fix(afs)!: preserve input timelock requirements#65
Merged
Conversation
3 tasks
aagbotemi
force-pushed
the
fix/afs-locktime
branch
from
d6a0843 to
dc4b147
Compare
evanlinjin
requested changes
May 13, 2026
Member
evanlinjin
left a comment
evanlinjin
left a comment
There was a problem hiding this comment.
Thanks for working on this.
PR description is misleading - none of these bugs were flagged in the post-merge review. It also says this "fixes two consensus-validity issues", however this PR attempts to close 3 issues?
evanlinjin
reviewed
May 13, 2026
evanlinjin
requested changes
May 13, 2026
Member
evanlinjin
left a comment
evanlinjin
left a comment
There was a problem hiding this comment.
There are two versions of the random_probability and random_range methods. The std versions add no meaningful value imo - I would just remove them.
aagbotemi
force-pushed
the
fix/afs-locktime
branch
from
67dcf29 to
8487ab4
Compare
Collaborator
Author
|
Thank you for the review |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
evanlinjin
requested changes
May 13, 2026
aagbotemi
force-pushed
the
fix/afs-locktime
branch
2 times, most recently
from
f3d7e60 to
3b72e6d
Compare
evanlinjin
reviewed
May 14, 2026
aagbotemi
force-pushed
the
fix/afs-locktime
branch
2 times, most recently
from
3b72e6d to
b0b0eb1
Compare
evanlinjin
requested changes
May 14, 2026
Member
evanlinjin
left a comment
evanlinjin
left a comment
There was a problem hiding this comment.
Make apply_anti_fee_sniping explicitly private!
aagbotemi
force-pushed
the
fix/afs-locktime
branch
3 times, most recently
from
15943a8 to
adf472f
Compare
evanlinjin
reviewed
May 14, 2026
aagbotemi
force-pushed
the
fix/afs-locktime
branch
from
adf472f to
8085f45
Compare
Member
|
We are lacking commit messages, PR description has factual errors, missing I'll push it forward! |
evanlinjin
changed the title
evanlinjin
force-pushed
the
fix/afs-locktime
branch
2 times, most recently
from
b8671c3 to
c83079a
Compare
evanlinjin
force-pushed
the
fix/afs-locktime
branch
from
c83079a to
1211bc3
Compare
Member
|
@aagbotemi I pushed a Claude-generated test commit on top, let me know what you think. |
aagbotemi
commented
May 15, 2026
evanlinjin
force-pushed
the
fix/afs-locktime
branch
3 times, most recently
from
059752f to
2fcd3c5
Compare
Anti-fee-sniping could produce consensus-invalid transactions when inputs had timelock requirements: - The nLockTime strategy could overwrite `tx.lock_time` with a value lower than the accumulated input CLTV. - The nSequence strategy zeroed `tx.lock_time`, also breaking accumulated CLTV. - The nSequence strategy could select a Taproot input that already had a relative-timelock (CSV) requirement and overwrite its sequence. The locktime path now only updates `tx.lock_time` when the proposed AFS value still satisfies the existing requirement. The sequence path leaves `tx.lock_time` alone and filters CSV-bearing Taproot inputs out of the candidate pool. API changes: - `PsbtParams::enable_anti_fee_sniping: bool` and `fallback_locktime` are replaced with `anti_fee_sniping: Option<absolute::Height>` and `min_locktime`. The tip height is now required when AFS is enabled and time-based tips are unrepresentable. - `apply_anti_fee_sniping` is now `pub(crate)`; the `rbf_enabled` parameter is removed (derived from `tx.is_explicitly_rbf()`). - New `AntiFeeSnipingError` type, wrapped under `CreatePsbtError::AntiFeeSniping`. Closes bitcoindevkit#62 Closes bitcoindevkit#63 Closes bitcoindevkit#64
Three new tests, each verified to fail on the pre-fix algorithm: - `test_anti_fee_sniping_preserves_input_cltv` — input CLTV above tip must not be lowered. - `test_anti_fee_sniping_skips_taproot_csv_input` — a Taproot input carrying a CSV requirement must be excluded from the nSequence candidate pool; a regular Taproot input remains to ensure the sequence path is still reachable. - `test_anti_fee_sniping_rejects_time_based_locktime` — a time-based CLTV must surface `AntiFeeSnipingError::UnsupportedLockTime`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
evanlinjin
force-pushed
the
fix/afs-locktime
branch
from
2fcd3c5 to
5df9bb1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes consensus-validity issues in BIP-326 anti-fee-sniping.
Closes #62
Closes #63
Closes #64
Bugs
tx.lock_timewith a value lower than the accumulated input CLTV.tx.lock_time, also breaking accumulated CLTV.Fixes
tx.lock_timewhen the AFS-proposed value still satisfies the existing requirement.tx.lock_timealone and filters CSV-bearing Taproot inputs out of the candidate pool.Breaking changes
PsbtParams::enable_anti_fee_sniping: bool+fallback_locktime→anti_fee_sniping: Option<absolute::Height>+min_locktime. The tip height is now required when AFS is enabled, and time-based tips are unrepresentable.apply_anti_fee_snipingis nowpub(crate);rbf_enabledparam removed (derived fromtx.is_explicitly_rbf()).AntiFeeSnipingErrortype, wrapped underCreatePsbtError::AntiFeeSniping.