1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::constants::ChainHash;
11 use bitcoin::blockdata::script::{Script,Builder};
12 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
13 use bitcoin::util::sighash;
14 use bitcoin::consensus::encode;
16 use bitcoin::hashes::Hash;
17 use bitcoin::hashes::sha256::Hash as Sha256;
18 use bitcoin::hashes::sha256d::Hash as Sha256d;
19 use bitcoin::hash_types::{Txid, BlockHash};
21 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
22 use bitcoin::secp256k1::{PublicKey,SecretKey};
23 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
24 use bitcoin::secp256k1;
26 use crate::ln::{ChannelId, PaymentPreimage, PaymentHash};
27 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
29 use crate::ln::msgs::DecodeError;
30 use crate::ln::script::{self, ShutdownScript};
31 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
32 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
33 use crate::ln::chan_utils;
34 use crate::ln::onion_utils::HTLCFailReason;
35 use crate::chain::BestBlock;
36 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
37 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
38 use crate::chain::transaction::{OutPoint, TransactionData};
39 use crate::sign::{EcdsaChannelSigner, WriteableEcdsaChannelSigner, EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
40 use crate::events::ClosureReason;
41 use crate::routing::gossip::NodeId;
42 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
43 use crate::util::logger::Logger;
44 use crate::util::errors::APIError;
45 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
46 use crate::util::scid_utils::scid_from_parts;
49 use crate::prelude::*;
50 use core::{cmp,mem,fmt};
52 #[cfg(any(test, fuzzing, debug_assertions))]
53 use crate::sync::Mutex;
54 use bitcoin::hashes::hex::ToHex;
55 use crate::sign::type_resolver::ChannelSignerType;
58 pub struct ChannelValueStat {
59 pub value_to_self_msat: u64,
60 pub channel_value_msat: u64,
61 pub channel_reserve_msat: u64,
62 pub pending_outbound_htlcs_amount_msat: u64,
63 pub pending_inbound_htlcs_amount_msat: u64,
64 pub holding_cell_outbound_amount_msat: u64,
65 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
66 pub counterparty_dust_limit_msat: u64,
69 pub struct AvailableBalances {
70 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
71 pub balance_msat: u64,
72 /// Total amount available for our counterparty to send to us.
73 pub inbound_capacity_msat: u64,
74 /// Total amount available for us to send to our counterparty.
75 pub outbound_capacity_msat: u64,
76 /// The maximum value we can assign to the next outbound HTLC
77 pub next_outbound_htlc_limit_msat: u64,
78 /// The minimum value we can assign to the next outbound HTLC
79 pub next_outbound_htlc_minimum_msat: u64,
82 #[derive(Debug, Clone, Copy, PartialEq)]
84 // Inbound states mirroring InboundHTLCState
86 AwaitingRemoteRevokeToAnnounce,
87 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
88 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
89 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
90 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
91 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
93 // Outbound state can only be `LocalAnnounced` or `Committed`
97 enum InboundHTLCRemovalReason {
98 FailRelay(msgs::OnionErrorPacket),
99 FailMalformed(([u8; 32], u16)),
100 Fulfill(PaymentPreimage),
103 enum InboundHTLCState {
104 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
105 /// update_add_htlc message for this HTLC.
106 RemoteAnnounced(PendingHTLCStatus),
107 /// Included in a received commitment_signed message (implying we've
108 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
109 /// state (see the example below). We have not yet included this HTLC in a
110 /// commitment_signed message because we are waiting on the remote's
111 /// aforementioned state revocation. One reason this missing remote RAA
112 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
113 /// is because every time we create a new "state", i.e. every time we sign a
114 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
115 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
116 /// sent provided the per_commitment_point for our current commitment tx.
117 /// The other reason we should not send a commitment_signed without their RAA
118 /// is because their RAA serves to ACK our previous commitment_signed.
120 /// Here's an example of how an HTLC could come to be in this state:
121 /// remote --> update_add_htlc(prev_htlc) --> local
122 /// remote --> commitment_signed(prev_htlc) --> local
123 /// remote <-- revoke_and_ack <-- local
124 /// remote <-- commitment_signed(prev_htlc) <-- local
125 /// [note that here, the remote does not respond with a RAA]
126 /// remote --> update_add_htlc(this_htlc) --> local
127 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
128 /// Now `this_htlc` will be assigned this state. It's unable to be officially
129 /// accepted, i.e. included in a commitment_signed, because we're missing the
130 /// RAA that provides our next per_commitment_point. The per_commitment_point
131 /// is used to derive commitment keys, which are used to construct the
132 /// signatures in a commitment_signed message.
133 /// Implies AwaitingRemoteRevoke.
135 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
136 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
137 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
138 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
139 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
140 /// channel (before it can then get forwarded and/or removed).
141 /// Implies AwaitingRemoteRevoke.
142 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
144 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
145 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
147 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
148 /// commitment transaction without it as otherwise we'll have to force-close the channel to
149 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
150 /// anyway). That said, ChannelMonitor does this for us (see
151 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
152 /// our own local state before then, once we're sure that the next commitment_signed and
153 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
154 LocalRemoved(InboundHTLCRemovalReason),
157 struct InboundHTLCOutput {
161 payment_hash: PaymentHash,
162 state: InboundHTLCState,
165 enum OutboundHTLCState {
166 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
167 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
168 /// we will promote to Committed (note that they may not accept it until the next time we
169 /// revoke, but we don't really care about that:
170 /// * they've revoked, so worst case we can announce an old state and get our (option on)
171 /// money back (though we won't), and,
172 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
173 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
174 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
175 /// we'll never get out of sync).
176 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
177 /// OutboundHTLCOutput's size just for a temporary bit
178 LocalAnnounced(Box<msgs::OnionPacket>),
180 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
181 /// the change (though they'll need to revoke before we fail the payment).
182 RemoteRemoved(OutboundHTLCOutcome),
183 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
184 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
185 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
186 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
187 /// remote revoke_and_ack on a previous state before we can do so.
188 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
189 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
190 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
191 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
192 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
193 /// revoke_and_ack to drop completely.
194 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
198 enum OutboundHTLCOutcome {
199 /// LDK version 0.0.105+ will always fill in the preimage here.
200 Success(Option<PaymentPreimage>),
201 Failure(HTLCFailReason),
204 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
205 fn from(o: Option<HTLCFailReason>) -> Self {
207 None => OutboundHTLCOutcome::Success(None),
208 Some(r) => OutboundHTLCOutcome::Failure(r)
213 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
214 fn into(self) -> Option<&'a HTLCFailReason> {
216 OutboundHTLCOutcome::Success(_) => None,
217 OutboundHTLCOutcome::Failure(ref r) => Some(r)
222 struct OutboundHTLCOutput {
226 payment_hash: PaymentHash,
227 state: OutboundHTLCState,
229 skimmed_fee_msat: Option<u64>,
232 /// See AwaitingRemoteRevoke ChannelState for more info
233 enum HTLCUpdateAwaitingACK {
234 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
238 payment_hash: PaymentHash,
240 onion_routing_packet: msgs::OnionPacket,
241 // The extra fee we're skimming off the top of this HTLC.
242 skimmed_fee_msat: Option<u64>,
245 payment_preimage: PaymentPreimage,
250 err_packet: msgs::OnionErrorPacket,
254 /// There are a few "states" and then a number of flags which can be applied:
255 /// We first move through init with `OurInitSent` -> `TheirInitSent` -> `FundingCreated` -> `FundingSent`.
256 /// `TheirChannelReady` and `OurChannelReady` then get set on `FundingSent`, and when both are set we
257 /// move on to `ChannelReady`.
258 /// Note that `PeerDisconnected` can be set on both `ChannelReady` and `FundingSent`.
259 /// `ChannelReady` can then get all remaining flags set on it, until we finish shutdown, then we
260 /// move on to `ShutdownComplete`, at which point most calls into this channel are disallowed.
262 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
263 OurInitSent = 1 << 0,
264 /// Implies we have received their `open_channel`/`accept_channel` message
265 TheirInitSent = 1 << 1,
266 /// We have sent `funding_created` and are awaiting a `funding_signed` to advance to `FundingSent`.
267 /// Note that this is nonsense for an inbound channel as we immediately generate `funding_signed`
268 /// upon receipt of `funding_created`, so simply skip this state.
270 /// Set when we have received/sent `funding_created` and `funding_signed` and are thus now waiting
271 /// on the funding transaction to confirm. The `ChannelReady` flags are set to indicate when we
272 /// and our counterparty consider the funding transaction confirmed.
274 /// Flag which can be set on `FundingSent` to indicate they sent us a `channel_ready` message.
275 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
276 TheirChannelReady = 1 << 4,
277 /// Flag which can be set on `FundingSent` to indicate we sent them a `channel_ready` message.
278 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
279 OurChannelReady = 1 << 5,
281 /// Flag which is set on `ChannelReady` and `FundingSent` indicating remote side is considered
282 /// "disconnected" and no updates are allowed until after we've done a `channel_reestablish`
284 PeerDisconnected = 1 << 7,
285 /// Flag which is set on `ChannelReady`, FundingCreated, and `FundingSent` indicating the user has
286 /// told us a `ChannelMonitor` update is pending async persistence somewhere and we should pause
287 /// sending any outbound messages until they've managed to finish.
288 MonitorUpdateInProgress = 1 << 8,
289 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
290 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
291 /// messages as then we will be unable to determine which HTLCs they included in their
292 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
294 /// Flag is set on `ChannelReady`.
295 AwaitingRemoteRevoke = 1 << 9,
296 /// Flag which is set on `ChannelReady` or `FundingSent` after receiving a shutdown message from
297 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
298 /// to respond with our own shutdown message when possible.
299 RemoteShutdownSent = 1 << 10,
300 /// Flag which is set on `ChannelReady` or `FundingSent` after sending a shutdown message. At this
301 /// point, we may not add any new HTLCs to the channel.
302 LocalShutdownSent = 1 << 11,
303 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
304 /// to drop us, but we store this anyway.
305 ShutdownComplete = 4096,
306 /// Flag which is set on `FundingSent` to indicate this channel is funded in a batch and the
307 /// broadcasting of the funding transaction is being held until all channels in the batch
308 /// have received funding_signed and have their monitors persisted.
309 WaitingForBatch = 1 << 13,
311 const BOTH_SIDES_SHUTDOWN_MASK: u32 =
312 ChannelState::LocalShutdownSent as u32 |
313 ChannelState::RemoteShutdownSent as u32;
314 const MULTI_STATE_FLAGS: u32 =
315 BOTH_SIDES_SHUTDOWN_MASK |
316 ChannelState::PeerDisconnected as u32 |
317 ChannelState::MonitorUpdateInProgress as u32;
318 const STATE_FLAGS: u32 =
320 ChannelState::TheirChannelReady as u32 |
321 ChannelState::OurChannelReady as u32 |
322 ChannelState::AwaitingRemoteRevoke as u32 |
323 ChannelState::WaitingForBatch as u32;
325 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
327 pub const DEFAULT_MAX_HTLCS: u16 = 50;
329 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
330 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
331 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
332 if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
336 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
338 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
340 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
342 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
343 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
344 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
345 /// `holder_max_htlc_value_in_flight_msat`.
346 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
348 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
349 /// `option_support_large_channel` (aka wumbo channels) is not supported.
351 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
353 /// Total bitcoin supply in satoshis.
354 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
356 /// The maximum network dust limit for standard script formats. This currently represents the
357 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
358 /// transaction non-standard and thus refuses to relay it.
359 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
360 /// implementations use this value for their dust limit today.
361 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
363 /// The maximum channel dust limit we will accept from our counterparty.
364 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
366 /// The dust limit is used for both the commitment transaction outputs as well as the closing
367 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
368 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
369 /// In order to avoid having to concern ourselves with standardness during the closing process, we
370 /// simply require our counterparty to use a dust limit which will leave any segwit output
372 /// See <https://github.com/lightning/bolts/issues/905> for more details.
373 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
375 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
376 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
378 /// Used to return a simple Error back to ChannelManager. Will get converted to a
379 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
380 /// channel_id in ChannelManager.
381 pub(super) enum ChannelError {
387 impl fmt::Debug for ChannelError {
388 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
390 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
391 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
392 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
397 impl fmt::Display for ChannelError {
398 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
400 &ChannelError::Ignore(ref e) => write!(f, "{}", e),
401 &ChannelError::Warn(ref e) => write!(f, "{}", e),
402 &ChannelError::Close(ref e) => write!(f, "{}", e),
407 macro_rules! secp_check {
408 ($res: expr, $err: expr) => {
411 Err(_) => return Err(ChannelError::Close($err)),
416 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
417 /// our counterparty or not. However, we don't want to announce updates right away to avoid
418 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
419 /// our channel_update message and track the current state here.
420 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
421 #[derive(Clone, Copy, PartialEq)]
422 pub(super) enum ChannelUpdateStatus {
423 /// We've announced the channel as enabled and are connected to our peer.
425 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
427 /// Our channel is live again, but we haven't announced the channel as enabled yet.
429 /// We've announced the channel as disabled.
433 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
435 pub enum AnnouncementSigsState {
436 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
437 /// we sent the last `AnnouncementSignatures`.
439 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
440 /// This state never appears on disk - instead we write `NotSent`.
442 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
443 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
444 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
445 /// they send back a `RevokeAndACK`.
446 /// This state never appears on disk - instead we write `NotSent`.
448 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
449 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
453 /// An enum indicating whether the local or remote side offered a given HTLC.
459 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
462 pending_htlcs_value_msat: u64,
463 on_counterparty_tx_dust_exposure_msat: u64,
464 on_holder_tx_dust_exposure_msat: u64,
465 holding_cell_msat: u64,
466 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
469 /// An enum gathering stats on commitment transaction, either local or remote.
470 struct CommitmentStats<'a> {
471 tx: CommitmentTransaction, // the transaction info
472 feerate_per_kw: u32, // the feerate included to build the transaction
473 total_fee_sat: u64, // the total fee included in the transaction
474 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
475 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
476 local_balance_msat: u64, // local balance before fees but considering dust limits
477 remote_balance_msat: u64, // remote balance before fees but considering dust limits
478 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
481 /// Used when calculating whether we or the remote can afford an additional HTLC.
482 struct HTLCCandidate {
484 origin: HTLCInitiator,
488 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
496 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
498 enum UpdateFulfillFetch {
500 monitor_update: ChannelMonitorUpdate,
501 htlc_value_msat: u64,
502 msg: Option<msgs::UpdateFulfillHTLC>,
507 /// The return type of get_update_fulfill_htlc_and_commit.
508 pub enum UpdateFulfillCommitFetch {
509 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
510 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
511 /// previously placed in the holding cell (and has since been removed).
513 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
514 monitor_update: ChannelMonitorUpdate,
515 /// The value of the HTLC which was claimed, in msat.
516 htlc_value_msat: u64,
518 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
519 /// or has been forgotten (presumably previously claimed).
523 /// The return value of `monitor_updating_restored`
524 pub(super) struct MonitorRestoreUpdates {
525 pub raa: Option<msgs::RevokeAndACK>,
526 pub commitment_update: Option<msgs::CommitmentUpdate>,
527 pub order: RAACommitmentOrder,
528 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
529 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
530 pub finalized_claimed_htlcs: Vec<HTLCSource>,
531 pub funding_broadcastable: Option<Transaction>,
532 pub channel_ready: Option<msgs::ChannelReady>,
533 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
536 /// The return value of `signer_maybe_unblocked`
538 pub(super) struct SignerResumeUpdates {
539 pub commitment_update: Option<msgs::CommitmentUpdate>,
540 pub funding_signed: Option<msgs::FundingSigned>,
541 pub funding_created: Option<msgs::FundingCreated>,
542 pub channel_ready: Option<msgs::ChannelReady>,
545 /// The return value of `channel_reestablish`
546 pub(super) struct ReestablishResponses {
547 pub channel_ready: Option<msgs::ChannelReady>,
548 pub raa: Option<msgs::RevokeAndACK>,
549 pub commitment_update: Option<msgs::CommitmentUpdate>,
550 pub order: RAACommitmentOrder,
551 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
552 pub shutdown_msg: Option<msgs::Shutdown>,
555 /// The result of a shutdown that should be handled.
557 pub(crate) struct ShutdownResult {
558 /// A channel monitor update to apply.
559 pub(crate) monitor_update: Option<(PublicKey, OutPoint, ChannelMonitorUpdate)>,
560 /// A list of dropped outbound HTLCs that can safely be failed backwards immediately.
561 pub(crate) dropped_outbound_htlcs: Vec<(HTLCSource, PaymentHash, PublicKey, ChannelId)>,
562 /// An unbroadcasted batch funding transaction id. The closure of this channel should be
563 /// propagated to the remainder of the batch.
564 pub(crate) unbroadcasted_batch_funding_txid: Option<Txid>,
567 /// If the majority of the channels funds are to the fundee and the initiator holds only just
568 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
569 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
570 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
571 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
572 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
573 /// by this multiple without hitting this case, before sending.
574 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
575 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
576 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
577 /// leave the channel less usable as we hold a bigger reserve.
578 #[cfg(any(fuzzing, test))]
579 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
580 #[cfg(not(any(fuzzing, test)))]
581 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
583 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
584 /// channel creation on an inbound channel, we simply force-close and move on.
585 /// This constant is the one suggested in BOLT 2.
586 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
588 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
589 /// not have enough balance value remaining to cover the onchain cost of this new
590 /// HTLC weight. If this happens, our counterparty fails the reception of our
591 /// commitment_signed including this new HTLC due to infringement on the channel
593 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
594 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
595 /// leads to a channel force-close. Ultimately, this is an issue coming from the
596 /// design of LN state machines, allowing asynchronous updates.
597 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
599 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
600 /// commitment transaction fees, with at least this many HTLCs present on the commitment
601 /// transaction (not counting the value of the HTLCs themselves).
602 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
604 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
605 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
606 /// ChannelUpdate prompted by the config update. This value was determined as follows:
608 /// * The expected interval between ticks (1 minute).
609 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
610 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
611 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
612 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
614 /// The number of ticks that may elapse while we're waiting for a response to a
615 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
618 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
619 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
621 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
622 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
623 /// exceeding this age limit will be force-closed and purged from memory.
624 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
626 /// Number of blocks needed for an output from a coinbase transaction to be spendable.
627 pub(crate) const COINBASE_MATURITY: u32 = 100;
629 struct PendingChannelMonitorUpdate {
630 update: ChannelMonitorUpdate,
633 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
634 (0, update, required),
637 /// The `ChannelPhase` enum describes the current phase in life of a lightning channel with each of
638 /// its variants containing an appropriate channel struct.
639 pub(super) enum ChannelPhase<SP: Deref> where SP::Target: SignerProvider {
640 UnfundedOutboundV1(OutboundV1Channel<SP>),
641 UnfundedInboundV1(InboundV1Channel<SP>),
645 impl<'a, SP: Deref> ChannelPhase<SP> where
646 SP::Target: SignerProvider,
647 <SP::Target as SignerProvider>::Signer: ChannelSigner,
649 pub fn context(&'a self) -> &'a ChannelContext<SP> {
651 ChannelPhase::Funded(chan) => &chan.context,
652 ChannelPhase::UnfundedOutboundV1(chan) => &chan.context,
653 ChannelPhase::UnfundedInboundV1(chan) => &chan.context,
657 pub fn context_mut(&'a mut self) -> &'a mut ChannelContext<SP> {
659 ChannelPhase::Funded(ref mut chan) => &mut chan.context,
660 ChannelPhase::UnfundedOutboundV1(ref mut chan) => &mut chan.context,
661 ChannelPhase::UnfundedInboundV1(ref mut chan) => &mut chan.context,
666 /// Contains all state common to unfunded inbound/outbound channels.
667 pub(super) struct UnfundedChannelContext {
668 /// A counter tracking how many ticks have elapsed since this unfunded channel was
669 /// created. If this unfunded channel reaches peer has yet to respond after reaching
670 /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
672 /// This is so that we don't keep channels around that haven't progressed to a funded state
673 /// in a timely manner.
674 unfunded_channel_age_ticks: usize,
677 impl UnfundedChannelContext {
678 /// Determines whether we should force-close and purge this unfunded channel from memory due to it
679 /// having reached the unfunded channel age limit.
681 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
682 pub fn should_expire_unfunded_channel(&mut self) -> bool {
683 self.unfunded_channel_age_ticks += 1;
684 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
688 /// Contains everything about the channel including state, and various flags.
689 pub(super) struct ChannelContext<SP: Deref> where SP::Target: SignerProvider {
690 config: LegacyChannelConfig,
692 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
693 // constructed using it. The second element in the tuple corresponds to the number of ticks that
694 // have elapsed since the update occurred.
695 prev_config: Option<(ChannelConfig, usize)>,
697 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
701 /// The current channel ID.
702 channel_id: ChannelId,
703 /// The temporary channel ID used during channel setup. Value kept even after transitioning to a final channel ID.
704 /// Will be `None` for channels created prior to 0.0.115.
705 temporary_channel_id: Option<ChannelId>,
708 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
709 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
711 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
712 // Note that a number of our tests were written prior to the behavior here which retransmits
713 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
715 #[cfg(any(test, feature = "_test_utils"))]
716 pub(crate) announcement_sigs_state: AnnouncementSigsState,
717 #[cfg(not(any(test, feature = "_test_utils")))]
718 announcement_sigs_state: AnnouncementSigsState,
720 secp_ctx: Secp256k1<secp256k1::All>,
721 channel_value_satoshis: u64,
723 latest_monitor_update_id: u64,
725 holder_signer: ChannelSignerType<<SP::Target as SignerProvider>::Signer>,
726 shutdown_scriptpubkey: Option<ShutdownScript>,
727 destination_script: Script,
729 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
730 // generation start at 0 and count up...this simplifies some parts of implementation at the
731 // cost of others, but should really just be changed.
733 cur_holder_commitment_transaction_number: u64,
734 cur_counterparty_commitment_transaction_number: u64,
735 value_to_self_msat: u64, // Excluding all pending_htlcs, fees, and anchor outputs
736 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
737 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
738 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
740 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
741 /// need to ensure we resend them in the order we originally generated them. Note that because
742 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
743 /// sufficient to simply set this to the opposite of any message we are generating as we
744 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
745 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
747 resend_order: RAACommitmentOrder,
749 monitor_pending_channel_ready: bool,
750 monitor_pending_revoke_and_ack: bool,
751 monitor_pending_commitment_signed: bool,
753 // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
754 // responsible for some of the HTLCs here or not - we don't know whether the update in question
755 // completed or not. We currently ignore these fields entirely when force-closing a channel,
756 // but need to handle this somehow or we run the risk of losing HTLCs!
757 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
758 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
759 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
761 /// If we went to send a commitment update (ie some messages then [`msgs::CommitmentSigned`])
762 /// but our signer (initially) refused to give us a signature, we should retry at some point in
763 /// the future when the signer indicates it may have a signature for us.
765 /// This flag is set in such a case. Note that we don't need to persist this as we'll end up
766 /// setting it again as a side-effect of [`Channel::channel_reestablish`].
767 signer_pending_commitment_update: bool,
768 /// Similar to [`Self::signer_pending_commitment_update`] but we're waiting to send either a
769 /// [`msgs::FundingCreated`] or [`msgs::FundingSigned`] depending on if this channel is
770 /// outbound or inbound.
771 signer_pending_funding: bool,
773 // pending_update_fee is filled when sending and receiving update_fee.
775 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
776 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
777 // generating new commitment transactions with exactly the same criteria as inbound/outbound
778 // HTLCs with similar state.
779 pending_update_fee: Option<(u32, FeeUpdateState)>,
780 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
781 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
782 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
783 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
784 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
785 holding_cell_update_fee: Option<u32>,
786 next_holder_htlc_id: u64,
787 next_counterparty_htlc_id: u64,
790 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
791 /// when the channel is updated in ways which may impact the `channel_update` message or when a
792 /// new block is received, ensuring it's always at least moderately close to the current real
794 update_time_counter: u32,
796 #[cfg(debug_assertions)]
797 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
798 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
799 #[cfg(debug_assertions)]
800 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
801 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
803 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
804 target_closing_feerate_sats_per_kw: Option<u32>,
806 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
807 /// update, we need to delay processing it until later. We do that here by simply storing the
808 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
809 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
811 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
812 /// transaction. These are set once we reach `closing_negotiation_ready`.
814 pub(crate) closing_fee_limits: Option<(u64, u64)>,
816 closing_fee_limits: Option<(u64, u64)>,
818 /// The hash of the block in which the funding transaction was included.
819 funding_tx_confirmed_in: Option<BlockHash>,
820 funding_tx_confirmation_height: u32,
821 short_channel_id: Option<u64>,
822 /// Either the height at which this channel was created or the height at which it was last
823 /// serialized if it was serialized by versions prior to 0.0.103.
824 /// We use this to close if funding is never broadcasted.
825 channel_creation_height: u32,
827 counterparty_dust_limit_satoshis: u64,
830 pub(super) holder_dust_limit_satoshis: u64,
832 holder_dust_limit_satoshis: u64,
835 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
837 counterparty_max_htlc_value_in_flight_msat: u64,
840 pub(super) holder_max_htlc_value_in_flight_msat: u64,
842 holder_max_htlc_value_in_flight_msat: u64,
844 /// minimum channel reserve for self to maintain - set by them.
845 counterparty_selected_channel_reserve_satoshis: Option<u64>,
848 pub(super) holder_selected_channel_reserve_satoshis: u64,
850 holder_selected_channel_reserve_satoshis: u64,
852 counterparty_htlc_minimum_msat: u64,
853 holder_htlc_minimum_msat: u64,
855 pub counterparty_max_accepted_htlcs: u16,
857 counterparty_max_accepted_htlcs: u16,
858 holder_max_accepted_htlcs: u16,
859 minimum_depth: Option<u32>,
861 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
863 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
864 funding_transaction: Option<Transaction>,
865 is_batch_funding: Option<()>,
867 counterparty_cur_commitment_point: Option<PublicKey>,
868 counterparty_prev_commitment_point: Option<PublicKey>,
869 counterparty_node_id: PublicKey,
871 counterparty_shutdown_scriptpubkey: Option<Script>,
873 commitment_secrets: CounterpartyCommitmentSecrets,
875 channel_update_status: ChannelUpdateStatus,
876 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
877 /// not complete within a single timer tick (one minute), we should force-close the channel.
878 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
880 /// Note that this field is reset to false on deserialization to give us a chance to connect to
881 /// our peer and start the closing_signed negotiation fresh.
882 closing_signed_in_flight: bool,
884 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
885 /// This can be used to rebroadcast the channel_announcement message later.
886 announcement_sigs: Option<(Signature, Signature)>,
888 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
889 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
890 // be, by comparing the cached values to the fee of the tranaction generated by
891 // `build_commitment_transaction`.
