feat(sdk): add client-side validation to state transition construction methods

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_credit_withdrawal_transition/v0/state_transition_validation.rs

@@ -23,8 +23,11 @@ use crate::withdrawal::Pooling;
 use platform_version::version::PlatformVersion;
 use std::collections::HashSet;
 
-impl StateTransitionStructureValidation for AddressCreditWithdrawalTransitionV0 {
-    fn validate_structure(
+impl AddressCreditWithdrawalTransitionV0 {
+    /// Validates all structural properties of the transition except for the
+    /// `input_witnesses` count. This is intended for client-side pre-signing
+    /// validation, where witnesses are not yet present.
+    pub fn validate_structure_without_input_witnesses(
         &self,
         platform_version: &PlatformVersion,
     ) -> SimpleConsensusValidationResult {
@@ -46,17 +49,6 @@ impl StateTransitionStructureValidation for AddressCreditWithdrawalTransitionV0
             );
         }
 
-        // Validate input witnesses count matches inputs count
-        if self.inputs.len() != self.input_witnesses.len() {
-            return SimpleConsensusValidationResult::new_with_error(
-                BasicError::InputWitnessCountMismatchError(InputWitnessCountMismatchError::new(
-                    self.inputs.len().min(u16::MAX as usize) as u16,
-                    self.input_witnesses.len().min(u16::MAX as usize) as u16,
-                ))
-                .into(),
-            );
-        }
-
         // Validate output address is not also an input address
         if let Some((output_address, _)) = &self.output {
             if self.inputs.contains_key(output_address) {
@@ -242,6 +234,35 @@ impl StateTransitionStructureValidation for AddressCreditWithdrawalTransitionV0
 
         SimpleConsensusValidationResult::new()
     }
+
+    /// Validates that the number of `input_witnesses` matches the number of
+    /// inputs. Intended to be invoked after signing, once witnesses have been
+    /// produced by the signer.
+    pub fn validate_input_witnesses_count(&self) -> SimpleConsensusValidationResult {
+        if self.inputs.len() != self.input_witnesses.len() {
+            return SimpleConsensusValidationResult::new_with_error(
+                BasicError::InputWitnessCountMismatchError(InputWitnessCountMismatchError::new(
+                    self.inputs.len().min(u16::MAX as usize) as u16,
+                    self.input_witnesses.len().min(u16::MAX as usize) as u16,
+                ))
+                .into(),
+            );
+        }
+        SimpleConsensusValidationResult::new()
+    }
+}
+
+impl StateTransitionStructureValidation for AddressCreditWithdrawalTransitionV0 {
+    fn validate_structure(
+        &self,
+        platform_version: &PlatformVersion,
+    ) -> SimpleConsensusValidationResult {
+        let result = self.validate_structure_without_input_witnesses(platform_version);
+        if !result.is_valid() {
+            return result;
+        }
+        self.validate_input_witnesses_count()
+    }
 }
 
 #[cfg(test)]

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_credit_withdrawal_transition/v0/v0_methods.rs

@@ -14,6 +14,8 @@ use crate::serialization::Signable;
 use crate::state_transition::address_credit_withdrawal_transition::methods::AddressCreditWithdrawalTransitionMethodsV0;
 use crate::state_transition::address_credit_withdrawal_transition::v0::AddressCreditWithdrawalTransitionV0;
 #[cfg(feature = "state-transition-signing")]
+use crate::state_transition::first_consensus_error_as_protocol_error;
+#[cfg(feature = "state-transition-signing")]
 use crate::withdrawal::Pooling;
 #[cfg(feature = "state-transition-signing")]
 use crate::{
@@ -35,7 +37,7 @@ impl AddressCreditWithdrawalTransitionMethodsV0 for AddressCreditWithdrawalTrans
         output_script: CoreScript,
         signer: &S,
         user_fee_increase: UserFeeIncrease,
-        _platform_version: &PlatformVersion,
+        platform_version: &PlatformVersion,
     ) -> Result<StateTransition, ProtocolError> {
         tracing::debug!("try_from_inputs_with_signer: Started");
         tracing::debug!(
@@ -57,6 +59,15 @@ impl AddressCreditWithdrawalTransitionMethodsV0 for AddressCreditWithdrawalTrans
             input_witnesses: Vec::new(),
         };
 
+        // Pre-signing structure check: validate everything except the witness
+        // count, so structural errors fail fast before performing any async
+        // signer work.
+        let pre_validation_result = address_credit_withdrawal_transition
+            .validate_structure_without_input_witnesses(platform_version);
+        if let Some(error) = first_consensus_error_as_protocol_error(pre_validation_result) {
+            return Err(error);
+        }
+
         let state_transition: StateTransition = address_credit_withdrawal_transition.clone().into();
 
         let signable_bytes = state_transition.signable_bytes()?;
@@ -67,6 +78,14 @@ impl AddressCreditWithdrawalTransitionMethodsV0 for AddressCreditWithdrawalTrans
         }
         address_credit_withdrawal_transition.input_witnesses = input_witnesses;
 
+        // After signing, only the witness count needs (re-)validation; the rest
+        // of the structure was already verified above.
+        let validation_result =
+            address_credit_withdrawal_transition.validate_input_witnesses_count();
+        if let Some(error) = first_consensus_error_as_protocol_error(validation_result) {
+            return Err(error);
+        }
+
         tracing::debug!("try_from_inputs_with_signer: Successfully created transition");
         Ok(address_credit_withdrawal_transition.into())
     }

