Check tx inclusion proofs

When bitcoin core tells use that a tx has been confirmed, ask for and verify a tx inclusion proof: check that the tx
was actually included in a block, and that this block was followed by at least as many blocks as bicoin core says it was.

Author: sstone

eclair-core/pom.xml

@@ -188,6 +188,11 @@
             <version>4.1.42.Final</version>
         </dependency>
         <!-- BITCOIN -->
+        <dependency>
+            <groupId>fr.acinq.bitcoin</groupId>
+            <artifactId>bitcoin-kmp-jvm</artifactId>
+            <version>0.8.5-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>fr.acinq</groupId>
             <artifactId>bitcoin-lib_${scala.version.short}</artifactId>

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/ZmqWatcher.scala

@@ -400,6 +400,29 @@ private class ZmqWatcher(nodeParams: NodeParams, blockHeight: AtomicLong, client
   }
 
   def checkConfirmed(w: WatchConfirmed[_ <: WatchConfirmedTriggered]): Future[Unit] = {
+    log.debug("checking confirmations of txid={}", w.txId)
+    // NB: this is very inefficient since internally we call `getrawtransaction` three times, but it doesn't really
+    // matter because this only happens once, when the watched transaction has reached min_depth
+    client.getTxConfirmations(w.txId).flatMap {
+      case Some(confirmations) if confirmations >= w.minDepth =>
+        client.checkTxConfirmations(w.txId, confirmations).flatMap { isValid =>
+          require(isValid, s"invalid confirmation proof for ${w.txId}")
+          client.getTransaction(w.txId).flatMap { tx =>
+            client.getTransactionShortId(w.txId).map {
+              case (height, index) => w match {
+                case w: WatchFundingConfirmed => context.self ! TriggerEvent(w.replyTo, w, WatchFundingConfirmedTriggered(height, index, tx))
+                case w: WatchFundingDeeplyBuried => context.self ! TriggerEvent(w.replyTo, w, WatchFundingDeeplyBuriedTriggered(height, index, tx))
+                case w: WatchTxConfirmed => context.self ! TriggerEvent(w.replyTo, w, WatchTxConfirmedTriggered(height, index, tx))
+                case w: WatchParentTxConfirmed => context.self ! TriggerEvent(w.replyTo, w, WatchParentTxConfirmedTriggered(height, index, tx))
+              }
+            }
+          }
+        }
+      case _ => Future.successful((): Unit)
+    }
+  }
+
+  def checkConfirmedOld(w: WatchConfirmed[_ <: WatchConfirmedTriggered]): Future[Unit] = {
     log.debug("checking confirmations of txid={}", w.txId)
     // NB: this is very inefficient since internally we call `getrawtransaction` three times, but it doesn't really
     // matter because this only happens once, when the watched transaction has reached min_depth

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/rpc/BitcoinCoreClient.scala

@@ -18,7 +18,7 @@ package fr.acinq.eclair.blockchain.bitcoind.rpc
 
 import fr.acinq.bitcoin.scalacompat.Crypto.PublicKey
 import fr.acinq.bitcoin.scalacompat._
-import fr.acinq.bitcoin.{Bech32, Block}
+import fr.acinq.bitcoin.{Bech32, Block, BlockHeader}
 import fr.acinq.eclair.ShortChannelId.coordinates
 import fr.acinq.eclair.blockchain.OnChainWallet
 import fr.acinq.eclair.blockchain.OnChainWallet.{MakeFundingTxResponse, OnChainBalance}
@@ -69,11 +69,47 @@ class BitcoinCoreClient(val rpcClient: BitcoinJsonRPCClient) extends OnChainWall
   /** Get the number of confirmations of a given transaction. */
   def getTxConfirmations(txid: ByteVector32)(implicit ec: ExecutionContext): Future[Option[Int]] =
     rpcClient.invoke("getrawtransaction", txid, 1 /* verbose output is needed to get the number of confirmations */)
-      .map(json => Some((json \ "confirmations").extractOrElse[Int](0)))
+      .map(json =>
+        Some((json \ "confirmations").extractOrElse[Int](0))
+      )
       .recover {
         case t: JsonRPCError if t.error.code == -5 => None // Invalid or non-wallet transaction id (code: -5)
       }
 