892 #[cfg(any(test, fuzzing))]
893 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
894 #[cfg(any(test, fuzzing))]
895 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
897 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
898 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
899 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
900 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
901 /// message until we receive a channel_reestablish.
903 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
904 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
906 /// An option set when we wish to track how many ticks have elapsed while waiting for a response
907 /// from our counterparty after sending a message. If the peer has yet to respond after reaching
908 /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
909 /// unblock the state machine.
911 /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
912 /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
913 /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
915 /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
916 /// [`msgs::RevokeAndACK`] message from the counterparty.
917 sent_message_awaiting_response: Option<usize>,
919 #[cfg(any(test, fuzzing))]
920 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
921 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
922 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
923 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
924 // is fine, but as a sanity check in our failure to generate the second claim, we check here
925 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
926 historical_inbound_htlc_fulfills: HashSet<u64>,
928 /// This channel's type, as negotiated during channel open
929 channel_type: ChannelTypeFeatures,
931 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
932 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
933 // the channel's funding UTXO.
935 // We also use this when sending our peer a channel_update that isn't to be broadcasted
936 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
937 // associated channel mapping.
939 // We only bother storing the most recent SCID alias at any time, though our counterparty has
940 // to store all of them.
941 latest_inbound_scid_alias: Option<u64>,
943 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
944 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
945 // don't currently support node id aliases and eventually privacy should be provided with
946 // blinded paths instead of simple scid+node_id aliases.
947 outbound_scid_alias: u64,
949 // We track whether we already emitted a `ChannelPending` event.
950 channel_pending_event_emitted: bool,
952 // We track whether we already emitted a `ChannelReady` event.
953 channel_ready_event_emitted: bool,
955 /// The unique identifier used to re-derive the private key material for the channel through
956 /// [`SignerProvider::derive_channel_signer`].
957 channel_keys_id: [u8; 32],
959 /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
960 /// store it here and only release it to the `ChannelManager` once it asks for it.
961 blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
964 impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
965 /// Allowed in any state (including after shutdown)
966 pub fn get_update_time_counter(&self) -> u32 {
967 self.update_time_counter
970 pub fn get_latest_monitor_update_id(&self) -> u64 {
971 self.latest_monitor_update_id
974 pub fn should_announce(&self) -> bool {
975 self.config.announced_channel
978 pub fn is_outbound(&self) -> bool {
979 self.channel_transaction_parameters.is_outbound_from_holder
982 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
983 /// Allowed in any state (including after shutdown)
984 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
985 self.config.options.forwarding_fee_base_msat
988 /// Returns true if we've ever received a message from the remote end for this Channel
989 pub fn have_received_message(&self) -> bool {
990 self.channel_state & !STATE_FLAGS > (ChannelState::OurInitSent as u32)
993 /// Returns true if this channel is fully established and not known to be closing.
994 /// Allowed in any state (including after shutdown)
995 pub fn is_usable(&self) -> bool {
996 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
997 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
1000 /// shutdown state returns the state of the channel in its various stages of shutdown
1001 pub fn shutdown_state(&self) -> ChannelShutdownState {
1002 if self.channel_state & (ChannelState::ShutdownComplete as u32) != 0 {
1003 return ChannelShutdownState::ShutdownComplete;
1005 if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 && self.channel_state & (ChannelState::RemoteShutdownSent as u32) == 0 {
1006 return ChannelShutdownState::ShutdownInitiated;
1008 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && !self.closing_negotiation_ready() {
1009 return ChannelShutdownState::ResolvingHTLCs;
1011 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && self.closing_negotiation_ready() {
1012 return ChannelShutdownState::NegotiatingClosingFee;
1014 return ChannelShutdownState::NotShuttingDown;
1017 fn closing_negotiation_ready(&self) -> bool {
1018 self.pending_inbound_htlcs.is_empty() &&
1019 self.pending_outbound_htlcs.is_empty() &&
1020 self.pending_update_fee.is_none() &&
1021 self.channel_state &
1022 (BOTH_SIDES_SHUTDOWN_MASK |
1023 ChannelState::AwaitingRemoteRevoke as u32 |
1024 ChannelState::PeerDisconnected as u32 |
1025 ChannelState::MonitorUpdateInProgress as u32) == BOTH_SIDES_SHUTDOWN_MASK
1028 /// Returns true if this channel is currently available for use. This is a superset of
1029 /// is_usable() and considers things like the channel being temporarily disabled.
1030 /// Allowed in any state (including after shutdown)
1031 pub fn is_live(&self) -> bool {
1032 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
1035 // Public utilities:
1037 pub fn channel_id(&self) -> ChannelId {
1041 // Return the `temporary_channel_id` used during channel establishment.
1043 // Will return `None` for channels created prior to LDK version 0.0.115.
1044 pub fn temporary_channel_id(&self) -> Option<ChannelId> {
1045 self.temporary_channel_id
1048 pub fn minimum_depth(&self) -> Option<u32> {
1052 /// Gets the "user_id" value passed into the construction of this channel. It has no special
1053 /// meaning and exists only to allow users to have a persistent identifier of a channel.
1054 pub fn get_user_id(&self) -> u128 {
1058 /// Gets the channel's type
1059 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
1063 /// Gets the channel's `short_channel_id`.
1065 /// Will return `None` if the channel hasn't been confirmed yet.
1066 pub fn get_short_channel_id(&self) -> Option<u64> {
1067 self.short_channel_id
1070 /// Allowed in any state (including after shutdown)
1071 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
1072 self.latest_inbound_scid_alias
1075 /// Allowed in any state (including after shutdown)
1076 pub fn outbound_scid_alias(&self) -> u64 {
1077 self.outbound_scid_alias
1080 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
1081 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases
1082 /// or prior to any channel actions during `Channel` initialization.
1083 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
1084 debug_assert_eq!(self.outbound_scid_alias, 0);
1085 self.outbound_scid_alias = outbound_scid_alias;
1088 /// Returns the funding_txo we either got from our peer, or were given by
1089 /// get_funding_created.
1090 pub fn get_funding_txo(&self) -> Option<OutPoint> {
1091 self.channel_transaction_parameters.funding_outpoint
1094 /// Returns the block hash in which our funding transaction was confirmed.
1095 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
1096 self.funding_tx_confirmed_in
1099 /// Returns the current number of confirmations on the funding transaction.
1100 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
1101 if self.funding_tx_confirmation_height == 0 {
1102 // We either haven't seen any confirmation yet, or observed a reorg.
1106 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
1109 fn get_holder_selected_contest_delay(&self) -> u16 {
1110 self.channel_transaction_parameters.holder_selected_contest_delay
1113 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
1114 &self.channel_transaction_parameters.holder_pubkeys
1117 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
1118 self.channel_transaction_parameters.counterparty_parameters
1119 .as_ref().map(|params| params.selected_contest_delay)
1122 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
1123 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
1126 /// Allowed in any state (including after shutdown)
1127 pub fn get_counterparty_node_id(&self) -> PublicKey {
1128 self.counterparty_node_id
1131 /// Allowed in any state (including after shutdown)
1132 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
1133 self.holder_htlc_minimum_msat
1136 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1137 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
1138 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
1141 /// Allowed in any state (including after shutdown)
1142 pub fn get_announced_htlc_max_msat(&self) -> u64 {
1144 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
1145 // to use full capacity. This is an effort to reduce routing failures, because in many cases
1146 // channel might have been used to route very small values (either by honest users or as DoS).
1147 self.channel_value_satoshis * 1000 * 9 / 10,
1149 self.counterparty_max_htlc_value_in_flight_msat
1153 /// Allowed in any state (including after shutdown)
1154 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
1155 self.counterparty_htlc_minimum_msat
1158 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1159 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
1160 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
1163 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
1164 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
1165 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
1167 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
1168 party_max_htlc_value_in_flight_msat
1173 pub fn get_value_satoshis(&self) -> u64 {
1174 self.channel_value_satoshis
1177 pub fn get_fee_proportional_millionths(&self) -> u32 {
1178 self.config.options.forwarding_fee_proportional_millionths
1181 pub fn get_cltv_expiry_delta(&self) -> u16 {
1182 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
1185 pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
1186 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
1187 where F::Target: FeeEstimator
1189 match self.config.options.max_dust_htlc_exposure {
1190 MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
1191 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
1192 ConfirmationTarget::OnChainSweep);
1193 feerate_per_kw as u64 * multiplier
1195 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
1199 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
1200 pub fn prev_config(&self) -> Option<ChannelConfig> {
1201 self.prev_config.map(|prev_config| prev_config.0)
1204 // Checks whether we should emit a `ChannelPending` event.
1205 pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
1206 self.is_funding_broadcast() && !self.channel_pending_event_emitted
1209 // Returns whether we already emitted a `ChannelPending` event.
1210 pub(crate) fn channel_pending_event_emitted(&self) -> bool {
1211 self.channel_pending_event_emitted
1214 // Remembers that we already emitted a `ChannelPending` event.
1215 pub(crate) fn set_channel_pending_event_emitted(&mut self) {
1216 self.channel_pending_event_emitted = true;
1219 // Checks whether we should emit a `ChannelReady` event.
1220 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
1221 self.is_usable() && !self.channel_ready_event_emitted
1224 // Remembers that we already emitted a `ChannelReady` event.
1225 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
1226 self.channel_ready_event_emitted = true;
1229 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
1230 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
1231 /// no longer be considered when forwarding HTLCs.
1232 pub fn maybe_expire_prev_config(&mut self) {
1233 if self.prev_config.is_none() {
1236 let prev_config = self.prev_config.as_mut().unwrap();
1238 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
1239 self.prev_config = None;
1243 /// Returns the current [`ChannelConfig`] applied to the channel.
1244 pub fn config(&self) -> ChannelConfig {
1248 /// Updates the channel's config. A bool is returned indicating whether the config update
1249 /// applied resulted in a new ChannelUpdate message.
1250 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
1251 let did_channel_update =
1252 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
1253 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
1254 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
1255 if did_channel_update {
1256 self.prev_config = Some((self.config.options, 0));
1257 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
1258 // policy change to propagate throughout the network.
1259 self.update_time_counter += 1;
1261 self.config.options = *config;
1265 /// Returns true if funding_signed was sent/received and the
1266 /// funding transaction has been broadcast if necessary.
1267 pub fn is_funding_broadcast(&self) -> bool {
1268 self.channel_state & !STATE_FLAGS >= ChannelState::FundingSent as u32 &&
1269 self.channel_state & ChannelState::WaitingForBatch as u32 == 0
1272 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1273 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1274 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1275 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1276 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1278 /// @local is used only to convert relevant internal structures which refer to remote vs local
1279 /// to decide value of outputs and direction of HTLCs.
1280 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1281 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1282 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1283 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1284 /// which peer generated this transaction and "to whom" this transaction flows.
1286 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1287 where L::Target: Logger
1289 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1290 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1291 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1293 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1294 let mut remote_htlc_total_msat = 0;
1295 let mut local_htlc_total_msat = 0;
1296 let mut value_to_self_msat_offset = 0;
1298 let mut feerate_per_kw = self.feerate_per_kw;
1299 if let Some((feerate, update_state)) = self.pending_update_fee {
1300 if match update_state {
1301 // Note that these match the inclusion criteria when scanning
1302 // pending_inbound_htlcs below.
1303 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1304 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1305 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1307 feerate_per_kw = feerate;
1311 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1312 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1313 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1315 if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1317 macro_rules! get_htlc_in_commitment {
1318 ($htlc: expr, $offered: expr) => {
1319 HTLCOutputInCommitment {
1321 amount_msat: $htlc.amount_msat,
1322 cltv_expiry: $htlc.cltv_expiry,
1323 payment_hash: $htlc.payment_hash,
1324 transaction_output_index: None
1329 macro_rules! add_htlc_output {
1330 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1331 if $outbound == local { // "offered HTLC output"
1332 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1333 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1336 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
1338 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1339 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1340 included_non_dust_htlcs.push((htlc_in_tx, $source));
1342 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1343 included_dust_htlcs.push((htlc_in_tx, $source));
1346 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1347 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1350 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
1352 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1353 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1354 included_non_dust_htlcs.push((htlc_in_tx, $source));
1356 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1357 included_dust_htlcs.push((htlc_in_tx, $source));
1363 for ref htlc in self.pending_inbound_htlcs.iter() {
1364 let (include, state_name) = match htlc.state {
1365 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1366 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1367 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1368 InboundHTLCState::Committed => (true, "Committed"),
1369 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1373 add_htlc_output!(htlc, false, None, state_name);
1374 remote_htlc_total_msat += htlc.amount_msat;
1376 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1378 &InboundHTLCState::LocalRemoved(ref reason) => {
1379 if generated_by_local {
1380 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1381 value_to_self_msat_offset += htlc.amount_msat as i64;
1390 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1392 for ref htlc in self.pending_outbound_htlcs.iter() {
1393 let (include, state_name) = match htlc.state {
1394 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1395 OutboundHTLCState::Committed => (true, "Committed"),
1396 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1397 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1398 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1401 let preimage_opt = match htlc.state {
1402 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1403 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1404 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1408 if let Some(preimage) = preimage_opt {
1409 preimages.push(preimage);
1413 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1414 local_htlc_total_msat += htlc.amount_msat;
1416 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1418 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1419 value_to_self_msat_offset -= htlc.amount_msat as i64;
1421 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1422 if !generated_by_local {
1423 value_to_self_msat_offset -= htlc.amount_msat as i64;
1431 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1432 assert!(value_to_self_msat >= 0);
1433 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1434 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1435 // "violate" their reserve value by couting those against it. Thus, we have to convert
1436 // everything to i64 before subtracting as otherwise we can overflow.
1437 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1438 assert!(value_to_remote_msat >= 0);
1440 #[cfg(debug_assertions)]
1442 // Make sure that the to_self/to_remote is always either past the appropriate
1443 // channel_reserve *or* it is making progress towards it.
1444 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1445 self.holder_max_commitment_tx_output.lock().unwrap()
1447 self.counterparty_max_commitment_tx_output.lock().unwrap()
1449 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1450 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1451 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1452 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1455 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
1456 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1457 let (value_to_self, value_to_remote) = if self.is_outbound() {
1458 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1460 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1463 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1464 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1465 let (funding_pubkey_a, funding_pubkey_b) = if local {
1466 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1468 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1471 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1472 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1477 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1478 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1483 let num_nondust_htlcs = included_non_dust_htlcs.len();
1485 let channel_parameters =
1486 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1487 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1488 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1495 &mut included_non_dust_htlcs,
1498 let mut htlcs_included = included_non_dust_htlcs;
1499 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1500 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1501 htlcs_included.append(&mut included_dust_htlcs);
1503 // For the stats, trimmed-to-0 the value in msats accordingly
1504 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1505 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1513 local_balance_msat: value_to_self_msat as u64,
1514 remote_balance_msat: value_to_remote_msat as u64,
1520 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1521 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1522 /// our counterparty!)
1523 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1524 /// TODO Some magic rust shit to compile-time check this?
1525 fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
1526 let per_commitment_point = self.holder_signer.as_ref().get_per_commitment_point(commitment_number, &self.secp_ctx);
1527 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1528 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1529 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1531 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
1535 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1536 /// will sign and send to our counterparty.
1537 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
1538 fn build_remote_transaction_keys(&self) -> TxCreationKeys {
1539 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1540 //may see payments to it!
1541 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1542 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1543 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1545 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
1548 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1549 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1550 /// Panics if called before accept_channel/InboundV1Channel::new
1551 pub fn get_funding_redeemscript(&self) -> Script {
1552 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1555 fn counterparty_funding_pubkey(&self) -> &PublicKey {
1556 &self.get_counterparty_pubkeys().funding_pubkey
1559 pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
1563 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
1564 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
1565 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
1566 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
1567 // more dust balance if the feerate increases when we have several HTLCs pending
1568 // which are near the dust limit.
1569 let mut feerate_per_kw = self.feerate_per_kw;
1570 // If there's a pending update fee, use it to ensure we aren't under-estimating
1571 // potential feerate updates coming soon.
1572 if let Some((feerate, _)) = self.pending_update_fee {
1573 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1575 if let Some(feerate) = outbound_feerate_update {
1576 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1578 cmp::max(2530, feerate_per_kw * 1250 / 1000)
1581 /// Get forwarding information for the counterparty.
1582 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
1583 self.counterparty_forwarding_info.clone()
1586 /// Returns a HTLCStats about inbound pending htlcs
1587 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1589 let mut stats = HTLCStats {
1590 pending_htlcs: context.pending_inbound_htlcs.len() as u32,
1591 pending_htlcs_value_msat: 0,
1592 on_counterparty_tx_dust_exposure_msat: 0,
1593 on_holder_tx_dust_exposure_msat: 0,
1594 holding_cell_msat: 0,
1595 on_holder_tx_holding_cell_htlcs_count: 0,
1598 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1601 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1602 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1603 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1605 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1606 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1607 for ref htlc in context.pending_inbound_htlcs.iter() {
1608 stats.pending_htlcs_value_msat += htlc.amount_msat;
1609 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
1610 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1612 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
1613 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1619 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
1620 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1622 let mut stats = HTLCStats {
1623 pending_htlcs: context.pending_outbound_htlcs.len() as u32,
1624 pending_htlcs_value_msat: 0,
1625 on_counterparty_tx_dust_exposure_msat: 0,
1626 on_holder_tx_dust_exposure_msat: 0,
1627 holding_cell_msat: 0,
1628 on_holder_tx_holding_cell_htlcs_count: 0,
1631 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1634 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1635 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1636 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1638 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1639 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1640 for ref htlc in context.pending_outbound_htlcs.iter() {
1641 stats.pending_htlcs_value_msat += htlc.amount_msat;
1642 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
1643 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1645 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
1646 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1650 for update in context.holding_cell_htlc_updates.iter() {
1651 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
1652 stats.pending_htlcs += 1;
1653 stats.pending_htlcs_value_msat += amount_msat;
1654 stats.holding_cell_msat += amount_msat;
1655 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
1656 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
1658 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
1659 stats.on_holder_tx_dust_exposure_msat += amount_msat;
1661 stats.on_holder_tx_holding_cell_htlcs_count += 1;
1668 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
1669 /// Doesn't bother handling the
1670 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
1671 /// corner case properly.
1672 pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
1673 -> AvailableBalances
1674 where F::Target: FeeEstimator
1676 let context = &self;
1677 // Note that we have to handle overflow due to the above case.
1678 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
1679 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
1681 let mut balance_msat = context.value_to_self_msat;
1682 for ref htlc in context.pending_inbound_htlcs.iter() {
1683 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
1684 balance_msat += htlc.amount_msat;
1687 balance_msat -= outbound_stats.pending_htlcs_value_msat;
1689 let outbound_capacity_msat = context.value_to_self_msat
1690 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
1692 context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
1694 let mut available_capacity_msat = outbound_capacity_msat;
1696 let anchor_outputs_value_msat = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1697 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
1701 if context.is_outbound() {
1702 // We should mind channel commit tx fee when computing how much of the available capacity
1703 // can be used in the next htlc. Mirrors the logic in send_htlc.
1705 // The fee depends on whether the amount we will be sending is above dust or not,
1706 // and the answer will in turn change the amount itself — making it a circular
1708 // This complicates the computation around dust-values, up to the one-htlc-value.
1709 let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
1710 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1711 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
1714 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
1715 let mut max_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
1716 let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
1717 let mut min_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
1718 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1719 max_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
1720 min_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
1723 // We will first subtract the fee as if we were above-dust. Then, if the resulting
1724 // value ends up being below dust, we have this fee available again. In that case,
1725 // match the value to right-below-dust.
1726 let mut capacity_minus_commitment_fee_msat: i64 = available_capacity_msat as i64 -
1727 max_reserved_commit_tx_fee_msat as i64 - anchor_outputs_value_msat as i64;
1728 if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
1729 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
1730 debug_assert!(one_htlc_difference_msat != 0);
1731 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
1732 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
1733 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
1735 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
1738 // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
1739 // sending a new HTLC won't reduce their balance below our reserve threshold.
1740 let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
1741 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1742 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
1745 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
1746 let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
1748 let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
1749 let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
1750 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
1752 if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat + anchor_outputs_value_msat {
1753 // If another HTLC's fee would reduce the remote's balance below the reserve limit
1754 // we've selected for them, we can only send dust HTLCs.
1755 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
1759 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
1761 // If we get close to our maximum dust exposure, we end up in a situation where we can send
1762 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
1763 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
1764 // send above the dust limit (as the router can always overpay to meet the dust limit).
1765 let mut remaining_msat_below_dust_exposure_limit = None;
1766 let mut dust_exposure_dust_limit_msat = 0;
1767 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
1769 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1770 (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
1772 let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
1773 (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1774 context.holder_dust_limit_satoshis + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1776 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
1777 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1778 remaining_msat_below_dust_exposure_limit =
1779 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
1780 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
1783 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
1784 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1785 remaining_msat_below_dust_exposure_limit = Some(cmp::min(
1786 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
1787 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
1788 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
1791 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
1792 if available_capacity_msat < dust_exposure_dust_limit_msat {
1793 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
1795 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
1799 available_capacity_msat = cmp::min(available_capacity_msat,
1800 context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
1802 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
1803 available_capacity_msat = 0;
1807 inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
1808 - context.value_to_self_msat as i64
1809 - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
1810 - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
1812 outbound_capacity_msat,
1813 next_outbound_htlc_limit_msat: available_capacity_msat,
1814 next_outbound_htlc_minimum_msat,
1819 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
1820 let context = &self;
1821 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
1824 /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
1825 /// number of pending HTLCs that are on track to be in our next commitment tx.
1827 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1828 /// `fee_spike_buffer_htlc` is `Some`.
1830 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1831 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1833 /// Dust HTLCs are excluded.
1834 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1835 let context = &self;
1836 assert!(context.is_outbound());
1838 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1841 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1842 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1844 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1845 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1847 let mut addl_htlcs = 0;
1848 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1850 HTLCInitiator::LocalOffered => {
1851 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1855 HTLCInitiator::RemoteOffered => {
1856 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1862 let mut included_htlcs = 0;
1863 for ref htlc in context.pending_inbound_htlcs.iter() {
1864 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
1867 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
1868 // transaction including this HTLC if it times out before they RAA.
1869 included_htlcs += 1;
1872 for ref htlc in context.pending_outbound_htlcs.iter() {
1873 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
1877 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
1878 OutboundHTLCState::Committed => included_htlcs += 1,
1879 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1880 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
1881 // transaction won't be generated until they send us their next RAA, which will mean
1882 // dropping any HTLCs in this state.
1887 for htlc in context.holding_cell_htlc_updates.iter() {
1889 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
1890 if amount_msat / 1000 < real_dust_limit_timeout_sat {
1895 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
1896 // ack we're guaranteed to never include them in commitment txs anymore.
1900 let num_htlcs = included_htlcs + addl_htlcs;
1901 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1902 #[cfg(any(test, fuzzing))]
1905 if fee_spike_buffer_htlc.is_some() {
1906 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1908 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
1909 + context.holding_cell_htlc_updates.len();
1910 let commitment_tx_info = CommitmentTxInfoCached {
1912 total_pending_htlcs,
1913 next_holder_htlc_id: match htlc.origin {
1914 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1915 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1917 next_counterparty_htlc_id: match htlc.origin {
1918 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1919 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1921 feerate: context.feerate_per_kw,
1923 *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1928 /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
1929 /// pending HTLCs that are on track to be in their next commitment tx
1931 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1932 /// `fee_spike_buffer_htlc` is `Some`.
1934 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1935 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1937 /// Dust HTLCs are excluded.
1938 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1939 let context = &self;
1940 assert!(!context.is_outbound());
1942 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1945 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1946 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1948 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1949 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1951 let mut addl_htlcs = 0;
1952 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1954 HTLCInitiator::LocalOffered => {
1955 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1959 HTLCInitiator::RemoteOffered => {
1960 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1966 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
1967 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
1968 // committed outbound HTLCs, see below.
1969 let mut included_htlcs = 0;
1970 for ref htlc in context.pending_inbound_htlcs.iter() {
1971 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
1974 included_htlcs += 1;
1977 for ref htlc in context.pending_outbound_htlcs.iter() {
1978 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
1981 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
1982 // i.e. if they've responded to us with an RAA after announcement.
1984 OutboundHTLCState::Committed => included_htlcs += 1,
1985 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1986 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
1991 let num_htlcs = included_htlcs + addl_htlcs;
1992 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1993 #[cfg(any(test, fuzzing))]
1996 if fee_spike_buffer_htlc.is_some() {
1997 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1999 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
2000 let commitment_tx_info = CommitmentTxInfoCached {
2002 total_pending_htlcs,
2003 next_holder_htlc_id: match htlc.origin {
2004 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
2005 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
2007 next_counterparty_htlc_id: match htlc.origin {
2008 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
2009 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
2011 feerate: context.feerate_per_kw,
2013 *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2018 fn if_unbroadcasted_funding<F, O>(&self, f: F) -> Option<O>
2019 where F: Fn() -> Option<O> {
2020 if self.channel_state & ChannelState::FundingCreated as u32 != 0 ||
2021 self.channel_state & ChannelState::WaitingForBatch as u32 != 0 {
2028 /// Returns the transaction if there is a pending funding transaction that is yet to be
2030 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
2031 self.if_unbroadcasted_funding(|| self.funding_transaction.clone())
2034 /// Returns the transaction ID if there is a pending funding transaction that is yet to be
2036 pub fn unbroadcasted_funding_txid(&self) -> Option<Txid> {
2037 self.if_unbroadcasted_funding(||
2038 self.channel_transaction_parameters.funding_outpoint.map(|txo| txo.txid)
2042 /// Returns whether the channel is funded in a batch.
2043 pub fn is_batch_funding(&self) -> bool {
2044 self.is_batch_funding.is_some()
2047 /// Returns the transaction ID if there is a pending batch funding transaction that is yet to be
2049 pub fn unbroadcasted_batch_funding_txid(&self) -> Option<Txid> {
2050 self.unbroadcasted_funding_txid().filter(|_| self.is_batch_funding())
2053 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
2054 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
2055 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
2056 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
2057 /// immediately (others we will have to allow to time out).
2058 pub fn force_shutdown(&mut self, should_broadcast: bool) -> ShutdownResult {
2059 // Note that we MUST only generate a monitor update that indicates force-closure - we're
2060 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
2061 // being fully configured in some cases. Thus, its likely any monitor events we generate will
2062 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
2063 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
2065 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
2066 // return them to fail the payment.
2067 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
2068 let counterparty_node_id = self.get_counterparty_node_id();
2069 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
2071 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
2072 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
2077 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
2078 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
2079 // returning a channel monitor update here would imply a channel monitor update before
2080 // we even registered the channel monitor to begin with, which is invalid.
2081 // Thus, if we aren't actually at a point where we could conceivably broadcast the
2082 // funding transaction, don't return a funding txo (which prevents providing the
2083 // monitor update to the user, even if we return one).
