lnwallet/rpcwallet: keep zero-value prev outputs in remote-sign PSBT

[Roasbeef]

In this PR, we fix a sharp edge in RPCKeyRing.remoteSign that silently
broke any signing flow whose to_sign tx references a zero-value prev
output. The canonical hitter is BIP-322 message signing, which mandates
that the virtual to_spend output is exactly value=0 with the message
commitment as pk_script, and that output is referenced as input 0 of
every to_sign tx handed to SignOutputRaw.

Before forwarding the request, remoteSign rebuilds a PSBT from the
unsigned tx and annotates every non-signed input with a WitnessUtxo,
so the downstream walletkit.SignPsbt call can proceed (taproot sighash
needs every prev output, not just the one being signed). When the watch-
only wallet doesn't know an outpoint, the prep stage falls back to the
sign descriptor's PrevOutputFetcher. That fallback used to require
utxo.Value != 0, which silently dropped legitimate zero-value entries
on the floor. The remote signer would then reject the resulting PSBT
with input (index=N) doesn't specify any UTXO info, raised in
walletkit.SignPsbt precisely because input N had neither a
WitnessUtxo nor a NonWitnessUtxo.

The fix

We drop the Value != 0 guard. The only condition that actually matters
is that the fetched entry is usable as a WitnessUtxo: non-nil with a
non-empty PkScript. A zero-value WitnessUtxo with a well-formed
PkScript serializes cleanly into a PSBT, so there's nothing else to
validate at this layer.

We also lift the population loop out of remoteSign into a package-
level helper, populateNonSignedInputWitnessUtxos, so the resolution
policy can be exercised in unit tests without standing up a full wallet

• remote signer pair. The helper takes a fetchOutpointInfoFn callback
  that mirrors lnwallet.WalletController.FetchOutpointInfo. No behavior
  change for the wallet-owns-it path or the no-fallback path.

Tests

New unit tests in lnwallet/rpcwallet/rpcwallet_test.go walk through
each resolution branch. The wallet-owns-it case exercises the
FetchOutpointInfo happy path and cross-checks that the signed input
itself is left untouched. The external-fallback case has the wallet
return ErrNotMine and resolves the prev via the fetcher. The zero-
value-fallback case is the BIP-322 regression: same shape as external-
fallback, but the fetcher entry has Value=0, and the test asserts
that WitnessUtxo lands on the PSBT instead of being silently skipped.
Two more cover the unhappy paths: no fetcher attached (input left bare,
warning logged) and a fetcher entry with an empty PkScript (rejected
as unusable, since a PSBT WitnessUtxo with empty script is malformed
at serialization).

Compat

No behavior change for the wallet-owns-it path, the no-fallback path,
or the non-zero-value fallback path. The only new behavior is that
legitimately zero-value entries from the supplied PrevOutputFetcher
land in the PSBT instead of being silently skipped.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a bug in the remote signing flow where zero-value previous outputs were being silently ignored. This behavior caused failures in signing flows that require zero-value inputs, such as BIP-322 message signing. By removing the incorrect value check and refactoring the logic into a testable helper, the wallet now correctly includes these outputs in the PSBT, ensuring downstream compatibility with taproot sighash requirements.

Highlights

• Removed zero-value guard: Removed the Value != 0 restriction when populating WitnessUtxo for non-signed inputs, allowing zero-value outputs to be correctly included in PSBTs.
• Refactored witness population: Extracted the witness population logic into a new package-level helper function populateNonSignedInputWitnessUtxos to improve testability.
• Added regression tests: Introduced comprehensive unit tests in rpcwallet_test.go to cover various resolution scenarios, including the BIP-322 zero-value case.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This PR refactors the PSBT preparation logic for remote signers into a helper function, populateNonSignedInputWitnessUtxos, and enables support for zero-value UTXO entries required for BIP-322 signing flows. The changes include comprehensive unit tests for the new helper. Feedback highlights a placeholder PR number in the release notes that needs updating and recommends a nil check on the UTXO info to prevent potential runtime panics.

[gemini-code-assist]

The link contains a placeholder PRNUM. Please update this with the actual pull request number once it is assigned.

[gemini-code-assist]

While FetchOutpointInfo is generally expected to return a non-nil Utxo when no error occurs, it is safer to perform a nil check on info before accessing its fields to prevent potential panics.

info, err := fetchInfo(&txIn.PreviousOutPoint)
		if err == nil && info != nil {
			packet.Inputs[idx].WitnessUtxo = &wire.TxOut{
				Value:    int64(info.Value),
				PkScript: info.PkScript,
			}
			continue
		}

		// The wallet doesn't know about this outpoint. Fall
		// back to the caller-supplied PrevOutputFetcher.

[github-actions]

🔴 PR Severity: CRITICAL

Classified by file path | 2 files (excl. tests) | 114 lines changed (excl. tests)

🔴 Critical (1 file)

• lnwallet/rpcwallet/rpcwallet.go - wallet operations in lnwallet/*; modifications to the remote signing wallet implementation

🟢 Low (2 files — not counted toward severity)

• docs/release-notes/release-notes-0.21.0.md - release notes documentation
• lnwallet/rpcwallet/rpcwallet_test.go - test file (excluded from classification)

Analysis

This PR modifies lnwallet/rpcwallet/rpcwallet.go, which falls squarely within the lnwallet/* CRITICAL package covering wallet operations, channel funding, signing, and commitment transactions. The remote signing wallet (rpcwallet) is responsible for delegating signing operations to an external signer, making correctness here essential for fund safety.

The change is focused (67 additions / 36 deletions in the non-test source file) and is accompanied by a new test file (228 lines) that provides coverage for the modified logic. No severity bump was triggered: only 2 non-test/non-generated files changed (<20 threshold) and 114 non-test lines changed (<500 threshold).

Expert review is warranted given the wallet/signing context.

---

_{To override, add a severity-override-{critical,high,medium,low} label.}
<!-- pr-severity-bot -->

[TechLateef]

Don't you think adding a quick length alignment check at the top makes sense here? It would make the loop completely defensive against out-of-bounds panics if a malformed packet ever slips through.

if len(packet.Inputs) != len(tx.TxIn) {
    return
}

[ziggie1984]

The invariant len(packet.Inputs) == len(tx.TxIn) is guaranteed by psbt.NewFromUnsignedTx(tx) at the only call site two lines above. Validating an invariant the caller already establishes is noise, and if it ever did diverge, that's a programmer bug — panicking is the correct response, not a silent skip. The real smell is the dual-arg signature; a runtime check papers over it instead of fixing it

[TechLateef]

Ah, got it! That makes total sense. Thanks for the thorough explanation!

[TechLateef]

LGTM. Solid fix for the BIP-322 edge case, and the unit tests are very thorough. I just left a quick suggestion on the input loop regarding a defensive length check. Aside from that, logic looks great!

[ziggie1984]

LGTM nice bugfix, pending Linter CI

[ellemouton]

nice!

[Roasbeef]

Thx for the review, will fix CI then land.

[github-actions]

Successfully created backport PR for v0.21.x-branch:

• [v0.21.x-branch] Backport #10815: lnwallet/rpcwallet: keep zero-value prev outputs in remote-sign PSBT #10822