fix(wallet): categorize self-transfers to external addresses as trusted_pending

[Dmenec]

Fixes #273.

Description

Unconfirmed transactions spending owned UTXOs to external addresses were being incorrectly categorized as untrusted_pending. This should not happen since all inputs are controlled by the wallet.

Notes to the reviewers

The balance function iterates over all transactions in the graph and marks a transaction as trusted if all its inputs spend from owned outpoints or from already-trusted transactions. This process repeats until no new trusted transactions are found, in order to handle chains of unconfirmed transactions transitively.

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran just p before pushing

Bugfixes:

• This pull request breaks the existing API
• I've added tests to reproduce the issue which are now passing
• I'm linking the issue being fixed by this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.16%. Comparing base (fb7681a) to head (aea97d4).

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #431      +/-   ##
==========================================
+ Coverage   80.04%   80.16%   +0.12%     
==========================================
  Files          24       24              
  Lines        5336     5365      +29     
  Branches      242      247       +5     
==========================================
+ Hits         4271     4301      +30     
+ Misses        987      986       -1     
  Partials       78       78              

Flag	Coverage Δ
rust	80.16% <100.00%> (+0.12%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ValuedMammal]

Interesting approach. I'm not sure that I follow the transitive trust logic though - if Alice sends money to Bob, she might trust her own transaction but not Bob's transaction spending the output.

[ValuedMammal]

💯 This looks like an easier solution (including the txid with the output index) than rewriting the entire balance function on TxGraph.

[ValuedMammal]

I think we should drop the KeychainKind::Internal check here entirely as there's no guarantee that foreign wallets don't pay to our change address by discovering it on chain, see #16 (comment).

[qatkk]

I agree with dropping the KeychainKind::Internal check. Another example (if I’m not mistaken) could be that, in a multisig wallet, outputs that belong to a shared descriptor can be marked trusted even if the wallet didn’t actually fund them. Dropping the check makes sure this doesn't happen.

[qatkk]

I went through the code and ran the tests, everything looks good and all the tests pass aea97d4
I just wanted to mention one small point. The current implementation might process a transaction multiple times (depending on transaction dependencies and the graph structure), since it keeps going through the graph until no new transactions are added to the trusted transaction list.
For normal wallets with small transaction graphs, this shouldn’t be an issue, but it’s something to keep in mind for larger graphs or if performance ever becomes a concern. I also came across a discussion benchmarking transaction graph reconciliation and touching on transaction graph size Issue #1687.
Even so, I think it’s probably not worth adding extra complexity (like Kahn’s algorithm) just for efficiency.