2084 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
2085 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
2086 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
2087 Some((self.get_counterparty_node_id(), funding_txo, ChannelMonitorUpdate {
2088 update_id: self.latest_monitor_update_id,
2089 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
2093 let unbroadcasted_batch_funding_txid = self.unbroadcasted_batch_funding_txid();
2095 self.channel_state = ChannelState::ShutdownComplete as u32;
2096 self.update_time_counter += 1;
2099 dropped_outbound_htlcs,
2100 unbroadcasted_batch_funding_txid,
2105 // Internal utility functions for channels
2107 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
2108 /// `channel_value_satoshis` in msat, set through
2109 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
2111 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
2113 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
2114 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
2115 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
2117 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
2120 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
2122 channel_value_satoshis * 10 * configured_percent
2125 /// Returns a minimum channel reserve value the remote needs to maintain,
2126 /// required by us according to the configured or default
2127 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
2129 /// Guaranteed to return a value no larger than channel_value_satoshis
2131 /// This is used both for outbound and inbound channels and has lower bound
2132 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
2133 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
2134 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
2135 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
2138 /// This is for legacy reasons, present for forward-compatibility.
2139 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
2140 /// from storage. Hence, we use this function to not persist default values of
2141 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
2142 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
2143 let (q, _) = channel_value_satoshis.overflowing_div(100);
2144 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
2147 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2148 // Note that num_htlcs should not include dust HTLCs.
2150 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2151 feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2154 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2155 // Note that num_htlcs should not include dust HTLCs.
2156 pub(crate) fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2157 // Note that we need to divide before multiplying to round properly,
2158 // since the lowest denomination of bitcoin on-chain is the satoshi.
2159 (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2162 // Holder designates channel data owned for the benefit of the user client.
2163 // Counterparty designates channel data owned by the another channel participant entity.
2164 pub(super) struct Channel<SP: Deref> where SP::Target: SignerProvider {
2165 pub context: ChannelContext<SP>,
2168 #[cfg(any(test, fuzzing))]
2169 struct CommitmentTxInfoCached {
2171 total_pending_htlcs: usize,
2172 next_holder_htlc_id: u64,
2173 next_counterparty_htlc_id: u64,
2177 impl<SP: Deref> Channel<SP> where
2178 SP::Target: SignerProvider,
2179 <SP::Target as SignerProvider>::Signer: WriteableEcdsaChannelSigner
2181 fn check_remote_fee<F: Deref, L: Deref>(
2182 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
2183 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
2184 ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
2186 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
2187 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
2188 // We generally don't care too much if they set the feerate to something very high, but it
2189 // could result in the channel being useless due to everything being dust. This doesn't
2190 // apply to channels supporting anchor outputs since HTLC transactions are pre-signed with a
2191 // zero fee, so their fee is no longer considered to determine dust limits.
2192 if !channel_type.supports_anchors_zero_fee_htlc_tx() {
2194 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee) as u64;
2195 if feerate_per_kw as u64 > upper_limit {
2196 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
2200 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
2201 ConfirmationTarget::MinAllowedAnchorChannelRemoteFee
2203 ConfirmationTarget::MinAllowedNonAnchorChannelRemoteFee
2205 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
2206 if feerate_per_kw < lower_limit {
2207 if let Some(cur_feerate) = cur_feerate_per_kw {
2208 if feerate_per_kw > cur_feerate {
2210 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
2211 cur_feerate, feerate_per_kw);
2215 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {}", feerate_per_kw, lower_limit)));
2221 fn get_closing_scriptpubkey(&self) -> Script {
2222 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
2223 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
2224 // outside of those situations will fail.
2225 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
2229 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
2234 1 + // script length (0)
2238 )*4 + // * 4 for non-witness parts
2239 2 + // witness marker and flag
2240 1 + // witness element count
2241 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
2242 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
2243 2*(1 + 71); // two signatures + sighash type flags
2244 if let Some(spk) = a_scriptpubkey {
2245 ret += ((8+1) + // output values and script length
2246 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2248 if let Some(spk) = b_scriptpubkey {
2249 ret += ((8+1) + // output values and script length
2250 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2256 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
2257 assert!(self.context.pending_inbound_htlcs.is_empty());
2258 assert!(self.context.pending_outbound_htlcs.is_empty());
2259 assert!(self.context.pending_update_fee.is_none());
2261 let mut total_fee_satoshis = proposed_total_fee_satoshis;
2262 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
2263 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
2265 if value_to_holder < 0 {
2266 assert!(self.context.is_outbound());
2267 total_fee_satoshis += (-value_to_holder) as u64;
2268 } else if value_to_counterparty < 0 {
2269 assert!(!self.context.is_outbound());
2270 total_fee_satoshis += (-value_to_counterparty) as u64;
2273 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
2274 value_to_counterparty = 0;
2277 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
2278 value_to_holder = 0;
2281 assert!(self.context.shutdown_scriptpubkey.is_some());
2282 let holder_shutdown_script = self.get_closing_scriptpubkey();
2283 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
2284 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
2286 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
2287 (closing_transaction, total_fee_satoshis)
2290 fn funding_outpoint(&self) -> OutPoint {
2291 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
2294 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
2297 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
2298 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
2300 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
2302 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
2303 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
2304 where L::Target: Logger {
2305 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
2306 // (see equivalent if condition there).
2307 assert!(self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
2308 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
2309 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
2310 self.context.latest_monitor_update_id = mon_update_id;
2311 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
2312 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
2316 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
2317 // Either ChannelReady got set (which means it won't be unset) or there is no way any
2318 // caller thought we could have something claimed (cause we wouldn't have accepted in an
2319 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
2321 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2322 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
2324 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2326 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2327 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2328 // these, but for now we just have to treat them as normal.
2330 let mut pending_idx = core::usize::MAX;
2331 let mut htlc_value_msat = 0;
2332 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2333 if htlc.htlc_id == htlc_id_arg {
2334 debug_assert_eq!(htlc.payment_hash, PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner()));
2335 log_debug!(logger, "Claiming inbound HTLC id {} with payment hash {} with preimage {}",
2336 htlc.htlc_id, htlc.payment_hash, payment_preimage_arg);
2338 InboundHTLCState::Committed => {},
2339 InboundHTLCState::LocalRemoved(ref reason) => {
2340 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2342 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", &htlc.payment_hash, &self.context.channel_id());
2343 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2345 return UpdateFulfillFetch::DuplicateClaim {};
2348 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2349 // Don't return in release mode here so that we can update channel_monitor
2353 htlc_value_msat = htlc.amount_msat;
2357 if pending_idx == core::usize::MAX {
2358 #[cfg(any(test, fuzzing))]
2359 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
2360 // this is simply a duplicate claim, not previously failed and we lost funds.
2361 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2362 return UpdateFulfillFetch::DuplicateClaim {};
2365 // Now update local state:
2367 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
2368 // can claim it even if the channel hits the chain before we see their next commitment.
2369 self.context.latest_monitor_update_id += 1;
2370 let monitor_update = ChannelMonitorUpdate {
2371 update_id: self.context.latest_monitor_update_id,
2372 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
2373 payment_preimage: payment_preimage_arg.clone(),
2377 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2378 // Note that this condition is the same as the assertion in
2379 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
2380 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
2381 // do not not get into this branch.
2382 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2383 match pending_update {
2384 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2385 if htlc_id_arg == htlc_id {
2386 // Make sure we don't leave latest_monitor_update_id incremented here:
2387 self.context.latest_monitor_update_id -= 1;
2388 #[cfg(any(test, fuzzing))]
2389 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2390 return UpdateFulfillFetch::DuplicateClaim {};
2393 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2394 if htlc_id_arg == htlc_id {
2395 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", &self.context.channel_id());
2396 // TODO: We may actually be able to switch to a fulfill here, though its
2397 // rare enough it may not be worth the complexity burden.
2398 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2399 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2405 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", &self.context.channel_id(), self.context.channel_state);
2406 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
2407 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
2409 #[cfg(any(test, fuzzing))]
2410 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2411 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2413 #[cfg(any(test, fuzzing))]
2414 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2417 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2418 if let InboundHTLCState::Committed = htlc.state {
2420 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2421 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2423 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", &htlc.payment_hash, &self.context.channel_id);
2424 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
2427 UpdateFulfillFetch::NewClaim {
2430 msg: Some(msgs::UpdateFulfillHTLC {
2431 channel_id: self.context.channel_id(),
2432 htlc_id: htlc_id_arg,
2433 payment_preimage: payment_preimage_arg,
2438 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
2439 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
2440 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
2441 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
2442 // Even if we aren't supposed to let new monitor updates with commitment state
2443 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
2444 // matter what. Sadly, to push a new monitor update which flies before others
2445 // already queued, we have to insert it into the pending queue and update the
2446 // update_ids of all the following monitors.
2447 if release_cs_monitor && msg.is_some() {
2448 let mut additional_update = self.build_commitment_no_status_check(logger);
2449 // build_commitment_no_status_check may bump latest_monitor_id but we want them
2450 // to be strictly increasing by one, so decrement it here.
2451 self.context.latest_monitor_update_id = monitor_update.update_id;
2452 monitor_update.updates.append(&mut additional_update.updates);
2454 let new_mon_id = self.context.blocked_monitor_updates.get(0)
2455 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
2456 monitor_update.update_id = new_mon_id;
2457 for held_update in self.context.blocked_monitor_updates.iter_mut() {
2458 held_update.update.update_id += 1;
2461 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
2462 let update = self.build_commitment_no_status_check(logger);
2463 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
2469 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
2470 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
2472 UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
2476 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2477 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2478 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2479 /// before we fail backwards.
2481 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2482 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2483 /// [`ChannelError::Ignore`].
2484 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
2485 -> Result<(), ChannelError> where L::Target: Logger {
2486 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
2487 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
2490 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2491 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2492 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2493 /// before we fail backwards.
2495 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2496 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2497 /// [`ChannelError::Ignore`].
2498 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
2499 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
2500 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2501 panic!("Was asked to fail an HTLC when channel was not in an operational state");
2503 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2505 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2506 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2507 // these, but for now we just have to treat them as normal.
2509 let mut pending_idx = core::usize::MAX;
2510 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2511 if htlc.htlc_id == htlc_id_arg {
2513 InboundHTLCState::Committed => {},
2514 InboundHTLCState::LocalRemoved(ref reason) => {
2515 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2517 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2522 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2523 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
2529 if pending_idx == core::usize::MAX {
2530 #[cfg(any(test, fuzzing))]
2531 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2532 // is simply a duplicate fail, not previously failed and we failed-back too early.
2533 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2537 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2538 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2539 force_holding_cell = true;
2542 // Now update local state:
2543 if force_holding_cell {
2544 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2545 match pending_update {
2546 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2547 if htlc_id_arg == htlc_id {
2548 #[cfg(any(test, fuzzing))]
2549 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2553 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2554 if htlc_id_arg == htlc_id {
2555 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2556 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2562 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, &self.context.channel_id());
2563 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2564 htlc_id: htlc_id_arg,
2570 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, &self.context.channel_id());
2572 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2573 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2576 Ok(Some(msgs::UpdateFailHTLC {
2577 channel_id: self.context.channel_id(),
2578 htlc_id: htlc_id_arg,
2583 // Message handlers:
2585 /// Handles a funding_signed message from the remote end.
2586 /// If this call is successful, broadcast the funding transaction (and not before!)
2587 pub fn funding_signed<L: Deref>(
2588 &mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
2589 ) -> Result<ChannelMonitor<<SP::Target as SignerProvider>::Signer>, ChannelError>
2593 if !self.context.is_outbound() {
2594 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2596 if self.context.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2597 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2599 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2600 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2601 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2602 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2605 let funding_script = self.context.get_funding_redeemscript();
2607 let counterparty_keys = self.context.build_remote_transaction_keys();
2608 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2609 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2610 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2612 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2613 &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2615 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2616 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2618 let trusted_tx = initial_commitment_tx.trust();
2619 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2620 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2621 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2622 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
2623 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2627 let holder_commitment_tx = HolderCommitmentTransaction::new(
2628 initial_commitment_tx,
2631 &self.context.get_holder_pubkeys().funding_pubkey,
2632 self.context.counterparty_funding_pubkey()
2635 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new())
2636 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2639 let funding_redeemscript = self.context.get_funding_redeemscript();
2640 let funding_txo = self.context.get_funding_txo().unwrap();
2641 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2642 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
2643 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2644 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
2645 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
2646 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
2647 shutdown_script, self.context.get_holder_selected_contest_delay(),
2648 &self.context.destination_script, (funding_txo, funding_txo_script),
2649 &self.context.channel_transaction_parameters,
2650 funding_redeemscript.clone(), self.context.channel_value_satoshis,
2652 holder_commitment_tx, best_block, self.context.counterparty_node_id);
2654 channel_monitor.provide_initial_counterparty_commitment_tx(
2655 counterparty_initial_bitcoin_tx.txid, Vec::new(),
2656 self.context.cur_counterparty_commitment_transaction_number,
2657 self.context.counterparty_cur_commitment_point.unwrap(),
2658 counterparty_initial_commitment_tx.feerate_per_kw(),
2659 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
2660 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
2662 assert_eq!(self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2663 if self.context.is_batch_funding() {
2664 self.context.channel_state = ChannelState::FundingSent as u32 | ChannelState::WaitingForBatch as u32;
2666 self.context.channel_state = ChannelState::FundingSent as u32;
2668 self.context.cur_holder_commitment_transaction_number -= 1;
2669 self.context.cur_counterparty_commitment_transaction_number -= 1;
2671 log_info!(logger, "Received funding_signed from peer for channel {}", &self.context.channel_id());
2673 let need_channel_ready = self.check_get_channel_ready(0).is_some();
2674 self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
2678 /// Updates the state of the channel to indicate that all channels in the batch have received
2679 /// funding_signed and persisted their monitors.
2680 /// The funding transaction is consequently allowed to be broadcast, and the channel can be
2681 /// treated as a non-batch channel going forward.
2682 pub fn set_batch_ready(&mut self) {
2683 self.context.is_batch_funding = None;
2684 self.context.channel_state &= !(ChannelState::WaitingForBatch as u32);
2687 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2688 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2690 pub fn channel_ready<NS: Deref, L: Deref>(
2691 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, chain_hash: ChainHash,
2692 user_config: &UserConfig, best_block: &BestBlock, logger: &L
2693 ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
2695 NS::Target: NodeSigner,
2698 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2699 self.context.workaround_lnd_bug_4006 = Some(msg.clone());
2700 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2703 if let Some(scid_alias) = msg.short_channel_id_alias {
2704 if Some(scid_alias) != self.context.short_channel_id {
2705 // The scid alias provided can be used to route payments *from* our counterparty,
2706 // i.e. can be used for inbound payments and provided in invoices, but is not used
2707 // when routing outbound payments.
2708 self.context.latest_inbound_scid_alias = Some(scid_alias);
2712 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
2714 // Our channel_ready shouldn't have been sent if we are waiting for other channels in the
2715 // batch, but we can receive channel_ready messages.
2717 non_shutdown_state & ChannelState::OurChannelReady as u32 == 0 ||
2718 non_shutdown_state & ChannelState::WaitingForBatch as u32 == 0
2720 if non_shutdown_state & !(ChannelState::WaitingForBatch as u32) == ChannelState::FundingSent as u32 {
2721 self.context.channel_state |= ChannelState::TheirChannelReady as u32;
2722 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2723 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
2724 self.context.update_time_counter += 1;
2725 } else if self.context.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2726 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2727 (self.context.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2728 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2730 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2731 // required, or they're sending a fresh SCID alias.
2732 let expected_point =
2733 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2734 // If they haven't ever sent an updated point, the point they send should match
2736 self.context.counterparty_cur_commitment_point
2737 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
2738 // If we've advanced the commitment number once, the second commitment point is
2739 // at `counterparty_prev_commitment_point`, which is not yet revoked.
2740 debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
2741 self.context.counterparty_prev_commitment_point
2743 // If they have sent updated points, channel_ready is always supposed to match
2744 // their "first" point, which we re-derive here.
2745 Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
2746 &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2747 ).expect("We already advanced, so previous secret keys should have been validated already")))
2749 if expected_point != Some(msg.next_per_commitment_point) {
2750 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2754 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2757 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
2758 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2760 log_info!(logger, "Received channel_ready from peer for channel {}", &self.context.channel_id());
2762 Ok(self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger))
2765 pub fn update_add_htlc<F, FE: Deref, L: Deref>(
2766 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
2767 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
2768 ) -> Result<(), ChannelError>
2769 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
2770 FE::Target: FeeEstimator, L::Target: Logger,
2772 // We can't accept HTLCs sent after we've sent a shutdown.
2773 let local_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2774 if local_sent_shutdown {
2775 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2777 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2778 let remote_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2779 if remote_sent_shutdown {
2780 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2782 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2783 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2785 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
2786 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2788 if msg.amount_msat == 0 {
2789 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2791 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
2792 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
2795 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
2796 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
2797 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
2798 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
2800 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
2801 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
2804 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2805 // the reserve_satoshis we told them to always have as direct payment so that they lose
2806 // something if we punish them for broadcasting an old state).
2807 // Note that we don't really care about having a small/no to_remote output in our local
2808 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2809 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2810 // present in the next commitment transaction we send them (at least for fulfilled ones,
2811 // failed ones won't modify value_to_self).
2812 // Note that we will send HTLCs which another instance of rust-lightning would think
2813 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2814 // Channel state once they will not be present in the next received commitment
2816 let mut removed_outbound_total_msat = 0;
2817 for ref htlc in self.context.pending_outbound_htlcs.iter() {
2818 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2819 removed_outbound_total_msat += htlc.amount_msat;
2820 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2821 removed_outbound_total_msat += htlc.amount_msat;
2825 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
2826 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2829 let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
2830 (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
2831 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
2833 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
2834 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2835 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2836 if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2837 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2838 on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2839 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2843 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
2844 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2845 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2846 if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2847 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2848 on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2849 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2853 let pending_value_to_self_msat =
2854 self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2855 let pending_remote_value_msat =
2856 self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2857 if pending_remote_value_msat < msg.amount_msat {
2858 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2861 // Check that the remote can afford to pay for this HTLC on-chain at the current
2862 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2864 let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
2865 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2866 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2868 let anchor_outputs_value_msat = if !self.context.is_outbound() && self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2869 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
2873 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(anchor_outputs_value_msat) < remote_commit_tx_fee_msat {
2874 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2876 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(remote_commit_tx_fee_msat).saturating_sub(anchor_outputs_value_msat) < self.context.holder_selected_channel_reserve_satoshis * 1000 {
2877 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2881 let anchor_outputs_value_msat = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2882 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
2886 if !self.context.is_outbound() {
2887 // `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2888 // the spec because the fee spike buffer requirement doesn't exist on the receiver's
2889 // side, only on the sender's. Note that with anchor outputs we are no longer as
2890 // sensitive to fee spikes, so we need to account for them.
2891 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2892 let mut remote_fee_cost_incl_stuck_buffer_msat = self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2893 if !self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2894 remote_fee_cost_incl_stuck_buffer_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
2896 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(self.context.holder_selected_channel_reserve_satoshis * 1000).saturating_sub(anchor_outputs_value_msat) < remote_fee_cost_incl_stuck_buffer_msat {
2897 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2898 // the HTLC, i.e. its status is already set to failing.
2899 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", &self.context.channel_id());
2900 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2903 // Check that they won't violate our local required channel reserve by adding this HTLC.
2904 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2905 let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
2906 if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat + anchor_outputs_value_msat {
2907 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2910 if self.context.next_counterparty_htlc_id != msg.htlc_id {
2911 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
2913 if msg.cltv_expiry >= 500000000 {
2914 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2917 if self.context.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2918 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2919 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2923 // Now update local state:
2924 self.context.next_counterparty_htlc_id += 1;
2925 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
2926 htlc_id: msg.htlc_id,
2927 amount_msat: msg.amount_msat,
2928 payment_hash: msg.payment_hash,
2929 cltv_expiry: msg.cltv_expiry,
2930 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2935 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2937 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2938 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2939 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
2940 if htlc.htlc_id == htlc_id {
2941 let outcome = match check_preimage {
2942 None => fail_reason.into(),
2943 Some(payment_preimage) => {
2944 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2945 if payment_hash != htlc.payment_hash {
2946 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2948 OutboundHTLCOutcome::Success(Some(payment_preimage))
2952 OutboundHTLCState::LocalAnnounced(_) =>
2953 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2954 OutboundHTLCState::Committed => {
2955 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2957 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2958 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2963 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2966 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2967 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2968 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2970 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2971 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2974 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2977 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2978 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2979 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2981 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2982 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2985 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2989 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2990 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2991 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2993 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2994 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2997 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
3001 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
3002 where L::Target: Logger
3004 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3005 return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
3007 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3008 return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
3010 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3011 return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
3014 let funding_script = self.context.get_funding_redeemscript();
3016 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3018 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
3019 let commitment_txid = {
3020 let trusted_tx = commitment_stats.tx.trust();
3021 let bitcoin_tx = trusted_tx.built_transaction();
3022 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
3024 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
3025 log_bytes!(msg.signature.serialize_compact()[..]),
3026 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
3027 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), &self.context.channel_id());
3028 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
3029 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
3033 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
3035 // If our counterparty updated the channel fee in this commitment transaction, check that
3036 // they can actually afford the new fee now.
3037 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
3038 update_state == FeeUpdateState::RemoteAnnounced
3041 debug_assert!(!self.context.is_outbound());
3042 let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
3043 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
3044 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
3047 #[cfg(any(test, fuzzing))]
3049 if self.context.is_outbound() {
3050 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
3051 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3052 if let Some(info) = projected_commit_tx_info {
3053 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
3054 + self.context.holding_cell_htlc_updates.len();
3055 if info.total_pending_htlcs == total_pending_htlcs
3056 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
3057 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
3058 && info.feerate == self.context.feerate_per_kw {
3059 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
3065 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
3066 return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
3069 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
3070 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
3071 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
3072 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
3073 // backwards compatibility, we never use it in production. To provide test coverage, here,
3074 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
3075 #[allow(unused_assignments, unused_mut)]
3076 let mut separate_nondust_htlc_sources = false;
3077 #[cfg(all(feature = "std", any(test, fuzzing)))] {
3078 use core::hash::{BuildHasher, Hasher};
3079 // Get a random value using the only std API to do so - the DefaultHasher
3080 let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
3081 separate_nondust_htlc_sources = rand_val % 2 == 0;
3084 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
3085 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
3086 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
3087 if let Some(_) = htlc.transaction_output_index {
3088 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
3089 self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
3090 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
3092 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
3093 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
3094 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
3095 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
3096 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
3097 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), &self.context.channel_id());
3098 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
3099 return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
3101 if !separate_nondust_htlc_sources {
3102 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
3105 htlcs_and_sigs.push((htlc, None, source_opt.take()));
3107 if separate_nondust_htlc_sources {
3108 if let Some(source) = source_opt.take() {
3109 nondust_htlc_sources.push(source);
3112 debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
3115 let holder_commitment_tx = HolderCommitmentTransaction::new(
3116 commitment_stats.tx,
3118 msg.htlc_signatures.clone(),
3119 &self.context.get_holder_pubkeys().funding_pubkey,
3120 self.context.counterparty_funding_pubkey()
3123 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
3124 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
3126 // Update state now that we've passed all the can-fail calls...
3127 let mut need_commitment = false;
3128 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
3129 if *update_state == FeeUpdateState::RemoteAnnounced {
3130 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
3131 need_commitment = true;
3135 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
3136 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3137 Some(forward_info.clone())
3139 if let Some(forward_info) = new_forward {
3140 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3141 &htlc.payment_hash, &self.context.channel_id);
3142 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3143 need_commitment = true;
3146 let mut claimed_htlcs = Vec::new();
3147 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3148 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3149 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3150 &htlc.payment_hash, &self.context.channel_id);
3151 // Grab the preimage, if it exists, instead of cloning
3152 let mut reason = OutboundHTLCOutcome::Success(None);
3153 mem::swap(outcome, &mut reason);
3154 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
3155 // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
3156 // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
3157 // have a `Success(None)` reason. In this case we could forget some HTLC
3158 // claims, but such an upgrade is unlikely and including claimed HTLCs here
3159 // fixes a bug which the user was exposed to on 0.0.104 when they started the
3161 claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
3163 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3164 need_commitment = true;
3168 self.context.latest_monitor_update_id += 1;
3169 let mut monitor_update = ChannelMonitorUpdate {
3170 update_id: self.context.latest_monitor_update_id,
3171 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3172 commitment_tx: holder_commitment_tx,
3173 htlc_outputs: htlcs_and_sigs,
3175 nondust_htlc_sources,
3179 self.context.cur_holder_commitment_transaction_number -= 1;
3180 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3181 // build_commitment_no_status_check() next which will reset this to RAAFirst.
3182 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
3184 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3185 // In case we initially failed monitor updating without requiring a response, we need
3186 // to make sure the RAA gets sent first.
3187 self.context.monitor_pending_revoke_and_ack = true;
3188 if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3189 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3190 // the corresponding HTLC status updates so that
3191 // get_last_commitment_update_for_send includes the right HTLCs.
3192 self.context.monitor_pending_commitment_signed = true;
3193 let mut additional_update = self.build_commitment_no_status_check(logger);
3194 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3195 // strictly increasing by one, so decrement it here.
3196 self.context.latest_monitor_update_id = monitor_update.update_id;
3197 monitor_update.updates.append(&mut additional_update.updates);
3199 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3200 &self.context.channel_id);
3201 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3204 let need_commitment_signed = if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3205 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3206 // we'll send one right away when we get the revoke_and_ack when we
3207 // free_holding_cell_htlcs().
3208 let mut additional_update = self.build_commitment_no_status_check(logger);
3209 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3210 // strictly increasing by one, so decrement it here.
3211 self.context.latest_monitor_update_id = monitor_update.update_id;
3212 monitor_update.updates.append(&mut additional_update.updates);
3216 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3217 &self.context.channel_id(), if need_commitment_signed { " our own commitment_signed and" } else { "" });
3218 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
3219 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3222 /// Public version of the below, checking relevant preconditions first.
3223 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3224 /// returns `(None, Vec::new())`.
3225 pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
3226 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3227 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3228 where F::Target: FeeEstimator, L::Target: Logger
3230 if self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 &&
3231 (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3232 self.free_holding_cell_htlcs(fee_estimator, logger)
3233 } else { (None, Vec::new()) }
3236 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3237 /// for our counterparty.
