tapfreighter: enforce split root witnesses pre-broadcast

Author: ffranr

tapfreighter/chain_porter.go

@@ -1421,6 +1421,12 @@ func (p *ChainPorter) verifyVPackets(ctx context.Context,
 			return fmt.Errorf("verify packet input proofs "+
 				"(vpkt_idx=%d): %w", pktIdx, err)
 		}
+
+		err = verifySplitCommitmentWitnesses(*vPkt)
+		if err != nil {
+			return fmt.Errorf("verify split commitment "+
+				"witnesses (vpkt_idx=%d): %w", pktIdx, err)
+		}
 	}
 
 	return nil
@@ -1458,6 +1464,45 @@ func (p *ChainPorter) verifyPacketInputProofs(ctx context.Context,
 	return nil
 }
 
+// verifySplitCommitmentWitnesses ensures split leaf outputs embed a split root
+// that actually carries a witness. Split leaves intentionally keep their own
+// TxWitness empty and rely on the embedded root witness for validation.
+func verifySplitCommitmentWitnesses(vPkt tappsbt.VPacket) error {
+	for outIdx := range vPkt.Outputs {
+		vOut := vPkt.Outputs[outIdx]
+
+		if vOut.Asset == nil ||
+			!vOut.Asset.HasSplitCommitmentWitness() {
+
+			continue
+		}
+
+		splitCommitment := vOut.Asset.PrevWitnesses[0].SplitCommitment
+		if splitCommitment == nil {
+			return fmt.Errorf("output missing split commitment "+
+				"(output_idx=%d)", outIdx)
+		}
+
+		root := &splitCommitment.RootAsset
+		if len(root.PrevWitnesses) == 0 {
+			return fmt.Errorf("output split root has no prev "+
+				"witnesses (output_idx=%d)", outIdx)
+		}
+
+		hasWitness := fn.Any(
+			root.PrevWitnesses, func(wit asset.Witness) bool {
+				return len(wit.TxWitness) > 0
+			},
+		)
+		if !hasWitness {
+			return fmt.Errorf("output split root witness empty "+
+				"(output_idx=%d)", outIdx)
+		}
+	}
+
+	return nil
+}
+
 // stateStep attempts to step through the state machine to complete a Taproot
 // Asset transfer.
 func (p *ChainPorter) stateStep(currentPkg sendPackage) (*sendPackage, error) {

tapfreighter/chain_porter_test.go

@@ -6,7 +6,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/btcsuite/btcd/wire"
 	"github.com/btcsuite/btclog/v2"
+	"github.com/lightninglabs/taproot-assets/asset"
+	"github.com/lightninglabs/taproot-assets/tappsbt"
+	"github.com/stretchr/testify/require"
 )
 
 func TestRunChainPorter(t *testing.T) {
@@ -19,3 +23,88 @@ func init() {
 	logger := btclog.NewSLogger(btclog.NewDefaultHandler(os.Stdout))
 	UseLogger(logger.SubSystem(Subsystem))
 }
+
+// TestVerifySplitCommitmentWitnesses exercises the split witness verifier with
+// table-driven vPacket fixtures.
+func TestVerifySplitCommitmentWitnesses(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name        string
+		vPkt        func() tappsbt.VPacket
+		expectError bool
+	}{
+		{
+			name: "split leaf with root witness passes",
+			vPkt: func() tappsbt.VPacket {
+				root := asset.Asset{
+					PrevWitnesses: []asset.Witness{{
+						PrevID:    &asset.ZeroPrevID,
+						TxWitness: wire.TxWitness{{1}},
+					}},
+				}
+
+				prevWitnesses := []asset.Witness{{
+					PrevID: &asset.ZeroPrevID,
+					SplitCommitment: &asset.SplitCommitment{
+						RootAsset: root,
+					},
+				}}
+				splitLeaf := &asset.Asset{
+					PrevWitnesses: prevWitnesses,
+				}
+
+				return tappsbt.VPacket{
+					Outputs: []*tappsbt.VOutput{{
+						Asset: splitLeaf,
+					}},
+				}
+			},
+			expectError: false,
+		},
+		{
+			name: "split leaf missing root witness fails",
+			vPkt: func() tappsbt.VPacket {
+				root := asset.Asset{
+					PrevWitnesses: []asset.Witness{{
+						PrevID:    &asset.ZeroPrevID,
+						TxWitness: wire.TxWitness{},
+					}},
+				}
+
+				prevWitnesses := []asset.Witness{{
+					PrevID: &asset.ZeroPrevID,
+					SplitCommitment: &asset.SplitCommitment{
+						RootAsset: root,
+					},
+				}}
+				splitLeaf := &asset.Asset{
+					PrevWitnesses: prevWitnesses,
+				}
+
+				return tappsbt.VPacket{
+					Outputs: []*tappsbt.VOutput{{
+						Asset: splitLeaf,
+					}},
+				}
+			},
+			expectError: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifySplitCommitmentWitnesses(tc.vPkt())
+			if tc.expectError {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+		})
+	}
+}