feat!: Support persistent UTXO locking

ValuedMammal · ValuedMammal · commit ff74e59703de · 2025-08-08T10:48:35.000-04:00
New APIs added for locking and unlocking a UTXO by outpoint
and to query the locked outpoints. Locking an outpoint
means that it is excluded from coin selection.

- Add `Wallet::lock_outpoint`
- Add `Wallet::unlock_outpoint`
- Add `Wallet::is_outpoint_locked`
- Add `Wallet::list_locked_outpoints`
- Add `Wallet::list_locked_unspent`

`test_lock_outpoint_persist` tests the lock/unlock
functionality and that the lock status is persistent.

BREAKING: Added `locked_outpoints` member field to ChangeSet.
A SQLite migration is included for adding the locked outpoints table.
diff --git a/clippy.toml b/clippy.toml
@@ -1,4 +1 @@
-# TODO fix, see: https://rust-lang.github.io/rust-clippy/master/index.html#large_enum_variant
-enum-variant-size-threshold = 1032
-# TODO fix, see: https://rust-lang.github.io/rust-clippy/master/index.html#result_large_err
-large-error-threshold = 993
+msrv = "1.63.0"
diff --git a/wallet/src/lib.rs b/wallet/src/lib.rs
@@ -8,6 +8,9 @@
 #![no_std]
 #![warn(missing_docs)]
 #![allow(clippy::uninlined_format_args)]
+// TODO: these can be removed after <https://github.com/bitcoindevkit/bdk_wallet/issues/245>
+#![allow(clippy::result_large_err)]
+#![allow(clippy::large_enum_variant)]
 
 #[cfg(feature = "std")]
 #[macro_use]
diff --git a/wallet/src/wallet/changeset.rs b/wallet/src/wallet/changeset.rs
@@ -1,17 +1,20 @@
 use bdk_chain::{
     indexed_tx_graph, keychain_txout, local_chain, tx_graph, ConfirmationBlockTime, Merge,
 };
+use bitcoin::{OutPoint, Txid};
 use miniscript::{Descriptor, DescriptorPublicKey};
 use serde::{Deserialize, Serialize};
 
 type IndexedTxGraphChangeSet =
     indexed_tx_graph::ChangeSet<ConfirmationBlockTime, keychain_txout::ChangeSet>;
 
-/// A change set for [`Wallet`]
+use crate::locked_outpoints;
+
+/// A change set for [`Wallet`].
 ///
 /// ## Definition
 ///
-/// The change set is responsible for transmiting data between the persistent storage layer and the
+/// The change set is responsible for transmitting data between the persistent storage layer and the
 /// core library components. Specifically, it serves two primary functions:
 ///
 /// 1) Recording incremental changes to the in-memory representation that need to be persisted to
@@ -114,6 +117,8 @@ pub struct ChangeSet {
     pub tx_graph: tx_graph::ChangeSet<ConfirmationBlockTime>,
     /// Changes to [`KeychainTxOutIndex`](keychain_txout::KeychainTxOutIndex).
     pub indexer: keychain_txout::ChangeSet,
+    /// Changes to locked outpoints.
+    pub locked_outpoints: locked_outpoints::ChangeSet,
 }
 
 impl Merge for ChangeSet {
@@ -142,6 +147,9 @@ impl Merge for ChangeSet {
             self.network = other.network;
         }
 
+        // merge locked outpoints
+        self.locked_outpoints.merge(other.locked_outpoints);
+
         Merge::merge(&mut self.local_chain, other.local_chain);
         Merge::merge(&mut self.tx_graph, other.tx_graph);
         Merge::merge(&mut self.indexer, other.indexer);
@@ -154,6 +162,7 @@ impl Merge for ChangeSet {
             && self.local_chain.is_empty()
             && self.tx_graph.is_empty()
             && self.indexer.is_empty()
+            && self.locked_outpoints.is_empty()
     }
 }
 
@@ -163,6 +172,8 @@ impl ChangeSet {
     pub const WALLET_SCHEMA_NAME: &'static str = "bdk_wallet";
     /// Name of table to store wallet descriptors and network.
     pub const WALLET_TABLE_NAME: &'static str = "bdk_wallet";
+    /// Name of table to store wallet locked outpoints.
+    pub const WALLET_OUTPOINT_LOCK_TABLE_NAME: &'static str = "bdk_wallet_locked_outpoints";
 
     /// Get v0 sqlite [ChangeSet] schema
     pub fn schema_v0() -> alloc::string::String {
@@ -177,12 +188,24 @@ impl ChangeSet {
         )
     }
 