3238 fn free_holding_cell_htlcs<F: Deref, L: Deref>(
3239 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3240 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3241 where F::Target: FeeEstimator, L::Target: Logger
3243 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3244 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
3245 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
3246 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, &self.context.channel_id());
3248 let mut monitor_update = ChannelMonitorUpdate {
3249 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
3250 updates: Vec::new(),
3253 let mut htlc_updates = Vec::new();
3254 mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
3255 let mut update_add_count = 0;
3256 let mut update_fulfill_count = 0;
3257 let mut update_fail_count = 0;
3258 let mut htlcs_to_fail = Vec::new();
3259 for htlc_update in htlc_updates.drain(..) {
3260 // Note that this *can* fail, though it should be due to rather-rare conditions on
3261 // fee races with adding too many outputs which push our total payments just over
3262 // the limit. In case it's less rare than I anticipate, we may want to revisit
3263 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3264 // to rebalance channels.
3265 match &htlc_update {
3266 &HTLCUpdateAwaitingACK::AddHTLC {
3267 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
3268 skimmed_fee_msat, ..
3270 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(),
3271 onion_routing_packet.clone(), false, skimmed_fee_msat, fee_estimator, logger)
3273 Ok(_) => update_add_count += 1,
3276 ChannelError::Ignore(ref msg) => {
3277 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}", &payment_hash, msg, &self.context.channel_id());
3278 // If we fail to send here, then this HTLC should
3279 // be failed backwards. Failing to send here
3280 // indicates that this HTLC may keep being put back
3281 // into the holding cell without ever being
3282 // successfully forwarded/failed/fulfilled, causing
3283 // our counterparty to eventually close on us.
3284 htlcs_to_fail.push((source.clone(), *payment_hash));
3287 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3293 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3294 // If an HTLC claim was previously added to the holding cell (via
3295 // `get_update_fulfill_htlc`, then generating the claim message itself must
3296 // not fail - any in between attempts to claim the HTLC will have resulted
3297 // in it hitting the holding cell again and we cannot change the state of a
3298 // holding cell HTLC from fulfill to anything else.
3299 let mut additional_monitor_update =
3300 if let UpdateFulfillFetch::NewClaim { monitor_update, .. } =
3301 self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger)
3302 { monitor_update } else { unreachable!() };
3303 update_fulfill_count += 1;
3304 monitor_update.updates.append(&mut additional_monitor_update.updates);
3306 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3307 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3308 Ok(update_fail_msg_option) => {
3309 // If an HTLC failure was previously added to the holding cell (via
3310 // `queue_fail_htlc`) then generating the fail message itself must
3311 // not fail - we should never end up in a state where we double-fail
3312 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3313 // for a full revocation before failing.
3314 debug_assert!(update_fail_msg_option.is_some());
3315 update_fail_count += 1;
3318 if let ChannelError::Ignore(_) = e {}
3320 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3327 if update_add_count == 0 && update_fulfill_count == 0 && update_fail_count == 0 && self.context.holding_cell_update_fee.is_none() {
3328 return (None, htlcs_to_fail);
3330 let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
3331 self.send_update_fee(feerate, false, fee_estimator, logger)
3336 let mut additional_update = self.build_commitment_no_status_check(logger);
3337 // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3338 // but we want them to be strictly increasing by one, so reset it here.
3339 self.context.latest_monitor_update_id = monitor_update.update_id;
3340 monitor_update.updates.append(&mut additional_update.updates);
3342 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3343 &self.context.channel_id(), if update_fee.is_some() { "a fee update, " } else { "" },
3344 update_add_count, update_fulfill_count, update_fail_count);
3346 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
3347 (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
3353 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3354 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3355 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3356 /// generating an appropriate error *after* the channel state has been updated based on the
3357 /// revoke_and_ack message.
3358 pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
3359 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L, hold_mon_update: bool,
3360 ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
3361 where F::Target: FeeEstimator, L::Target: Logger,
3363 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3364 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3366 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3367 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3369 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3370 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3373 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3375 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
3376 if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
3377 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3381 if self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3382 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3383 // haven't given them a new commitment transaction to broadcast). We should probably
3384 // take advantage of this by updating our channel monitor, sending them an error, and
3385 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3386 // lot of work, and there's some chance this is all a misunderstanding anyway.
3387 // We have to do *something*, though, since our signer may get mad at us for otherwise
3388 // jumping a remote commitment number, so best to just force-close and move on.
3389 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3392 #[cfg(any(test, fuzzing))]
3394 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3395 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3398 match &self.context.holder_signer {
3399 ChannelSignerType::Ecdsa(ecdsa) => {
3400 ecdsa.validate_counterparty_revocation(
3401 self.context.cur_counterparty_commitment_transaction_number + 1,
3403 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3407 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3408 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3409 self.context.latest_monitor_update_id += 1;
3410 let mut monitor_update = ChannelMonitorUpdate {
3411 update_id: self.context.latest_monitor_update_id,
3412 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3413 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
3414 secret: msg.per_commitment_secret,
3418 // Update state now that we've passed all the can-fail calls...
3419 // (note that we may still fail to generate the new commitment_signed message, but that's
3420 // OK, we step the channel here and *then* if the new generation fails we can fail the
3421 // channel based on that, but stepping stuff here should be safe either way.
3422 self.context.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3423 self.context.sent_message_awaiting_response = None;
3424 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
3425 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3426 self.context.cur_counterparty_commitment_transaction_number -= 1;
3428 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3429 self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3432 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", &self.context.channel_id());
3433 let mut to_forward_infos = Vec::new();
3434 let mut revoked_htlcs = Vec::new();
3435 let mut finalized_claimed_htlcs = Vec::new();
3436 let mut update_fail_htlcs = Vec::new();
3437 let mut update_fail_malformed_htlcs = Vec::new();
3438 let mut require_commitment = false;
3439 let mut value_to_self_msat_diff: i64 = 0;
3442 // Take references explicitly so that we can hold multiple references to self.context.
3443 let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
3444 let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
3446 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3447 pending_inbound_htlcs.retain(|htlc| {
3448 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3449 log_trace!(logger, " ...removing inbound LocalRemoved {}", &htlc.payment_hash);
3450 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3451 value_to_self_msat_diff += htlc.amount_msat as i64;
3456 pending_outbound_htlcs.retain(|htlc| {
3457 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3458 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", &htlc.payment_hash);
3459 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3460 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3462 finalized_claimed_htlcs.push(htlc.source.clone());
3463 // They fulfilled, so we sent them money
3464 value_to_self_msat_diff -= htlc.amount_msat as i64;
3469 for htlc in pending_inbound_htlcs.iter_mut() {
3470 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3472 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3476 let mut state = InboundHTLCState::Committed;
3477 mem::swap(&mut state, &mut htlc.state);
3479 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3480 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
3481 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3482 require_commitment = true;
3483 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3484 match forward_info {
3485 PendingHTLCStatus::Fail(fail_msg) => {
3486 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", &htlc.payment_hash);
3487 require_commitment = true;
3489 HTLCFailureMsg::Relay(msg) => {
3490 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3491 update_fail_htlcs.push(msg)
3493 HTLCFailureMsg::Malformed(msg) => {
3494 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3495 update_fail_malformed_htlcs.push(msg)
3499 PendingHTLCStatus::Forward(forward_info) => {
3500 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", &htlc.payment_hash);
3501 to_forward_infos.push((forward_info, htlc.htlc_id));
3502 htlc.state = InboundHTLCState::Committed;
3508 for htlc in pending_outbound_htlcs.iter_mut() {
3509 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3510 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", &htlc.payment_hash);
3511 htlc.state = OutboundHTLCState::Committed;
3513 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3514 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
3515 // Grab the preimage, if it exists, instead of cloning
3516 let mut reason = OutboundHTLCOutcome::Success(None);
3517 mem::swap(outcome, &mut reason);
3518 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3519 require_commitment = true;
3523 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3525 if let Some((feerate, update_state)) = self.context.pending_update_fee {
3526 match update_state {
3527 FeeUpdateState::Outbound => {
3528 debug_assert!(self.context.is_outbound());
3529 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3530 self.context.feerate_per_kw = feerate;
3531 self.context.pending_update_fee = None;
3533 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
3534 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3535 debug_assert!(!self.context.is_outbound());
3536 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3537 require_commitment = true;
3538 self.context.feerate_per_kw = feerate;
3539 self.context.pending_update_fee = None;
3544 let release_monitor = self.context.blocked_monitor_updates.is_empty() && !hold_mon_update;
3545 let release_state_str =
3546 if hold_mon_update { "Holding" } else if release_monitor { "Releasing" } else { "Blocked" };
3547 macro_rules! return_with_htlcs_to_fail {
3548 ($htlcs_to_fail: expr) => {
3549 if !release_monitor {
3550 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
3551 update: monitor_update,
3553 return Ok(($htlcs_to_fail, None));
3555 return Ok(($htlcs_to_fail, Some(monitor_update)));
3560 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3561 // We can't actually generate a new commitment transaction (incl by freeing holding
3562 // cells) while we can't update the monitor, so we just return what we have.
3563 if require_commitment {
3564 self.context.monitor_pending_commitment_signed = true;
3565 // When the monitor updating is restored we'll call
3566 // get_last_commitment_update_for_send(), which does not update state, but we're
3567 // definitely now awaiting a remote revoke before we can step forward any more, so
3569 let mut additional_update = self.build_commitment_no_status_check(logger);
3570 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3571 // strictly increasing by one, so decrement it here.
3572 self.context.latest_monitor_update_id = monitor_update.update_id;
3573 monitor_update.updates.append(&mut additional_update.updates);
3575 self.context.monitor_pending_forwards.append(&mut to_forward_infos);
3576 self.context.monitor_pending_failures.append(&mut revoked_htlcs);
3577 self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3578 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", &self.context.channel_id());
3579 return_with_htlcs_to_fail!(Vec::new());
3582 match self.free_holding_cell_htlcs(fee_estimator, logger) {
3583 (Some(mut additional_update), htlcs_to_fail) => {
3584 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3585 // strictly increasing by one, so decrement it here.
3586 self.context.latest_monitor_update_id = monitor_update.update_id;
3587 monitor_update.updates.append(&mut additional_update.updates);
3589 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with holding cell HTLCs freed. {} monitor update.",
3590 &self.context.channel_id(), release_state_str);
3592 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3593 return_with_htlcs_to_fail!(htlcs_to_fail);
3595 (None, htlcs_to_fail) => {
3596 if require_commitment {
3597 let mut additional_update = self.build_commitment_no_status_check(logger);
3599 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3600 // strictly increasing by one, so decrement it here.
3601 self.context.latest_monitor_update_id = monitor_update.update_id;
3602 monitor_update.updates.append(&mut additional_update.updates);
3604 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed. {} monitor update.",
3605 &self.context.channel_id(),
3606 update_fail_htlcs.len() + update_fail_malformed_htlcs.len(),
3609 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3610 return_with_htlcs_to_fail!(htlcs_to_fail);
3612 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary. {} monitor update.",
3613 &self.context.channel_id(), release_state_str);
3615 self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3616 return_with_htlcs_to_fail!(htlcs_to_fail);
3622 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3623 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3624 /// commitment update.
3625 pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
3626 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
3627 where F::Target: FeeEstimator, L::Target: Logger
3629 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
3630 assert!(msg_opt.is_none(), "We forced holding cell?");
3633 /// Adds a pending update to this channel. See the doc for send_htlc for
3634 /// further details on the optionness of the return value.
3635 /// If our balance is too low to cover the cost of the next commitment transaction at the
3636 /// new feerate, the update is cancelled.
3638 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3639 /// [`Channel`] if `force_holding_cell` is false.
3640 fn send_update_fee<F: Deref, L: Deref>(
3641 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
3642 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3643 ) -> Option<msgs::UpdateFee>
3644 where F::Target: FeeEstimator, L::Target: Logger
3646 if !self.context.is_outbound() {
3647 panic!("Cannot send fee from inbound channel");
3649 if !self.context.is_usable() {
3650 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3652 if !self.context.is_live() {
3653 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3656 // Before proposing a feerate update, check that we can actually afford the new fee.
3657 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3658 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3659 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3660 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3661 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
3662 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3663 if holder_balance_msat < buffer_fee_msat + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3664 //TODO: auto-close after a number of failures?
3665 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3669 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3670 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3671 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3672 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3673 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3674 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3677 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3678 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3682 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3683 force_holding_cell = true;
3686 if force_holding_cell {
3687 self.context.holding_cell_update_fee = Some(feerate_per_kw);
3691 debug_assert!(self.context.pending_update_fee.is_none());
3692 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3694 Some(msgs::UpdateFee {
3695 channel_id: self.context.channel_id,
3700 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3701 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3703 /// No further message handling calls may be made until a channel_reestablish dance has
3705 /// May return `Err(())`, which implies [`ChannelContext::force_shutdown`] should be called immediately.
3706 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) -> Result<(), ()> where L::Target: Logger {
3707 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
3708 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
3712 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3713 // While the below code should be idempotent, it's simpler to just return early, as
3714 // redundant disconnect events can fire, though they should be rare.
3718 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3719 self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
3722 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3723 // will be retransmitted.
3724 self.context.last_sent_closing_fee = None;
3725 self.context.pending_counterparty_closing_signed = None;
3726 self.context.closing_fee_limits = None;
3728 let mut inbound_drop_count = 0;
3729 self.context.pending_inbound_htlcs.retain(|htlc| {
3731 InboundHTLCState::RemoteAnnounced(_) => {
3732 // They sent us an update_add_htlc but we never got the commitment_signed.
3733 // We'll tell them what commitment_signed we're expecting next and they'll drop
3734 // this HTLC accordingly
3735 inbound_drop_count += 1;
3738 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3739 // We received a commitment_signed updating this HTLC and (at least hopefully)
3740 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3741 // in response to it yet, so don't touch it.
3744 InboundHTLCState::Committed => true,
3745 InboundHTLCState::LocalRemoved(_) => {
3746 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3747 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3748 // (that we missed). Keep this around for now and if they tell us they missed
3749 // the commitment_signed we can re-transmit the update then.
3754 self.context.next_counterparty_htlc_id -= inbound_drop_count;
3756 if let Some((_, update_state)) = self.context.pending_update_fee {
3757 if update_state == FeeUpdateState::RemoteAnnounced {
3758 debug_assert!(!self.context.is_outbound());
3759 self.context.pending_update_fee = None;
3763 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3764 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3765 // They sent us an update to remove this but haven't yet sent the corresponding
3766 // commitment_signed, we need to move it back to Committed and they can re-send
3767 // the update upon reconnection.
3768 htlc.state = OutboundHTLCState::Committed;
3772 self.context.sent_message_awaiting_response = None;
3774 self.context.channel_state |= ChannelState::PeerDisconnected as u32;
3775 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, &self.context.channel_id());
3779 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3780 /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
3781 /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
3782 /// update completes (potentially immediately).
3783 /// The messages which were generated with the monitor update must *not* have been sent to the
3784 /// remote end, and must instead have been dropped. They will be regenerated when
3785 /// [`Self::monitor_updating_restored`] is called.
3787 /// [`ChannelManager`]: super::channelmanager::ChannelManager
3788 /// [`chain::Watch`]: crate::chain::Watch
3789 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3790 fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3791 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3792 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3793 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3795 self.context.monitor_pending_revoke_and_ack |= resend_raa;
3796 self.context.monitor_pending_commitment_signed |= resend_commitment;
3797 self.context.monitor_pending_channel_ready |= resend_channel_ready;
3798 self.context.monitor_pending_forwards.append(&mut pending_forwards);
3799 self.context.monitor_pending_failures.append(&mut pending_fails);
3800 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3801 self.context.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3804 /// Indicates that the latest ChannelMonitor update has been committed by the client
3805 /// successfully and we should restore normal operation. Returns messages which should be sent
3806 /// to the remote side.
3807 pub fn monitor_updating_restored<L: Deref, NS: Deref>(
3808 &mut self, logger: &L, node_signer: &NS, chain_hash: ChainHash,
3809 user_config: &UserConfig, best_block_height: u32
3810 ) -> MonitorRestoreUpdates
3813 NS::Target: NodeSigner
3815 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3816 self.context.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3818 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3819 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3820 // first received the funding_signed.
3821 let mut funding_broadcastable =
3822 if self.context.is_outbound() && self.context.channel_state & !STATE_FLAGS >= ChannelState::FundingSent as u32 && self.context.channel_state & ChannelState::WaitingForBatch as u32 == 0 {
3823 self.context.funding_transaction.take()
3825 // That said, if the funding transaction is already confirmed (ie we're active with a
3826 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3827 if self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.context.minimum_depth != Some(0) {
3828 funding_broadcastable = None;
3831 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3832 // (and we assume the user never directly broadcasts the funding transaction and waits for
3833 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3834 // * an inbound channel that failed to persist the monitor on funding_created and we got
3835 // the funding transaction confirmed before the monitor was persisted, or
3836 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3837 let channel_ready = if self.context.monitor_pending_channel_ready {
3838 assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
3839 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3840 self.context.monitor_pending_channel_ready = false;
3841 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3842 Some(msgs::ChannelReady {
3843 channel_id: self.context.channel_id(),
3844 next_per_commitment_point,
3845 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3849 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block_height, logger);
3851 let mut accepted_htlcs = Vec::new();
3852 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
3853 let mut failed_htlcs = Vec::new();
3854 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
3855 let mut finalized_claimed_htlcs = Vec::new();
3856 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
3858 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3859 self.context.monitor_pending_revoke_and_ack = false;
3860 self.context.monitor_pending_commitment_signed = false;
3861 return MonitorRestoreUpdates {
3862 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3863 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3867 let raa = if self.context.monitor_pending_revoke_and_ack {
3868 Some(self.get_last_revoke_and_ack())
3870 let commitment_update = if self.context.monitor_pending_commitment_signed {
3871 self.get_last_commitment_update_for_send(logger).ok()
3873 if commitment_update.is_some() {
3874 self.mark_awaiting_response();
3877 self.context.monitor_pending_revoke_and_ack = false;
3878 self.context.monitor_pending_commitment_signed = false;
3879 let order = self.context.resend_order.clone();
3880 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3881 &self.context.channel_id(), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3882 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3883 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3884 MonitorRestoreUpdates {
3885 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3889 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3890 where F::Target: FeeEstimator, L::Target: Logger
3892 if self.context.is_outbound() {
3893 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3895 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3896 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3898 Channel::<SP>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
3899 let feerate_over_dust_buffer = msg.feerate_per_kw > self.context.get_dust_buffer_feerate(None);
3901 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3902 self.context.update_time_counter += 1;
3903 // If the feerate has increased over the previous dust buffer (note that
3904 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3905 // won't be pushed over our dust exposure limit by the feerate increase.
3906 if feerate_over_dust_buffer {
3907 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
3908 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
3909 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3910 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3911 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3912 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3913 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3914 msg.feerate_per_kw, holder_tx_dust_exposure)));
3916 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3917 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3918 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3924 /// Indicates that the signer may have some signatures for us, so we should retry if we're
3927 pub fn signer_maybe_unblocked<L: Deref>(&mut self, logger: &L) -> SignerResumeUpdates where L::Target: Logger {
3928 let commitment_update = if self.context.signer_pending_commitment_update {
3929 self.get_last_commitment_update_for_send(logger).ok()
3931 let funding_signed = None;
3932 let channel_ready = None;
3933 let funding_created = None;
3935 log_trace!(logger, "Signer unblocked with {} commitment_update, {} funding_signed, {} funding_created, and {} channel_ready",
3936 if commitment_update.is_some() { "a" } else { "no" },
3937 if funding_signed.is_some() { "a" } else { "no" },
3938 if funding_created.is_some() { "a" } else { "no" },
3939 if channel_ready.is_some() { "a" } else { "no" });
3941 SignerResumeUpdates {
3949 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3950 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3951 let per_commitment_secret = self.context.holder_signer.as_ref().release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
3952 msgs::RevokeAndACK {
3953 channel_id: self.context.channel_id,
3954 per_commitment_secret,
3955 next_per_commitment_point,
3957 next_local_nonce: None,
3961 /// Gets the last commitment update for immediate sending to our peer.
3962 fn get_last_commitment_update_for_send<L: Deref>(&mut self, logger: &L) -> Result<msgs::CommitmentUpdate, ()> where L::Target: Logger {
3963 let mut update_add_htlcs = Vec::new();
3964 let mut update_fulfill_htlcs = Vec::new();
3965 let mut update_fail_htlcs = Vec::new();
3966 let mut update_fail_malformed_htlcs = Vec::new();
3968 for htlc in self.context.pending_outbound_htlcs.iter() {
3969 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3970 update_add_htlcs.push(msgs::UpdateAddHTLC {
3971 channel_id: self.context.channel_id(),
3972 htlc_id: htlc.htlc_id,
3973 amount_msat: htlc.amount_msat,
3974 payment_hash: htlc.payment_hash,
3975 cltv_expiry: htlc.cltv_expiry,
3976 onion_routing_packet: (**onion_packet).clone(),
3977 skimmed_fee_msat: htlc.skimmed_fee_msat,
3982 for htlc in self.context.pending_inbound_htlcs.iter() {
3983 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3985 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3986 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3987 channel_id: self.context.channel_id(),
3988 htlc_id: htlc.htlc_id,
3989 reason: err_packet.clone()
3992 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3993 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3994 channel_id: self.context.channel_id(),
3995 htlc_id: htlc.htlc_id,
3996 sha256_of_onion: sha256_of_onion.clone(),
3997 failure_code: failure_code.clone(),
4000 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
4001 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
4002 channel_id: self.context.channel_id(),
4003 htlc_id: htlc.htlc_id,
4004 payment_preimage: payment_preimage.clone(),
4011 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
4012 Some(msgs::UpdateFee {
4013 channel_id: self.context.channel_id(),
4014 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
4018 log_trace!(logger, "Regenerating latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
4019 &self.context.channel_id(), if update_fee.is_some() { " update_fee," } else { "" },
4020 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
4021 let commitment_signed = if let Ok(update) = self.send_commitment_no_state_update(logger).map(|(cu, _)| cu) {
4022 if self.context.signer_pending_commitment_update {
4023 log_trace!(logger, "Commitment update generated: clearing signer_pending_commitment_update");
4024 self.context.signer_pending_commitment_update = false;
4028 if !self.context.signer_pending_commitment_update {
4029 log_trace!(logger, "Commitment update awaiting signer: setting signer_pending_commitment_update");
4030 self.context.signer_pending_commitment_update = true;
4034 Ok(msgs::CommitmentUpdate {
4035 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
4040 /// Gets the `Shutdown` message we should send our peer on reconnect, if any.
4041 pub fn get_outbound_shutdown(&self) -> Option<msgs::Shutdown> {
4042 if self.context.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
4043 assert!(self.context.shutdown_scriptpubkey.is_some());
4044 Some(msgs::Shutdown {
4045 channel_id: self.context.channel_id,
4046 scriptpubkey: self.get_closing_scriptpubkey(),
4051 /// May panic if some calls other than message-handling calls (which will all Err immediately)
4052 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
4054 /// Some links printed in log lines are included here to check them during build (when run with
4055 /// `cargo doc --document-private-items`):
4056 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
4057 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
4058 pub fn channel_reestablish<L: Deref, NS: Deref>(
4059 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
4060 chain_hash: ChainHash, user_config: &UserConfig, best_block: &BestBlock
4061 ) -> Result<ReestablishResponses, ChannelError>
4064 NS::Target: NodeSigner
4066 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4067 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
4068 // almost certainly indicates we are going to end up out-of-sync in some way, so we
4069 // just close here instead of trying to recover.
4070 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
4073 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
4074 msg.next_local_commitment_number == 0 {
4075 return Err(ChannelError::Close("Peer sent an invalid channel_reestablish to force close in a non-standard way".to_owned()));
4078 if msg.next_remote_commitment_number > 0 {
4079 let expected_point = self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
4080 let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
4081 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
4082 if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
4083 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
4085 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
4086 macro_rules! log_and_panic {
4087 ($err_msg: expr) => {
4088 log_error!(logger, $err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
4089 panic!($err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
4092 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
4093 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
4094 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
4095 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
4096 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
4097 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
4098 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
4099 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
4103 // Before we change the state of the channel, we check if the peer is sending a very old
4104 // commitment transaction number, if yes we send a warning message.
4105 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
4106 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
4108 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
4112 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
4113 // remaining cases either succeed or ErrorMessage-fail).
4114 self.context.channel_state &= !(ChannelState::PeerDisconnected as u32);
4115 self.context.sent_message_awaiting_response = None;
4117 let shutdown_msg = self.get_outbound_shutdown();
4119 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger);
4121 if self.context.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
4122 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
4123 if self.context.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
4124 self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4125 if msg.next_remote_commitment_number != 0 {
4126 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
4128 // Short circuit the whole handler as there is nothing we can resend them
4129 return Ok(ReestablishResponses {
4130 channel_ready: None,
4131 raa: None, commitment_update: None,
4132 order: RAACommitmentOrder::CommitmentFirst,
4133 shutdown_msg, announcement_sigs,
4137 // We have OurChannelReady set!
4138 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4139 return Ok(ReestablishResponses {
4140 channel_ready: Some(msgs::ChannelReady {
4141 channel_id: self.context.channel_id(),
4142 next_per_commitment_point,
4143 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4145 raa: None, commitment_update: None,
4146 order: RAACommitmentOrder::CommitmentFirst,
4147 shutdown_msg, announcement_sigs,
4151 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
4152 // Remote isn't waiting on any RevokeAndACK from us!
4153 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
4155 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.context.cur_holder_commitment_transaction_number {
4156 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4157 self.context.monitor_pending_revoke_and_ack = true;
4160 Some(self.get_last_revoke_and_ack())
4163 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
4166 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
4167 // revoke_and_ack, not on sending commitment_signed, so we add one if have
4168 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
4169 // the corresponding revoke_and_ack back yet.
4170 let is_awaiting_remote_revoke = self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 != 0;
4171 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
4172 self.mark_awaiting_response();
4174 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
4176 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
4177 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
4178 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4179 Some(msgs::ChannelReady {
4180 channel_id: self.context.channel_id(),
4181 next_per_commitment_point,
4182 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4186 if msg.next_local_commitment_number == next_counterparty_commitment_number {
4187 if required_revoke.is_some() {
4188 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
4190 log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
4193 Ok(ReestablishResponses {
4194 channel_ready, shutdown_msg, announcement_sigs,
4195 raa: required_revoke,
4196 commitment_update: None,
4197 order: self.context.resend_order.clone(),
4199 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
4200 if required_revoke.is_some() {
4201 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
4203 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", &self.context.channel_id());
4206 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4207 self.context.monitor_pending_commitment_signed = true;
4208 Ok(ReestablishResponses {
4209 channel_ready, shutdown_msg, announcement_sigs,
4210 commitment_update: None, raa: None,
4211 order: self.context.resend_order.clone(),
4214 Ok(ReestablishResponses {
4215 channel_ready, shutdown_msg, announcement_sigs,
4216 raa: required_revoke,
4217 commitment_update: self.get_last_commitment_update_for_send(logger).ok(),
4218 order: self.context.resend_order.clone(),
4222 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4226 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4227 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4228 /// at which point they will be recalculated.
