From d0dfaf8abc452cbb4ac3dfe07293027e4609698f Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Wed, 12 Dec 2018 15:25:57 -0500 Subject: [PATCH] Add constant for HTLC failure anti-reorg delay --- src/ln/channelmanager.rs | 15 ++++++++------- src/ln/channelmonitor.rs | 5 +++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/ln/channelmanager.rs b/src/ln/channelmanager.rs index 137a2a3e7..ccfb9f776 100644 --- a/src/ln/channelmanager.rs +++ b/src/ln/channelmanager.rs @@ -22,7 +22,7 @@ use secp256k1; use chain::chaininterface::{BroadcasterInterface,ChainListener,ChainWatchInterface,FeeEstimator}; use chain::transaction::OutPoint; use ln::channel::{Channel, ChannelError}; -use ln::channelmonitor::{ChannelMonitor, ChannelMonitorUpdateErr, ManyChannelMonitor, CLTV_CLAIM_BUFFER, HTLC_FAIL_TIMEOUT_BLOCKS}; +use ln::channelmonitor::{ChannelMonitor, ChannelMonitorUpdateErr, ManyChannelMonitor, CLTV_CLAIM_BUFFER, HTLC_FAIL_TIMEOUT_BLOCKS, HTLC_FAIL_ANTI_REORG_DELAY}; use ln::router::{Route,RouteHop}; use ln::msgs; use ln::msgs::{ChannelMessageHandler, DecodeError, HandleError}; @@ -341,16 +341,17 @@ pub struct ChannelManager { /// ie the node we forwarded the payment on to should always have enough room to reliably time out /// the HTLC via a full update_fail_htlc/commitment_signed dance before we hit the /// CLTV_CLAIM_BUFFER point (we static assert that its at least 3 blocks more). -const CLTV_EXPIRY_DELTA: u16 = 6 * 24 * 2; //TODO? +const CLTV_EXPIRY_DELTA: u16 = 6 * 12; //TODO? const CLTV_FAR_FAR_AWAY: u32 = 6 * 24 * 7; //TODO? -// Check that our CLTV_EXPIRY is at least CLTV_CLAIM_BUFFER + 2*HTLC_FAIL_TIMEOUT_BLOCKS, ie that -// if the next-hop peer fails the HTLC within HTLC_FAIL_TIMEOUT_BLOCKS then we'll still have -// HTLC_FAIL_TIMEOUT_BLOCKS left to fail it backwards ourselves before hitting the -// CLTV_CLAIM_BUFFER point and failing the channel on-chain to time out the HTLC. +// Check that our CLTV_EXPIRY is at least CLTV_CLAIM_BUFFER + 2*HTLC_FAIL_TIMEOUT_BLOCKS + +// HTLC_FAIL_ANTI_REORG_DELAY, ie that if the next-hop peer fails the HTLC within +// HTLC_FAIL_TIMEOUT_BLOCKS then we'll still have HTLC_FAIL_TIMEOUT_BLOCKS left to fail it +// backwards ourselves before hitting the CLTV_CLAIM_BUFFER point and failing the channel +// on-chain to time out the HTLC. #[deny(const_err)] #[allow(dead_code)] -const CHECK_CLTV_EXPIRY_SANITY: u32 = CLTV_EXPIRY_DELTA as u32 - 2*HTLC_FAIL_TIMEOUT_BLOCKS - CLTV_CLAIM_BUFFER; +const CHECK_CLTV_EXPIRY_SANITY: u32 = CLTV_EXPIRY_DELTA as u32 - 2*HTLC_FAIL_TIMEOUT_BLOCKS - CLTV_CLAIM_BUFFER - HTLC_FAIL_ANTI_REORG_DELAY; // Check for ability of an attacker to make us fail on-chain by delaying inbound claim. See // ChannelMontior::would_broadcast_at_height for a description of why this is needed. diff --git a/src/ln/channelmonitor.rs b/src/ln/channelmonitor.rs index fd970e8b3..be8367ed7 100644 --- a/src/ln/channelmonitor.rs +++ b/src/ln/channelmonitor.rs @@ -295,6 +295,11 @@ pub(crate) const CLTV_CLAIM_BUFFER: u32 = 6; /// network and done a full update_fail_htlc/commitment_signed dance (+ we've updated all our /// copies of ChannelMonitors, including watchtowers). pub(crate) const HTLC_FAIL_TIMEOUT_BLOCKS: u32 = 3; +/// Number of blocks we wait on seeing a confirmed HTLC-Timeout or previous revoked commitment +/// transaction before we fail corresponding inbound HTLCs. This prevents us from failing backwards +/// and then getting a reorg resulting in us losing money. +//TODO: We currently dont actually use this...we should +pub(crate) const HTLC_FAIL_ANTI_REORG_DELAY: u32 = 6; #[derive(Clone, PartialEq)] enum Storage { -- 2.39.5