staticaddr: guard channel open and withdraw against unconfirmed deposits

Now that Deposited includes mempool outputs, channel opens and
withdrawals must explicitly reject unconfirmed deposits
(ConfirmationHeight <= 0) since both operations require confirmed
inputs.

Author: hieblmi

staticaddr/openchannel/manager.go

@@ -325,6 +325,14 @@ func (m *Manager) OpenChannel(ctx context.Context,
 		}
 	}
 
+	for _, d := range deposits {
+		// Deposited now includes mempool outputs for static loop-ins, but
+		// channel opens still require the deposit input to be confirmed.
+		if d.ConfirmationHeight <= 0 {
+			return nil, ErrOpeningChannelUnavailableDeposits
+		}
+	}
+
 	// Pre-check: calculate the channel funding amount and the optional
 	// change before locking deposits. This ensures the selected deposits
 	// can cover the funding amount plus fees.

staticaddr/withdraw/manager.go

@@ -381,6 +381,15 @@ func (m *Manager) WithdrawDeposits(ctx context.Context,
 		}
 	}
 
+	for _, d := range deposits {
+		// Deposited now includes mempool outputs for static loop-ins, but
+		// withdrawals still require the deposit input to be confirmed.
+		if d.ConfirmationHeight <= 0 {
+			return "", "", fmt.Errorf("can't withdraw, " +
+				"unconfirmed deposits can't be withdrawn")
+		}
+	}
+
 	var (
 		withdrawalAddress btcutil.Address
 		err               error