1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 //! The logic to build claims and bump in-flight transactions until confirmations.
12 //! OnchainTxHandler objects are fully-part of ChannelMonitor and encapsulates all
13 //! building, tracking, bumping and notifications functions.
16 use bitcoin::PackedLockTime;
17 use bitcoin::blockdata::transaction::Transaction;
18 use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint;
19 use bitcoin::blockdata::script::Script;
20 use bitcoin::hashes::Hash;
22 use bitcoin::hashes::HashEngine;
24 use bitcoin::hashes::sha256::Hash as Sha256;
25 use bitcoin::hash_types::{Txid, BlockHash};
26 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
27 use bitcoin::secp256k1;
29 use crate::sign::{ChannelSigner, EntropySource, SignerProvider};
30 use crate::ln::msgs::DecodeError;
31 use crate::ln::PaymentPreimage;
33 use crate::ln::chan_utils::{self, HTLCOutputInCommitment};
34 use crate::ln::chan_utils::{ChannelTransactionParameters, HolderCommitmentTransaction};
36 use crate::chain::chaininterface::ConfirmationTarget;
37 use crate::chain::chaininterface::{FeeEstimator, BroadcasterInterface, LowerBoundedFeeEstimator};
38 use crate::chain::channelmonitor::{ANTI_REORG_DELAY, CLTV_SHARED_CLAIM_BUFFER};
39 use crate::sign::WriteableEcdsaChannelSigner;
41 use crate::chain::package::PackageSolvingData;
42 use crate::chain::package::PackageTemplate;
43 use crate::util::logger::Logger;
44 use crate::util::ser::{Readable, ReadableArgs, MaybeReadable, UpgradableRequired, Writer, Writeable, VecWriter};
47 use crate::prelude::*;
48 use alloc::collections::BTreeMap;
51 use core::mem::replace;
55 const MAX_ALLOC_SIZE: usize = 64*1024;
57 /// An entry for an [`OnchainEvent`], stating the block height when the event was observed and the
58 /// transaction causing it.
60 /// Used to determine when the on-chain event can be considered safe from a chain reorganization.
61 #[derive(PartialEq, Eq)]
62 struct OnchainEventEntry {
65 block_hash: Option<BlockHash>, // Added as optional, will be filled in for any entry generated on 0.0.113 or after
69 impl OnchainEventEntry {
70 fn confirmation_threshold(&self) -> u32 {
71 self.height + ANTI_REORG_DELAY - 1
74 fn has_reached_confirmation_threshold(&self, height: u32) -> bool {
75 height >= self.confirmation_threshold()
79 /// Events for claims the [`OnchainTxHandler`] has generated. Once the events are considered safe
80 /// from a chain reorg, the [`OnchainTxHandler`] will act accordingly.
81 #[derive(PartialEq, Eq)]
83 /// A pending request has been claimed by a transaction spending the exact same set of outpoints
84 /// as the request. This claim can either be ours or from the counterparty. Once the claiming
85 /// transaction has met [`ANTI_REORG_DELAY`] confirmations, we consider it final and remove the
88 package_id: PackageID,
90 /// The counterparty has claimed an outpoint from one of our pending requests through a
91 /// different transaction than ours. If our transaction was attempting to claim multiple
92 /// outputs, we need to drop the outpoint claimed by the counterparty and regenerate a new claim
93 /// transaction for ourselves. We keep tracking, separately, the outpoint claimed by the
94 /// counterparty up to [`ANTI_REORG_DELAY`] confirmations to ensure we attempt to re-claim it
95 /// if the counterparty's claim is reorged from the chain.
97 package: PackageTemplate,
101 impl Writeable for OnchainEventEntry {
102 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
103 write_tlv_fields!(writer, {
104 (0, self.txid, required),
105 (1, self.block_hash, option),
106 (2, self.height, required),
107 (4, self.event, required),
113 impl MaybeReadable for OnchainEventEntry {
114 fn read<R: io::Read>(reader: &mut R) -> Result<Option<Self>, DecodeError> {
115 let mut txid = Txid::all_zeros();
117 let mut block_hash = None;
118 let mut event = UpgradableRequired(None);
119 read_tlv_fields!(reader, {
121 (1, block_hash, option),
122 (2, height, required),
123 (4, event, upgradable_required),
125 Ok(Some(Self { txid, height, block_hash, event: _init_tlv_based_struct_field!(event, upgradable_required) }))
129 impl_writeable_tlv_based_enum_upgradable!(OnchainEvent,
131 (0, package_id, required),
133 (1, ContentiousOutpoint) => {
134 (0, package, required),
138 impl Readable for Option<Vec<Option<(usize, Signature)>>> {
139 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
140 match Readable::read(reader)? {
143 let vlen: u64 = Readable::read(reader)?;
144 let mut ret = Vec::with_capacity(cmp::min(vlen as usize, MAX_ALLOC_SIZE / ::core::mem::size_of::<Option<(usize, Signature)>>()));
146 ret.push(match Readable::read(reader)? {
148 1u8 => Some((<u64 as Readable>::read(reader)? as usize, Readable::read(reader)?)),
149 _ => return Err(DecodeError::InvalidValue)
154 _ => Err(DecodeError::InvalidValue),
159 impl Writeable for Option<Vec<Option<(usize, Signature)>>> {
160 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
164 (vec.len() as u64).write(writer)?;
165 for opt in vec.iter() {
167 &Some((ref idx, ref sig)) => {
169 (*idx as u64).write(writer)?;
172 &None => 0u8.write(writer)?,
176 &None => 0u8.write(writer)?,
183 /// The claim commonly referred to as the pre-signed second-stage HTLC transaction.
184 pub(crate) struct ExternalHTLCClaim {
185 pub(crate) commitment_txid: Txid,
186 pub(crate) per_commitment_number: u64,
187 pub(crate) htlc: HTLCOutputInCommitment,
188 pub(crate) preimage: Option<PaymentPreimage>,
189 pub(crate) counterparty_sig: Signature,
192 // Represents the different types of claims for which events are yielded externally to satisfy said
195 pub(crate) enum ClaimEvent {
196 /// Event yielded to signal that the commitment transaction fee must be bumped to claim any
197 /// encumbered funds and proceed to HTLC resolution, if any HTLCs exist.
199 package_target_feerate_sat_per_1000_weight: u32,
200 commitment_tx: Transaction,
201 anchor_output_idx: u32,
203 /// Event yielded to signal that the commitment transaction has confirmed and its HTLCs must be
204 /// resolved by broadcasting a transaction with sufficient fee to claim them.
