staticaddr: cancel loop-ins when deposit inputs vanish

Keep replacement UTXOs as fresh deposits while preserving the original deposit
record and selected outpoint snapshot for pending swaps.

Before signing a static loop-in HTLC, check each original selected outpoint with
GetTxOut(..., includeMempool=true). Cancel the pending invoice only when that
check reports an original outpoint unavailable; lookup errors fail the action
without canceling so transient chain backend errors do not incorrectly abandon
the swap.

Keep recovered loop-ins using their stored outpoint snapshot and cover
replacement discovery and cancellation in tests.

Author: hieblmi

loopd/daemon.go

@@ -679,6 +679,7 @@ func (d *Daemon) initialize(withMacaroonService bool) error {
 		Store:                                staticAddressLoopInStore,
 		WalletKit:                            d.lnd.WalletKit,
 		ChainNotifier:                        d.lnd.ChainNotifier,
+		TxOutChecker:                         loopin.NewLndTxOutChecker(d.lnd.Client),
 		NotificationManager:                  notificationManager,
 		ChainParams:                          d.lnd.ChainParams,
 		Signer:                               d.lnd.Signer,

staticaddr/deposit/manager.go

@@ -40,7 +40,9 @@ const (
 	//
 	// A single miss can happen during a transient wallet-view gap while lnd is
 	// processing a replacement or reorg. Requiring two misses keeps that narrow
-	// race recoverable without leaving vanished deposits selectable forever.
+	// race recoverable without leaving vanished deposits selectable forever. At
+	// the default PollInterval, this means a vanished deposit can remain active
+	// for up to roughly 20 seconds.
 	vanishedDepositThreshold = 2
 )
 
@@ -416,6 +418,7 @@ func (m *Manager) listUnspentWithBestHeight(ctx context.Context) (
 	return nil, 0, errors.New("unable to get stable best block while " +
 		"listing deposits")
 }
+
 // createNewDeposit transforms the wallet utxo into a deposit struct and stores
 // it in our database and manager memory.
 func (m *Manager) createNewDeposit(ctx context.Context,

staticaddr/deposit/manager_reconcile_test.go

@@ -344,3 +344,89 @@ func TestReconcileDepositsReactivatesReappearedReplacedDeposit(t *testing.T) {
 	require.Zero(t, deposit.ConfirmationHeight)
 	require.Len(t, manager.activeDeposits, 1)
 }
+
+// TestReconcileReplacementDepositCreatesNewDeposit ensures that a replacement
+// UTXO is retained as a new deposit while an in-flight deposit remains tied to
+// the outpoint selected by a loop-in.
+func TestReconcileReplacementDepositCreatesNewDeposit(t *testing.T) {
+	ctx := context.Background()
+	mockLnd := test.NewMockLnd()
+	oldOutpoint := wire.OutPoint{
+		Hash:  chainhash.Hash{4},
+		Index: 8,
+	}
+	newOutpoint := wire.OutPoint{
+		Hash:  chainhash.Hash{5},
+		Index: 9,
+	}
+
+	depositID, err := GetRandomDepositID()
+	require.NoError(t, err)
+
+	deposit := &Deposit{
+		ID:       depositID,
+		OutPoint: oldOutpoint,
+		Value:    btcutil.Amount(100_000),
+	}
+	deposit.SetState(LoopingIn)
+
+	utxo := &lnwallet.Utxo{
+		OutPoint:      newOutpoint,
+		Value:         deposit.Value,
+		Confirmations: 0,
+	}
+
+	mockAddressManager := new(mockAddressManager)
+	mockAddressManager.On(
+		"ListUnspent", mock.Anything, int32(0), int32(MaxConfs),
+	).Return([]*lnwallet.Utxo{utxo}, nil)
+	mockAddressManager.On(
+		"GetStaticAddressParameters", mock.Anything,
+	).Return(&address.Parameters{
+		ProtocolVersion: version.ProtocolVersion_V0,
+	}, nil)
+	mockAddressManager.On(
+		"GetStaticAddress", mock.Anything,
+	).Return((*script.StaticAddress)(nil), nil)
+
+	mockStore := new(mockStore)
+	var createdDeposit *Deposit
+	mockStore.On(
+		"CreateDeposit", mock.Anything, mock.Anything,
+	).Return(nil).Run(func(args mock.Arguments) {
+		createdDeposit = args.Get(1).(*Deposit)
+	})
+
+	manager := NewManager(&ManagerConfig{
+		AddressManager: mockAddressManager,
+		Store:          mockStore,
+		WalletKit:      mockLnd.WalletKit,
+		Signer:         mockLnd.Signer,
+	})
+	manager.deposits[oldOutpoint] = deposit
+	fsm := &FSM{}
+	manager.activeDeposits[oldOutpoint] = fsm
+	manager.missingDeposits[oldOutpoint] = 1
+
+	require.NoError(t, manager.reconcileDeposits(ctx))
+
+	require.Same(t, deposit, manager.deposits[oldOutpoint])
+	require.Equal(t, oldOutpoint, deposit.OutPoint)
+	require.Equal(t, LoopingIn, deposit.GetState())
+
+	replacement, ok := manager.deposits[newOutpoint]
+	require.True(t, ok)
+	require.Same(t, createdDeposit, replacement)
+	require.NotEqual(t, depositID, replacement.ID)
+	require.Equal(t, newOutpoint, replacement.OutPoint)
+	require.Equal(t, Deposited, replacement.GetState())
+	require.Zero(t, replacement.ConfirmationHeight)
+
+	require.Same(t, fsm, manager.activeDeposits[oldOutpoint])
+	require.NotSame(t, fsm, manager.activeDeposits[newOutpoint])
+	require.Empty(t, manager.missingDeposits)
+
+	mockStore.AssertNotCalled(
+		t, "UpdateDeposit", mock.Anything, mock.Anything,
+	)
+}

