f - Avoid fuzz hash collisions in outpoint spent checks

jkczyz · claude · jkczyz · commit 642baa619d21 · 2026-04-09T13:18:12.000-05:00
Under fuzz hashing, txids have only 8 effective bits, so outpoints from
unrelated transactions in old blocks frequently collide. This causes
is_outpoint_spent to produce false positives, silently preventing
legitimate transactions from being added to the pending pool or
confirmed.

Limit is_outpoint_spent to the last 6 blocks. Confirmed transactions
are always followed by 5 empty blocks, so the scan window covers
exactly one block with transactions. This catches real double-spends
(same-channel splice RBF candidates) while avoiding false positives
from older blocks.

Also remove the is_outpoint_spent check from add_pending_tx so that
filtering decisions are made at confirmation time (in confirm_pending_txs)
rather than at add time. This ensures all candidates participate in
the deterministic sort before any are rejected.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/fuzz/src/chanmon_consistency.rs b/fuzz/src/chanmon_consistency.rs
@@ -207,7 +207,11 @@ impl ChainState {
 	}
 
 	fn is_outpoint_spent(&self, outpoint: &bitcoin::OutPoint) -> bool {
-		self.blocks.iter().any(|(_, txs)| {
+		// Only check the last 6 blocks (1 confirmation block + 5 post-confirmation) to avoid
+		// false positives from hash collisions in older blocks. Under fuzz hashing, txids have
+		// only 8 effective bits, so unrelated outpoints in old blocks frequently collide.
+		let start = self.blocks.len().saturating_sub(6);
+		self.blocks[start..].iter().any(|(_, txs)| {
 			txs.iter().any(|tx| {
 				tx.input.iter().any(|input| input.previous_output == *outpoint)
 			})
@@ -237,13 +241,8 @@ impl ChainState {
 	}
 
 	/// Add a transaction to the pending pool (mempool). Multiple conflicting transactions (RBF
-	/// candidates) may coexist; `confirm_pending_txs` selects which one to confirm. If the
-	/// conflicting transaction was already confirmed, the new transaction is dropped since a
-	/// confirmed transaction cannot be replaced on chain.
+	/// candidates) may coexist; `confirm_pending_txs` selects which one to confirm.
 	fn add_pending_tx(&mut self, tx: Transaction) {
-		if tx.input.iter().any(|i| self.is_outpoint_spent(&i.previous_output)) {
-			return;
-		}
 		self.pending_txs.push(tx);
 	}
 