206 target_feerate_sat_per_1000_weight: u32,
207 htlcs: Vec<ExternalHTLCClaim>,
208 tx_lock_time: PackedLockTime,
212 /// Represents the different ways an output can be claimed (i.e., spent to an address under our
213 /// control) onchain.
214 pub(crate) enum OnchainClaim {
215 /// A finalized transaction pending confirmation spending the output to claim.
218 /// An event yielded externally to signal additional inputs must be added to a transaction
219 /// pending confirmation spending the output to claim.
223 /// An internal identifier to track pending package claims within the `OnchainTxHandler`.
224 type PackageID = [u8; 32];
226 /// OnchainTxHandler receives claiming requests, aggregates them if it's sound, broadcast and
227 /// do RBF bumping if possible.
228 pub struct OnchainTxHandler<ChannelSigner: WriteableEcdsaChannelSigner> {
229 destination_script: Script,
230 holder_commitment: HolderCommitmentTransaction,
231 // holder_htlc_sigs and prev_holder_htlc_sigs are in the order as they appear in the commitment
232 // transaction outputs (hence the Option<>s inside the Vec). The first usize is the index in
233 // the set of HTLCs in the HolderCommitmentTransaction.
234 holder_htlc_sigs: Option<Vec<Option<(usize, Signature)>>>,
235 prev_holder_commitment: Option<HolderCommitmentTransaction>,
236 prev_holder_htlc_sigs: Option<Vec<Option<(usize, Signature)>>>,
238 pub(super) signer: ChannelSigner,
239 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
241 // Used to track claiming requests. If claim tx doesn't confirm before height timer expiration we need to bump
242 // it (RBF or CPFP). If an input has been part of an aggregate tx at first claim try, we need to keep it within
243 // another bumped aggregate tx to comply with RBF rules. We may have multiple claiming txn in the flight for the
244 // same set of outpoints. One of the outpoints may be spent by a transaction not issued by us. That's why at
245 // block connection we scan all inputs and if any of them is among a set of a claiming request we test for set
246 // equality between spending transaction and claim request. If true, it means transaction was one our claiming one
247 // after a security delay of 6 blocks we remove pending claim request. If false, it means transaction wasn't and
248 // we need to regenerate new claim request with reduced set of still-claimable outpoints.
249 // Key is identifier of the pending claim request, i.e the txid of the initial claiming transaction generated by
250 // us and is immutable until all outpoint of the claimable set are post-anti-reorg-delay solved.
251 // Entry is cache of elements need to generate a bumped claiming transaction (see ClaimTxBumpMaterial)
252 #[cfg(test)] // Used in functional_test to verify sanitization
253 pub(crate) pending_claim_requests: HashMap<PackageID, PackageTemplate>,
255 pending_claim_requests: HashMap<PackageID, PackageTemplate>,
257 // Used to track external events that need to be forwarded to the `ChainMonitor`. This `Vec`
258 // essentially acts as an insertion-ordered `HashMap` – there should only ever be one occurrence
259 // of a `PackageID`, which tracks its latest `ClaimEvent`, i.e., if a pending claim exists, and
260 // a new block has been connected, resulting in a new claim, the previous will be replaced with
263 // These external events may be generated in the following cases:
264 // - A channel has been force closed by broadcasting the holder's latest commitment transaction
265 // - A block being connected/disconnected
266 // - Learning the preimage for an HTLC we can claim onchain
268 pending_claim_events: Vec<(PackageID, ClaimEvent)>,
270 // Used to link outpoints claimed in a connected block to a pending claim request. The keys
271 // represent the outpoints that our `ChannelMonitor` has detected we have keys/scripts to
272 // claim. The values track the pending claim request identifier and the initial confirmation
273 // block height, and are immutable until the outpoint has enough confirmations to meet our
274 // [`ANTI_REORG_DELAY`]. The initial confirmation block height is used to remove the entry if
275 // the block gets disconnected.
276 #[cfg(test)] // Used in functional_test to verify sanitization
277 pub claimable_outpoints: HashMap<BitcoinOutPoint, (PackageID, u32)>,
279 claimable_outpoints: HashMap<BitcoinOutPoint, (PackageID, u32)>,
281 locktimed_packages: BTreeMap<u32, Vec<PackageTemplate>>,
283 onchain_events_awaiting_threshold_conf: Vec<OnchainEventEntry>,
285 pub(super) secp_ctx: Secp256k1<secp256k1::All>,
288 impl<ChannelSigner: WriteableEcdsaChannelSigner> PartialEq for OnchainTxHandler<ChannelSigner> {
289 fn eq(&self, other: &Self) -> bool {
290 // `signer`, `secp_ctx`, and `pending_claim_events` are excluded on purpose.
291 self.destination_script == other.destination_script &&
292 self.holder_commitment == other.holder_commitment &&
293 self.holder_htlc_sigs == other.holder_htlc_sigs &&
294 self.prev_holder_commitment == other.prev_holder_commitment &&
295 self.prev_holder_htlc_sigs == other.prev_holder_htlc_sigs &&
296 self.channel_transaction_parameters == other.channel_transaction_parameters &&
297 self.pending_claim_requests == other.pending_claim_requests &&
298 self.claimable_outpoints == other.claimable_outpoints &&
299 self.locktimed_packages == other.locktimed_packages &&
300 self.onchain_events_awaiting_threshold_conf == other.onchain_events_awaiting_threshold_conf
304 const SERIALIZATION_VERSION: u8 = 1;
305 const MIN_SERIALIZATION_VERSION: u8 = 1;
307 impl<ChannelSigner: WriteableEcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
308 pub(crate) fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
309 write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
311 self.destination_script.write(writer)?;
312 self.holder_commitment.write(writer)?;
313 self.holder_htlc_sigs.write(writer)?;
314 self.prev_holder_commitment.write(writer)?;
315 self.prev_holder_htlc_sigs.write(writer)?;
317 self.channel_transaction_parameters.write(writer)?;
319 let mut key_data = VecWriter(Vec::new());
320 self.signer.write(&mut key_data)?;
321 assert!(key_data.0.len() < core::usize::MAX);
322 assert!(key_data.0.len() < core::u32::MAX as usize);
323 (key_data.0.len() as u32).write(writer)?;
324 writer.write_all(&key_data.0[..])?;
326 writer.write_all(&(self.pending_claim_requests.len() as u64).to_be_bytes())?;
327 for (ref ancestor_claim_txid, request) in self.pending_claim_requests.iter() {
328 ancestor_claim_txid.write(writer)?;
329 request.write(writer)?;
332 writer.write_all(&(self.claimable_outpoints.len() as u64).to_be_bytes())?;
333 for (ref outp, ref claim_and_height) in self.claimable_outpoints.iter() {
335 claim_and_height.0.write(writer)?;
336 claim_and_height.1.write(writer)?;
339 writer.write_all(&(self.locktimed_packages.len() as u64).to_be_bytes())?;
340 for (ref locktime, ref packages) in self.locktimed_packages.iter() {
341 locktime.write(writer)?;
342 writer.write_all(&(packages.len() as u64).to_be_bytes())?;
343 for ref package in packages.iter() {
344 package.write(writer)?;
348 writer.write_all(&(self.onchain_events_awaiting_threshold_conf.len() as u64).to_be_bytes())?;
349 for ref entry in self.onchain_events_awaiting_threshold_conf.iter() {
350 entry.write(writer)?;
353 write_tlv_fields!(writer, {});
358 impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP, u64, [u8; 32])> for OnchainTxHandler<SP::Signer> {
359 fn read<R: io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u64, [u8; 32])) -> Result<Self, DecodeError> {
360 let entropy_source = args.0;
361 let signer_provider = args.1;
362 let channel_value_satoshis = args.2;
363 let channel_keys_id = args.3;
365 let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
367 let destination_script = Readable::read(reader)?;
369 let holder_commitment = Readable::read(reader)?;
370 let holder_htlc_sigs = Readable::read(reader)?;
371 let prev_holder_commitment = Readable::read(reader)?;
372 let prev_holder_htlc_sigs = Readable::read(reader)?;
374 let channel_parameters = Readable::read(reader)?;
376 // Read the serialized signer bytes, but don't deserialize them, as we'll obtain our signer
377 // by re-deriving the private key material.