+  /**
+   *
+   * @param txids list of transactions ids
+   * @return a (header, matched) tuple where header is the header of the block for which the transactions were published and matched is a list of transactions
+   *         ids that were actually in that block and their positions in that block
+   */
+  def getTxoutProof(txids: Seq[ByteVector32])(implicit ec: ExecutionContext): Future[(BlockHeader, List[(ByteVector32, Int)])]  = {
+    import KotlinUtils._
+    rpcClient.invoke("gettxoutproof", txids.toArray)
+      .map(json => {
+        val proof = ByteVector.fromValidHex(json.extract[String])
+        val check = Block.verifyTxOutProof(proof.toArray)
+        (check.getFirst, check.getSecond.asScala.map(p => (kmp2scala(p.getFirst.reversed()), p.getSecond.intValue())).toList)
+      })
+  }
+
+  def checkTxConfirmations(txid: ByteVector32, confirmations: Int)(implicit ec: ExecutionContext): Future[Boolean] = {
+    import KotlinUtils._
+
+    def validate(headerInfos: List[BlockHeaderInfo]): Boolean = {
+      for (i <- 0 until headerInfos.size - 1) {
+        if(!headerInfos(i).nextBlockHash.contains(kmp2scala(headerInfos(i + 1).header.hash))) return false
+        if (headerInfos(i + 1).header.hashPreviousBlock != headerInfos(i).header.hash) return false
+      }
+      true
+    }
+
+    for {
+      (header, matched)  <- getTxoutProof(List(txid))
+      _ = require(matched.map { case (txid, _) => txid } contains(txid), s"cannot find inclusion proof for $txid")
+      headerInfos <- getBlockHeaderInfos(header.blockId, confirmations)
+    } yield validate(headerInfos)
+  }
+
   /** Get the hash of the block containing a given transaction. */
   private def getTxBlockHash(txid: ByteVector32)(implicit ec: ExecutionContext): Future[Option[ByteVector32]] =
     rpcClient.invoke("getrawtransaction", txid, 1 /* verbose output is needed to get the block hash */)
@@ -207,6 +243,42 @@ class BitcoinCoreClient(val rpcClient: BitcoinJsonRPCClient) extends OnChainWall
     case _ => Nil
   }
 
+  //------------------------- BLOCKS  -------------------------//
+  def getBlockHash(height: Int)(implicit ec: ExecutionContext): Future[ByteVector32] = {
+    rpcClient.invoke("getblockhash", height).map(json => {
+      val JString(hash) = json
+      ByteVector32.fromValidHex(hash)
+    })
+  }
+
+  def getBlockHeaderInfo(blockId: ByteVector32)(implicit ec: ExecutionContext): Future[BlockHeaderInfo] = {
+    import fr.acinq.bitcoin.{ByteVector32 => ByteVector32Kt}
+    rpcClient.invoke("getblockheader", blockId.toString()).map(json => {
+      val JInt(confirmations) = json \ "confirmations"
+      val JInt(height) = json \ "height"
+      val JInt(time) = json \ "time"
+      val JInt(version) = json \ "version"
+      val JInt(nonce) = json \ "nonce"
+      val JString(bits) = json \ "bits"
+      val merkleRoot = ByteVector32Kt.fromValidHex((json \ "merkleroot").extract[String]).reversed()
+      val previousblockhash = ByteVector32Kt.fromValidHex((json \ "previousblockhash").extract[String]).reversed()
+      val nextblockhash = (json \ "nextblockhash").extractOpt[String].map(h => ByteVector32.fromValidHex(h).reverse)
+      val header = new BlockHeader(version.longValue, previousblockhash, merkleRoot, time.longValue, java.lang.Long.parseLong(bits, 16), nonce.longValue)
+      require(header.blockId == KotlinUtils.scala2kmp(blockId))
+      BlockHeaderInfo(header, confirmations.toLong, height.toLong, nextblockhash)
+    })
+  }
+
+  // returns a chain a blocks of a given size starting at `blockId`
+  def getBlockHeaderInfos(blockId: ByteVector32, count: Int)(implicit ec: ExecutionContext): Future[List[BlockHeaderInfo]] = {
+
+    def loop(blocks: List[BlockHeaderInfo]): Future[List[BlockHeaderInfo]] = if (blocks.size == count) Future.successful(blocks) else {
+      getBlockHeaderInfo(blocks.last.nextBlockHash.get.reverse).flatMap(info => loop(blocks :+ info))
+    }
+
+    getBlockHeaderInfo(blockId).flatMap(info => loop(List(info)))
+  }
+
   //------------------------- FUNDING  -------------------------//
 
   def fundTransaction(tx: Transaction, options: FundTransactionOptions)(implicit ec: ExecutionContext): Future[FundTransactionResponse] = {
@@ -513,6 +585,8 @@ object BitcoinCoreClient {
 
   case class Utxo(txid: ByteVector32, amount: MilliBtc, confirmations: Long, safe: Boolean, label_opt: Option[String])
 
