fix(cbf): advance reveal cursor from matched outputs on sync

Walk matched tx outputs to populate Update.last_active_indices and
widen the scan window to cover a lookahead past the last revealed index.

Author: febyeji

src/chain/cbf.rs

@@ -12,7 +12,7 @@ use std::sync::{Arc, Mutex, RwLock};
 use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
 
 use bdk_chain::{BlockId, ConfirmationBlockTime, TxUpdate};
-use bdk_wallet::Update;
+use bdk_wallet::{KeychainKind, Update};
 use bip157::chain::{BlockHeaderChanges, ChainState};
 use bip157::{
 	BlockHash, Builder, Client, Event, HeaderCheckpoint, Info, Node as CbfNode, Requester,
@@ -587,7 +587,8 @@ impl CbfChainSource {
 		let res = async {
 			let requester = self.requester()?;
 
-			let scripts = onchain_wallet.get_spks_for_cbf_sync(BDK_CLIENT_STOP_GAP);
+			let (scripts, spk_to_keychain_idx) =
+				onchain_wallet.get_spks_for_cbf_sync(BDK_CLIENT_STOP_GAP);
 			if scripts.is_empty() {
 				log_debug!(self.logger, "No wallet scripts to sync via CBF.");
 			} else {
@@ -621,8 +622,25 @@ impl CbfChainSource {
 					cp = cp.push(tip_block_id).unwrap_or_else(|old| old);
 				}
 
-				let update =
-					Update { last_active_indices: BTreeMap::new(), tx_update, chain: Some(cp) };
+				// Walk the matched outputs to find the highest derivation index hit per
+				// keychain. Passing these via Update.last_active_indices tells BDK to
+				// advance its reveal cursor, which in turn extends the scan window we
+				// compute in get_spks_for_cbf_sync on the next sync.
+				let mut last_active_indices: BTreeMap<KeychainKind, u32> = BTreeMap::new();
+				for tx in &tx_update.txs {
+					for txout in &tx.output {
+						if let Some(&(keychain, idx)) =
+							spk_to_keychain_idx.get(&txout.script_pubkey)
+						{
+							last_active_indices
+								.entry(keychain)
+								.and_modify(|cur| *cur = (*cur).max(idx))
+								.or_insert(idx);
+						}
+					}
+				}
+
+				let update = Update { last_active_indices, tx_update, chain: Some(cp) };
 
 				onchain_wallet.apply_update(update)?;
 

src/wallet/mod.rs

@@ -5,6 +5,7 @@
 // http://opensource.org/licenses/MIT>, at your option. You may not use this file except in
 // accordance with one or both of these licenses.
 
+use std::collections::HashMap;
 use std::future::Future;
 use std::ops::Deref;
 use std::str::FromStr;
@@ -122,22 +123,36 @@ impl Wallet {
 		self.inner.lock().unwrap().start_sync_with_revealed_spks().build()
 	}
 
-	pub(crate) fn get_spks_for_cbf_sync(&self, stop_gap: usize) -> Vec<ScriptBuf> {
+	/// Returns the on-chain scripts CBF should scan for, plus a mapping
+	/// from each script to its `(keychain, derivation index)`.
+	///
+	/// For each keychain, the returned set covers indices `0..last_revealed + 1 + stop_gap`,
+	/// i.e. all already-revealed scripts plus a `stop_gap`-sized lookahead buffer past the
+	/// last revealed index. This mirrors BDK's internal `KeychainTxOutIndex` lookahead so
+	/// CBF also scans for funds that land at indices just past the current reveal cursor
+	/// (fresh recovery, gap deposits, etc.). On a completely fresh wallet `last_revealed` is
+	/// `None`, so the window is simply `0..stop_gap`.
+	///
+	/// The accompanying map lets callers translate a matched output script back to
+	/// `(keychain, index)` so they can populate `Update.last_active_indices` and advance
+	/// BDK's reveal cursor to reflect what was actually observed on-chain.
+	pub(crate) fn get_spks_for_cbf_sync(
+		&self, stop_gap: usize,
+	) -> (Vec<ScriptBuf>, HashMap<ScriptBuf, (KeychainKind, u32)>) {
 		let wallet = self.inner.lock().unwrap();
-		let mut scripts: Vec<ScriptBuf> =
-			wallet.spk_index().revealed_spks(..).map(|((_, _), spk)| spk).collect();
-
-		// For first sync when no scripts have been revealed yet, generate
-		// lookahead scripts up to the stop gap for both keychains.
-		if scripts.is_empty() {
-			for keychain in [KeychainKind::External, KeychainKind::Internal] {
-				for idx in 0..stop_gap as u32 {
-					scripts.push(wallet.peek_address(keychain, idx).address.script_pubkey());
-				}
+		let mut scripts = Vec::new();
+		let mut spk_to_keychain_idx: HashMap<ScriptBuf, (KeychainKind, u32)> = HashMap::new();
+		for keychain in [KeychainKind::External, KeychainKind::Internal] {
+			let window_end =
+				wallet.spk_index().last_revealed_index(keychain).map(|i| i + 1).unwrap_or(0)
+					+ stop_gap as u32;
+			for idx in 0..window_end {
+				let spk = wallet.peek_address(keychain, idx).address.script_pubkey();
+				scripts.push(spk.clone());
+				spk_to_keychain_idx.insert(spk, (keychain, idx));
 			}
 		}
-
-		scripts
+		(scripts, spk_to_keychain_idx)
 	}
 
