From: Matt Corallo Date: Fri, 30 Mar 2018 17:40:08 +0000 (-0400) Subject: Check funding txout format when transaction is confirmed in channel X-Git-Tag: v0.0.12~414^2 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=refs%2Fheads%2F2018-04-fuzzing-expansion;p=rust-lightning Check funding txout format when transaction is confirmed in channel --- diff --git a/fuzz/fuzz_targets/channel_target.rs b/fuzz/fuzz_targets/channel_target.rs index 66aadaabb..b64399610 100644 --- a/fuzz/fuzz_targets/channel_target.rs +++ b/fuzz/fuzz_targets/channel_target.rs @@ -3,7 +3,7 @@ extern crate lightning; extern crate secp256k1; use bitcoin::blockdata::block::BlockHeader; -use bitcoin::blockdata::transaction::Transaction; +use bitcoin::blockdata::transaction::{Transaction, TxOut}; use bitcoin::util::hash::Sha256dHash; use bitcoin::network::serialize::{serialize, BitcoinHash}; @@ -166,11 +166,11 @@ pub fn do_test(data: &[u8]) { let their_pubkey = get_pubkey!(); - let tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() }; - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let mut tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() }; let mut channel = if get_slice!(1)[0] != 0 { - let mut chan = Channel::new_outbound(&fee_est, their_pubkey, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8))); + let chan_value = slice_to_be24(get_slice!(3)); + let mut chan = Channel::new_outbound(&fee_est, their_pubkey, chan_value, get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8))); chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap(); let accept_chan = if get_slice!(1)[0] == 0 { decode_msg_with_len16!(msgs::AcceptChannel, 270, 1) @@ -178,6 +178,10 @@ pub fn do_test(data: &[u8]) { decode_msg!(msgs::AcceptChannel, 270) }; return_err!(chan.accept_channel(&accept_chan)); + + tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); + let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + chan.get_outbound_funding_created(funding_output.0.clone(), funding_output.1).unwrap(); let funding_signed = decode_msg!(msgs::FundingSigned, 32+64); return_err!(chan.funding_signed(&funding_signed)); @@ -193,6 +197,10 @@ pub fn do_test(data: &[u8]) { Err(_) => return, }; chan.get_accept_channel().unwrap(); + + tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); + let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64); funding_created.funding_txid = funding_output.0.clone(); funding_created.funding_output_index = funding_output.1; diff --git a/src/ln/channel.rs b/src/ln/channel.rs index c9c9e4143..61fb8a3e0 100644 --- a/src/ln/channel.rs +++ b/src/ln/channel.rs @@ -1639,10 +1639,16 @@ impl Channel { if non_shutdown_state & !(ChannelState::TheirFundingLocked as u32) == ChannelState::FundingSent as u32 { for (ref tx, index_in_block) in txn_matched.iter().zip(indexes_of_txn_matched) { if tx.txid() == self.channel_monitor.get_funding_txo().unwrap().0 { - self.funding_tx_confirmations = 1; - self.short_channel_id = Some(((height as u64) << (5*8)) | - ((*index_in_block as u64) << (2*8)) | - ((self.channel_monitor.get_funding_txo().unwrap().1 as u64) << (2*8))); + let txo_idx = self.channel_monitor.get_funding_txo().unwrap().1 as usize; + if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.get_funding_redeemscript().to_v0_p2wsh() || + tx.output[txo_idx].value != self.channel_value_satoshis { + self.channel_state = ChannelState::ShutdownComplete as u32; + } else { + self.funding_tx_confirmations = 1; + self.short_channel_id = Some(((height as u64) << (5*8)) | + ((*index_in_block as u64) << (2*8)) | + ((self.channel_monitor.get_funding_txo().unwrap().1 as u64) << (2*8))); + } } } } diff --git a/src/ln/channelmanager.rs b/src/ln/channelmanager.rs index ff78a27df..43e0d59f4 100644 --- a/src/ln/channelmanager.rs +++ b/src/ln/channelmanager.rs @@ -906,6 +906,7 @@ impl ChainListener for ChannelManager { }, None => {} } + //TODO: Check if channel was closed (or disabled) here } for to_insert in short_to_ids_to_insert { channel_state.short_to_id.insert(to_insert.0, to_insert.1); @@ -1496,7 +1497,7 @@ mod tests { use bitcoin::util::hash::Sha256dHash; use bitcoin::util::uint::Uint256; use bitcoin::blockdata::block::BlockHeader; - use bitcoin::blockdata::transaction::Transaction; + use bitcoin::blockdata::transaction::{Transaction, TxOut}; use bitcoin::network::constants::Network; use bitcoin::network::serialize::serialize; use bitcoin::network::serialize::BitcoinHash; @@ -1680,16 +1681,21 @@ mod tests { node_a.handle_accept_channel(&node_b.get_our_node_id(), &accept_chan).unwrap(); let chan_id = unsafe { CHAN_COUNT }; - let tx = Transaction { version: chan_id as u32, lock_time: 0, input: Vec::new(), output: Vec::new() }; - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), chan_id); + let tx; + let funding_output; let events_1 = node_a.get_and_clear_pending_events(); assert_eq!(events_1.len(), 1); match events_1[0] { - Event::FundingGenerationReady { ref temporary_channel_id, ref channel_value_satoshis, output_script: _, user_channel_id } => { + Event::FundingGenerationReady { ref temporary_channel_id, ref channel_value_satoshis, ref output_script, user_channel_id } => { assert_eq!(*channel_value_satoshis, 100000); assert_eq!(user_channel_id, 42); + tx = Transaction { version: chan_id as u32, lock_time: 0, input: Vec::new(), output: vec![TxOut { + value: *channel_value_satoshis, script_pubkey: output_script.clone(), + }]}; + funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + node_a.funding_transaction_generated(&temporary_channel_id, funding_output.clone()); //TODO: Check that we got added to chan_monitor_a! },