378 let keys_len: u32 = Readable::read(reader)?;
379 let mut bytes_read = 0;
380 while bytes_read != keys_len as usize {
381 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
382 let mut data = [0; 1024];
383 let bytes_to_read = cmp::min(1024, keys_len as usize - bytes_read);
384 let read_slice = &mut data[0..bytes_to_read];
385 reader.read_exact(read_slice)?;
386 bytes_read += bytes_to_read;
389 let mut signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
390 signer.provide_channel_parameters(&channel_parameters);
392 let pending_claim_requests_len: u64 = Readable::read(reader)?;
393 let mut pending_claim_requests = HashMap::with_capacity(cmp::min(pending_claim_requests_len as usize, MAX_ALLOC_SIZE / 128));
394 for _ in 0..pending_claim_requests_len {
395 pending_claim_requests.insert(Readable::read(reader)?, Readable::read(reader)?);
398 let claimable_outpoints_len: u64 = Readable::read(reader)?;
399 let mut claimable_outpoints = HashMap::with_capacity(cmp::min(pending_claim_requests_len as usize, MAX_ALLOC_SIZE / 128));
400 for _ in 0..claimable_outpoints_len {
401 let outpoint = Readable::read(reader)?;
402 let ancestor_claim_txid = Readable::read(reader)?;
403 let height = Readable::read(reader)?;
404 claimable_outpoints.insert(outpoint, (ancestor_claim_txid, height));
407 let locktimed_packages_len: u64 = Readable::read(reader)?;
408 let mut locktimed_packages = BTreeMap::new();
409 for _ in 0..locktimed_packages_len {
410 let locktime = Readable::read(reader)?;
411 let packages_len: u64 = Readable::read(reader)?;
412 let mut packages = Vec::with_capacity(cmp::min(packages_len as usize, MAX_ALLOC_SIZE / core::mem::size_of::<PackageTemplate>()));
413 for _ in 0..packages_len {
414 packages.push(Readable::read(reader)?);
416 locktimed_packages.insert(locktime, packages);
419 let waiting_threshold_conf_len: u64 = Readable::read(reader)?;
420 let mut onchain_events_awaiting_threshold_conf = Vec::with_capacity(cmp::min(waiting_threshold_conf_len as usize, MAX_ALLOC_SIZE / 128));
421 for _ in 0..waiting_threshold_conf_len {
422 if let Some(val) = MaybeReadable::read(reader)? {
423 onchain_events_awaiting_threshold_conf.push(val);
427 read_tlv_fields!(reader, {});
429 let mut secp_ctx = Secp256k1::new();
430 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
432 Ok(OnchainTxHandler {
436 prev_holder_commitment,
437 prev_holder_htlc_sigs,
439 channel_transaction_parameters: channel_parameters,
442 pending_claim_requests,
443 onchain_events_awaiting_threshold_conf,
445 pending_claim_events: Vec::new(),
451 impl<ChannelSigner: WriteableEcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
452 pub(crate) fn new(destination_script: Script, signer: ChannelSigner, channel_parameters: ChannelTransactionParameters, holder_commitment: HolderCommitmentTransaction, secp_ctx: Secp256k1<secp256k1::All>) -> Self {
456 holder_htlc_sigs: None,
457 prev_holder_commitment: None,
458 prev_holder_htlc_sigs: None,
460 channel_transaction_parameters: channel_parameters,
461 pending_claim_requests: HashMap::new(),
462 claimable_outpoints: HashMap::new(),
463 locktimed_packages: BTreeMap::new(),
464 onchain_events_awaiting_threshold_conf: Vec::new(),
466 pending_claim_events: Vec::new(),
471 pub(crate) fn get_prev_holder_commitment_to_self_value(&self) -> Option<u64> {
472 self.prev_holder_commitment.as_ref().map(|commitment| commitment.to_broadcaster_value_sat())
475 pub(crate) fn get_cur_holder_commitment_to_self_value(&self) -> u64 {
476 self.holder_commitment.to_broadcaster_value_sat()
480 pub(crate) fn get_and_clear_pending_claim_events(&mut self) -> Vec<ClaimEvent> {
481 let mut events = Vec::new();
482 swap(&mut events, &mut self.pending_claim_events);
483 events.into_iter().map(|(_, event)| event).collect()
486 /// Triggers rebroadcasts/fee-bumps of pending claims from a force-closed channel. This is
487 /// crucial in preventing certain classes of pinning attacks, detecting substantial mempool
488 /// feerate changes between blocks, and ensuring reliability if broadcasting fails. We recommend
489 /// invoking this every 30 seconds, or lower if running in an environment with spotty
490 /// connections, like on mobile.