+  case class BlockHeaderInfo(header: BlockHeader, confirmation: Long, height: Long, nextBlockHash: Option[ByteVector32])
+
   def toSatoshi(btcAmount: BigDecimal): Satoshi = Satoshi(btcAmount.bigDecimal.scaleByPowerOfTen(8).longValue)
 
 }

eclair-core/src/test/scala/fr/acinq/eclair/blockchain/bitcoind/BitcoinCoreClientSpec.scala

@@ -16,18 +16,20 @@
 
 package fr.acinq.eclair.blockchain.bitcoind
 
+import akka.actor.ActorRef
 import akka.actor.Status.Failure
 import akka.pattern.pipe
-import akka.testkit.TestProbe
+import akka.testkit.{TestActor, TestProbe}
 import fr.acinq.bitcoin
+import fr.acinq.bitcoin.BlockHeader
 import fr.acinq.bitcoin.scalacompat.Crypto.PublicKey
 import fr.acinq.bitcoin.scalacompat.{Block, BtcDouble, ByteVector32, MilliBtcDouble, OutPoint, Satoshi, SatoshiLong, Script, ScriptWitness, Transaction, TxIn, TxOut}
 import fr.acinq.eclair.blockchain.OnChainWallet.{MakeFundingTxResponse, OnChainBalance}
 import fr.acinq.eclair.blockchain.WatcherSpec.{createSpendManyP2WPKH, createSpendP2WPKH}
 import fr.acinq.eclair.blockchain.bitcoind.BitcoindService.BitcoinReq
 import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinCoreClient._
 import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinJsonRPCAuthMethod.UserPassword
-import fr.acinq.eclair.blockchain.bitcoind.rpc.{BasicBitcoinJsonRPCClient, BitcoinCoreClient, JsonRPCError}
+import fr.acinq.eclair.blockchain.bitcoind.rpc.{BasicBitcoinJsonRPCClient, BitcoinCoreClient, BitcoinJsonRPCClient, JsonRPCError}
 import fr.acinq.eclair.blockchain.fee.FeeratePerKw
 import fr.acinq.eclair.transactions.{Scripts, Transactions}
 import fr.acinq.eclair.{BlockHeight, TestConstants, TestKitBaseClass, addressToPublicKeyScript, randomKey}
@@ -806,4 +808,98 @@ class BitcoinCoreClientSpec extends TestKitBaseClass with BitcoindService with A
     assert(addressToPublicKeyScript(address, Block.RegtestGenesisBlock.hash) == Script.pay2wpkh(receiveKey))
   }
 
