From 00821af9a70828e1c67c16214874e093536386f6 Mon Sep 17 00:00:00 2001
From: NicolasCantu <nicolas.cantu@pm.me>
Date: Wed, 12 Mar 2025 10:26:29 +0100
Subject: [PATCH] [bug] prevent freezed utxos being accidentally unlocked

---
 src/commit.rs | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/commit.rs b/src/commit.rs
index 5d184e0..4528af0 100644
--- a/src/commit.rs
+++ b/src/commit.rs
@@ -265,6 +265,8 @@ fn commit_new_transaction(
         .ok_or(Error::msg("Wallet not initialized"))?
         .get_wallet()?;
 
+    let commitment_payload = Vec::from(state_to_commit.state_id);
+
     let mut recipients = vec![];
     recipients.push(Recipient {
         address: sp_wallet.get_client().get_receiving_address(),
@@ -294,16 +296,12 @@ fn commit_new_transaction(
     let mut freezed_utxos = lock_freezed_utxos()?;
 
     let next_commited_in = updated_process.get_process_tip()?;
-    let mandatory_input = if let Some(next_outpoint) = freezed_utxos.take(&next_commited_in) {
-        next_outpoint
-    } else {
+    if !freezed_utxos.contains(&next_commited_in) {
         return Err(Error::msg(format!("Missing next commitment outpoint for process {}", updated_process.get_process_id()?)));
     };
 
-    let commitment_payload = Vec::from_hex(state_to_commit.state_id.clone())?;
-
     let psbt = create_transaction(
-        vec![mandatory_input],
+        vec![next_commited_in],
         &freezed_utxos,
         &sp_wallet,
         recipients,
@@ -318,6 +316,7 @@ fn commit_new_transaction(
     let commited_in = OutPoint::new(txid, 0);
 
     freezed_utxos.insert(commited_in);
+    freezed_utxos.remove(&next_commited_in);
     updated_process.remove_all_concurrent_states()?;
     updated_process.insert_concurrent_state(state_to_commit)?;
     updated_process.update_states_tip(commited_in)?;