491 pub(crate) fn rebroadcast_pending_claims<B: Deref, F: Deref, L: Deref>(
492 &mut self, current_height: u32, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator<F>,
496 B::Target: BroadcasterInterface,
497 F::Target: FeeEstimator,
500 let mut bump_requests = Vec::with_capacity(self.pending_claim_requests.len());
501 for (package_id, request) in self.pending_claim_requests.iter() {
502 let inputs = request.outpoints();
503 log_info!(logger, "Triggering rebroadcast/fee-bump for request with inputs {:?}", inputs);
504 bump_requests.push((*package_id, request.clone()));
506 for (package_id, request) in bump_requests {
507 self.generate_claim(current_height, &request, false /* force_feerate_bump */, fee_estimator, logger)
508 .map(|(_, new_feerate, claim)| {
509 let mut bumped_feerate = false;
510 if let Some(mut_request) = self.pending_claim_requests.get_mut(&package_id) {
511 bumped_feerate = request.previous_feerate() > new_feerate;
512 mut_request.set_feerate(new_feerate);
515 OnchainClaim::Tx(tx) => {
516 let log_start = if bumped_feerate { "Broadcasting RBF-bumped" } else { "Rebroadcasting" };
517 log_info!(logger, "{} onchain {}", log_start, log_tx!(tx));
518 broadcaster.broadcast_transactions(&[&tx]);
521 OnchainClaim::Event(event) => {
522 let log_start = if bumped_feerate { "Yielding fee-bumped" } else { "Replaying" };
523 log_info!(logger, "{} onchain event to spend inputs {:?}", log_start,
524 request.outpoints());
525 #[cfg(debug_assertions)] {
526 debug_assert!(request.requires_external_funding());
527 let num_existing = self.pending_claim_events.iter()
528 .filter(|entry| entry.0 == package_id).count();
529 assert!(num_existing == 0 || num_existing == 1);
531 self.pending_claim_events.retain(|event| event.0 != package_id);
532 self.pending_claim_events.push((package_id, event));
539 /// Lightning security model (i.e being able to redeem/timeout HTLC or penalize counterparty
540 /// onchain) lays on the assumption of claim transactions getting confirmed before timelock
541 /// expiration (CSV or CLTV following cases). In case of high-fee spikes, claim tx may get stuck
542 /// in the mempool, so you need to bump its feerate quickly using Replace-By-Fee or
543 /// Child-Pay-For-Parent.
545 /// Panics if there are signing errors, because signing operations in reaction to on-chain
546 /// events are not expected to fail, and if they do, we may lose funds.
547 fn generate_claim<F: Deref, L: Deref>(
548 &mut self, cur_height: u32, cached_request: &PackageTemplate, force_feerate_bump: bool,
549 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L,
550 ) -> Option<(u32, u64, OnchainClaim)>
552 F::Target: FeeEstimator,
555 let request_outpoints = cached_request.outpoints();
556 if request_outpoints.is_empty() {
557 // Don't prune pending claiming request yet, we may have to resurrect HTLCs. Untractable
558 // packages cannot be aggregated and will never be split, so we cannot end up with an
560 debug_assert!(cached_request.is_malleable());
563 // If we've seen transaction inclusion in the chain for all outpoints in our request, we
564 // don't need to continue generating more claims. We'll keep tracking the request to fully
565 // remove it once it reaches the confirmation threshold, or to generate a new claim if the
566 // transaction is reorged out.
567 let mut all_inputs_have_confirmed_spend = true;
568 for outpoint in request_outpoints.iter() {
569 if let Some((request_package_id, _)) = self.claimable_outpoints.get(*outpoint) {
570 // We check for outpoint spends within claims individually rather than as a set
571 // since requests can have outpoints split off.
572 if !self.onchain_events_awaiting_threshold_conf.iter()
573 .any(|event_entry| if let OnchainEvent::Claim { package_id } = event_entry.event {
574 *request_package_id == package_id
576 // The onchain event is not a claim, keep seeking until we find one.
580 // Either we had no `OnchainEvent::Claim`, or we did but none matched the
581 // outpoint's registered spend.
582 all_inputs_have_confirmed_spend = false;
585 // The request's outpoint spend does not exist yet.
586 all_inputs_have_confirmed_spend = false;
589 if all_inputs_have_confirmed_spend {
593 // Compute new height timer to decide when we need to regenerate a new bumped version of the claim tx (if we
594 // didn't receive confirmation of it before, or not enough reorg-safe depth on top of it).
595 let new_timer = cached_request.get_height_timer(cur_height);
596 if cached_request.is_malleable() {
598 { // Attributes are not allowed on if expressions on our current MSRV of 1.41.
599 if cached_request.requires_external_funding() {
600 let target_feerate_sat_per_1000_weight = cached_request.compute_package_feerate(
601 fee_estimator, ConfirmationTarget::HighPriority, force_feerate_bump
603 if let Some(htlcs) = cached_request.construct_malleable_package_with_external_funding(self) {
606 target_feerate_sat_per_1000_weight as u64,
607 OnchainClaim::Event(ClaimEvent::BumpHTLC {
608 target_feerate_sat_per_1000_weight,
610 tx_lock_time: PackedLockTime(cached_request.package_locktime(cur_height)),
619 let predicted_weight = cached_request.package_weight(&self.destination_script);
620 if let Some((output_value, new_feerate)) = cached_request.compute_package_output(
621 predicted_weight, self.destination_script.dust_value().to_sat(),
622 force_feerate_bump, fee_estimator, logger,
624 assert!(new_feerate != 0);
626 let transaction = cached_request.finalize_malleable_package(
627 cur_height, self, output_value, self.destination_script.clone(), logger
629 log_trace!(logger, "...with timer {} and feerate {}", new_timer, new_feerate);
630 assert!(predicted_weight >= transaction.weight());
631 return Some((new_timer, new_feerate, OnchainClaim::Tx(transaction)));
634 // Untractable packages cannot have their fees bumped through Replace-By-Fee. Some
635 // packages may support fee bumping through Child-Pays-For-Parent, indicated by those
636 // which require external funding.
638 let inputs = cached_request.inputs();
640 let mut inputs = cached_request.inputs();
641 debug_assert_eq!(inputs.len(), 1);
642 let tx = match cached_request.finalize_untractable_package(self, logger) {
646 if !cached_request.requires_external_funding() {
647 return Some((new_timer, 0, OnchainClaim::Tx(tx)));
650 return inputs.find_map(|input| match input {
651 // Commitment inputs with anchors support are the only untractable inputs supported
652 // thus far that require external funding.
