]> git.bitcoin.ninja Git - rust-lightning/commit
Req+check payment secrets for inbound payments pre-PaymentReceived
authorMatt Corallo <git@bluematt.me>
Fri, 23 Apr 2021 04:04:55 +0000 (04:04 +0000)
committerMatt Corallo <git@bluematt.me>
Wed, 28 Apr 2021 19:30:25 +0000 (15:30 -0400)
commit8bf3d8dec26cfd2e3fb4606f73ffaee174a0a403
treecad6dab8a42f4c182481b581480b1d4a085fdcd1
parenta7082901fe8302d1944cb3365f192626f4dbac22
Req+check payment secrets for inbound payments pre-PaymentReceived

Our current PaymentReceived API is incredibly easy to mis-use -
the "obvious" way to implement a client is to always call
`ChannelManager::claim_funds` in response to a `PaymentReceived`
event. However, users are *required* to check the payment secret
and value against the expected values before claiming in order to
avoid a number of potentially funds-losing attacks.

Instead, if we rely on payment secrets being pre-registered with
the ChannelManager before we receive HTLCs for a payment we can
simply check the payment secrets and never generate
`PaymentReceived` events if they do not match. Further, when the
user knows the value to expect in advance, we can have them
register it as well, allowing us to check it for them.

Other implementations already require payment secrets for inbound
payments, so this shouldn't materially lose compatibility.
lightning/src/ln/channelmanager.rs
lightning/src/ln/functional_tests.rs
lightning/src/ln/onion_route_tests.rs