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funding_from_asset_lock_transition/v0/state_transition_validation.rs

@@ -13,8 +13,11 @@ use crate::validation::SimpleConsensusValidationResult;
 use platform_version::version::PlatformVersion;
 use std::collections::HashSet;
 
-impl StateTransitionStructureValidation for AddressFundingFromAssetLockTransitionV0 {
-    fn validate_structure(
+impl AddressFundingFromAssetLockTransitionV0 {
+    /// Validates all structural properties of the transition except for the
+    /// `input_witnesses` count. This is intended for client-side pre-signing
+    /// validation, where witnesses are not yet present.
+    pub fn validate_structure_without_input_witnesses(
         &self,
         platform_version: &PlatformVersion,
     ) -> SimpleConsensusValidationResult {
@@ -62,17 +65,6 @@ impl StateTransitionStructureValidation for AddressFundingFromAssetLockTransitio
             );
         }
 
-        // Validate input witnesses count matches inputs count (if there are inputs)
-        if self.inputs.len() != self.input_witnesses.len() {
-            return SimpleConsensusValidationResult::new_with_error(
-                BasicError::InputWitnessCountMismatchError(InputWitnessCountMismatchError::new(
-                    self.inputs.len().min(u16::MAX as usize) as u16,
-                    self.input_witnesses.len().min(u16::MAX as usize) as u16,
-                ))
-                .into(),
-            );
-        }
-
         // Validate no output address is also an input address
         for output_address in self.outputs.keys() {
             if self.inputs.contains_key(output_address) {
@@ -202,6 +194,35 @@ impl StateTransitionStructureValidation for AddressFundingFromAssetLockTransitio
 
         SimpleConsensusValidationResult::new()
     }
+
+    /// Validates that the number of `input_witnesses` matches the number of
+    /// inputs. Intended to be invoked after signing, once witnesses have been
+    /// produced by the signer.
+    pub fn validate_input_witnesses_count(&self) -> SimpleConsensusValidationResult {
+        if self.inputs.len() != self.input_witnesses.len() {
+            return SimpleConsensusValidationResult::new_with_error(
+                BasicError::InputWitnessCountMismatchError(InputWitnessCountMismatchError::new(
+                    self.inputs.len().min(u16::MAX as usize) as u16,
+                    self.input_witnesses.len().min(u16::MAX as usize) as u16,
+                ))
+                .into(),
+            );
+        }
+        SimpleConsensusValidationResult::new()
+    }
+}
+
+impl StateTransitionStructureValidation for AddressFundingFromAssetLockTransitionV0 {
+    fn validate_structure(
+        &self,
+        platform_version: &PlatformVersion,
+    ) -> SimpleConsensusValidationResult {
+        let result = self.validate_structure_without_input_witnesses(platform_version);
+        if !result.is_valid() {
+            return result;
+        }
+        self.validate_input_witnesses_count()
+    }
 }
 
 #[cfg(test)]

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funding_from_asset_lock_transition/v0/v0_methods.rs

@@ -14,6 +14,8 @@ use crate::serialization::Signable;
 use crate::state_transition::address_funding_from_asset_lock_transition::methods::AddressFundingFromAssetLockTransitionMethodsV0;
 use crate::state_transition::address_funding_from_asset_lock_transition::v0::AddressFundingFromAssetLockTransitionV0;
 #[cfg(feature = "state-transition-signing")]
+use crate::state_transition::first_consensus_error_as_protocol_error;
+#[cfg(feature = "state-transition-signing")]
 use crate::{prelude::UserFeeIncrease, state_transition::StateTransition, ProtocolError};
 #[cfg(feature = "state-transition-signing")]
 use dashcore::signer;
@@ -30,7 +32,7 @@ impl AddressFundingFromAssetLockTransitionMethodsV0 for AddressFundingFromAssetL
         fee_strategy: AddressFundsFeeStrategy,
         signer: &S,
         user_fee_increase: UserFeeIncrease,
-        _platform_version: &PlatformVersion,
+        platform_version: &PlatformVersion,
     ) -> Result<StateTransition, ProtocolError> {
         tracing::debug!("try_from_asset_lock_with_signer: Started");
         tracing::debug!(
@@ -50,6 +52,15 @@ impl AddressFundingFromAssetLockTransitionMethodsV0 for AddressFundingFromAssetL
             input_witnesses: Vec::new(),
         };
 
+        // Pre-signing structure check: validate everything except the witness
+        // count, so structural errors fail fast before performing any async
+        // signer work.
+        let pre_validation_result =
+            address_funding_transition.validate_structure_without_input_witnesses(platform_version);
+        if let Some(error) = first_consensus_error_as_protocol_error(pre_validation_result) {
+            return Err(error);
+        }
+
         let state_transition: StateTransition = address_funding_transition.clone().into();
 
         let signable_bytes = state_transition.signable_bytes()?;
@@ -65,6 +76,13 @@ impl AddressFundingFromAssetLockTransitionMethodsV0 for AddressFundingFromAssetL
         }
         address_funding_transition.input_witnesses = input_witnesses;
 
+        // After signing, only the witness count needs (re-)validation; the rest
+        // of the structure was already verified above.
+        let validation_result = address_funding_transition.validate_input_witnesses_count();
+        if let Some(error) = first_consensus_error_as_protocol_error(validation_result) {
+            return Err(error);
+        }
+
         tracing::debug!("try_from_asset_lock_with_signer: Successfully created transition");
         Ok(address_funding_transition.into())
     }