653 PackageSolvingData::HolderFundingOutput(..) => {
654 debug_assert_eq!(tx.txid(), self.holder_commitment.trust().txid(),
655 "Holder commitment transaction mismatch");
656 // We'll locate an anchor output we can spend within the commitment transaction.
657 let funding_pubkey = &self.channel_transaction_parameters.holder_pubkeys.funding_pubkey;
658 match chan_utils::get_anchor_output(&tx, funding_pubkey) {
659 // An anchor output was found, so we should yield a funding event externally.
661 // TODO: Use a lower confirmation target when both our and the
662 // counterparty's latest commitment don't have any HTLCs present.
663 let conf_target = ConfirmationTarget::HighPriority;
664 let package_target_feerate_sat_per_1000_weight = cached_request
665 .compute_package_feerate(fee_estimator, conf_target, force_feerate_bump);
668 package_target_feerate_sat_per_1000_weight as u64,
669 OnchainClaim::Event(ClaimEvent::BumpCommitment {
670 package_target_feerate_sat_per_1000_weight,
671 commitment_tx: tx.clone(),
672 anchor_output_idx: idx,
676 // An anchor output was not found. There's nothing we can do other than
677 // attempt to broadcast the transaction with its current fee rate and hope
678 // it confirms. This is essentially the same behavior as a commitment
679 // transaction without anchor outputs.
680 None => Some((new_timer, 0, OnchainClaim::Tx(tx.clone()))),
684 debug_assert!(false, "Only HolderFundingOutput inputs should be untractable and require external funding");
692 /// Upon channelmonitor.block_connected(..) or upon provision of a preimage on the forward link
693 /// for this channel, provide new relevant on-chain transactions and/or new claim requests.
694 /// Together with `update_claims_view_from_matched_txn` this used to be named
695 /// `block_connected`, but it is now also used for claiming an HTLC output if we receive a
696 /// preimage after force-close.
698 /// `conf_height` represents the height at which the request was generated. This
699 /// does not need to equal the current blockchain tip height, which should be provided via
700 /// `cur_height`, however it must never be higher than `cur_height`.
701 pub(crate) fn update_claims_view_from_requests<B: Deref, F: Deref, L: Deref>(
702 &mut self, requests: Vec<PackageTemplate>, conf_height: u32, cur_height: u32,
703 broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
705 B::Target: BroadcasterInterface,
706 F::Target: FeeEstimator,
709 log_debug!(logger, "Updating claims view at height {} with {} claim requests", cur_height, requests.len());
710 let mut preprocessed_requests = Vec::with_capacity(requests.len());
711 let mut aggregated_request = None;
713 // Try to aggregate outputs if their timelock expiration isn't imminent (package timelock
714 // <= CLTV_SHARED_CLAIM_BUFFER) and they don't require an immediate nLockTime (aggregable).
715 for req in requests {
716 // Don't claim a outpoint twice that would be bad for privacy and may uselessly lock a CPFP input for a while
717 if let Some(_) = self.claimable_outpoints.get(req.outpoints()[0]) {
718 log_info!(logger, "Ignoring second claim for outpoint {}:{}, already registered its claiming request", req.outpoints()[0].txid, req.outpoints()[0].vout);
720 let timelocked_equivalent_package = self.locktimed_packages.iter().map(|v| v.1.iter()).flatten()
721 .find(|locked_package| locked_package.outpoints() == req.outpoints());
722 if let Some(package) = timelocked_equivalent_package {
723 log_info!(logger, "Ignoring second claim for outpoint {}:{}, we already have one which we're waiting on a timelock at {} for.",
724 req.outpoints()[0].txid, req.outpoints()[0].vout, package.package_locktime(cur_height));
728 let package_locktime = req.package_locktime(cur_height);
729 if package_locktime > cur_height + 1 {
730 log_info!(logger, "Delaying claim of package until its timelock at {} (current height {}), the following outpoints are spent:", package_locktime, cur_height);
731 for outpoint in req.outpoints() {
732 log_info!(logger, " Outpoint {}", outpoint);
734 self.locktimed_packages.entry(package_locktime).or_insert(Vec::new()).push(req);
738 log_trace!(logger, "Test if outpoint can be aggregated with expiration {} against {}", req.timelock(), cur_height + CLTV_SHARED_CLAIM_BUFFER);
739 if req.timelock() <= cur_height + CLTV_SHARED_CLAIM_BUFFER || !req.aggregable() {
740 // Don't aggregate if outpoint package timelock is soon or marked as non-aggregable
741 preprocessed_requests.push(req);
742 } else if aggregated_request.is_none() {
743 aggregated_request = Some(req);
745 aggregated_request.as_mut().unwrap().merge_package(req);
749 if let Some(req) = aggregated_request {
750 preprocessed_requests.push(req);
753 // Claim everything up to and including `cur_height`
754 let remaining_locked_packages = self.locktimed_packages.split_off(&(cur_height + 1));
755 for (pop_height, mut entry) in self.locktimed_packages.iter_mut() {
756 log_trace!(logger, "Restoring delayed claim of package(s) at their timelock at {}.", pop_height);
757 preprocessed_requests.append(&mut entry);
759 self.locktimed_packages = remaining_locked_packages;
761 // Generate claim transactions and track them to bump if necessary at
762 // height timer expiration (i.e in how many blocks we're going to take action).
763 for mut req in preprocessed_requests {
764 if let Some((new_timer, new_feerate, claim)) = self.generate_claim(
765 cur_height, &req, true /* force_feerate_bump */, &*fee_estimator, &*logger,
767 req.set_timer(new_timer);
768 req.set_feerate(new_feerate);
769 let package_id = match claim {
770 OnchainClaim::Tx(tx) => {
771 log_info!(logger, "Broadcasting onchain {}", log_tx!(tx));
772 broadcaster.broadcast_transactions(&[&tx]);
773 tx.txid().into_inner()
776 OnchainClaim::Event(claim_event) => {
777 log_info!(logger, "Yielding onchain event to spend inputs {:?}", req.outpoints());
778 let package_id = match claim_event {
779 ClaimEvent::BumpCommitment { ref commitment_tx, .. } =>
780 // For commitment claims, we can just use their txid as it should
781 // already be unique.
782 commitment_tx.txid().into_inner(),
783 ClaimEvent::BumpHTLC { ref htlcs, .. } => {
784 // For HTLC claims, commit to the entire set of HTLC outputs to
785 // claim, which will always be unique per request. Once a claim ID
786 // is generated, it is assigned and remains unchanged, even if the
787 // underlying set of HTLCs changes.