4229 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4231 where F::Target: FeeEstimator
4233 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
4235 // Propose a range from our current Background feerate to our Normal feerate plus our
4236 // force_close_avoidance_max_fee_satoshis.
4237 // If we fail to come to consensus, we'll have to force-close.
4238 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::ChannelCloseMinimum);
4239 // Use NonAnchorChannelFee because this should be an estimate for a channel close
4240 // that we don't expect to need fee bumping
4241 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
4242 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
4244 // The spec requires that (when the channel does not have anchors) we only send absolute
4245 // channel fees no greater than the absolute channel fee on the current commitment
4246 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4247 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4248 // some force-closure by old nodes, but we wanted to close the channel anyway.
4250 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
4251 let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
4252 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4253 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4256 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4257 // below our dust limit, causing the output to disappear. We don't bother handling this
4258 // case, however, as this should only happen if a channel is closed before any (material)
4259 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4260 // come to consensus with our counterparty on appropriate fees, however it should be a
4261 // relatively rare case. We can revisit this later, though note that in order to determine
4262 // if the funders' output is dust we have to know the absolute fee we're going to use.
4263 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4264 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4265 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
4266 // We always add force_close_avoidance_max_fee_satoshis to our normal
4267 // feerate-calculated fee, but allow the max to be overridden if we're using a
4268 // target feerate-calculated fee.
4269 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
4270 proposed_max_feerate as u64 * tx_weight / 1000)
4272 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
4275 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4276 self.context.closing_fee_limits.clone().unwrap()
4279 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4280 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4281 /// this point if we're the funder we should send the initial closing_signed, and in any case
4282 /// shutdown should complete within a reasonable timeframe.
4283 fn closing_negotiation_ready(&self) -> bool {
4284 self.context.closing_negotiation_ready()
4287 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4288 /// an Err if no progress is being made and the channel should be force-closed instead.
4289 /// Should be called on a one-minute timer.
4290 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4291 if self.closing_negotiation_ready() {
4292 if self.context.closing_signed_in_flight {
4293 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4295 self.context.closing_signed_in_flight = true;
4301 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4302 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4303 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>, Option<ShutdownResult>), ChannelError>
4304 where F::Target: FeeEstimator, L::Target: Logger
4306 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4307 return Ok((None, None, None));
4310 if !self.context.is_outbound() {
4311 if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
4312 return self.closing_signed(fee_estimator, &msg);
4314 return Ok((None, None, None));
4317 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4319 assert!(self.context.shutdown_scriptpubkey.is_some());
4320 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4321 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4322 our_min_fee, our_max_fee, total_fee_satoshis);
4324 match &self.context.holder_signer {
4325 ChannelSignerType::Ecdsa(ecdsa) => {
4327 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4328 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4330 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4331 Ok((Some(msgs::ClosingSigned {
4332 channel_id: self.context.channel_id,
4333 fee_satoshis: total_fee_satoshis,
4335 fee_range: Some(msgs::ClosingSignedFeeRange {
4336 min_fee_satoshis: our_min_fee,
4337 max_fee_satoshis: our_max_fee,
4344 // Marks a channel as waiting for a response from the counterparty. If it's not received
4345 // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
4347 fn mark_awaiting_response(&mut self) {
4348 self.context.sent_message_awaiting_response = Some(0);
4351 /// Determines whether we should disconnect the counterparty due to not receiving a response
4352 /// within our expected timeframe.
4354 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
4355 pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
4356 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
4359 // Don't disconnect when we're not waiting on a response.
4362 *ticks_elapsed += 1;
4363 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
4367 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
4368 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4370 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4371 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4373 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
4374 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4375 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4376 // can do that via error message without getting a connection fail anyway...
4377 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4379 for htlc in self.context.pending_inbound_htlcs.iter() {
4380 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4381 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4384 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
4386 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4387 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4390 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
4391 if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
4392 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4395 self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4398 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4399 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4400 // any further commitment updates after we set LocalShutdownSent.
4401 let send_shutdown = (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4403 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
4406 assert!(send_shutdown);
4407 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
4408 Ok(scriptpubkey) => scriptpubkey,
4409 Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
4411 if !shutdown_scriptpubkey.is_compatible(their_features) {
4412 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4414 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4419 // From here on out, we may not fail!
4421 self.context.channel_state |= ChannelState::RemoteShutdownSent as u32;
4422 self.context.update_time_counter += 1;
4424 let monitor_update = if update_shutdown_script {
4425 self.context.latest_monitor_update_id += 1;
4426 let monitor_update = ChannelMonitorUpdate {
4427 update_id: self.context.latest_monitor_update_id,
4428 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4429 scriptpubkey: self.get_closing_scriptpubkey(),
4432 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
4433 self.push_ret_blockable_mon_update(monitor_update)
4435 let shutdown = if send_shutdown {
4436 Some(msgs::Shutdown {
4437 channel_id: self.context.channel_id,
4438 scriptpubkey: self.get_closing_scriptpubkey(),
4442 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4443 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4444 // cell HTLCs and return them to fail the payment.
4445 self.context.holding_cell_update_fee = None;
4446 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
4447 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4449 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4450 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4457 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
4458 self.context.update_time_counter += 1;
4460 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4463 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4464 let mut tx = closing_tx.trust().built_transaction().clone();
4466 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4468 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
4469 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
4470 let mut holder_sig = sig.serialize_der().to_vec();
4471 holder_sig.push(EcdsaSighashType::All as u8);
4472 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4473 cp_sig.push(EcdsaSighashType::All as u8);
4474 if funding_key[..] < counterparty_funding_key[..] {
4475 tx.input[0].witness.push(holder_sig);
4476 tx.input[0].witness.push(cp_sig);
4478 tx.input[0].witness.push(cp_sig);
4479 tx.input[0].witness.push(holder_sig);
4482 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
4486 pub fn closing_signed<F: Deref>(
4487 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4488 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>, Option<ShutdownResult>), ChannelError>
4489 where F::Target: FeeEstimator
4491 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4492 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4494 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4495 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4497 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
4498 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4500 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4501 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4504 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
4505 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4508 if self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4509 self.context.pending_counterparty_closing_signed = Some(msg.clone());
4510 return Ok((None, None, None));
4513 let funding_redeemscript = self.context.get_funding_redeemscript();
4514 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4515 if used_total_fee != msg.fee_satoshis {
4516 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4518 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4520 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
4523 // The remote end may have decided to revoke their output due to inconsistent dust
4524 // limits, so check for that case by re-checking the signature here.
4525 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4526 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4527 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4531 for outp in closing_tx.trust().built_transaction().output.iter() {
4532 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4533 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4537 assert!(self.context.shutdown_scriptpubkey.is_some());
4538 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
4539 if last_fee == msg.fee_satoshis {
4540 let shutdown_result = ShutdownResult {
4541 monitor_update: None,
4542 dropped_outbound_htlcs: Vec::new(),
4543 unbroadcasted_batch_funding_txid: self.context.unbroadcasted_batch_funding_txid(),
4545 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4546 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4547 self.context.update_time_counter += 1;
4548 return Ok((None, Some(tx), Some(shutdown_result)));
4552 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4554 macro_rules! propose_fee {
4555 ($new_fee: expr) => {
4556 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4557 (closing_tx, $new_fee)
4559 self.build_closing_transaction($new_fee, false)
4562 return match &self.context.holder_signer {
4563 ChannelSignerType::Ecdsa(ecdsa) => {
4565 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4566 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4567 let (signed_tx, shutdown_result) = if $new_fee == msg.fee_satoshis {
4568 let shutdown_result = ShutdownResult {
4569 monitor_update: None,
4570 dropped_outbound_htlcs: Vec::new(),
4571 unbroadcasted_batch_funding_txid: self.context.unbroadcasted_batch_funding_txid(),
4573 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4574 self.context.update_time_counter += 1;
4575 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4576 (Some(tx), Some(shutdown_result))
4581 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
4582 Ok((Some(msgs::ClosingSigned {
4583 channel_id: self.context.channel_id,
4584 fee_satoshis: used_fee,
4586 fee_range: Some(msgs::ClosingSignedFeeRange {
4587 min_fee_satoshis: our_min_fee,
4588 max_fee_satoshis: our_max_fee,
4590 }), signed_tx, shutdown_result))
4596 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4597 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4598 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4600 if max_fee_satoshis < our_min_fee {
4601 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4603 if min_fee_satoshis > our_max_fee {
4604 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4607 if !self.context.is_outbound() {
4608 // They have to pay, so pick the highest fee in the overlapping range.
4609 // We should never set an upper bound aside from their full balance
4610 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
4611 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4613 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4614 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4615 msg.fee_satoshis, our_min_fee, our_max_fee)));
4617 // The proposed fee is in our acceptable range, accept it and broadcast!
4618 propose_fee!(msg.fee_satoshis);
4621 // Old fee style negotiation. We don't bother to enforce whether they are complying
4622 // with the "making progress" requirements, we just comply and hope for the best.
4623 if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
4624 if msg.fee_satoshis > last_fee {
4625 if msg.fee_satoshis < our_max_fee {
4626 propose_fee!(msg.fee_satoshis);
4627 } else if last_fee < our_max_fee {
4628 propose_fee!(our_max_fee);
4630 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4633 if msg.fee_satoshis > our_min_fee {
4634 propose_fee!(msg.fee_satoshis);
4635 } else if last_fee > our_min_fee {
4636 propose_fee!(our_min_fee);
4638 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4642 if msg.fee_satoshis < our_min_fee {
4643 propose_fee!(our_min_fee);
4644 } else if msg.fee_satoshis > our_max_fee {
4645 propose_fee!(our_max_fee);
4647 propose_fee!(msg.fee_satoshis);
4653 fn internal_htlc_satisfies_config(
4654 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4655 ) -> Result<(), (&'static str, u16)> {
4656 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4657 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4658 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4659 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4661 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4662 0x1000 | 12, // fee_insufficient
4665 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4667 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4668 0x1000 | 13, // incorrect_cltv_expiry
4674 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4675 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4676 /// unsuccessful, falls back to the previous one if one exists.
4677 pub fn htlc_satisfies_config(
4678 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4679 ) -> Result<(), (&'static str, u16)> {
4680 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
4682 if let Some(prev_config) = self.context.prev_config() {
4683 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4690 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4691 self.context.cur_holder_commitment_transaction_number + 1
4694 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4695 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4698 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4699 self.context.cur_counterparty_commitment_transaction_number + 2
4703 pub fn get_signer(&self) -> &ChannelSignerType<<SP::Target as SignerProvider>::Signer> {
4704 &self.context.holder_signer
4708 pub fn get_value_stat(&self) -> ChannelValueStat {
4710 value_to_self_msat: self.context.value_to_self_msat,
4711 channel_value_msat: self.context.channel_value_satoshis * 1000,
4712 channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4713 pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4714 pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4715 holding_cell_outbound_amount_msat: {
4717 for h in self.context.holding_cell_htlc_updates.iter() {
4719 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4727 counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
4728 counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
4732 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4733 /// Allowed in any state (including after shutdown)
4734 pub fn is_awaiting_monitor_update(&self) -> bool {
4735 (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4738 /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
4739 pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
4740 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
4741 self.context.blocked_monitor_updates[0].update.update_id - 1
4744 /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
4745 /// further blocked monitor update exists after the next.
4746 pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
4747 if self.context.blocked_monitor_updates.is_empty() { return None; }
4748 Some((self.context.blocked_monitor_updates.remove(0).update,
4749 !self.context.blocked_monitor_updates.is_empty()))
4752 /// Pushes a new monitor update into our monitor update queue, returning it if it should be
4753 /// immediately given to the user for persisting or `None` if it should be held as blocked.
4754 fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
4755 -> Option<ChannelMonitorUpdate> {
4756 let release_monitor = self.context.blocked_monitor_updates.is_empty();
4757 if !release_monitor {
4758 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4767 pub fn blocked_monitor_updates_pending(&self) -> usize {
4768 self.context.blocked_monitor_updates.len()
4771 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4772 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4773 /// transaction. If the channel is inbound, this implies simply that the channel has not
4775 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4776 if !self.is_awaiting_monitor_update() { return false; }
4777 if self.context.channel_state &
4778 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32 | ChannelState::WaitingForBatch as u32)
4779 == ChannelState::FundingSent as u32 {
4780 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4781 // FundingSent set, though our peer could have sent their channel_ready.
4782 debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
4785 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4786 self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4787 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4788 // waiting for the initial monitor persistence. Thus, we check if our commitment
4789 // transaction numbers have both been iterated only exactly once (for the
4790 // funding_signed), and we're awaiting monitor update.
4792 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4793 // only way to get an awaiting-monitor-update state during initial funding is if the
4794 // initial monitor persistence is still pending).
4796 // Because deciding we're awaiting initial broadcast spuriously could result in
4797 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4798 // we hard-assert here, even in production builds.
4799 if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
4800 assert!(self.context.monitor_pending_channel_ready);
4801 assert_eq!(self.context.latest_monitor_update_id, 0);
4807 /// Returns true if our channel_ready has been sent
4808 pub fn is_our_channel_ready(&self) -> bool {
4809 (self.context.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32
4812 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4813 pub fn received_shutdown(&self) -> bool {
4814 (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4817 /// Returns true if we either initiated or agreed to shut down the channel.
4818 pub fn sent_shutdown(&self) -> bool {
4819 (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4822 /// Returns true if this channel is fully shut down. True here implies that no further actions
4823 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4824 /// will be handled appropriately by the chain monitor.
4825 pub fn is_shutdown(&self) -> bool {
4826 if (self.context.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4827 assert!(self.context.channel_state == ChannelState::ShutdownComplete as u32);
4832 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4833 self.context.channel_update_status
4836 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4837 self.context.update_time_counter += 1;
4838 self.context.channel_update_status = status;
4841 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4843 // * always when a new block/transactions are confirmed with the new height
4844 // * when funding is signed with a height of 0
4845 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
4849 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4850 if funding_tx_confirmations <= 0 {
4851 self.context.funding_tx_confirmation_height = 0;
4854 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
4858 // If we're still pending the signature on a funding transaction, then we're not ready to send a
4859 // channel_ready yet.
4860 if self.context.signer_pending_funding {
4864 // Note that we don't include ChannelState::WaitingForBatch as we don't want to send
4865 // channel_ready until the entire batch is ready.
4866 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4867 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4868 self.context.channel_state |= ChannelState::OurChannelReady as u32;
4870 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4871 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
4872 self.context.update_time_counter += 1;
4874 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4875 // We got a reorg but not enough to trigger a force close, just ignore.
4878 if self.context.funding_tx_confirmation_height != 0 && self.context.channel_state & !STATE_FLAGS < ChannelState::ChannelReady as u32 {
4879 // We should never see a funding transaction on-chain until we've received
4880 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4881 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4882 // however, may do this and we shouldn't treat it as a bug.
4883 #[cfg(not(fuzzing))]
4884 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4885 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4886 self.context.channel_state);
4888 // We got a reorg but not enough to trigger a force close, just ignore.
4892 if need_commitment_update {
4893 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4894 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4895 let next_per_commitment_point =
4896 self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
4897 return Some(msgs::ChannelReady {
4898 channel_id: self.context.channel_id,
4899 next_per_commitment_point,
4900 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4904 self.context.monitor_pending_channel_ready = true;
4910 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4911 /// In the first case, we store the confirmation height and calculating the short channel id.
4912 /// In the second, we simply return an Err indicating we need to be force-closed now.
4913 pub fn transactions_confirmed<NS: Deref, L: Deref>(
4914 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
4915 chain_hash: ChainHash, node_signer: &NS, user_config: &UserConfig, logger: &L
4916 ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4918 NS::Target: NodeSigner,
4921 let mut msgs = (None, None);
4922 if let Some(funding_txo) = self.context.get_funding_txo() {
4923 for &(index_in_block, tx) in txdata.iter() {
4924 // Check if the transaction is the expected funding transaction, and if it is,
4925 // check that it pays the right amount to the right script.
4926 if self.context.funding_tx_confirmation_height == 0 {
4927 if tx.txid() == funding_txo.txid {
4928 let txo_idx = funding_txo.index as usize;
4929 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
4930 tx.output[txo_idx].value != self.context.channel_value_satoshis {
4931 if self.context.is_outbound() {
4932 // If we generated the funding transaction and it doesn't match what it
4933 // should, the client is really broken and we should just panic and
4934 // tell them off. That said, because hash collisions happen with high
4935 // probability in fuzzing mode, if we're fuzzing we just close the
4936 // channel and move on.
4937 #[cfg(not(fuzzing))]
4938 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4940 self.context.update_time_counter += 1;
4941 let err_reason = "funding tx had wrong script/value or output index";
4942 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4944 if self.context.is_outbound() {
4945 if !tx.is_coin_base() {
4946 for input in tx.input.iter() {
4947 if input.witness.is_empty() {
4948 // We generated a malleable funding transaction, implying we've
4949 // just exposed ourselves to funds loss to our counterparty.
4950 #[cfg(not(fuzzing))]
4951 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4956 self.context.funding_tx_confirmation_height = height;
4957 self.context.funding_tx_confirmed_in = Some(*block_hash);
4958 self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4959 Ok(scid) => Some(scid),
4960 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4963 // If this is a coinbase transaction and not a 0-conf channel
4964 // we should update our min_depth to 100 to handle coinbase maturity
4965 if tx.is_coin_base() &&
4966 self.context.minimum_depth.unwrap_or(0) > 0 &&
4967 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
4968 self.context.minimum_depth = Some(COINBASE_MATURITY);
4971 // If we allow 1-conf funding, we may need to check for channel_ready here and
4972 // send it immediately instead of waiting for a best_block_updated call (which
4973 // may have already happened for this block).
4974 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4975 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
4976 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
4977 msgs = (Some(channel_ready), announcement_sigs);
4980 for inp in tx.input.iter() {
4981 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
4982 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, &self.context.channel_id());
4983 return Err(ClosureReason::CommitmentTxConfirmed);
4991 /// When a new block is connected, we check the height of the block against outbound holding
4992 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
4993 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
4994 /// handled by the ChannelMonitor.
4996 /// If we return Err, the channel may have been closed, at which point the standard
4997 /// requirements apply - no calls may be made except those explicitly stated to be allowed
5000 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
5002 pub fn best_block_updated<NS: Deref, L: Deref>(
5003 &mut self, height: u32, highest_header_time: u32, chain_hash: ChainHash,
5004 node_signer: &NS, user_config: &UserConfig, logger: &L
5005 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
5007 NS::Target: NodeSigner,
5010 self.do_best_block_updated(height, highest_header_time, Some((chain_hash, node_signer, user_config)), logger)
5013 fn do_best_block_updated<NS: Deref, L: Deref>(
5014 &mut self, height: u32, highest_header_time: u32,
5015 chain_node_signer: Option<(ChainHash, &NS, &UserConfig)>, logger: &L
5016 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
5018 NS::Target: NodeSigner,
5021 let mut timed_out_htlcs = Vec::new();
5022 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
5023 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
5025 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
5026 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5028 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
5029 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
5030 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
5038 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
5040 if let Some(channel_ready) = self.check_get_channel_ready(height) {
5041 let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
5042 self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
5044 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
5045 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
5048 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
5049 if non_shutdown_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 ||
5050 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
5051 let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
5052 if self.context.funding_tx_confirmation_height == 0 {
5053 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
5054 // zero if it has been reorged out, however in either case, our state flags
5055 // indicate we've already sent a channel_ready
5056 funding_tx_confirmations = 0;
5059 // If we've sent channel_ready (or have both sent and received channel_ready), and
5060 // the funding transaction has become unconfirmed,
5061 // close the channel and hope we can get the latest state on chain (because presumably
5062 // the funding transaction is at least still in the mempool of most nodes).
5064 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
5065 // 0-conf channel, but not doing so may lead to the
5066 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
5068 if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
5069 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
5070 self.context.minimum_depth.unwrap(), funding_tx_confirmations);
5071 return Err(ClosureReason::ProcessingError { err: err_reason });
5073 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
5074 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
5075 log_info!(logger, "Closing channel {} due to funding timeout", &self.context.channel_id);
5076 // If funding_tx_confirmed_in is unset, the channel must not be active
5077 assert!(non_shutdown_state & !STATE_FLAGS <= ChannelState::ChannelReady as u32);
5078 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
5079 return Err(ClosureReason::FundingTimedOut);
5082 let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
5083 self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
5085 Ok((None, timed_out_htlcs, announcement_sigs))
5088 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
5089 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
5090 /// before the channel has reached channel_ready and we can just wait for more blocks.
5091 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
5092 if self.context.funding_tx_confirmation_height != 0 {
5093 // We handle the funding disconnection by calling best_block_updated with a height one
5094 // below where our funding was connected, implying a reorg back to conf_height - 1.
5095 let reorg_height = self.context.funding_tx_confirmation_height - 1;
5096 // We use the time field to bump the current time we set on channel updates if its
5097 // larger. If we don't know that time has moved forward, we can just set it to the last
5098 // time we saw and it will be ignored.
5099 let best_time = self.context.update_time_counter;
5100 match self.do_best_block_updated(reorg_height, best_time, None::<(ChainHash, &&NodeSigner, &UserConfig)>, logger) {
5101 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
5102 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
5103 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
5104 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
5110 // We never learned about the funding confirmation anyway, just ignore
5115 // Methods to get unprompted messages to send to the remote end (or where we already returned
5116 // something in the handler for the message that prompted this message):
5118 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
5119 /// announceable and available for use (have exchanged [`ChannelReady`] messages in both
5120 /// directions). Should be used for both broadcasted announcements and in response to an
5121 /// AnnouncementSignatures message from the remote peer.
5123 /// Will only fail if we're not in a state where channel_announcement may be sent (including
5126 /// This will only return ChannelError::Ignore upon failure.
5128 /// [`ChannelReady`]: crate::ln::msgs::ChannelReady
5129 fn get_channel_announcement<NS: Deref>(
5130 &self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
5131 ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5132 if !self.context.config.announced_channel {
5133 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
5135 if !self.context.is_usable() {
5136 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
5139 let short_channel_id = self.context.get_short_channel_id()
5140 .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
5141 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
5142 .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
5143 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
5144 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
5146 let msg = msgs::UnsignedChannelAnnouncement {
5147 features: channelmanager::provided_channel_features(&user_config),
5150 node_id_1: if were_node_one { node_id } else { counterparty_node_id },
5151 node_id_2: if were_node_one { counterparty_node_id } else { node_id },
5152 bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
5153 bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
5154 excess_data: Vec::new(),
5160 fn get_announcement_sigs<NS: Deref, L: Deref>(
5161 &mut self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
5162 best_block_height: u32, logger: &L
5163 ) -> Option<msgs::AnnouncementSignatures>
5165 NS::Target: NodeSigner,
5168 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5172 if !self.context.is_usable() {
5176 if self.context.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
5177 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
5181 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
5185 log_trace!(logger, "Creating an announcement_signatures message for channel {}", &self.context.channel_id());
5186 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5189 log_trace!(logger, "{:?}", e);
5193 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
5195 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
5200 match &self.context.holder_signer {
5201 ChannelSignerType::Ecdsa(ecdsa) => {
5202 let our_bitcoin_sig = match ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
5204 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
5209 let short_channel_id = match self.context.get_short_channel_id() {
5211 None => return None,
5214 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
5216 Some(msgs::AnnouncementSignatures {
5217 channel_id: self.context.channel_id(),
5219 node_signature: our_node_sig,
5220 bitcoin_signature: our_bitcoin_sig,
5226 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
5228 fn sign_channel_announcement<NS: Deref>(
5229 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
5230 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5231 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
5232 let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
5233 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
5234 let were_node_one = announcement.node_id_1 == our_node_key;
5236 let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
5237 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
5238 match &self.context.holder_signer {
5239 ChannelSignerType::Ecdsa(ecdsa) => {
5240 let our_bitcoin_sig = ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
5241 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
5242 Ok(msgs::ChannelAnnouncement {
5243 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
5244 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
5245 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
5246 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
5247 contents: announcement,
5252 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5256 /// Processes an incoming announcement_signatures message, providing a fully-signed
5257 /// channel_announcement message which we can broadcast and storing our counterparty's
5258 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5259 pub fn announcement_signatures<NS: Deref>(
5260 &mut self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32,
5261 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
5262 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5263 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
5265 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5267 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
5268 return Err(ChannelError::Close(format!(
5269 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5270 &announcement, self.context.get_counterparty_node_id())));
5272 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
5273 return Err(ChannelError::Close(format!(
5274 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5275 &announcement, self.context.counterparty_funding_pubkey())));
5278 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5279 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5280 return Err(ChannelError::Ignore(
5281 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5284 self.sign_channel_announcement(node_signer, announcement)
5287 /// Gets a signed channel_announcement for this channel, if we previously received an
5288 /// announcement_signatures from our counterparty.
5289 pub fn get_signed_channel_announcement<NS: Deref>(
5290 &self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32, user_config: &UserConfig
5291 ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
5292 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5295 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5297 Err(_) => return None,
5299 match self.sign_channel_announcement(node_signer, announcement) {
5300 Ok(res) => Some(res),
5305 /// May panic if called on a channel that wasn't immediately-previously
5306 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5307 pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5308 assert_eq!(self.context.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5309 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5310 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5311 // current to_remote balances. However, it no longer has any use, and thus is now simply
5312 // set to a dummy (but valid, as required by the spec) public key.
5313 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5314 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5315 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5316 let mut pk = [2; 33]; pk[1] = 0xff;
5317 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5318 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5319 let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
5320 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), &self.context.channel_id());
5323 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", &self.context.channel_id());
5326 self.mark_awaiting_response();
5327 msgs::ChannelReestablish {
5328 channel_id: self.context.channel_id(),
5329 // The protocol has two different commitment number concepts - the "commitment
5330 // transaction number", which starts from 0 and counts up, and the "revocation key
5331 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5332 // commitment transaction numbers by the index which will be used to reveal the
5333 // revocation key for that commitment transaction, which means we have to convert them
5334 // to protocol-level commitment numbers here...
5336 // next_local_commitment_number is the next commitment_signed number we expect to
5337 // receive (indicating if they need to resend one that we missed).
5338 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
5339 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5340 // receive, however we track it by the next commitment number for a remote transaction
5341 // (which is one further, as they always revoke previous commitment transaction, not
5342 // the one we send) so we have to decrement by 1. Note that if
5343 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5344 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5346 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
5347 your_last_per_commitment_secret: remote_last_secret,
5348 my_current_per_commitment_point: dummy_pubkey,
5349 // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
5350 // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
5351 // txid of that interactive transaction, else we MUST NOT set it.
5352 next_funding_txid: None,
5357 // Send stuff to our remote peers:
5359 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5360 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5361 /// commitment update.
5363 /// `Err`s will only be [`ChannelError::Ignore`].
