From: Matt Corallo Date: Tue, 16 Aug 2022 21:58:06 +0000 (+0000) Subject: Add a TODO for an important issue for making async mon updates safe X-Git-Tag: v0.0.112~24^2~4 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=72416b951e64bb51577f63937eed429a29b563e7;p=rust-lightning Add a TODO for an important issue for making async mon updates safe If we receive a monitor event from a forwarded-to channel which contains a preimage for an HTLC, we have to propogate that preimage back to the forwarded-from channel monitor. However, once we have that update, we're running in a relatively unsafe state - we have the preimage in memory, but if we were to crash the forwarded-to channel monitor will not regenerate the update with the preimage for us. If we haven't managed to write the monitor update to the forwarded-from channel by that point, we've lost the preimage, and, thus, money! --- diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs index fb73951a6..bbecc4b33 100644 --- a/lightning/src/ln/channelmanager.rs +++ b/lightning/src/ln/channelmanager.rs @@ -4223,8 +4223,12 @@ impl ChannelMana // event being update_fulfill_htlc). let update_res = self.chain_monitor.update_channel(prev_outpoint, preimage_update); if update_res != ChannelMonitorUpdateStatus::Completed { + // TODO: This needs to be handled somehow - if we receive a monitor update + // with a preimage we *must* somehow manage to propagate it to the upstream + // channel, or we must have an ability to receive the same event and try + // again on restart. log_error!(self.logger, "Critical error: failed to update channel monitor with preimage {:?}: {:?}", - payment_preimage, update_res); + payment_preimage, update_res); } // Note that we do *not* set `claimed_htlc` to false here. In fact, this // totally could be a duplicate claim, but we have no way of knowing