+    /// Get v1 sqlite [`ChangeSet`] schema. Schema v1 adds a table for locked outpoints.
+    pub fn schema_v1() -> alloc::string::String {
+        format!(
+            "CREATE TABLE {} ( \
+                txid TEXT NOT NULL, \
+                vout INTEGER NOT NULL, \
+                PRIMARY KEY(txid, vout) \
+                ) STRICT;",
+            Self::WALLET_OUTPOINT_LOCK_TABLE_NAME,
+        )
+    }
+
     /// Initialize sqlite tables for wallet tables.
     pub fn init_sqlite_tables(db_tx: &chain::rusqlite::Transaction) -> chain::rusqlite::Result<()> {
         crate::rusqlite_impl::migrate_schema(
             db_tx,
             Self::WALLET_SCHEMA_NAME,
-            &[&Self::schema_v0()],
+            &[&Self::schema_v0(), &Self::schema_v1()],
         )?;
 
         bdk_chain::local_chain::ChangeSet::init_sqlite_tables(db_tx)?;
@@ -220,6 +243,24 @@ impl ChangeSet {
             changeset.network = network.map(Impl::into_inner);
         }
 
+        // Select locked outpoints.
+        let mut stmt = db_tx.prepare(&format!(
+            "SELECT txid, vout FROM {}",
+            Self::WALLET_OUTPOINT_LOCK_TABLE_NAME,
+        ))?;
+        let rows = stmt.query_map([], |row| {
+            Ok((
+                row.get::<_, Impl<Txid>>("txid")?,
+                row.get::<_, u32>("vout")?,
+            ))
+        })?;
+        let locked_outpoints = &mut changeset.locked_outpoints.locked_outpoints;
+        for row in rows {
+            let (Impl(txid), vout) = row?;
+            let outpoint = OutPoint::new(txid, vout);
+            locked_outpoints.insert(outpoint, true);
+        }
+
         changeset.local_chain = local_chain::ChangeSet::from_sqlite(db_tx)?;
         changeset.tx_graph = tx_graph::ChangeSet::<_>::from_sqlite(db_tx)?;
         changeset.indexer = keychain_txout::ChangeSet::from_sqlite(db_tx)?;
@@ -268,6 +309,31 @@ impl ChangeSet {
             })?;
         }
 
+        // Insert or delete locked outpoints.
+        let mut insert_stmt = db_tx.prepare_cached(&format!(
+            "REPLACE INTO {}(txid, vout) VALUES(:txid, :vout)",
+            Self::WALLET_OUTPOINT_LOCK_TABLE_NAME
+        ))?;
+        let mut delete_stmt = db_tx.prepare_cached(&format!(
+            "DELETE FROM {} WHERE txid=:txid AND vout=:vout",
+            Self::WALLET_OUTPOINT_LOCK_TABLE_NAME,
+        ))?;
+        let locked_outpoints = &self.locked_outpoints.locked_outpoints;
+        for (&outpoint, &is_locked) in locked_outpoints.iter() {
+            let OutPoint { txid, vout } = outpoint;
+            if is_locked {
+                insert_stmt.execute(named_params! {
+                    ":txid": Impl(txid),
+                    ":vout": vout,
+                })?;
+            } else {
+                delete_stmt.execute(named_params! {
+                    ":txid": Impl(txid),
+                    ":vout": vout,
+                })?;
+            }
+        }
+
         self.local_chain.persist_to_sqlite(db_tx)?;
         self.tx_graph.persist_to_sqlite(db_tx)?;
         self.indexer.persist_to_sqlite(db_tx)?;
@@ -311,3 +377,12 @@ impl From<keychain_txout::ChangeSet> for ChangeSet {
         }
     }
 }
+
+impl From<locked_outpoints::ChangeSet> for ChangeSet {
+    fn from(locked_outpoints: locked_outpoints::ChangeSet) -> Self {
+        Self {
+            locked_outpoints,
+            ..Default::default()
+        }
+    }
+}
diff --git a/wallet/src/wallet/locked_outpoints.rs b/wallet/src/wallet/locked_outpoints.rs
@@ -0,0 +1,26 @@
+//! Module containing the locked outpoints change set.
+
+use bdk_chain::Merge;
+use bitcoin::OutPoint;
+use serde::{Deserialize, Serialize};
+
+use crate::collections::BTreeMap;
+
+/// Represents changes to locked outpoints.
+#[derive(Debug, Clone, Default, PartialEq, Serialize, Deserialize)]
+pub struct ChangeSet {
+    /// The lock status of an outpoint, `true == is_locked`.
+    pub locked_outpoints: BTreeMap<OutPoint, bool>,
+}
+
+impl Merge for ChangeSet {
+    fn merge(&mut self, other: Self) {
+        // Extend self with other. Any entries in `self` that share the same
+        // outpoint are overwritten.
+        self.locked_outpoints.extend(other.locked_outpoints);
+    }
+
+    fn is_empty(&self) -> bool {
+        self.locked_outpoints.is_empty()
+    }
+}
diff --git a/wallet/src/wallet/mod.rs b/wallet/src/wallet/mod.rs
@@ -53,6 +53,7 @@ mod changeset;
 pub mod coin_selection;
 pub mod error;
 pub mod export;
+pub mod locked_outpoints;
 mod params;
 mod persisted;
 pub mod signer;
@@ -109,6 +110,7 @@ pub struct Wallet {
     stage: ChangeSet,
     network: Network,
     secp: SecpCtx,
+    locked_outpoints: BTreeMap<OutPoint, Option<bool>>,
 }
 
