Previously it was possible to have the true input
included amongst the decoy inputs.
blst-ringct now validates against this happening, so the client must prevent it.
The chosen fix is for TransactionBuilder to filter
out the true input from the decoys if the caller should
mistakenly include it.
This removes the burden of checking/filtering from the
caller. With the possible side-effect that the number of
decoy inputs is reduced by one. However, if the caller
is concerned about this, it can verify for itself that
the true input is not present.
Another possibility would be for SpentbookNodeMock::random_decoy()
to accept a TrueInput arg, and it could avoid returning that
input. However this would inform the Spentbook node of the true
input, so we do not use this approach.
Previously it was possible to have the true input included amongst the decoy inputs.
blst-ringct now validates against this happening, so the client must prevent it.
The chosen fix is for TransactionBuilder to filter out the true input from the decoys if the caller should mistakenly include it.
This removes the burden of checking/filtering from the caller. With the possible side-effect that the number of decoy inputs is reduced by one. However, if the caller is concerned about this, it can verify for itself that the true input is not present.
Another possibility would be for SpentbookNodeMock::random_decoy() to accept a TrueInput arg, and it could avoid returning that input. However this would inform the Spentbook node of the true input, so we do not use this approach.