5364 pub fn queue_add_htlc<F: Deref, L: Deref>(
5365 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5366 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5367 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5368 ) -> Result<(), ChannelError>
5369 where F::Target: FeeEstimator, L::Target: Logger
5372 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
5373 skimmed_fee_msat, fee_estimator, logger)
5374 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5376 if let ChannelError::Ignore(_) = err { /* fine */ }
5377 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5382 /// Adds a pending outbound HTLC to this channel, note that you probably want
5383 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5385 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5387 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5388 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5390 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5391 /// we may not yet have sent the previous commitment update messages and will need to
5392 /// regenerate them.
5394 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5395 /// on this [`Channel`] if `force_holding_cell` is false.
5397 /// `Err`s will only be [`ChannelError::Ignore`].
5398 fn send_htlc<F: Deref, L: Deref>(
5399 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5400 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
5401 skimmed_fee_msat: Option<u64>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5402 ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
5403 where F::Target: FeeEstimator, L::Target: Logger
5405 if (self.context.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5406 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5408 let channel_total_msat = self.context.channel_value_satoshis * 1000;
5409 if amount_msat > channel_total_msat {
5410 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5413 if amount_msat == 0 {
5414 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5417 let available_balances = self.context.get_available_balances(fee_estimator);
5418 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
5419 return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
5420 available_balances.next_outbound_htlc_minimum_msat)));
5423 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
5424 return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
5425 available_balances.next_outbound_htlc_limit_msat)));
5428 if (self.context.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5429 // Note that this should never really happen, if we're !is_live() on receipt of an
5430 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5431 // the user to send directly into a !is_live() channel. However, if we
5432 // disconnected during the time the previous hop was doing the commitment dance we may
5433 // end up getting here after the forwarding delay. In any case, returning an
5434 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5435 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5438 let need_holding_cell = (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
5439 log_debug!(logger, "Pushing new outbound HTLC with hash {} for {} msat {}",
5440 payment_hash, amount_msat,
5441 if force_holding_cell { "into holding cell" }
5442 else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
5443 else { "to peer" });
5445 if need_holding_cell {
5446 force_holding_cell = true;
5449 // Now update local state:
5450 if force_holding_cell {
5451 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5456 onion_routing_packet,
5462 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
5463 htlc_id: self.context.next_holder_htlc_id,
5465 payment_hash: payment_hash.clone(),
5467 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5472 let res = msgs::UpdateAddHTLC {
5473 channel_id: self.context.channel_id,
5474 htlc_id: self.context.next_holder_htlc_id,
5478 onion_routing_packet,
5481 self.context.next_holder_htlc_id += 1;
5486 fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
5487 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5488 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5489 // fail to generate this, we still are at least at a position where upgrading their status
5491 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
5492 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5493 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5495 if let Some(state) = new_state {
5496 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
5500 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5501 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5502 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
5503 // Grab the preimage, if it exists, instead of cloning
5504 let mut reason = OutboundHTLCOutcome::Success(None);
5505 mem::swap(outcome, &mut reason);
5506 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5509 if let Some((feerate, update_state)) = self.context.pending_update_fee {
5510 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5511 debug_assert!(!self.context.is_outbound());
5512 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5513 self.context.feerate_per_kw = feerate;
5514 self.context.pending_update_fee = None;
5517 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5519 let (mut htlcs_ref, counterparty_commitment_tx) =
5520 self.build_commitment_no_state_update(logger);
5521 let counterparty_commitment_txid = counterparty_commitment_tx.trust().txid();
5522 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5523 htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5525 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5526 self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
5529 self.context.latest_monitor_update_id += 1;
5530 let monitor_update = ChannelMonitorUpdate {
5531 update_id: self.context.latest_monitor_update_id,
5532 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5533 commitment_txid: counterparty_commitment_txid,
5534 htlc_outputs: htlcs.clone(),
5535 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
5536 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap(),
5537 feerate_per_kw: Some(counterparty_commitment_tx.feerate_per_kw()),
5538 to_broadcaster_value_sat: Some(counterparty_commitment_tx.to_broadcaster_value_sat()),
5539 to_countersignatory_value_sat: Some(counterparty_commitment_tx.to_countersignatory_value_sat()),
5542 self.context.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5546 fn build_commitment_no_state_update<L: Deref>(&self, logger: &L)
5547 -> (Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>, CommitmentTransaction)
5548 where L::Target: Logger
5550 let counterparty_keys = self.context.build_remote_transaction_keys();
5551 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5552 let counterparty_commitment_tx = commitment_stats.tx;
5554 #[cfg(any(test, fuzzing))]
5556 if !self.context.is_outbound() {
5557 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5558 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5559 if let Some(info) = projected_commit_tx_info {
5560 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
5561 if info.total_pending_htlcs == total_pending_htlcs
5562 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
5563 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
5564 && info.feerate == self.context.feerate_per_kw {
5565 let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
5566 assert_eq!(actual_fee, info.fee);
5572 (commitment_stats.htlcs_included, counterparty_commitment_tx)
5575 /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
5576 /// generation when we shouldn't change HTLC/channel state.
5577 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5578 // Get the fee tests from `build_commitment_no_state_update`
5579 #[cfg(any(test, fuzzing))]
5580 self.build_commitment_no_state_update(logger);
5582 let counterparty_keys = self.context.build_remote_transaction_keys();
5583 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5584 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5586 match &self.context.holder_signer {
5587 ChannelSignerType::Ecdsa(ecdsa) => {
5588 let (signature, htlc_signatures);
5591 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5592 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5596 let res = ecdsa.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.context.secp_ctx)
5597 .map_err(|_| ChannelError::Ignore("Failed to get signatures for new commitment_signed".to_owned()))?;
5599 htlc_signatures = res.1;
5601 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5602 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5603 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
5604 log_bytes!(signature.serialize_compact()[..]), &self.context.channel_id());
5606 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5607 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5608 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5609 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
5610 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5611 log_bytes!(htlc_sig.serialize_compact()[..]), &self.context.channel_id());
5615 Ok((msgs::CommitmentSigned {
5616 channel_id: self.context.channel_id,
5620 partial_signature_with_nonce: None,
5621 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5626 /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
5627 /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
5629 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5630 /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
5631 pub fn send_htlc_and_commit<F: Deref, L: Deref>(
5632 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
5633 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5634 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5635 ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
5636 where F::Target: FeeEstimator, L::Target: Logger
5638 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
5639 onion_routing_packet, false, skimmed_fee_msat, fee_estimator, logger);
5640 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
5643 let monitor_update = self.build_commitment_no_status_check(logger);
5644 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
5645 Ok(self.push_ret_blockable_mon_update(monitor_update))
5651 /// Applies the `ChannelUpdate` and returns a boolean indicating whether a change actually
5653 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<bool, ChannelError> {
5654 let new_forwarding_info = Some(CounterpartyForwardingInfo {
5655 fee_base_msat: msg.contents.fee_base_msat,
5656 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5657 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5659 let did_change = self.context.counterparty_forwarding_info != new_forwarding_info;
5661 self.context.counterparty_forwarding_info = new_forwarding_info;
5667 /// Begins the shutdown process, getting a message for the remote peer and returning all
5668 /// holding cell HTLCs for payment failure.
5670 /// May jump to the channel being fully shutdown (see [`Self::is_shutdown`]) in which case no
5671 /// [`ChannelMonitorUpdate`] will be returned).
5672 pub fn get_shutdown(&mut self, signer_provider: &SP, their_features: &InitFeatures,
5673 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
5674 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>, Option<ShutdownResult>), APIError>
5676 for htlc in self.context.pending_outbound_htlcs.iter() {
5677 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5678 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5681 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5682 if (self.context.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5683 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5685 else if (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5686 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5689 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
5690 return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
5692 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
5693 if self.context.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5694 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5697 // If we haven't funded the channel yet, we don't need to bother ensuring the shutdown
5698 // script is set, we just force-close and call it a day.
5699 let mut chan_closed = false;
5700 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
5704 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5706 None if !chan_closed => {
5707 // use override shutdown script if provided
5708 let shutdown_scriptpubkey = match override_shutdown_script {
5709 Some(script) => script,
5711 // otherwise, use the shutdown scriptpubkey provided by the signer
5712 match signer_provider.get_shutdown_scriptpubkey() {
5713 Ok(scriptpubkey) => scriptpubkey,
5714 Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
5718 if !shutdown_scriptpubkey.is_compatible(their_features) {
5719 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5721 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5727 // From here on out, we may not fail!
5728 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5729 let shutdown_result = if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
5730 let shutdown_result = ShutdownResult {
5731 monitor_update: None,
5732 dropped_outbound_htlcs: Vec::new(),
5733 unbroadcasted_batch_funding_txid: self.context.unbroadcasted_batch_funding_txid(),
5735 self.context.channel_state = ChannelState::ShutdownComplete as u32;
5736 Some(shutdown_result)
5738 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
5741 self.context.update_time_counter += 1;
5743 let monitor_update = if update_shutdown_script {
5744 self.context.latest_monitor_update_id += 1;
5745 let monitor_update = ChannelMonitorUpdate {
5746 update_id: self.context.latest_monitor_update_id,
5747 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5748 scriptpubkey: self.get_closing_scriptpubkey(),
5751 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5752 self.push_ret_blockable_mon_update(monitor_update)
5754 let shutdown = msgs::Shutdown {
5755 channel_id: self.context.channel_id,
5756 scriptpubkey: self.get_closing_scriptpubkey(),
5759 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5760 // our shutdown until we've committed all of the pending changes.
5761 self.context.holding_cell_update_fee = None;
5762 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5763 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5765 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5766 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5773 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
5774 "we can't both complete shutdown and return a monitor update");
5776 Ok((shutdown, monitor_update, dropped_outbound_htlcs, shutdown_result))
5779 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
5780 self.context.holding_cell_htlc_updates.iter()
5781 .flat_map(|htlc_update| {
5783 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
5784 => Some((source, payment_hash)),
5788 .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
5792 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
5793 pub(super) struct OutboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
5794 pub context: ChannelContext<SP>,
5795 pub unfunded_context: UnfundedChannelContext,
5798 impl<SP: Deref> OutboundV1Channel<SP> where SP::Target: SignerProvider {
5799 pub fn new<ES: Deref, F: Deref>(
5800 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
5801 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
5802 outbound_scid_alias: u64
5803 ) -> Result<OutboundV1Channel<SP>, APIError>
5804 where ES::Target: EntropySource,
5805 F::Target: FeeEstimator
5807 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
5808 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
5809 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
5810 let pubkeys = holder_signer.pubkeys().clone();
5812 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
5813 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
5815 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
5816 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
5818 let channel_value_msat = channel_value_satoshis * 1000;
5819 if push_msat > channel_value_msat {
5820 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
5822 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
5823 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
5825 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
5826 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5827 // Protocol level safety check in place, although it should never happen because
5828 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
5829 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
5832 let channel_type = Self::get_initial_channel_type(&config, their_features);
5833 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
5835 let (commitment_conf_target, anchor_outputs_value_msat) = if channel_type.supports_anchors_zero_fee_htlc_tx() {
5836 (ConfirmationTarget::AnchorChannelFee, ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000)
5838 (ConfirmationTarget::NonAnchorChannelFee, 0)
5840 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
5842 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
5843 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
5844 if value_to_self_msat.saturating_sub(anchor_outputs_value_msat) < commitment_tx_fee {
5845 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
5848 let mut secp_ctx = Secp256k1::new();
5849 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
5851 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
5852 match signer_provider.get_shutdown_scriptpubkey() {
5853 Ok(scriptpubkey) => Some(scriptpubkey),
5854 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
5858 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
5859 if !shutdown_scriptpubkey.is_compatible(&their_features) {
5860 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5864 let destination_script = match signer_provider.get_destination_script() {
5865 Ok(script) => script,
5866 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
5869 let temporary_channel_id = ChannelId::temporary_from_entropy_source(entropy_source);
5872 context: ChannelContext {
5875 config: LegacyChannelConfig {
5876 options: config.channel_config.clone(),
5877 announced_channel: config.channel_handshake_config.announced_channel,
5878 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
5883 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
5885 channel_id: temporary_channel_id,
5886 temporary_channel_id: Some(temporary_channel_id),
5887 channel_state: ChannelState::OurInitSent as u32,
5888 announcement_sigs_state: AnnouncementSigsState::NotSent,
5890 channel_value_satoshis,
5892 latest_monitor_update_id: 0,
5894 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
5895 shutdown_scriptpubkey,
5898 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5899 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5902 pending_inbound_htlcs: Vec::new(),
5903 pending_outbound_htlcs: Vec::new(),
5904 holding_cell_htlc_updates: Vec::new(),
5905 pending_update_fee: None,
5906 holding_cell_update_fee: None,
5907 next_holder_htlc_id: 0,
5908 next_counterparty_htlc_id: 0,
5909 update_time_counter: 1,
5911 resend_order: RAACommitmentOrder::CommitmentFirst,
5913 monitor_pending_channel_ready: false,
5914 monitor_pending_revoke_and_ack: false,
5915 monitor_pending_commitment_signed: false,
5916 monitor_pending_forwards: Vec::new(),
5917 monitor_pending_failures: Vec::new(),
5918 monitor_pending_finalized_fulfills: Vec::new(),
5920 signer_pending_commitment_update: false,
5921 signer_pending_funding: false,
5923 #[cfg(debug_assertions)]
5924 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5925 #[cfg(debug_assertions)]
5926 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5928 last_sent_closing_fee: None,
5929 pending_counterparty_closing_signed: None,
5930 closing_fee_limits: None,
5931 target_closing_feerate_sats_per_kw: None,
5933 funding_tx_confirmed_in: None,
5934 funding_tx_confirmation_height: 0,
5935 short_channel_id: None,
5936 channel_creation_height: current_chain_height,
5938 feerate_per_kw: commitment_feerate,
5939 counterparty_dust_limit_satoshis: 0,
5940 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
5941 counterparty_max_htlc_value_in_flight_msat: 0,
5942 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
5943 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
5944 holder_selected_channel_reserve_satoshis,
5945 counterparty_htlc_minimum_msat: 0,
5946 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
5947 counterparty_max_accepted_htlcs: 0,
5948 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
5949 minimum_depth: None, // Filled in in accept_channel
5951 counterparty_forwarding_info: None,
5953 channel_transaction_parameters: ChannelTransactionParameters {
5954 holder_pubkeys: pubkeys,
5955 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
5956 is_outbound_from_holder: true,
5957 counterparty_parameters: None,
5958 funding_outpoint: None,
5959 channel_type_features: channel_type.clone()
5961 funding_transaction: None,
5962 is_batch_funding: None,
5964 counterparty_cur_commitment_point: None,
5965 counterparty_prev_commitment_point: None,
5966 counterparty_node_id,
5968 counterparty_shutdown_scriptpubkey: None,
5970 commitment_secrets: CounterpartyCommitmentSecrets::new(),
5972 channel_update_status: ChannelUpdateStatus::Enabled,
5973 closing_signed_in_flight: false,
5975 announcement_sigs: None,
5977 #[cfg(any(test, fuzzing))]
5978 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
5979 #[cfg(any(test, fuzzing))]
5980 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
5982 workaround_lnd_bug_4006: None,
5983 sent_message_awaiting_response: None,
5985 latest_inbound_scid_alias: None,
5986 outbound_scid_alias,
5988 channel_pending_event_emitted: false,
5989 channel_ready_event_emitted: false,
5991 #[cfg(any(test, fuzzing))]
5992 historical_inbound_htlc_fulfills: HashSet::new(),
5997 blocked_monitor_updates: Vec::new(),
5999 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6003 fn get_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ()> where L::Target: Logger {
6004 let counterparty_keys = self.context.build_remote_transaction_keys();
6005 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
6006 match &self.context.holder_signer {
6007 // TODO (taproot|arik): move match into calling method for Taproot
6008 ChannelSignerType::Ecdsa(ecdsa) => {
6009 ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
6010 .map(|(sig, _)| sig)
6015 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
6016 /// a funding_created message for the remote peer.
6017 /// Panics if called at some time other than immediately after initial handshake, if called twice,
6018 /// or if called on an inbound channel.
6019 /// Note that channel_id changes during this call!
6020 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
6021 /// If an Err is returned, it is a ChannelError::Close.
6022 pub fn get_funding_created<L: Deref>(mut self, funding_transaction: Transaction, funding_txo: OutPoint, is_batch_funding: bool, logger: &L)
6023 -> Result<(Channel<SP>, Option<msgs::FundingCreated>), (Self, ChannelError)> where L::Target: Logger {
6024 if !self.context.is_outbound() {
6025 panic!("Tried to create outbound funding_created message on an inbound channel!");
6027 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6028 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
6030 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6031 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6032 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6033 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6036 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6037 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
6039 let temporary_channel_id = self.context.channel_id;
6041 // Now that we're past error-generating stuff, update our local state:
6043 self.context.channel_state = ChannelState::FundingCreated as u32;
6044 self.context.channel_id = funding_txo.to_channel_id();
6046 // If the funding transaction is a coinbase transaction, we need to set the minimum depth to 100.
6047 // We can skip this if it is a zero-conf channel.
6048 if funding_transaction.is_coin_base() &&
6049 self.context.minimum_depth.unwrap_or(0) > 0 &&
6050 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
6051 self.context.minimum_depth = Some(COINBASE_MATURITY);
6054 self.context.funding_transaction = Some(funding_transaction);
6055 self.context.is_batch_funding = Some(()).filter(|_| is_batch_funding);
6057 let funding_created = if let Ok(signature) = self.get_funding_created_signature(logger) {
6058 Some(msgs::FundingCreated {
6059 temporary_channel_id,
6060 funding_txid: funding_txo.txid,
6061 funding_output_index: funding_txo.index,
6064 partial_signature_with_nonce: None,
6066 next_local_nonce: None,
6069 self.context.signer_pending_funding = true;
6073 let channel = Channel {
6074 context: self.context,
6077 Ok((channel, funding_created))
6080 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
6081 // The default channel type (ie the first one we try) depends on whether the channel is
6082 // public - if it is, we just go with `only_static_remotekey` as it's the only option
6083 // available. If it's private, we first try `scid_privacy` as it provides better privacy
6084 // with no other changes, and fall back to `only_static_remotekey`.
6085 let mut ret = ChannelTypeFeatures::only_static_remote_key();
6086 if !config.channel_handshake_config.announced_channel &&
6087 config.channel_handshake_config.negotiate_scid_privacy &&
6088 their_features.supports_scid_privacy() {
6089 ret.set_scid_privacy_required();
6092 // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
6093 // set it now. If they don't understand it, we'll fall back to our default of
6094 // `only_static_remotekey`.
6095 if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
6096 their_features.supports_anchors_zero_fee_htlc_tx() {
6097 ret.set_anchors_zero_fee_htlc_tx_required();
6103 /// If we receive an error message, it may only be a rejection of the channel type we tried,
6104 /// not of our ability to open any channel at all. Thus, on error, we should first call this
6105 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
6106 pub(crate) fn maybe_handle_error_without_close<F: Deref>(
6107 &mut self, chain_hash: ChainHash, fee_estimator: &LowerBoundedFeeEstimator<F>
6108 ) -> Result<msgs::OpenChannel, ()>
6110 F::Target: FeeEstimator
6112 if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
6113 if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
6114 // We've exhausted our options
6117 // We support opening a few different types of channels. Try removing our additional
6118 // features one by one until we've either arrived at our default or the counterparty has
6121 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
6122 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
6123 // checks whether the counterparty supports every feature, this would only happen if the
6124 // counterparty is advertising the feature, but rejecting channels proposing the feature for
6126 if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
6127 self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
6128 self.context.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
6129 assert!(!self.context.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
6130 } else if self.context.channel_type.supports_scid_privacy() {
6131 self.context.channel_type.clear_scid_privacy();
6133 self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
6135 self.context.channel_transaction_parameters.channel_type_features = self.context.channel_type.clone();
6136 Ok(self.get_open_channel(chain_hash))
6139 pub fn get_open_channel(&self, chain_hash: ChainHash) -> msgs::OpenChannel {
6140 if !self.context.is_outbound() {
6141 panic!("Tried to open a channel for an inbound channel?");
6143 if self.context.channel_state != ChannelState::OurInitSent as u32 {
6144 panic!("Cannot generate an open_channel after we've moved forward");
6147 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6148 panic!("Tried to send an open_channel for a channel that has already advanced");
6151 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6152 let keys = self.context.get_holder_pubkeys();
6156 temporary_channel_id: self.context.channel_id,
6157 funding_satoshis: self.context.channel_value_satoshis,
6158 push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
6159 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6160 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6161 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6162 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6163 feerate_per_kw: self.context.feerate_per_kw as u32,
6164 to_self_delay: self.context.get_holder_selected_contest_delay(),
6165 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6166 funding_pubkey: keys.funding_pubkey,
6167 revocation_basepoint: keys.revocation_basepoint,
6168 payment_point: keys.payment_point,
6169 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6170 htlc_basepoint: keys.htlc_basepoint,
6171 first_per_commitment_point,
6172 channel_flags: if self.context.config.announced_channel {1} else {0},
6173 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6174 Some(script) => script.clone().into_inner(),
6175 None => Builder::new().into_script(),
6177 channel_type: Some(self.context.channel_type.clone()),
6182 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
6183 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
6185 // Check sanity of message fields:
6186 if !self.context.is_outbound() {
6187 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
6189 if self.context.channel_state != ChannelState::OurInitSent as u32 {
6190 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
6192 if msg.dust_limit_satoshis > 21000000 * 100000000 {
6193 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
6195 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
6196 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
6198 if msg.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
6199 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
6201 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
6202 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
6203 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
6205 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
6206 if msg.htlc_minimum_msat >= full_channel_value_msat {
6207 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6209 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6210 if msg.to_self_delay > max_delay_acceptable {
6211 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
6213 if msg.max_accepted_htlcs < 1 {
6214 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6216 if msg.max_accepted_htlcs > MAX_HTLCS {
6217 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6220 // Now check against optional parameters as set by config...
6221 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
6222 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
6224 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
6225 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
6227 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
6228 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
6230 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
6231 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
6233 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6234 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6236 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6237 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6239 if msg.minimum_depth > peer_limits.max_minimum_depth {
6240 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
6243 if let Some(ty) = &msg.channel_type {
6244 if *ty != self.context.channel_type {
6245 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
6247 } else if their_features.supports_channel_type() {
6248 // Assume they've accepted the channel type as they said they understand it.
6250 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6251 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6252 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6254 self.context.channel_type = channel_type.clone();
6255 self.context.channel_transaction_parameters.channel_type_features = channel_type;
6258 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6259 match &msg.shutdown_scriptpubkey {
6260 &Some(ref script) => {
6261 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6262 if script.len() == 0 {
6265 if !script::is_bolt2_compliant(&script, their_features) {
6266 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
6268 Some(script.clone())
6271 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6273 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6278 self.context.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
6279 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
6280 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
6281 self.context.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
6282 self.context.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
6284 if peer_limits.trust_own_funding_0conf {
6285 self.context.minimum_depth = Some(msg.minimum_depth);
6287 self.context.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
6290 let counterparty_pubkeys = ChannelPublicKeys {
6291 funding_pubkey: msg.funding_pubkey,
6292 revocation_basepoint: msg.revocation_basepoint,
6293 payment_point: msg.payment_point,
6294 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6295 htlc_basepoint: msg.htlc_basepoint
6298 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
6299 selected_contest_delay: msg.to_self_delay,
6300 pubkeys: counterparty_pubkeys,
6303 self.context.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
6304 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
6306 self.context.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
6307 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
6313 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
6314 pub(super) struct InboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
6315 pub context: ChannelContext<SP>,
6316 pub unfunded_context: UnfundedChannelContext,
6319 impl<SP: Deref> InboundV1Channel<SP> where SP::Target: SignerProvider {
6320 /// Creates a new channel from a remote sides' request for one.
6321 /// Assumes chain_hash has already been checked and corresponds with what we expect!
6322 pub fn new<ES: Deref, F: Deref, L: Deref>(
6323 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
6324 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
6325 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
6326 current_chain_height: u32, logger: &L, is_0conf: bool,
6327 ) -> Result<InboundV1Channel<SP>, ChannelError>
6328 where ES::Target: EntropySource,
6329 F::Target: FeeEstimator,
6332 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
6334 // First check the channel type is known, failing before we do anything else if we don't
6335 // support this channel type.
6336 let channel_type = if let Some(channel_type) = &msg.channel_type {
6337 if channel_type.supports_any_optional_bits() {
6338 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
6341 // We only support the channel types defined by the `ChannelManager` in
6342 // `provided_channel_type_features`. The channel type must always support
6343 // `static_remote_key`.
6344 if !channel_type.requires_static_remote_key() {
6345 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
6347 // Make sure we support all of the features behind the channel type.
6348 if !channel_type.is_subset(our_supported_features) {
6349 return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
6351 if channel_type.requires_scid_privacy() && announced_channel {
6352 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
6354 channel_type.clone()
6356 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6357 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6358 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6363 let channel_keys_id = signer_provider.generate_channel_keys_id(true, msg.funding_satoshis, user_id);
6364 let holder_signer = signer_provider.derive_channel_signer(msg.funding_satoshis, channel_keys_id);
6365 let pubkeys = holder_signer.pubkeys().clone();
6366 let counterparty_pubkeys = ChannelPublicKeys {
6367 funding_pubkey: msg.funding_pubkey,
6368 revocation_basepoint: msg.revocation_basepoint,
6369 payment_point: msg.payment_point,
6370 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6371 htlc_basepoint: msg.htlc_basepoint
6374 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
6375 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
6378 // Check sanity of message fields:
6379 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
6380 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
6382 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
6383 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
6385 if msg.channel_reserve_satoshis > msg.funding_satoshis {
6386 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
6388 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
6389 if msg.push_msat > full_channel_value_msat {
6390 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
6392 if msg.dust_limit_satoshis > msg.funding_satoshis {
6393 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
6395 if msg.htlc_minimum_msat >= full_channel_value_msat {
6396 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6398 Channel::<SP>::check_remote_fee(&channel_type, fee_estimator, msg.feerate_per_kw, None, logger)?;
6400 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6401 if msg.to_self_delay > max_counterparty_selected_contest_delay {
6402 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
6404 if msg.max_accepted_htlcs < 1 {
6405 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6407 if msg.max_accepted_htlcs > MAX_HTLCS {
6408 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6411 // Now check against optional parameters as set by config...