+  test("get block header info") {
+    import fr.acinq.bitcoin.scalacompat.KotlinUtils._
+    val sender = TestProbe()
+    val bitcoinClient = new BitcoinCoreClient(bitcoinrpcclient)
+
+    bitcoinClient.getBlockHeight().pipeTo(sender.ref)
+    val height = sender.expectMsgType[BlockHeight]
+    bitcoinClient.getBlockHash(height.toInt).pipeTo(sender.ref)
+    val lastBlockId = sender.expectMsgType[ByteVector32]
+    bitcoinClient.getBlockHeaderInfo(lastBlockId).pipeTo(sender.ref)
+    val lastBlockInfo = sender.expectMsgType[BlockHeaderInfo]
+    assert(lastBlockInfo.nextBlockHash.isEmpty)
+
+    bitcoinClient.getBlockHash(height.toInt - 1).pipeTo(sender.ref)
+    val blockId = sender.expectMsgType[ByteVector32]
+    bitcoinClient.getBlockHeaderInfo(blockId).pipeTo(sender.ref)
+    val blockInfo = sender.expectMsgType[BlockHeaderInfo]
+    assert(lastBlockInfo.header.hashPreviousBlock == blockInfo.header.hash)
+    assert(blockInfo.nextBlockHash.contains(kmp2scala(lastBlockInfo.header.hash)))
+  }
+
+  test("get chains of block header infos") {
+    import fr.acinq.bitcoin.scalacompat.KotlinUtils._
+    val sender = TestProbe()
+    val bitcoinClient = new BitcoinCoreClient(bitcoinrpcclient)
+
+    def getHeaderInfos(height: Int, count: Int): List[BlockHeaderInfo] = {
+      bitcoinClient.getBlockHash(height).pipeTo(sender.ref)
+      val blockId = sender.expectMsgType[ByteVector32]
+      bitcoinClient.getBlockHeaderInfos(blockId, count).pipeTo(sender.ref)
+      sender.expectMsgType[List[BlockHeaderInfo]]
+    }
+
+    def check(blockInfos: List[BlockHeaderInfo]): Unit = {
+      for (i <- 0 until blockInfos.size - 1) {
+        require(blockInfos(i).nextBlockHash.contains(kmp2scala(blockInfos(i + 1).header.hash)))
+        require(blockInfos(i + 1).header.hashPreviousBlock == blockInfos(i).header.hash)
+      }
+    }
+
+    check(getHeaderInfos(140, 5))
+    check(getHeaderInfos(146, 5))
+  }
+
+  test("get tx confirmation proof") {
+    val sender = TestProbe()
+    val bitcoinClient = new BitcoinCoreClient(bitcoinrpcclient)
+
+    val address = getNewAddress(sender)
+    val tx1 = sendToAddress(address, 5 btc, sender)
+
+    bitcoinClient.getTxConfirmations(tx1.txid).pipeTo(sender.ref)
+    sender.expectMsg(Some(0))
+
+    bitcoinClient.checkTxConfirmations(tx1.txid, 1).pipeTo(sender.ref)
+    sender.expectMsgType[Failure]
+
+    generateBlocks(3)
+    bitcoinClient.getTxConfirmations(tx1.txid).pipeTo(sender.ref)
+    sender.expectMsg(Some(3))
+
+    bitcoinClient.checkTxConfirmations(tx1.txid, 3).pipeTo(sender.ref)
+    assert(sender.expectMsgType[Boolean])
+  }
+
+  test("verify tx confirmation proof") {
+    val sender = TestProbe()
+    // this is a valid proof for a random tx on testnet
+    val validProof = "0000c020d80e8834189edc6f67bb6683e0f1fc21608fb30f0c7148432b0000000000000078d01cf841039ee0d10e9e43cae12d54f08251fd96ac13688991a9af155f1c93b4f0d762f1da381903a82037140000000653f44c07bbd9acc8a9f9efa4ffaef176e0be7cfd7125b4985dc63b516191f81384d408a276c856d1816ffaf66f33dd17d4601a8e7c702ad98db859bd2c9d03ee2d982aad9cf8956835baa2011888a30a759548b3702b98c2266f4dd6a42b3dacefa0c54813f90ee2c7629f7600fcb782503c98a1df30368c568cc8c780c9d97b3c99c68fffea99cf505a02138e52df20e51c77e5784460f95bf3660f302b7046ceaa968b4e007fab9a717a9be9403ba5d866ec3ef81c5155e919aa27da49fa17025f00"
+    val bitcoinClient = new BitcoinCoreClient(new BitcoinJsonRPCClient {
+      override def invoke(method: String, params: Any*)(implicit ec: ExecutionContext): Future[JValue] = method match {
+        case "gettxoutproof" => Future.successful(new JString(validProof)) // bitcoin core is lying to us
+        case _ => bitcoinrpcclient.invoke(method, params: _*)(ec)
+      }
+    })
+
+    val address = getNewAddress(sender)
+    val tx1 = sendToAddress(address, 5 btc, sender)
+
+    bitcoinClient.getTxConfirmations(tx1.txid).pipeTo(sender.ref)
+    sender.expectMsg(Some(0))
+
+    bitcoinClient.checkTxConfirmations(tx1.txid, 1).pipeTo(sender.ref)
+    sender.expectMsgType[Failure]
+
+    generateBlocks(3)
+    bitcoinClient.getTxConfirmations(tx1.txid).pipeTo(sender.ref)
+    sender.expectMsg(Some(3))
+
+    bitcoinClient.checkTxConfirmations(tx1.txid, 3).pipeTo(sender.ref)
+    val failure = sender.expectMsgType[Failure]
+    assert(failure.cause.getMessage.contains(s"cannot find inclusion proof for ${tx1.txid}"))
+  }
+
 }