Verify AssumeUTXO snapshot hashes during full validation as well #32377

1. 
   l0rinc commented at 1:34 pm on April 29, 2025: contributor

   Summary

   We already hard‑code the AssumeUTXO height/UTXO-snapshot-hash/tx-count pairs (e.g. for mainnet we have heights 840,000 and 880,000) in https://github.com/bitcoin/bitcoin/blob/master/src/kernel/chainparams.cpp#L170-L183. Currently, this commitment is enforced only when a node explicitly activates a snapshot via loadtxoutset.

   During a regular initial block download, -reindex, or -reindex-chainstate, the node never cross‑checks the live chainstate against these values.

   Proposal

   Since the expected UTXO set hash is known at the snapshot heights, we could verify it during full validation to cover both IBD and stored AssumeUTXO data. This self‑consistency check would synchronize the outcomes of both seeding approaches. While iterating transactions we’d compute the current hash, and when reaching a snapshot height, we’d assert that the UTXO set hash and transaction count match the hardcoded values.

   This cross‑reference would increase confidence in both mechanisms.

   Optionally, we could gate this behavior behind the assumevalid flag.

2. 
   mzumsande commented at 2:46 pm on April 29, 2025: contributor

   Depending on what we do if the hash doesn’t match, wouldn’t this be effectively be reintroducing something similar to checkpoints (which we just got rid of in #31649)?
3. 
   l0rinc commented at 3:03 pm on April 29, 2025: contributor

   Yes, we already have the “checkpoints”, we’re just ignoring them. The difference is that we’re also validating the checkpoints themselves - giving the assumeutxo scenario more credence (“every IBD verifies these hashes”).

Contributors
l0rinc mzumsande