788 let mut engine = Sha256::engine();
790 engine.input(&htlc.commitment_txid.into_inner());
791 engine.input(&htlc.htlc.transaction_output_index.unwrap().to_be_bytes());
793 Sha256::from_engine(engine).into_inner()
796 debug_assert!(self.pending_claim_requests.get(&package_id).is_none());
797 debug_assert_eq!(self.pending_claim_events.iter().filter(|entry| entry.0 == package_id).count(), 0);
798 self.pending_claim_events.push((package_id, claim_event));
802 for k in req.outpoints() {
803 log_info!(logger, "Registering claiming request for {}:{}", k.txid, k.vout);
804 self.claimable_outpoints.insert(k.clone(), (package_id, conf_height));
806 self.pending_claim_requests.insert(package_id, req);
811 /// Upon channelmonitor.block_connected(..) or upon provision of a preimage on the forward link
812 /// for this channel, provide new relevant on-chain transactions and/or new claim requests.
813 /// Together with `update_claims_view_from_requests` this used to be named `block_connected`,
814 /// but it is now also used for claiming an HTLC output if we receive a preimage after force-close.
816 /// `conf_height` represents the height at which the transactions in `txn_matched` were
817 /// confirmed. This does not need to equal the current blockchain tip height, which should be
818 /// provided via `cur_height`, however it must never be higher than `cur_height`.
819 pub(crate) fn update_claims_view_from_matched_txn<B: Deref, F: Deref, L: Deref>(
820 &mut self, txn_matched: &[&Transaction], conf_height: u32, conf_hash: BlockHash,
821 cur_height: u32, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
823 B::Target: BroadcasterInterface,
824 F::Target: FeeEstimator,
827 log_debug!(logger, "Updating claims view at height {} with {} matched transactions in block {}", cur_height, txn_matched.len(), conf_height);
828 let mut bump_candidates = HashMap::new();
829 for tx in txn_matched {
830 // Scan all input to verify is one of the outpoint spent is of interest for us
831 let mut claimed_outputs_material = Vec::new();
832 for inp in &tx.input {
833 if let Some((package_id, _)) = self.claimable_outpoints.get(&inp.previous_output) {
834 // If outpoint has claim request pending on it...
835 if let Some(request) = self.pending_claim_requests.get_mut(package_id) {
836 //... we need to verify equality between transaction outpoints and claim request
837 // outpoints to know if transaction is the original claim or a bumped one issued
839 let mut are_sets_equal = true;
840 let mut tx_inputs = tx.input.iter().map(|input| &input.previous_output).collect::<Vec<_>>();
841 tx_inputs.sort_unstable();
842 for request_input in request.outpoints() {
843 if tx_inputs.binary_search(&request_input).is_err() {
844 are_sets_equal = false;
849 macro_rules! clean_claim_request_after_safety_delay {
851 let entry = OnchainEventEntry {
854 block_hash: Some(conf_hash),
855 event: OnchainEvent::Claim { package_id: *package_id }
857 if !self.onchain_events_awaiting_threshold_conf.contains(&entry) {
858 self.onchain_events_awaiting_threshold_conf.push(entry);
863 // If this is our transaction (or our counterparty spent all the outputs
864 // before we could anyway with same inputs order than us), wait for
865 // ANTI_REORG_DELAY and clean the RBF tracking map.
867 clean_claim_request_after_safety_delay!();
868 } else { // If false, generate new claim request with update outpoint set
869 let mut at_least_one_drop = false;
870 for input in tx.input.iter() {
871 if let Some(package) = request.split_package(&input.previous_output) {
872 claimed_outputs_material.push(package);
873 at_least_one_drop = true;
875 // If there are no outpoints left to claim in this request, drop it entirely after ANTI_REORG_DELAY.
876 if request.outpoints().is_empty() {
877 clean_claim_request_after_safety_delay!();
880 //TODO: recompute soonest_timelock to avoid wasting a bit on fees
881 if at_least_one_drop {
882 bump_candidates.insert(*package_id, request.clone());
883 // If we have any pending claim events for the request being updated
884 // that have yet to be consumed, we'll remove them since they will
885 // end up producing an invalid transaction by double spending
886 // input(s) that already have a confirmed spend. If such spend is
887 // reorged out of the chain, then we'll attempt to re-spend the
888 // inputs once we see it.
890 #[cfg(debug_assertions)] {
891 let existing = self.pending_claim_events.iter()
892 .filter(|entry| entry.0 == *package_id).count();
893 assert!(existing == 0 || existing == 1);
895 self.pending_claim_events.retain(|entry| entry.0 != *package_id);
899 break; //No need to iterate further, either tx is our or their
901 panic!("Inconsistencies between pending_claim_requests map and claimable_outpoints map");
905 for package in claimed_outputs_material.drain(..) {
906 let entry = OnchainEventEntry {
909 block_hash: Some(conf_hash),
910 event: OnchainEvent::ContentiousOutpoint { package },
912 if !self.onchain_events_awaiting_threshold_conf.contains(&entry) {
913 self.onchain_events_awaiting_threshold_conf.push(entry);
918 // After security delay, either our claim tx got enough confs or outpoint is definetely out of reach
919 let onchain_events_awaiting_threshold_conf =
920 self.onchain_events_awaiting_threshold_conf.drain(..).collect::<Vec<_>>();
921 for entry in onchain_events_awaiting_threshold_conf {
922 if entry.has_reached_confirmation_threshold(cur_height) {
924 OnchainEvent::Claim { package_id } => {
925 // We may remove a whole set of claim outpoints here, as these one may have
926 // been aggregated in a single tx and claimed so atomically
927 if let Some(request) = self.pending_claim_requests.remove(&package_id) {
928 for outpoint in request.outpoints() {
929 log_debug!(logger, "Removing claim tracking for {} due to maturation of claim package {}.",
930 outpoint, log_bytes!(package_id));
931 self.claimable_outpoints.remove(outpoint);
934 #[cfg(debug_assertions)] {
935 let num_existing = self.pending_claim_events.iter()
936 .filter(|entry| entry.0 == package_id).count();
937 assert!(num_existing == 0 || num_existing == 1);
939 self.pending_claim_events.retain(|(id, _)| *id != package_id);
943 OnchainEvent::ContentiousOutpoint { package } => {
944 log_debug!(logger, "Removing claim tracking due to maturation of claim tx for outpoints:");
945 log_debug!(logger, " {:?}", package.outpoints());
946 self.claimable_outpoints.remove(package.outpoints()[0]);
950 self.onchain_events_awaiting_threshold_conf.push(entry);
954 // Check if any pending claim request must be rescheduled
955 for (package_id, request) in self.pending_claim_requests.iter() {
956 if cur_height >= request.timer() {
957 bump_candidates.insert(*package_id, request.clone());
961 // Build, bump and rebroadcast tx accordingly
962 log_trace!(logger, "Bumping {} candidates", bump_candidates.len());
963 for (package_id, request) in bump_candidates.iter() {
964 if let Some((new_timer, new_feerate, bump_claim)) = self.generate_claim(
965 cur_height, &request, true /* force_feerate_bump */, &*fee_estimator, &*logger,
968 OnchainClaim::Tx(bump_tx) => {
969 log_info!(logger, "Broadcasting RBF-bumped onchain {}", log_tx!(bump_tx));
970 broadcaster.broadcast_transactions(&[&bump_tx]);
973 OnchainClaim::Event(claim_event) => {
974 log_info!(logger, "Yielding RBF-bumped onchain event to spend inputs {:?}", request.outpoints());
975 #[cfg(debug_assertions)] {
976 let num_existing = self.pending_claim_events.iter().