 	pub(crate) fn latest_checkpoint(&self) -> bdk_chain::CheckPoint {

tests/integration_tests_rust.rs

@@ -3130,6 +3130,73 @@ async fn onchain_wallet_recovery_cbf() {
 	recovered_node.stop().unwrap();
 }
 
+/// Regression test: after a CBF recovery sync, BDK's reveal cursor should have
+/// advanced past every derivation index we observed on-chain. Otherwise a
+/// freshly recovered node would hand out an already-used address on the next
+/// `new_address` call. Before the fix that populates `last_active_indices` from
+/// matched CBF outputs, the reveal cursor stayed at `None` on recovery because
+/// BDK's internal lookahead absorbed the tx without advancing the public cursor.
+#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
+async fn onchain_wallet_recovery_cbf_advances_reveal_cursor() {
+	let (bitcoind, electrsd) = setup_bitcoind_and_electrsd();
+	let chain_source = TestChainSource::Cbf(&bitcoind);
+
+	let original_config = random_config(true);
+	let original_node_entropy = original_config.node_entropy.clone();
+	let original_node = setup_node(&chain_source, original_config);
+
+	// Reveal several addresses and deposit onto the last one, so the highest
+	// on-chain index is strictly greater than zero.
+	let mut funded_addr = None;
+	for _ in 0..5 {
+		funded_addr = Some(original_node.onchain_payment().new_address().unwrap());
+	}
+	let funded_addr = funded_addr.unwrap();
+
+	let premine_amount_sat = 100_000;
+	premine_and_distribute_funds(
+		&bitcoind.client,
+		&electrsd.client,
+		vec![funded_addr],
+		Amount::from_sat(premine_amount_sat),
+	)
+	.await;
+
+	wait_for_cbf_sync(&original_node, || {
+		original_node.list_balances().spendable_onchain_balance_sats == premine_amount_sat
+	})
+	.await;
+
+	// The address the original node would hand out next, i.e. the descriptor's
+	// derivation index immediately after the funded one. Recovery should match this.
+	let expected_next_addr = original_node.onchain_payment().new_address().unwrap();
+
+	original_node.stop().unwrap();
+	drop(original_node);
+
+	// Recover from a completely fresh wallet state, same seed.
+	let mut recovered_config = random_config(true);
+	recovered_config.node_entropy = original_node_entropy;
+	recovered_config.recovery_mode = true;
+	let recovered_node = setup_node(&chain_source, recovered_config);
+
+	wait_for_cbf_sync(&recovered_node, || {
+		recovered_node.list_balances().spendable_onchain_balance_sats == premine_amount_sat
+	})
+	.await;
+
+	// After recovery, the next address the node hands out must reflect the
+	// highest index that appeared on-chain. If the reveal cursor did not
+	// advance, this would silently reuse the first-ever address.
+	let recovered_next_addr = recovered_node.onchain_payment().new_address().unwrap();
+	assert_eq!(
+		recovered_next_addr, expected_next_addr,
+		"recovery did not advance reveal cursor past observed on-chain indices"
+	);
+
+	recovered_node.stop().unwrap();
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn onchain_send_receive_cbf() {
 	let (bitcoind, electrsd) = setup_bitcoind_and_electrsd();