6412 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
6413 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
6415 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
6416 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
6418 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
6419 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
6421 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
6422 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
6424 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
6425 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
6427 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6428 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6430 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6431 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6434 // Convert things into internal flags and prep our state:
6436 if config.channel_handshake_limits.force_announced_channel_preference {
6437 if config.channel_handshake_config.announced_channel != announced_channel {
6438 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
6442 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
6443 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6444 // Protocol level safety check in place, although it should never happen because
6445 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
6446 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6448 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
6449 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
6451 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6452 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
6453 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
6455 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
6456 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
6459 // check if the funder's amount for the initial commitment tx is sufficient
6460 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
6461 let anchor_outputs_value = if channel_type.supports_anchors_zero_fee_htlc_tx() {
6462 ANCHOR_OUTPUT_VALUE_SATOSHI * 2
6466 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
6467 let commitment_tx_fee = commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
6468 if (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value) < commitment_tx_fee {
6469 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value), commitment_tx_fee)));
6472 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee - anchor_outputs_value;
6473 // While it's reasonable for us to not meet the channel reserve initially (if they don't
6474 // want to push much to us), our counterparty should always have more than our reserve.
6475 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
6476 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
6479 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6480 match &msg.shutdown_scriptpubkey {
6481 &Some(ref script) => {
6482 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6483 if script.len() == 0 {
6486 if !script::is_bolt2_compliant(&script, their_features) {
6487 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
6489 Some(script.clone())
6492 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6494 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6499 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
6500 match signer_provider.get_shutdown_scriptpubkey() {
6501 Ok(scriptpubkey) => Some(scriptpubkey),
6502 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
6506 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
6507 if !shutdown_scriptpubkey.is_compatible(&their_features) {
6508 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
6512 let destination_script = match signer_provider.get_destination_script() {
6513 Ok(script) => script,
6514 Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
6517 let mut secp_ctx = Secp256k1::new();
6518 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
6520 let minimum_depth = if is_0conf {
6523 Some(cmp::max(config.channel_handshake_config.minimum_depth, 1))
6527 context: ChannelContext {
6530 config: LegacyChannelConfig {
6531 options: config.channel_config.clone(),
6533 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
6538 inbound_handshake_limits_override: None,
6540 temporary_channel_id: Some(msg.temporary_channel_id),
6541 channel_id: msg.temporary_channel_id,
6542 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
6543 announcement_sigs_state: AnnouncementSigsState::NotSent,
6546 latest_monitor_update_id: 0,
6548 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
6549 shutdown_scriptpubkey,
6552 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6553 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6554 value_to_self_msat: msg.push_msat,
6556 pending_inbound_htlcs: Vec::new(),
6557 pending_outbound_htlcs: Vec::new(),
6558 holding_cell_htlc_updates: Vec::new(),
6559 pending_update_fee: None,
6560 holding_cell_update_fee: None,
6561 next_holder_htlc_id: 0,
6562 next_counterparty_htlc_id: 0,
6563 update_time_counter: 1,
6565 resend_order: RAACommitmentOrder::CommitmentFirst,
6567 monitor_pending_channel_ready: false,
6568 monitor_pending_revoke_and_ack: false,
6569 monitor_pending_commitment_signed: false,
6570 monitor_pending_forwards: Vec::new(),
6571 monitor_pending_failures: Vec::new(),
6572 monitor_pending_finalized_fulfills: Vec::new(),
6574 signer_pending_commitment_update: false,
6575 signer_pending_funding: false,
6577 #[cfg(debug_assertions)]
6578 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6579 #[cfg(debug_assertions)]
6580 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6582 last_sent_closing_fee: None,
6583 pending_counterparty_closing_signed: None,
6584 closing_fee_limits: None,
6585 target_closing_feerate_sats_per_kw: None,
6587 funding_tx_confirmed_in: None,
6588 funding_tx_confirmation_height: 0,
6589 short_channel_id: None,
6590 channel_creation_height: current_chain_height,
6592 feerate_per_kw: msg.feerate_per_kw,
6593 channel_value_satoshis: msg.funding_satoshis,
6594 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
6595 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
6596 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
6597 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
6598 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
6599 holder_selected_channel_reserve_satoshis,
6600 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
6601 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
6602 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
6603 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
6606 counterparty_forwarding_info: None,
6608 channel_transaction_parameters: ChannelTransactionParameters {
6609 holder_pubkeys: pubkeys,
6610 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
6611 is_outbound_from_holder: false,
6612 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
6613 selected_contest_delay: msg.to_self_delay,
6614 pubkeys: counterparty_pubkeys,
6616 funding_outpoint: None,
6617 channel_type_features: channel_type.clone()
6619 funding_transaction: None,
6620 is_batch_funding: None,
6622 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
6623 counterparty_prev_commitment_point: None,
6624 counterparty_node_id,
6626 counterparty_shutdown_scriptpubkey,
6628 commitment_secrets: CounterpartyCommitmentSecrets::new(),
6630 channel_update_status: ChannelUpdateStatus::Enabled,
6631 closing_signed_in_flight: false,
6633 announcement_sigs: None,
6635 #[cfg(any(test, fuzzing))]
6636 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6637 #[cfg(any(test, fuzzing))]
6638 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6640 workaround_lnd_bug_4006: None,
6641 sent_message_awaiting_response: None,
6643 latest_inbound_scid_alias: None,
6644 outbound_scid_alias: 0,
6646 channel_pending_event_emitted: false,
6647 channel_ready_event_emitted: false,
6649 #[cfg(any(test, fuzzing))]
6650 historical_inbound_htlc_fulfills: HashSet::new(),
6655 blocked_monitor_updates: Vec::new(),
6657 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6663 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
6664 /// should be sent back to the counterparty node.
6666 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6667 pub fn accept_inbound_channel(&mut self) -> msgs::AcceptChannel {
6668 if self.context.is_outbound() {
6669 panic!("Tried to send accept_channel for an outbound channel?");
6671 if self.context.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
6672 panic!("Tried to send accept_channel after channel had moved forward");
6674 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6675 panic!("Tried to send an accept_channel for a channel that has already advanced");
6678 self.generate_accept_channel_message()
6681 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
6682 /// inbound channel. If the intention is to accept an inbound channel, use
6683 /// [`InboundV1Channel::accept_inbound_channel`] instead.
6685 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6686 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
6687 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6688 let keys = self.context.get_holder_pubkeys();
6690 msgs::AcceptChannel {
6691 temporary_channel_id: self.context.channel_id,
6692 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6693 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6694 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6695 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6696 minimum_depth: self.context.minimum_depth.unwrap(),
6697 to_self_delay: self.context.get_holder_selected_contest_delay(),
6698 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6699 funding_pubkey: keys.funding_pubkey,
6700 revocation_basepoint: keys.revocation_basepoint,
6701 payment_point: keys.payment_point,
6702 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6703 htlc_basepoint: keys.htlc_basepoint,
6704 first_per_commitment_point,
6705 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6706 Some(script) => script.clone().into_inner(),
6707 None => Builder::new().into_script(),
6709 channel_type: Some(self.context.channel_type.clone()),
6711 next_local_nonce: None,
6715 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
6716 /// inbound channel without accepting it.
6718 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6720 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
6721 self.generate_accept_channel_message()
6724 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(CommitmentTransaction, CommitmentTransaction, Option<Signature>), ChannelError> where L::Target: Logger {
6725 let funding_script = self.context.get_funding_redeemscript();
6727 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
6728 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
6730 let trusted_tx = initial_commitment_tx.trust();
6731 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
6732 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
6733 // They sign the holder commitment transaction...
6734 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
6735 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
6736 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
6737 encode::serialize_hex(&funding_script), &self.context.channel_id());
6738 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
6741 let counterparty_keys = self.context.build_remote_transaction_keys();
6742 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
6744 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
6745 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
6746 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
6747 &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
6749 match &self.context.holder_signer {
6750 // TODO (arik): move match into calling method for Taproot
6751 ChannelSignerType::Ecdsa(ecdsa) => {
6752 let counterparty_signature = ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
6753 .map(|(sig, _)| sig).ok();
6755 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
6756 Ok((counterparty_initial_commitment_tx, initial_commitment_tx, counterparty_signature))
6761 pub fn funding_created<L: Deref>(
6762 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
6763 ) -> Result<(Channel<SP>, Option<msgs::FundingSigned>, ChannelMonitor<<SP::Target as SignerProvider>::Signer>), (Self, ChannelError)>
6767 if self.context.is_outbound() {
6768 return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
6770 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6771 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
6772 // remember the channel, so it's safe to just send an error_message here and drop the
6774 return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
6776 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6777 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6778 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6779 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6782 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
6783 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6784 // This is an externally observable change before we finish all our checks. In particular
6785 // funding_created_signature may fail.
6786 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
6788 let (counterparty_initial_commitment_tx, initial_commitment_tx, sig_opt) = match self.funding_created_signature(&msg.signature, logger) {
6790 Err(ChannelError::Close(e)) => {
6791 self.context.channel_transaction_parameters.funding_outpoint = None;
6792 return Err((self, ChannelError::Close(e)));
6795 // The only error we know how to handle is ChannelError::Close, so we fall over here
6796 // to make sure we don't continue with an inconsistent state.
6797 panic!("unexpected error type from funding_created_signature {:?}", e);
6801 let holder_commitment_tx = HolderCommitmentTransaction::new(
6802 initial_commitment_tx,
6805 &self.context.get_holder_pubkeys().funding_pubkey,
6806 self.context.counterparty_funding_pubkey()
6809 if let Err(_) = self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
6810 return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
6813 // Now that we're past error-generating stuff, update our local state:
6815 let funding_redeemscript = self.context.get_funding_redeemscript();
6816 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
6817 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
6818 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
6819 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
6820 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6821 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
6822 shutdown_script, self.context.get_holder_selected_contest_delay(),
6823 &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
6824 &self.context.channel_transaction_parameters,
6825 funding_redeemscript.clone(), self.context.channel_value_satoshis,
6827 holder_commitment_tx, best_block, self.context.counterparty_node_id);
6829 channel_monitor.provide_initial_counterparty_commitment_tx(
6830 counterparty_initial_commitment_tx.trust().txid(), Vec::new(),
6831 self.context.cur_counterparty_commitment_transaction_number,
6832 self.context.counterparty_cur_commitment_point.unwrap(), self.context.feerate_per_kw,
6833 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
6834 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
6836 self.context.channel_state = ChannelState::FundingSent as u32;
6837 self.context.channel_id = funding_txo.to_channel_id();
6838 self.context.cur_counterparty_commitment_transaction_number -= 1;
6839 self.context.cur_holder_commitment_transaction_number -= 1;
6841 log_info!(logger, "Generated funding_signed for peer for channel {}", &self.context.channel_id());
6843 // Promote the channel to a full-fledged one now that we have updated the state and have a
6844 // `ChannelMonitor`.
6845 let mut channel = Channel {
6846 context: self.context,
6848 let channel_id = channel.context.channel_id.clone();
6849 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
6850 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
6852 let funding_signed = if let Some(signature) = sig_opt {
6853 Some(msgs::FundingSigned {
6857 partial_signature_with_nonce: None,
6860 channel.context.signer_pending_funding = true;
6864 Ok((channel, funding_signed, channel_monitor))
6868 const SERIALIZATION_VERSION: u8 = 3;
6869 const MIN_SERIALIZATION_VERSION: u8 = 2;
6871 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
6877 impl Writeable for ChannelUpdateStatus {
6878 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6879 // We only care about writing out the current state as it was announced, ie only either
6880 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
6881 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
6883 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
6884 ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
6885 ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
6886 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
6892 impl Readable for ChannelUpdateStatus {
6893 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6894 Ok(match <u8 as Readable>::read(reader)? {
6895 0 => ChannelUpdateStatus::Enabled,
6896 1 => ChannelUpdateStatus::Disabled,
6897 _ => return Err(DecodeError::InvalidValue),
6902 impl Writeable for AnnouncementSigsState {
6903 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6904 // We only care about writing out the current state as if we had just disconnected, at
6905 // which point we always set anything but AnnouncementSigsReceived to NotSent.
6907 AnnouncementSigsState::NotSent => 0u8.write(writer),
6908 AnnouncementSigsState::MessageSent => 0u8.write(writer),
6909 AnnouncementSigsState::Committed => 0u8.write(writer),
6910 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6915 impl Readable for AnnouncementSigsState {
6916 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6917 Ok(match <u8 as Readable>::read(reader)? {
6918 0 => AnnouncementSigsState::NotSent,
6919 1 => AnnouncementSigsState::PeerReceived,
6920 _ => return Err(DecodeError::InvalidValue),
6925 impl<SP: Deref> Writeable for Channel<SP> where SP::Target: SignerProvider {
6926 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6927 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6930 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6932 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6933 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6934 // the low bytes now and the optional high bytes later.
6935 let user_id_low = self.context.user_id as u64;
6936 user_id_low.write(writer)?;
6938 // Version 1 deserializers expected to read parts of the config object here. Version 2
6939 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6940 // `minimum_depth` we simply write dummy values here.
6941 writer.write_all(&[0; 8])?;
6943 self.context.channel_id.write(writer)?;
6944 (self.context.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6945 self.context.channel_value_satoshis.write(writer)?;
6947 self.context.latest_monitor_update_id.write(writer)?;
6949 let mut key_data = VecWriter(Vec::new());
6950 // TODO (taproot|arik): Introduce serialization distinction for non-ECDSA signers.
6951 self.context.holder_signer.as_ecdsa().expect("Only ECDSA signers may be serialized").write(&mut key_data)?;
6952 assert!(key_data.0.len() < core::usize::MAX);
6953 assert!(key_data.0.len() < core::u32::MAX as usize);
6954 (key_data.0.len() as u32).write(writer)?;
6955 writer.write_all(&key_data.0[..])?;
6957 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6958 // deserialized from that format.
6959 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6960 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6961 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6963 self.context.destination_script.write(writer)?;
6965 self.context.cur_holder_commitment_transaction_number.write(writer)?;
6966 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
6967 self.context.value_to_self_msat.write(writer)?;
6969 let mut dropped_inbound_htlcs = 0;
6970 for htlc in self.context.pending_inbound_htlcs.iter() {
6971 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6972 dropped_inbound_htlcs += 1;
6975 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6976 for htlc in self.context.pending_inbound_htlcs.iter() {
6977 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6980 htlc.htlc_id.write(writer)?;
6981 htlc.amount_msat.write(writer)?;
6982 htlc.cltv_expiry.write(writer)?;
6983 htlc.payment_hash.write(writer)?;
6985 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6986 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6988 htlc_state.write(writer)?;
6990 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6992 htlc_state.write(writer)?;
6994 &InboundHTLCState::Committed => {
6997 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6999 removal_reason.write(writer)?;
7004 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
7005 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
7007 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
7008 for (idx, htlc) in self.context.pending_outbound_htlcs.iter().enumerate() {
7009 htlc.htlc_id.write(writer)?;
7010 htlc.amount_msat.write(writer)?;
7011 htlc.cltv_expiry.write(writer)?;
7012 htlc.payment_hash.write(writer)?;
7013 htlc.source.write(writer)?;
7015 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
7017 onion_packet.write(writer)?;
7019 &OutboundHTLCState::Committed => {
7022 &OutboundHTLCState::RemoteRemoved(_) => {
7023 // Treat this as a Committed because we haven't received the CS - they'll
7024 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
7027 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
7029 if let OutboundHTLCOutcome::Success(preimage) = outcome {
7030 preimages.push(preimage);
7032 let reason: Option<&HTLCFailReason> = outcome.into();
7033 reason.write(writer)?;
7035 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
7037 if let OutboundHTLCOutcome::Success(preimage) = outcome {
7038 preimages.push(preimage);
7040 let reason: Option<&HTLCFailReason> = outcome.into();
7041 reason.write(writer)?;
7044 if let Some(skimmed_fee) = htlc.skimmed_fee_msat {
7045 if pending_outbound_skimmed_fees.is_empty() {
7046 for _ in 0..idx { pending_outbound_skimmed_fees.push(None); }
7048 pending_outbound_skimmed_fees.push(Some(skimmed_fee));
7049 } else if !pending_outbound_skimmed_fees.is_empty() {
7050 pending_outbound_skimmed_fees.push(None);
7054 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
7055 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
7056 for (idx, update) in self.context.holding_cell_htlc_updates.iter().enumerate() {
7058 &HTLCUpdateAwaitingACK::AddHTLC {
7059 ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
7063 amount_msat.write(writer)?;
7064 cltv_expiry.write(writer)?;
7065 payment_hash.write(writer)?;
7066 source.write(writer)?;
7067 onion_routing_packet.write(writer)?;
7069 if let Some(skimmed_fee) = skimmed_fee_msat {
7070 if holding_cell_skimmed_fees.is_empty() {
7071 for _ in 0..idx { holding_cell_skimmed_fees.push(None); }
7073 holding_cell_skimmed_fees.push(Some(skimmed_fee));
7074 } else if !holding_cell_skimmed_fees.is_empty() { holding_cell_skimmed_fees.push(None); }
7076 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
7078 payment_preimage.write(writer)?;
7079 htlc_id.write(writer)?;
7081 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
7083 htlc_id.write(writer)?;
7084 err_packet.write(writer)?;
7089 match self.context.resend_order {
7090 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
7091 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
7094 self.context.monitor_pending_channel_ready.write(writer)?;
7095 self.context.monitor_pending_revoke_and_ack.write(writer)?;
7096 self.context.monitor_pending_commitment_signed.write(writer)?;
7098 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
7099 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
7100 pending_forward.write(writer)?;
7101 htlc_id.write(writer)?;
7104 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
7105 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
7106 htlc_source.write(writer)?;
7107 payment_hash.write(writer)?;
7108 fail_reason.write(writer)?;
7111 if self.context.is_outbound() {
7112 self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
7113 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
7114 Some(feerate).write(writer)?;
7116 // As for inbound HTLCs, if the update was only announced and never committed in a
7117 // commitment_signed, drop it.
7118 None::<u32>.write(writer)?;
7120 self.context.holding_cell_update_fee.write(writer)?;
7122 self.context.next_holder_htlc_id.write(writer)?;
7123 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
7124 self.context.update_time_counter.write(writer)?;
7125 self.context.feerate_per_kw.write(writer)?;
7127 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7128 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7129 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7130 // consider the stale state on reload.
7133 self.context.funding_tx_confirmed_in.write(writer)?;
7134 self.context.funding_tx_confirmation_height.write(writer)?;
7135 self.context.short_channel_id.write(writer)?;
7137 self.context.counterparty_dust_limit_satoshis.write(writer)?;
7138 self.context.holder_dust_limit_satoshis.write(writer)?;
7139 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
7141 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
7142 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
7144 self.context.counterparty_htlc_minimum_msat.write(writer)?;
7145 self.context.holder_htlc_minimum_msat.write(writer)?;
7146 self.context.counterparty_max_accepted_htlcs.write(writer)?;
7148 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
7149 self.context.minimum_depth.unwrap_or(0).write(writer)?;
7151 match &self.context.counterparty_forwarding_info {
7154 info.fee_base_msat.write(writer)?;
7155 info.fee_proportional_millionths.write(writer)?;
7156 info.cltv_expiry_delta.write(writer)?;
7158 None => 0u8.write(writer)?
7161 self.context.channel_transaction_parameters.write(writer)?;
7162 self.context.funding_transaction.write(writer)?;
7164 self.context.counterparty_cur_commitment_point.write(writer)?;
7165 self.context.counterparty_prev_commitment_point.write(writer)?;
7166 self.context.counterparty_node_id.write(writer)?;
7168 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
7170 self.context.commitment_secrets.write(writer)?;
7172 self.context.channel_update_status.write(writer)?;
7174 #[cfg(any(test, fuzzing))]
7175 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
7176 #[cfg(any(test, fuzzing))]
7177 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
7178 htlc.write(writer)?;
7181 // If the channel type is something other than only-static-remote-key, then we need to have
7182 // older clients fail to deserialize this channel at all. If the type is
7183 // only-static-remote-key, we simply consider it "default" and don't write the channel type
7185 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
7186 Some(&self.context.channel_type) } else { None };
7188 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
7189 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
7190 // a different percentage of the channel value then 10%, which older versions of LDK used
7191 // to set it to before the percentage was made configurable.
7192 let serialized_holder_selected_reserve =
7193 if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
7194 { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
7196 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
7197 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
7198 let serialized_holder_htlc_max_in_flight =
7199 if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
7200 { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
7202 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
7203 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
7205 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7206 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
7207 // we write the high bytes as an option here.
7208 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
7210 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
7212 write_tlv_fields!(writer, {
7213 (0, self.context.announcement_sigs, option),
7214 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
7215 // default value instead of being Option<>al. Thus, to maintain compatibility we write
7216 // them twice, once with their original default values above, and once as an option
7217 // here. On the read side, old versions will simply ignore the odd-type entries here,
7218 // and new versions map the default values to None and allow the TLV entries here to
7220 (1, self.context.minimum_depth, option),
7221 (2, chan_type, option),
7222 (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
7223 (4, serialized_holder_selected_reserve, option),
7224 (5, self.context.config, required),
7225 (6, serialized_holder_htlc_max_in_flight, option),
7226 (7, self.context.shutdown_scriptpubkey, option),
7227 (8, self.context.blocked_monitor_updates, optional_vec),
7228 (9, self.context.target_closing_feerate_sats_per_kw, option),
7229 (11, self.context.monitor_pending_finalized_fulfills, required_vec),
7230 (13, self.context.channel_creation_height, required),
7231 (15, preimages, required_vec),
7232 (17, self.context.announcement_sigs_state, required),
7233 (19, self.context.latest_inbound_scid_alias, option),
7234 (21, self.context.outbound_scid_alias, required),
7235 (23, channel_ready_event_emitted, option),
7236 (25, user_id_high_opt, option),
7237 (27, self.context.channel_keys_id, required),
7238 (28, holder_max_accepted_htlcs, option),
7239 (29, self.context.temporary_channel_id, option),
7240 (31, channel_pending_event_emitted, option),
7241 (35, pending_outbound_skimmed_fees, optional_vec),
7242 (37, holding_cell_skimmed_fees, optional_vec),
7243 (38, self.context.is_batch_funding, option),
7250 const MAX_ALLOC_SIZE: usize = 64*1024;
7251 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<SP>
7253 ES::Target: EntropySource,
7254 SP::Target: SignerProvider
7256 fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
7257 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
7258 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
7260 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7261 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
7262 // the low bytes now and the high bytes later.
7263 let user_id_low: u64 = Readable::read(reader)?;
7265 let mut config = Some(LegacyChannelConfig::default());
7267 // Read the old serialization of the ChannelConfig from version 0.0.98.
7268 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
7269 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
7270 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
7271 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
7273 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
7274 let mut _val: u64 = Readable::read(reader)?;
7277 let channel_id = Readable::read(reader)?;
7278 let channel_state = Readable::read(reader)?;
7279 let channel_value_satoshis = Readable::read(reader)?;
7281 let latest_monitor_update_id = Readable::read(reader)?;
7283 let mut keys_data = None;
7285 // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
7286 // the `channel_keys_id` TLV is present below.
7287 let keys_len: u32 = Readable::read(reader)?;
7288 keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
7289 while keys_data.as_ref().unwrap().len() != keys_len as usize {
7290 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
7291 let mut data = [0; 1024];
7292 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
7293 reader.read_exact(read_slice)?;
7294 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
7298 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
7299 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
7300 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
7303 let destination_script = Readable::read(reader)?;
7305 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
7306 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
7307 let value_to_self_msat = Readable::read(reader)?;
7309 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
7311 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7312 for _ in 0..pending_inbound_htlc_count {
7313 pending_inbound_htlcs.push(InboundHTLCOutput {
7314 htlc_id: Readable::read(reader)?,
7315 amount_msat: Readable::read(reader)?,
7316 cltv_expiry: Readable::read(reader)?,
7317 payment_hash: Readable::read(reader)?,
7318 state: match <u8 as Readable>::read(reader)? {
7319 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
7320 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
7321 3 => InboundHTLCState::Committed,
7322 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
7323 _ => return Err(DecodeError::InvalidValue),
7328 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
7329 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7330 for _ in 0..pending_outbound_htlc_count {
7331 pending_outbound_htlcs.push(OutboundHTLCOutput {
7332 htlc_id: Readable::read(reader)?,
7333 amount_msat: Readable::read(reader)?,
7334 cltv_expiry: Readable::read(reader)?,
7335 payment_hash: Readable::read(reader)?,
7336 source: Readable::read(reader)?,
7337 state: match <u8 as Readable>::read(reader)? {
7338 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
7339 1 => OutboundHTLCState::Committed,
7341 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7342 OutboundHTLCState::RemoteRemoved(option.into())
7345 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7346 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
7349 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7350 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
7352 _ => return Err(DecodeError::InvalidValue),
7354 skimmed_fee_msat: None,
7358 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
7359 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
7360 for _ in 0..holding_cell_htlc_update_count {
7361 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
7362 0 => HTLCUpdateAwaitingACK::AddHTLC {
7363 amount_msat: Readable::read(reader)?,
7364 cltv_expiry: Readable::read(reader)?,
7365 payment_hash: Readable::read(reader)?,
7366 source: Readable::read(reader)?,
7367 onion_routing_packet: Readable::read(reader)?,
7368 skimmed_fee_msat: None,
7370 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
7371 payment_preimage: Readable::read(reader)?,
7372 htlc_id: Readable::read(reader)?,
7374 2 => HTLCUpdateAwaitingACK::FailHTLC {
7375 htlc_id: Readable::read(reader)?,
7376 err_packet: Readable::read(reader)?,
7378 _ => return Err(DecodeError::InvalidValue),
7382 let resend_order = match <u8 as Readable>::read(reader)? {
7383 0 => RAACommitmentOrder::CommitmentFirst,
7384 1 => RAACommitmentOrder::RevokeAndACKFirst,
7385 _ => return Err(DecodeError::InvalidValue),
7388 let monitor_pending_channel_ready = Readable::read(reader)?;
7389 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
7390 let monitor_pending_commitment_signed = Readable::read(reader)?;
7392 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
7393 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
7394 for _ in 0..monitor_pending_forwards_count {
7395 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
7398 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
7399 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
7400 for _ in 0..monitor_pending_failures_count {
7401 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
7404 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
7406 let holding_cell_update_fee = Readable::read(reader)?;
7408 let next_holder_htlc_id = Readable::read(reader)?;
7409 let next_counterparty_htlc_id = Readable::read(reader)?;
7410 let update_time_counter = Readable::read(reader)?;
7411 let feerate_per_kw = Readable::read(reader)?;
7413 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7414 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7415 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7416 // consider the stale state on reload.
7417 match <u8 as Readable>::read(reader)? {
7420 let _: u32 = Readable::read(reader)?;
7421 let _: u64 = Readable::read(reader)?;
7422 let _: Signature = Readable::read(reader)?;
7424 _ => return Err(DecodeError::InvalidValue),
7427 let funding_tx_confirmed_in = Readable::read(reader)?;
7428 let funding_tx_confirmation_height = Readable::read(reader)?;
7429 let short_channel_id = Readable::read(reader)?;
7431 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
7432 let holder_dust_limit_satoshis = Readable::read(reader)?;
7433 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
7434 let mut counterparty_selected_channel_reserve_satoshis = None;
7436 // Read the old serialization from version 0.0.98.