977 filter(|entry| entry.0 == *package_id).count();
978 assert!(num_existing == 0 || num_existing == 1);
980 self.pending_claim_events.retain(|event| event.0 != *package_id);
981 self.pending_claim_events.push((*package_id, claim_event));
984 if let Some(request) = self.pending_claim_requests.get_mut(package_id) {
985 request.set_timer(new_timer);
986 request.set_feerate(new_feerate);
992 pub(crate) fn transaction_unconfirmed<B: Deref, F: Deref, L: Deref>(
996 fee_estimator: &LowerBoundedFeeEstimator<F>,
999 B::Target: BroadcasterInterface,
1000 F::Target: FeeEstimator,
1003 let mut height = None;
1004 for entry in self.onchain_events_awaiting_threshold_conf.iter() {
1005 if entry.txid == *txid {
1006 height = Some(entry.height);
1011 if let Some(height) = height {
1012 self.block_disconnected(height, broadcaster, fee_estimator, logger);
1016 pub(crate) fn block_disconnected<B: Deref, F: Deref, L: Deref>(&mut self, height: u32, broadcaster: B, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: L)
1017 where B::Target: BroadcasterInterface,
1018 F::Target: FeeEstimator,
1021 let mut bump_candidates = HashMap::new();
1022 let onchain_events_awaiting_threshold_conf =
1023 self.onchain_events_awaiting_threshold_conf.drain(..).collect::<Vec<_>>();
1024 for entry in onchain_events_awaiting_threshold_conf {
1025 if entry.height >= height {
1026 //- our claim tx on a commitment tx output
1027 //- resurect outpoint back in its claimable set and regenerate tx
1029 OnchainEvent::ContentiousOutpoint { package } => {
1030 if let Some(pending_claim) = self.claimable_outpoints.get(package.outpoints()[0]) {
1031 if let Some(request) = self.pending_claim_requests.get_mut(&pending_claim.0) {
1032 request.merge_package(package);
1033 // Using a HashMap guarantee us than if we have multiple outpoints getting
1034 // resurrected only one bump claim tx is going to be broadcast
1035 bump_candidates.insert(pending_claim.clone(), request.clone());
1042 self.onchain_events_awaiting_threshold_conf.push(entry);
1045 for ((_package_id, _), ref mut request) in bump_candidates.iter_mut() {
1046 // `height` is the height being disconnected, so our `current_height` is 1 lower.
1047 let current_height = height - 1;
1048 if let Some((new_timer, new_feerate, bump_claim)) = self.generate_claim(
1049 current_height, &request, true /* force_feerate_bump */, fee_estimator, &&*logger
1051 request.set_timer(new_timer);
1052 request.set_feerate(new_feerate);
1054 OnchainClaim::Tx(bump_tx) => {
1055 log_info!(logger, "Broadcasting onchain {}", log_tx!(bump_tx));
1056 broadcaster.broadcast_transactions(&[&bump_tx]);
1059 OnchainClaim::Event(claim_event) => {
1060 log_info!(logger, "Yielding onchain event after reorg to spend inputs {:?}", request.outpoints());
1061 #[cfg(debug_assertions)] {
1062 let num_existing = self.pending_claim_events.iter()
1063 .filter(|entry| entry.0 == *_package_id).count();
1064 assert!(num_existing == 0 || num_existing == 1);
1066 self.pending_claim_events.retain(|event| event.0 != *_package_id);
1067 self.pending_claim_events.push((*_package_id, claim_event));
1072 for (ancestor_claim_txid, request) in bump_candidates.drain() {
1073 self.pending_claim_requests.insert(ancestor_claim_txid.0, request);
1075 //TODO: if we implement cross-block aggregated claim transaction we need to refresh set of outpoints and regenerate tx but
1076 // right now if one of the outpoint get disconnected, just erase whole pending claim request.
1077 let mut remove_request = Vec::new();
1078 self.claimable_outpoints.retain(|_, ref v|
1080 remove_request.push(v.0.clone());
1083 for req in remove_request {
1084 self.pending_claim_requests.remove(&req);
1088 pub(crate) fn is_output_spend_pending(&self, outpoint: &BitcoinOutPoint) -> bool {
1089 self.claimable_outpoints.get(outpoint).is_some()
1092 pub(crate) fn get_relevant_txids(&self) -> Vec<(Txid, Option<BlockHash>)> {
1093 let mut txids: Vec<(Txid, Option<BlockHash>)> = self.onchain_events_awaiting_threshold_conf
1095 .map(|entry| (entry.txid, entry.block_hash))
1097 txids.sort_unstable_by_key(|(txid, _)| *txid);
1102 pub(crate) fn provide_latest_holder_tx(&mut self, tx: HolderCommitmentTransaction) {
1103 self.prev_holder_commitment = Some(replace(&mut self.holder_commitment, tx));
1104 self.holder_htlc_sigs = None;
1107 // Normally holder HTLCs are signed at the same time as the holder commitment tx. However,
1108 // in some configurations, the holder commitment tx has been signed and broadcast by a
1109 // ChannelMonitor replica, so we handle that case here.
1110 fn sign_latest_holder_htlcs(&mut self) {
1111 if self.holder_htlc_sigs.is_none() {
1112 let (_sig, sigs) = self.signer.sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("sign holder commitment");
1113 self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, sigs));
1117 // Normally only the latest commitment tx and HTLCs need to be signed. However, in some
1118 // configurations we may have updated our holder commitment but a replica of the ChannelMonitor
1119 // broadcast the previous one before we sync with it. We handle that case here.