staticaddr/loopin/actions.go

@@ -12,6 +12,7 @@ import (
 	"github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcd/wire"
 	"github.com/btcsuite/btcwallet/chain"
 	"github.com/lightninglabs/lndclient"
 	"github.com/lightninglabs/loop"
@@ -337,6 +338,68 @@ func (f *FSM) cancelSwapInvoice(ctx context.Context) {
 	}
 }
 
+// handleInvoiceUpdate applies the monitor state's invoice-update semantics and
+// reports whether the update produced a terminal event.
+func (f *FSM) handleInvoiceUpdate(update lndclient.InvoiceUpdate) (
+	fsm.EventType, bool) {
+
+	switch update.State {
+	case invoices.ContractOpen:
+		return fsm.NoOp, false
+
+	case invoices.ContractAccepted:
+		return fsm.NoOp, false
+
+	case invoices.ContractSettled:
+		f.Debugf("received off-chain payment update %v", update.State)
+		return OnPaymentReceived, true
+
+	case invoices.ContractCanceled:
+		// If the invoice was canceled we only log here since we still need
+		// to monitor until the htlc timed out.
+		log.Warnf("invoice for swap hash %v canceled", f.loopIn.SwapHash)
+		return fsm.NoOp, false
+
+	default:
+		err := fmt.Errorf("unexpected invoice state %v for swap hash %v "+
+			"canceled", update.State, f.loopIn.SwapHash)
+		return f.HandleError(err), true
+	}
+}
+
+// originalDepositOutpointUnavailable checks the original selected deposit
+// outpoints against the chain backend's UTXO view.
+func (f *FSM) originalDepositOutpointUnavailable(ctx context.Context) (
+	bool, error) {
+
+	if f.cfg.TxOutChecker == nil {
+		return false, nil
+	}
+
+	const includeMempool = true
+	for _, outpointStr := range f.loopIn.DepositOutpoints {
+		outpoint, err := wire.NewOutPointFromString(outpointStr)
+		if err != nil {
+			return false, fmt.Errorf("invalid deposit outpoint %q: %w",
+				outpointStr, err)
+		}
+
+		txOut, err := f.cfg.TxOutChecker.GetTxOut(
+			ctx, *outpoint, includeMempool,
+		)
+		if err != nil {
+			return false, fmt.Errorf("unable to get txout %v: %w",
+				outpoint, err)
+		}
+
+		if txOut == nil {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
 // SignHtlcTxAction is called if the htlc was initialized and the server
 // provided the necessary information to construct the htlc tx. We sign the htlc
 // tx and send the signatures to the server.
@@ -345,6 +408,18 @@ func (f *FSM) SignHtlcTxAction(ctx context.Context,
 
 	var err error
 
+	outpointUnavailable, err := f.originalDepositOutpointUnavailable(ctx)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	if outpointUnavailable {
+		err = errors.New("original deposit outpoint no longer available")
+		f.Warnf("%v, canceling swap invoice", err)
+		f.cancelSwapInvoice(ctx)
+
+		return f.HandleError(err)
+	}
+
 	f.loopIn.AddressParams, err =
 		f.cfg.AddressManager.GetStaticAddressParameters(ctx)
 
@@ -714,32 +789,22 @@ func (f *FSM) MonitorInvoiceAndHtlcTxAction(ctx context.Context,
 
 			return f.HandleError(err)
 
-		case update := <-invoiceUpdateChan:
-			switch update.State {
-			case invoices.ContractOpen:
-			case invoices.ContractAccepted:
-			case invoices.ContractSettled:
-				f.Debugf("received off-chain payment update "+
-					"%v", update.State)
-
-				return OnPaymentReceived
-
-			case invoices.ContractCanceled:
-				// If the invoice was canceled we only log here
-				// since we still need to monitor until the htlc
-				// timed out.
-				log.Warnf("invoice for swap hash %v canceled",
-					f.loopIn.SwapHash)
+		case update, ok := <-invoiceUpdateChan:
+			if !ok {
+				invoiceUpdateChan = nil
+				continue
+			}
 
-			default:
-				err = fmt.Errorf("unexpected invoice state %v "+
-					"for swap hash %v canceled",
-					update.State, f.loopIn.SwapHash)
+			if event, done := f.handleInvoiceUpdate(update); done {
+				return event
+			}
 
-				return f.HandleError(err)
+		case err, ok := <-invoiceErrChan:
+			if !ok {
+				invoiceErrChan = nil
+				continue
 			}
 
-		case err = <-invoiceErrChan:
 			f.Errorf("invoice subscription error: %v", err)
 
 		case <-ctx.Done():