processing (3)
  • internal/core/application/service.go (1 hunks)
  • pkg/ark-lib/intent/proof.go (1 hunks)
  • pkg/ark-lib/intent/proof_test.go (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
pkg/ark-lib/intent/proof_test.go (1)
pkg/ark-lib/intent/proof.go (1)
  • Proof (41-43)
internal/core/application/service.go (2)
pkg/errors/errors.go (2)
  • INVALID_INTENT_PSBT (290-290)
  • PsbtMetadata (111-113)
pkg/ark-lib/intent/proof.go (1)
  • New (136-160)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: unit tests
  • GitHub Check: integration tests
  • GitHub Check: Build and Scan
🔇 Additional comments (2)
pkg/ark-lib/intent/proof.go (1)

165-167: LGTM: Proper guard against insufficient inputs.

The guard correctly handles edge cases where the PSBT has no inputs or only the toSpend input. Since the first input is always the toSpend transaction (as verified in the Verify function), returning an empty slice when len(p.UnsignedTx.TxIn) <= 1 is the appropriate behavior.

pkg/ark-lib/intent/proof_test.go (1)

11-33: LGTM: Well-structured tests for edge cases.

The tests properly cover the boundary conditions:

  • Zero inputs: validates that an empty PSBT returns no outpoints
  • One input: validates that a PSBT with only the toSpend input returns no outpoints

These tests ensure the guard clause in GetOutpoints() works correctly.

coderabbitai[bot]
coderabbitai bot reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
pkg/ark-lib/intent/proof.go (1)

165-167: LGTM! Defensive guard prevents panic and aligns with validation logic.

This guard correctly handles edge cases where the PSBT has insufficient inputs. Since input 0 is the toSpend transaction, returning nil when len <= 1 accurately reflects that no real user inputs exist. It also prevents a panic at line 168 when len == 0 would cause a negative slice capacity.

Optional: Enhance method documentation for clarity.

Consider updating the method comment to explicitly document the nil return case:

 // GetOutpoints returns the list of inputs proving ownership of coins
-// the first input is the toSpend tx, we ignore it
+// the first input is the toSpend tx, we ignore it.
+// Returns nil if there are no real user inputs (0 or 1 total inputs).
 func (p Proof) GetOutpoints() []wire.OutPoint {
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0a6f482 and 73d45ef.

📒 Files selected for processing (2)
  • internal/core/application/service.go (1 hunks)
  • pkg/ark-lib/intent/proof.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • internal/core/application/service.go
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Build and Scan
  • GitHub Check: integration tests
  • GitHub Check: unit tests

@altafan altafan merged commit 057a77f into master Nov 10, 2025
5 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Nov 11, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@louisinger @altafan