1120 fn sign_prev_holder_htlcs(&mut self) {
1121 if self.prev_holder_htlc_sigs.is_none() {
1122 if let Some(ref holder_commitment) = self.prev_holder_commitment {
1123 let (_sig, sigs) = self.signer.sign_holder_commitment_and_htlcs(holder_commitment, &self.secp_ctx).expect("sign previous holder commitment");
1124 self.prev_holder_htlc_sigs = Some(Self::extract_holder_sigs(holder_commitment, sigs));
1129 fn extract_holder_sigs(holder_commitment: &HolderCommitmentTransaction, sigs: Vec<Signature>) -> Vec<Option<(usize, Signature)>> {
1130 let mut ret = Vec::new();
1131 for (htlc_idx, (holder_sig, htlc)) in sigs.iter().zip(holder_commitment.htlcs().iter()).enumerate() {
1132 let tx_idx = htlc.transaction_output_index.unwrap();
1133 if ret.len() <= tx_idx as usize { ret.resize(tx_idx as usize + 1, None); }
1134 ret[tx_idx as usize] = Some((htlc_idx, holder_sig.clone()));
1139 //TODO: getting lastest holder transactions should be infallible and result in us "force-closing the channel", but we may
1140 // have empty holder commitment transaction if a ChannelMonitor is asked to force-close just after Channel::get_outbound_funding_created,
1141 // before providing a initial commitment transaction. For outbound channel, init ChannelMonitor at Channel::funding_signed, there is nothing
1142 // to monitor before.
1143 pub(crate) fn get_fully_signed_holder_tx(&mut self, funding_redeemscript: &Script) -> Transaction {
1144 let (sig, htlc_sigs) = self.signer.sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("signing holder commitment");
1145 self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, htlc_sigs));
1146 self.holder_commitment.add_holder_sig(funding_redeemscript, sig)
1149 #[cfg(any(test, feature="unsafe_revoked_tx_signing"))]
1150 pub(crate) fn get_fully_signed_copy_holder_tx(&mut self, funding_redeemscript: &Script) -> Transaction {
1151 let (sig, htlc_sigs) = self.signer.unsafe_sign_holder_commitment_and_htlcs(&self.holder_commitment, &self.secp_ctx).expect("sign holder commitment");
1152 self.holder_htlc_sigs = Some(Self::extract_holder_sigs(&self.holder_commitment, htlc_sigs));
1153 self.holder_commitment.add_holder_sig(funding_redeemscript, sig)
1156 pub(crate) fn get_fully_signed_htlc_tx(&mut self, outp: &::bitcoin::OutPoint, preimage: &Option<PaymentPreimage>) -> Option<Transaction> {
1157 let mut htlc_tx = None;
1158 let commitment_txid = self.holder_commitment.trust().txid();
1159 // Check if the HTLC spends from the current holder commitment
1160 if commitment_txid == outp.txid {
1161 self.sign_latest_holder_htlcs();
1162 if let &Some(ref htlc_sigs) = &self.holder_htlc_sigs {
1163 let &(ref htlc_idx, ref htlc_sig) = htlc_sigs[outp.vout as usize].as_ref().unwrap();
1164 let trusted_tx = self.holder_commitment.trust();
1165 let counterparty_htlc_sig = self.holder_commitment.counterparty_htlc_sigs[*htlc_idx];
1166 htlc_tx = Some(trusted_tx
1167 .get_signed_htlc_tx(&self.channel_transaction_parameters.as_holder_broadcastable(), *htlc_idx, &counterparty_htlc_sig, htlc_sig, preimage));
1170 // If the HTLC doesn't spend the current holder commitment, check if it spends the previous one
1171 if htlc_tx.is_none() && self.prev_holder_commitment.is_some() {
1172 let commitment_txid = self.prev_holder_commitment.as_ref().unwrap().trust().txid();
1173 if commitment_txid == outp.txid {
1174 self.sign_prev_holder_htlcs();
1175 if let &Some(ref htlc_sigs) = &self.prev_holder_htlc_sigs {
1176 let &(ref htlc_idx, ref htlc_sig) = htlc_sigs[outp.vout as usize].as_ref().unwrap();
1177 let holder_commitment = self.prev_holder_commitment.as_ref().unwrap();
1178 let trusted_tx = holder_commitment.trust();
1179 let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[*htlc_idx];
1180 htlc_tx = Some(trusted_tx
1181 .get_signed_htlc_tx(&self.channel_transaction_parameters.as_holder_broadcastable(), *htlc_idx, &counterparty_htlc_sig, htlc_sig, preimage));
1189 pub(crate) fn generate_external_htlc_claim(
1190 &self, outp: &::bitcoin::OutPoint, preimage: &Option<PaymentPreimage>
1191 ) -> Option<ExternalHTLCClaim> {
1192 let find_htlc = |holder_commitment: &HolderCommitmentTransaction| -> Option<ExternalHTLCClaim> {
1193 let trusted_tx = holder_commitment.trust();
1194 if outp.txid != trusted_tx.txid() {
1197 trusted_tx.htlcs().iter().enumerate()
1198 .find(|(_, htlc)| if let Some(output_index) = htlc.transaction_output_index {
1199 output_index == outp.vout
1203 .map(|(htlc_idx, htlc)| {
1204 let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[htlc_idx];
1206 commitment_txid: trusted_tx.txid(),
1207 per_commitment_number: trusted_tx.commitment_number(),
1209 preimage: *preimage,
1210 counterparty_sig: counterparty_htlc_sig,
1214 // Check if the HTLC spends from the current holder commitment or the previous one otherwise.
1215 find_htlc(&self.holder_commitment)
1216 .or_else(|| self.prev_holder_commitment.as_ref().map(|c| find_htlc(c)).flatten())
1219 pub(crate) fn opt_anchors(&self) -> bool {
1220 self.channel_transaction_parameters.opt_anchors.is_some()
1223 #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
1224 pub(crate) fn unsafe_get_fully_signed_htlc_tx(&mut self, outp: &::bitcoin::OutPoint, preimage: &Option<PaymentPreimage>) -> Option<Transaction> {
1225 let latest_had_sigs = self.holder_htlc_sigs.is_some();
1226 let prev_had_sigs = self.prev_holder_htlc_sigs.is_some();
1227 let ret = self.get_fully_signed_htlc_tx(outp, preimage);
1228 if !latest_had_sigs {
1229 self.holder_htlc_sigs = None;
1232 self.prev_holder_htlc_sigs = None;