Skip to content

docs: Document TxUpdate temporal context requirements (supports Wizardsardine audit recommendation)#2135

Open
rafaelturon wants to merge 2 commits intobitcoindevkit:masterfrom
rafaelturon:docs/txupdate-temporal-context
Open

docs: Document TxUpdate temporal context requirements (supports Wizardsardine audit recommendation)#2135
rafaelturon wants to merge 2 commits intobitcoindevkit:masterfrom
rafaelturon:docs/txupdate-temporal-context

Conversation

@rafaelturon
Copy link

@rafaelturon rafaelturon commented Mar 5, 2026

Closes #2133

This introduces clear temporal context documentation to the TxUpdate struct, explicitly stating that entries must have either anchors or seen_ats to be considered canonical and contribute to wallet balances.

It also explicitly documents the seen_ats HashSet signature to prevent usage errors when writing custom chain sources.

This fulfills the recommendation outlined in the Wizardsardine BDK Audit Report (Q4 2024).

Description

This primarily affects developers building custom chain sources — anyone constructing Update structs outside of bdk_electrum/bdk_esplora/bdk_bitcoind_rpc.
As the ecosystem grows (streaming Electrum, Nostr relay sync, compact block filters, custom backends), more developers will encounter this undocumented contract.

What I Changed

1. Doc comment on TxUpdate struct

  • anchors or seen_ats are stored in the graph but do not affect the balance.
  • seen_ats collection type: TxUpdate::seen_ats is a BTreeSet<(Txid, u64)>, requiring .insert((txid, timestamp)).

2. Doc comment on Wallet::apply_update()

  • TxGraph apply_update: transactions without temporal context note.
  • IndexedTxGraph apply_update: transactions without temporal context note.

Impact

This is just a documentation fix - no code changes, no breaking changes.

Checklists

All Submissions:

@rafaelturon
docs: document TxUpdate temporal context requirements
af37ab8 
This introduces clear temporal context documentation to the `TxUpdate`
struct, explicitly stating that entries must have either `anchors` or
`seen_ats` to be considered canonical and contribute to wallet balances.

It also explicitly documents the `seen_ats` HashSet signature to
prevent usage errors when writing custom chain sources.

This fulfills the recommendation outlined in the Wizardsardine
BDK Audit Report (Q4 2024).
evanlinjin
evanlinjin requested changes Mar 6, 2026
View reviewed changes
crates/core/src/tx_update.rs Outdated
/// - [`anchors`]: for confirmed transactions.
/// - [`seen_ats`]: for unconfirmed transactions.
///
/// The built-in chain (`bdk_electrum`, `bdk_esplora`, `bdk_bitcoind_rpc`) handle this
Copy link
Member

@evanlinjin evanlinjin Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// The built-in chain (`bdk_electrum`, `bdk_esplora`, `bdk_bitcoind_rpc`) handle this
/// The built-in chain-source crates (`bdk_electrum`, `bdk_esplora`, `bdk_bitcoind_rpc`) handle this

crates/core/src/tx_update.rs Outdated
///
/// The built-in chain (`bdk_electrum`, `bdk_esplora`, `bdk_bitcoind_rpc`) handle this
/// automatically. Transactions lacking temporal context are stored but ignored by canonicalization.
/// Custom chain sources must populate these fields.
Copy link
Member

@evanlinjin evanlinjin Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// Custom chain sources must populate these fields.

Can remove this line. All chain sources should populate those fields.

crates/core/src/tx_update.rs Outdated
/// provide the `seen_at` value.
///
/// Note: this is a `HashSet<(Txid, u64)>`, not a `HashMap`.
/// Insert with `.insert((txid, timestamp))`, not `.insert(txid, timestamp)`.
Copy link
Member

@evanlinjin evanlinjin Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The HashSet hint is unnecessary. The type signature is right there on the field.

crates/core/src/tx_update.rs Outdated
Comment on lines +23 to +24
/// - [`anchors`]: for confirmed transactions.
/// - [`seen_ats`]: for unconfirmed transactions.
Copy link
Member

@evanlinjin evanlinjin Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These don't look like valid doc links. I'm assuming they should be [`Self::anchors`] and [`Self::seen_ats`].

Run cargo doc to make sure.

@rafaelturon
docs: address review feedback from evanlinjin
4d9300f 
Signed-off-by: Rafael Turon <3598269+rafaelturon@users.noreply.github.com>
@rafaelturon
Copy link
Author

rafaelturon commented Mar 6, 2026

Addressed all four review points:

  • Fixed doc links to Self::anchors / Self::seen_ats
  • "built-in chain" → "built-in chain-source crates"
  • Removed "Custom chain sources must populate these fields" (all chain sources should)
  • Removed HashSet type hint (redundant with field signature)

Verified with cargo doc -p bdk_core --no-deps — no new warnings
(the existing warning in spk_client.rs:140 is pre-existing and unrelated).

@rafaelturon rafaelturon marked this pull request as ready for review March 6, 2026 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evanlinjin evanlinjin evanlinjin requested changes

@oleonardolima oleonardolima Awaiting requested review from oleonardolima oleonardolima is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

BDK Chain
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

docs: Document TxUpdate temporal context requirements (supports Wizardsardine audit recommendation)

2 participants

@rafaelturon @evanlinjin