[Feature]: Deposits transactions are fetched from the mempool rather than a finalized block

[technovision99]

(High) - Deposits transactions are fetched from the mempool rather than a finalized block

1. Description

When deposit requests are validated, they are fetched from the bitcoin client using the getrawtransaction rpc call: https://github.com/stacks-network/sbtc/blob/ffbe79e0238825f3546e9429bbf89042703823df/sbtc/src/deposits.rs#L125-L138 However, as the comment indicates, this rpc call will fetch transactions that are either in a block or still pending in the mempool. If the deposit transaction is not included in a block it cannot be considered canonical on the bitcoin chain and this may result in sBTC being minted without a corresponding deposit.

This can be remedied by counting the number of block confirmations for a given fetched block.

[djordon]

On the signers side, this is mitigated by the signers only fetching pending deposits that are included in the "canonical" blockchain.

https://github.com/stacks-network/sbtc/blob/c6610791561c4d93c309f58ef703283848d12ae4/signer/src/storage/postgres.rs#L326-L374

[djordon]

https://github.com/stacks-network/sbtc/blob/ffbe79e0238825f3546e9429bbf89042703823df/sbtc/src/deposits.rs#L128-L131 Whoops, that comment is silly.