 /// An update to [`Wallet`].
@@ -471,6 +473,8 @@ impl Wallet {
             None => (None, Arc::new(SignersContainer::new())),
         };
 
+        let locked_outpoints = BTreeMap::new();
+
         let mut stage = ChangeSet {
             descriptor: Some(descriptor.clone()),
             change_descriptor: change_descriptor.clone(),
@@ -497,6 +501,7 @@ impl Wallet {
             indexed_graph,
             stage,
             secp,
+            locked_outpoints,
         })
     }
 
@@ -672,6 +677,13 @@ impl Wallet {
             None => Arc::new(SignersContainer::new()),
         };
 
+        // Apply locked outpoints
+        let locked_outpoints = changeset.locked_outpoints.locked_outpoints;
+        let locked_outpoints = locked_outpoints
+            .into_iter()
+            .map(|(op, is_locked)| (op, if is_locked { Some(true) } else { None }))
+            .collect();
+
         let mut stage = ChangeSet::default();
 
         let indexed_graph = make_indexed_graph(
@@ -693,6 +705,7 @@ impl Wallet {
             stage,
             network,
             secp,
+            locked_outpoints,
         }))
     }
 
@@ -2137,6 +2150,8 @@ impl Wallet {
                     CanonicalizationParams::default(),
                     self.indexed_graph.index.outpoints().iter().cloned(),
                 )
+                // Filter out locked outpoints
+                .filter(|(_, txo)| !self.is_outpoint_locked(txo.outpoint))
                 // only create LocalOutput if UTxO is mature
                 .filter_map(move |((k, i), full_txo)| {
                     full_txo
@@ -2405,6 +2420,81 @@ impl Wallet {
         &self.chain
     }
 
+    /// List the locked outpoints.
+    pub fn list_locked_outpoints(&self) -> impl Iterator<Item = OutPoint> + '_ {
+        self.locked_outpoints
+            .iter()
+            .filter(|(_, lock)| matches!(lock, Some(true)))
+            .map(|(op, _)| *op)
+    }
+
+    /// List unspent outpoints that are currently locked.
+    pub fn list_locked_unspent(&self) -> impl Iterator<Item = OutPoint> + '_ {
+        self.list_unspent()
+            .filter(|output| self.is_outpoint_locked(output.outpoint))
+            .map(|output| output.outpoint)
+    }
+
+    /// Whether the `outpoint` is locked. See [`Wallet::lock_outpoint`] for more.
+    pub fn is_outpoint_locked(&self, outpoint: OutPoint) -> bool {
+        self.locked_outpoints
+            .get(&outpoint)
+            .map_or(false, |lock| matches!(lock, Some(true)))
+    }
+
+    /// Lock a wallet output identified by the given `outpoint`.
+    ///
+    /// A locked UTXO will not be selected as an input to fund a transaction. This is useful
+    /// for excluding or reserving candidate inputs during transaction creation.
+    ///
+    /// **You must persist the staged change for the lock status to be persistent**. To unlock a
+    /// previously locked outpoint, see [`Wallet::unlock_outpoint`].
+    pub fn lock_outpoint(&mut self, outpoint: OutPoint) {
+        use crate::collections::btree_map;
+        let lock_value = true;
+        let mut changeset = locked_outpoints::ChangeSet::default();
+
+        // If the lock status changed, update the entry and record the change
+        // in the changeset.
+        match self.locked_outpoints.entry(outpoint) {
+            btree_map::Entry::Occupied(mut e) => {
+                let is_locked = e.get().unwrap_or(false);
+                if !is_locked {
+                    e.insert(Some(lock_value));
+                    changeset.locked_outpoints.insert(outpoint, lock_value);
+                }
+            }
+            btree_map::Entry::Vacant(e) => {
+                e.insert(Some(lock_value));
+                changeset.locked_outpoints.insert(outpoint, lock_value);
+            }
+        }
+
+        self.stage.merge(changeset.into());
+    }
+
+    /// Unlock the wallet output of the specified `outpoint`.
+    ///
+    /// **You must persist the staged change for the lock status to be persistent**.
+    pub fn unlock_outpoint(&mut self, outpoint: OutPoint) {
+        use crate::collections::btree_map;
+        let mut changeset = locked_outpoints::ChangeSet::default();
+
+        // If the outpoint is currently locked, remove the value from the entry
+        // and stage the change.
+        match self.locked_outpoints.entry(outpoint) {
+            btree_map::Entry::Vacant(..) => {}
+            btree_map::Entry::Occupied(entry) => {
+                let is_locked = entry.get().unwrap_or(false);
+                if is_locked {
+                    entry.remove();
+                    changeset.locked_outpoints.insert(outpoint, false);
+                    self.stage.merge(changeset.into());
+                }
+            }
+        }
+    }
+
     /// Introduces a `block` of `height` to the wallet, and tries to connect it to the
     /// `prev_blockhash` of the block's header.
     ///
diff --git a/wallet/tests/persisted_wallet.rs b/wallet/tests/persisted_wallet.rs