7437 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
7439 // Read the 8 bytes of backwards-compatibility data.
7440 let _dummy: u64 = Readable::read(reader)?;
7442 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
7443 let holder_htlc_minimum_msat = Readable::read(reader)?;
7444 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
7446 let mut minimum_depth = None;
7448 // Read the old serialization from version 0.0.98.
7449 minimum_depth = Some(Readable::read(reader)?);
7451 // Read the 4 bytes of backwards-compatibility data.
7452 let _dummy: u32 = Readable::read(reader)?;
7455 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
7457 1 => Some(CounterpartyForwardingInfo {
7458 fee_base_msat: Readable::read(reader)?,
7459 fee_proportional_millionths: Readable::read(reader)?,
7460 cltv_expiry_delta: Readable::read(reader)?,
7462 _ => return Err(DecodeError::InvalidValue),
7465 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
7466 let funding_transaction: Option<Transaction> = Readable::read(reader)?;
7468 let counterparty_cur_commitment_point = Readable::read(reader)?;
7470 let counterparty_prev_commitment_point = Readable::read(reader)?;
7471 let counterparty_node_id = Readable::read(reader)?;
7473 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
7474 let commitment_secrets = Readable::read(reader)?;
7476 let channel_update_status = Readable::read(reader)?;
7478 #[cfg(any(test, fuzzing))]
7479 let mut historical_inbound_htlc_fulfills = HashSet::new();
7480 #[cfg(any(test, fuzzing))]
7482 let htlc_fulfills_len: u64 = Readable::read(reader)?;
7483 for _ in 0..htlc_fulfills_len {
7484 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
7488 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
7489 Some((feerate, if channel_parameters.is_outbound_from_holder {
7490 FeeUpdateState::Outbound
7492 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
7498 let mut announcement_sigs = None;
7499 let mut target_closing_feerate_sats_per_kw = None;
7500 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
7501 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
7502 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
7503 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
7504 // only, so we default to that if none was written.
7505 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
7506 let mut channel_creation_height = Some(serialized_height);
7507 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
7509 // If we read an old Channel, for simplicity we just treat it as "we never sent an
7510 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
7511 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
7512 let mut latest_inbound_scid_alias = None;
7513 let mut outbound_scid_alias = None;
7514 let mut channel_pending_event_emitted = None;
7515 let mut channel_ready_event_emitted = None;
7517 let mut user_id_high_opt: Option<u64> = None;
7518 let mut channel_keys_id: Option<[u8; 32]> = None;
7519 let mut temporary_channel_id: Option<ChannelId> = None;
7520 let mut holder_max_accepted_htlcs: Option<u16> = None;
7522 let mut blocked_monitor_updates = Some(Vec::new());
7524 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7525 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7527 let mut is_batch_funding: Option<()> = None;
7529 read_tlv_fields!(reader, {
7530 (0, announcement_sigs, option),
7531 (1, minimum_depth, option),
7532 (2, channel_type, option),
7533 (3, counterparty_selected_channel_reserve_satoshis, option),
7534 (4, holder_selected_channel_reserve_satoshis, option),
7535 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
7536 (6, holder_max_htlc_value_in_flight_msat, option),
7537 (7, shutdown_scriptpubkey, option),
7538 (8, blocked_monitor_updates, optional_vec),
7539 (9, target_closing_feerate_sats_per_kw, option),
7540 (11, monitor_pending_finalized_fulfills, optional_vec),
7541 (13, channel_creation_height, option),
7542 (15, preimages_opt, optional_vec),
7543 (17, announcement_sigs_state, option),
7544 (19, latest_inbound_scid_alias, option),
7545 (21, outbound_scid_alias, option),
7546 (23, channel_ready_event_emitted, option),
7547 (25, user_id_high_opt, option),
7548 (27, channel_keys_id, option),
7549 (28, holder_max_accepted_htlcs, option),
7550 (29, temporary_channel_id, option),
7551 (31, channel_pending_event_emitted, option),
7552 (35, pending_outbound_skimmed_fees_opt, optional_vec),
7553 (37, holding_cell_skimmed_fees_opt, optional_vec),
7554 (38, is_batch_funding, option),
7557 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
7558 let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7559 // If we've gotten to the funding stage of the channel, populate the signer with its
7560 // required channel parameters.
7561 let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
7562 if non_shutdown_state & !STATE_FLAGS >= (ChannelState::FundingCreated as u32) {
7563 holder_signer.provide_channel_parameters(&channel_parameters);
7565 (channel_keys_id, holder_signer)
7567 // `keys_data` can be `None` if we had corrupted data.
7568 let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
7569 let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
7570 (holder_signer.channel_keys_id(), holder_signer)
7573 if let Some(preimages) = preimages_opt {
7574 let mut iter = preimages.into_iter();
7575 for htlc in pending_outbound_htlcs.iter_mut() {
7577 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
7578 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7580 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
7581 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7586 // We expect all preimages to be consumed above
7587 if iter.next().is_some() {
7588 return Err(DecodeError::InvalidValue);
7592 let chan_features = channel_type.as_ref().unwrap();
7593 if !chan_features.is_subset(our_supported_features) {
7594 // If the channel was written by a new version and negotiated with features we don't
7595 // understand yet, refuse to read it.
7596 return Err(DecodeError::UnknownRequiredFeature);
7599 // ChannelTransactionParameters may have had an empty features set upon deserialization.
7600 // To account for that, we're proactively setting/overriding the field here.
7601 channel_parameters.channel_type_features = chan_features.clone();
7603 let mut secp_ctx = Secp256k1::new();
7604 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
7606 // `user_id` used to be a single u64 value. In order to remain backwards
7607 // compatible with versions prior to 0.0.113, the u128 is serialized as two
7608 // separate u64 values.
7609 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
7611 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
7613 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
7614 let mut iter = skimmed_fees.into_iter();
7615 for htlc in pending_outbound_htlcs.iter_mut() {
7616 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7618 // We expect all skimmed fees to be consumed above
7619 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7621 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
7622 let mut iter = skimmed_fees.into_iter();
7623 for htlc in holding_cell_htlc_updates.iter_mut() {
7624 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
7625 *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7628 // We expect all skimmed fees to be consumed above
7629 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7633 context: ChannelContext {
7636 config: config.unwrap(),
7640 // Note that we don't care about serializing handshake limits as we only ever serialize
7641 // channel data after the handshake has completed.
7642 inbound_handshake_limits_override: None,
7645 temporary_channel_id,
7647 announcement_sigs_state: announcement_sigs_state.unwrap(),
7649 channel_value_satoshis,
7651 latest_monitor_update_id,
7653 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
7654 shutdown_scriptpubkey,
7657 cur_holder_commitment_transaction_number,
7658 cur_counterparty_commitment_transaction_number,
7661 holder_max_accepted_htlcs,
7662 pending_inbound_htlcs,
7663 pending_outbound_htlcs,
7664 holding_cell_htlc_updates,
7668 monitor_pending_channel_ready,
7669 monitor_pending_revoke_and_ack,
7670 monitor_pending_commitment_signed,
7671 monitor_pending_forwards,
7672 monitor_pending_failures,
7673 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
7675 signer_pending_commitment_update: false,
7676 signer_pending_funding: false,
7679 holding_cell_update_fee,
7680 next_holder_htlc_id,
7681 next_counterparty_htlc_id,
7682 update_time_counter,
7685 #[cfg(debug_assertions)]
7686 holder_max_commitment_tx_output: Mutex::new((0, 0)),
7687 #[cfg(debug_assertions)]
7688 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
7690 last_sent_closing_fee: None,
7691 pending_counterparty_closing_signed: None,
7692 closing_fee_limits: None,
7693 target_closing_feerate_sats_per_kw,
7695 funding_tx_confirmed_in,
7696 funding_tx_confirmation_height,
7698 channel_creation_height: channel_creation_height.unwrap(),
7700 counterparty_dust_limit_satoshis,
7701 holder_dust_limit_satoshis,
7702 counterparty_max_htlc_value_in_flight_msat,
7703 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
7704 counterparty_selected_channel_reserve_satoshis,
7705 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
7706 counterparty_htlc_minimum_msat,
7707 holder_htlc_minimum_msat,
7708 counterparty_max_accepted_htlcs,
7711 counterparty_forwarding_info,
7713 channel_transaction_parameters: channel_parameters,
7714 funding_transaction,
7717 counterparty_cur_commitment_point,
7718 counterparty_prev_commitment_point,
7719 counterparty_node_id,
7721 counterparty_shutdown_scriptpubkey,
7725 channel_update_status,
7726 closing_signed_in_flight: false,
7730 #[cfg(any(test, fuzzing))]
7731 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
7732 #[cfg(any(test, fuzzing))]
7733 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
7735 workaround_lnd_bug_4006: None,
7736 sent_message_awaiting_response: None,
7738 latest_inbound_scid_alias,
7739 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
7740 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
7742 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
7743 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
7745 #[cfg(any(test, fuzzing))]
7746 historical_inbound_htlc_fulfills,
7748 channel_type: channel_type.unwrap(),
7751 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
7760 use bitcoin::blockdata::constants::ChainHash;
7761 use bitcoin::blockdata::script::{Script, Builder};
7762 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7763 use bitcoin::blockdata::opcodes;
7764 use bitcoin::network::constants::Network;
7766 use crate::ln::PaymentHash;
7767 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
7768 use crate::ln::channel::InitFeatures;
7769 use crate::ln::channel::{Channel, ChannelState, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, commit_tx_fee_msat};
7770 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
7771 use crate::ln::features::ChannelTypeFeatures;
7772 use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
7773 use crate::ln::script::ShutdownScript;
7774 use crate::ln::chan_utils;
7775 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
7776 use crate::chain::BestBlock;
7777 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
7778 use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
7779 use crate::chain::transaction::OutPoint;
7780 use crate::routing::router::Path;
7781 use crate::util::config::UserConfig;
7782 use crate::util::errors::APIError;
7783 use crate::util::test_utils;
7784 use crate::util::test_utils::{OnGetShutdownScriptpubkey, TestKeysInterface};
7785 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
7786 use bitcoin::secp256k1::ffi::Signature as FFISignature;
7787 use bitcoin::secp256k1::{SecretKey,PublicKey};
7788 use bitcoin::hashes::sha256::Hash as Sha256;
7789 use bitcoin::hashes::Hash;
7790 use bitcoin::hash_types::WPubkeyHash;
7791 use bitcoin::PackedLockTime;
7792 use bitcoin::util::address::WitnessVersion;
7793 use crate::prelude::*;
7795 struct TestFeeEstimator {
7798 impl FeeEstimator for TestFeeEstimator {
7799 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
7805 fn test_max_funding_satoshis_no_wumbo() {
7806 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
7807 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
7808 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
7812 fn test_no_fee_check_overflow() {
7813 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
7814 // arithmetic, causing a panic with debug assertions enabled.
7815 let fee_est = TestFeeEstimator { fee_est: 42 };
7816 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7817 assert!(Channel::<&TestKeysInterface>::check_remote_fee(
7818 &ChannelTypeFeatures::only_static_remote_key(), &bounded_fee_estimator,
7819 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
7823 signer: InMemorySigner,
7826 impl EntropySource for Keys {
7827 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
7830 impl SignerProvider for Keys {
7831 type Signer = InMemorySigner;
7833 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
7834 self.signer.channel_keys_id()
7837 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::Signer {
7841 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
7843 fn get_destination_script(&self) -> Result<Script, ()> {
7844 let secp_ctx = Secp256k1::signing_only();
7845 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7846 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
7847 Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script())
7850 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
7851 let secp_ctx = Secp256k1::signing_only();
7852 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7853 Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
7857 #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
7858 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
7859 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
7863 fn upfront_shutdown_script_incompatibility() {
7864 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
7865 let non_v0_segwit_shutdown_script =
7866 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
7868 let seed = [42; 32];
7869 let network = Network::Testnet;
7870 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7871 keys_provider.expect(OnGetShutdownScriptpubkey {
7872 returns: non_v0_segwit_shutdown_script.clone(),
7875 let secp_ctx = Secp256k1::new();
7876 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7877 let config = UserConfig::default();
7878 match OutboundV1Channel::<&TestKeysInterface>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
7879 Err(APIError::IncompatibleShutdownScript { script }) => {
7880 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
7882 Err(e) => panic!("Unexpected error: {:?}", e),
7883 Ok(_) => panic!("Expected error"),
7887 // Check that, during channel creation, we use the same feerate in the open channel message
7888 // as we do in the Channel object creation itself.
7890 fn test_open_channel_msg_fee() {
7891 let original_fee = 253;
7892 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
7893 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7894 let secp_ctx = Secp256k1::new();
7895 let seed = [42; 32];
7896 let network = Network::Testnet;
7897 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7899 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7900 let config = UserConfig::default();
7901 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7903 // Now change the fee so we can check that the fee in the open_channel message is the
7904 // same as the old fee.
7905 fee_est.fee_est = 500;
7906 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
7907 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
7911 fn test_holder_vs_counterparty_dust_limit() {
7912 // Test that when calculating the local and remote commitment transaction fees, the correct
7913 // dust limits are used.
7914 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7915 let secp_ctx = Secp256k1::new();
7916 let seed = [42; 32];
7917 let network = Network::Testnet;
7918 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7919 let logger = test_utils::TestLogger::new();
7920 let best_block = BestBlock::from_network(network);
7922 // Go through the flow of opening a channel between two nodes, making sure
7923 // they have different dust limits.
7925 // Create Node A's channel pointing to Node B's pubkey
7926 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7927 let config = UserConfig::default();
7928 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7930 // Create Node B's channel by receiving Node A's open_channel message
7931 // Make sure A's dust limit is as we expect.
7932 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
7933 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7934 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
7936 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7937 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
7938 accept_channel_msg.dust_limit_satoshis = 546;
7939 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7940 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7942 // Node A --> Node B: funding created
7943 let output_script = node_a_chan.context.get_funding_redeemscript();
7944 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7945 value: 10000000, script_pubkey: output_script.clone(),
7947 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7948 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
7949 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7951 // Node B --> Node A: funding signed
7952 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
7954 // Put some inbound and outbound HTLCs in A's channel.
7955 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
7956 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
7958 amount_msat: htlc_amount_msat,
7959 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
7960 cltv_expiry: 300000000,
7961 state: InboundHTLCState::Committed,
7964 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
7966 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
7967 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
7968 cltv_expiry: 200000000,
7969 state: OutboundHTLCState::Committed,
7970 source: HTLCSource::OutboundRoute {
7971 path: Path { hops: Vec::new(), blinded_tail: None },
7972 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7973 first_hop_htlc_msat: 548,
7974 payment_id: PaymentId([42; 32]),
7976 skimmed_fee_msat: None,
7979 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
7980 // the dust limit check.
7981 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7982 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7983 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
7984 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
7986 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
7987 // of the HTLCs are seen to be above the dust limit.
7988 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7989 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
7990 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7991 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7992 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
7996 fn test_timeout_vs_success_htlc_dust_limit() {
7997 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
7998 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
7999 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
8000 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
8001 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
8002 let secp_ctx = Secp256k1::new();
8003 let seed = [42; 32];
8004 let network = Network::Testnet;
8005 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8007 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8008 let config = UserConfig::default();
8009 let mut chan = OutboundV1Channel::<&TestKeysInterface>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8011 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
8012 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
8014 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
8015 // counted as dust when it shouldn't be.
8016 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
8017 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
8018 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
8019 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
8021 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
8022 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
8023 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
8024 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
8025 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
8027 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
8029 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
8030 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
8031 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
8032 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
8033 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
8035 // If swapped: this HTLC would be counted as dust when it shouldn't be.
8036 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
8037 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
8038 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
8039 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
8043 fn channel_reestablish_no_updates() {
8044 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8045 let logger = test_utils::TestLogger::new();
8046 let secp_ctx = Secp256k1::new();
8047 let seed = [42; 32];
8048 let network = Network::Testnet;
8049 let best_block = BestBlock::from_network(network);
8050 let chain_hash = ChainHash::using_genesis_block(network);
8051 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8053 // Go through the flow of opening a channel between two nodes.
8055 // Create Node A's channel pointing to Node B's pubkey
8056 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8057 let config = UserConfig::default();
8058 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8060 // Create Node B's channel by receiving Node A's open_channel message
8061 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
8062 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8063 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
8065 // Node B --> Node A: accept channel
8066 let accept_channel_msg = node_b_chan.accept_inbound_channel();
8067 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
8069 // Node A --> Node B: funding created
8070 let output_script = node_a_chan.context.get_funding_redeemscript();
8071 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
8072 value: 10000000, script_pubkey: output_script.clone(),
8074 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
8075 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
8076 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
8078 // Node B --> Node A: funding signed
8079 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
8081 // Now disconnect the two nodes and check that the commitment point in
8082 // Node B's channel_reestablish message is sane.
8083 assert!(node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
8084 let msg = node_b_chan.get_channel_reestablish(&&logger);
8085 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
8086 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
8087 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
8089 // Check that the commitment point in Node A's channel_reestablish message
8091 assert!(node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
8092 let msg = node_a_chan.get_channel_reestablish(&&logger);
8093 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
8094 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
8095 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
8099 fn test_configured_holder_max_htlc_value_in_flight() {
8100 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8101 let logger = test_utils::TestLogger::new();
8102 let secp_ctx = Secp256k1::new();
8103 let seed = [42; 32];
8104 let network = Network::Testnet;
8105 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8106 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8107 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8109 let mut config_2_percent = UserConfig::default();
8110 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
8111 let mut config_99_percent = UserConfig::default();
8112 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
8113 let mut config_0_percent = UserConfig::default();
8114 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
8115 let mut config_101_percent = UserConfig::default();
8116 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
8118 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
8119 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
8120 // which is set to the lower bound + 1 (2%) of the `channel_value`.
8121 let chan_1 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
8122 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
8123 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
8125 // Test with the upper bound - 1 of valid values (99%).
8126 let chan_2 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
8127 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
8128 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
8130 let chan_1_open_channel_msg = chan_1.get_open_channel(ChainHash::using_genesis_block(network));
8132 // Test that `InboundV1Channel::new` creates a channel with the correct value for
8133 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
8134 // which is set to the lower bound - 1 (2%) of the `channel_value`.
8135 let chan_3 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8136 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
8137 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
8139 // Test with the upper bound - 1 of valid values (99%).
8140 let chan_4 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8141 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
8142 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
8144 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
8145 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
8146 let chan_5 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
8147 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
8148 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
8150 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
8151 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
8153 let chan_6 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
8154 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
8155 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
8157 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
8158 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
8159 let chan_7 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8160 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
8161 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
8163 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
8164 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
8166 let chan_8 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8167 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
8168 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
8172 fn test_configured_holder_selected_channel_reserve_satoshis() {
8174 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
8175 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
8176 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
8178 // Test with valid but unreasonably high channel reserves
8179 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
8180 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
8181 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
8183 // Test with calculated channel reserve less than lower bound
8184 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
8185 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
8187 // Test with invalid channel reserves since sum of both is greater than or equal
8189 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
8190 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
8193 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
8194 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
8195 let logger = test_utils::TestLogger::new();
8196 let secp_ctx = Secp256k1::new();
8197 let seed = [42; 32];
8198 let network = Network::Testnet;
8199 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8200 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8201 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8204 let mut outbound_node_config = UserConfig::default();
8205 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8206 let chan = OutboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
8208 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
8209 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
8211 let chan_open_channel_msg = chan.get_open_channel(ChainHash::using_genesis_block(network));
8212 let mut inbound_node_config = UserConfig::default();
8213 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8215 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
8216 let chan_inbound_node = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false).unwrap();
8218 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
8220 assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
8221 assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
8223 // Channel Negotiations failed
8224 let result = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false);
8225 assert!(result.is_err());
8230 fn channel_update() {
8231 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8232 let logger = test_utils::TestLogger::new();
8233 let secp_ctx = Secp256k1::new();
8234 let seed = [42; 32];
8235 let network = Network::Testnet;
8236 let best_block = BestBlock::from_network(network);
8237 let chain_hash = ChainHash::using_genesis_block(network);
8238 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8240 // Create Node A's channel pointing to Node B's pubkey
8241 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8242 let config = UserConfig::default();
8243 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8245 // Create Node B's channel by receiving Node A's open_channel message
8246 // Make sure A's dust limit is as we expect.
8247 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
8248 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8249 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
8251 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
8252 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
8253 accept_channel_msg.dust_limit_satoshis = 546;
8254 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
8255 node_a_chan.context.holder_dust_limit_satoshis = 1560;
8257 // Node A --> Node B: funding created
8258 let output_script = node_a_chan.context.get_funding_redeemscript();
8259 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
8260 value: 10000000, script_pubkey: output_script.clone(),
8262 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
8263 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
8264 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
8266 // Node B --> Node A: funding signed
8267 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
8269 // Make sure that receiving a channel update will update the Channel as expected.
8270 let update = ChannelUpdate {
8271 contents: UnsignedChannelUpdate {
8273 short_channel_id: 0,
8276 cltv_expiry_delta: 100,
8277 htlc_minimum_msat: 5,
8278 htlc_maximum_msat: MAX_VALUE_MSAT,
8280 fee_proportional_millionths: 11,
8281 excess_data: Vec::new(),
8283 signature: Signature::from(unsafe { FFISignature::new() })
8285 assert!(node_a_chan.channel_update(&update).unwrap());
8287 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
8288 // change our official htlc_minimum_msat.
8289 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
8290 match node_a_chan.context.counterparty_forwarding_info() {
8292 assert_eq!(info.cltv_expiry_delta, 100);
8293 assert_eq!(info.fee_base_msat, 110);
8294 assert_eq!(info.fee_proportional_millionths, 11);
8296 None => panic!("expected counterparty forwarding info to be Some")
8299 assert!(!node_a_chan.channel_update(&update).unwrap());
8302 #[cfg(feature = "_test_vectors")]
8304 fn outbound_commitment_test() {
8305 use bitcoin::util::sighash;
8306 use bitcoin::consensus::encode::serialize;
8307 use bitcoin::blockdata::transaction::EcdsaSighashType;
8308 use bitcoin::hashes::hex::FromHex;
8309 use bitcoin::hash_types::Txid;
8310 use bitcoin::secp256k1::Message;
8311 use crate::sign::{ChannelDerivationParameters, HTLCDescriptor, EcdsaChannelSigner};
8312 use crate::ln::PaymentPreimage;
8313 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
8314 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
8315 use crate::util::logger::Logger;
8316 use crate::sync::Arc;
8318 // Test vectors from BOLT 3 Appendices C and F (anchors):
8319 let feeest = TestFeeEstimator{fee_est: 15000};
8320 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
8321 let secp_ctx = Secp256k1::new();
8323 let mut signer = InMemorySigner::new(
8325 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
8326 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
8327 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8328 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
8329 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8331 // These aren't set in the test vectors:
8332 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
8338 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
8339 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
8340 let keys_provider = Keys { signer: signer.clone() };
8342 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8343 let mut config = UserConfig::default();
8344 config.channel_handshake_config.announced_channel = false;
8345 let mut chan = OutboundV1Channel::<&Keys>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
8346 chan.context.holder_dust_limit_satoshis = 546;
8347 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
8349 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
8351 let counterparty_pubkeys = ChannelPublicKeys {
8352 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8353 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
8354 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
8355 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8356 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
8358 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
8359 CounterpartyChannelTransactionParameters {
8360 pubkeys: counterparty_pubkeys.clone(),
8361 selected_contest_delay: 144
8363 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
8364 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
8366 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
8367 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8369 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
8370 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
8372 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
8373 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8375 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
8376 // derived from a commitment_seed, so instead we copy it here and call
8377 // build_commitment_transaction.
8378 let delayed_payment_base = &chan.context.holder_signer.as_ref().pubkeys().delayed_payment_basepoint;
8379 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8380 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8381 let htlc_basepoint = &chan.context.holder_signer.as_ref().pubkeys().htlc_basepoint;
8382 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
8384 macro_rules! test_commitment {
8385 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8386 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8387 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
8391 macro_rules! test_commitment_with_anchors {
8392 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8393 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8394 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
8398 macro_rules! test_commitment_common {
8399 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
8400 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
8402 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
8403 let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
8405 let htlcs = commitment_stats.htlcs_included.drain(..)
8406 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
8408 (commitment_stats.tx, htlcs)
8410 let trusted_tx = commitment_tx.trust();
8411 let unsigned_tx = trusted_tx.built_transaction();
8412 let redeemscript = chan.context.get_funding_redeemscript();
8413 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
8414 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
8415 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
8416 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
8418 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
8419 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
8420 let mut counterparty_htlc_sigs = Vec::new();
8421 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
8423 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8424 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
8425 counterparty_htlc_sigs.push(remote_signature);
8427 assert_eq!(htlcs.len(), per_htlc.len());
8429 let holder_commitment_tx = HolderCommitmentTransaction::new(
8430 commitment_tx.clone(),
8431 counterparty_signature,
8432 counterparty_htlc_sigs,
8433 &chan.context.holder_signer.as_ref().pubkeys().funding_pubkey,
8434 chan.context.counterparty_funding_pubkey()
8436 let holder_sig = signer.sign_holder_commitment(&holder_commitment_tx, &secp_ctx).unwrap();
8437 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
8439 let funding_redeemscript = chan.context.get_funding_redeemscript();
8440 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
8441 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
8443 // ((htlc, counterparty_sig), (index, holder_sig))
8444 let mut htlc_counterparty_sig_iter = holder_commitment_tx.counterparty_htlc_sigs.iter();
8447 log_trace!(logger, "verifying htlc {}", $htlc_idx);
8448 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8450 let ref htlc = htlcs[$htlc_idx];
8451 let mut htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
8452 chan.context.get_counterparty_selected_contest_delay().unwrap(),
8453 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
8454 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
8455 let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
8456 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
8457 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
8459 let mut preimage: Option<PaymentPreimage> = None;
8462 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
8463 if out == htlc.payment_hash {
8464 preimage = Some(PaymentPreimage([i; 32]));
8468 assert!(preimage.is_some());
8471 let htlc_counterparty_sig = htlc_counterparty_sig_iter.next().unwrap();
8472 let htlc_holder_sig = signer.sign_holder_htlc_transaction(&htlc_tx, 0, &HTLCDescriptor {
8473 channel_derivation_parameters: ChannelDerivationParameters {
8474 value_satoshis: chan.context.channel_value_satoshis,
8475 keys_id: chan.context.channel_keys_id,
8476 transaction_parameters: chan.context.channel_transaction_parameters.clone(),
8478 commitment_txid: trusted_tx.txid(),
8479 per_commitment_number: trusted_tx.commitment_number(),
8480 per_commitment_point: trusted_tx.per_commitment_point(),
8481 feerate_per_kw: trusted_tx.feerate_per_kw(),
8483 preimage: preimage.clone(),
8484 counterparty_sig: *htlc_counterparty_sig,
8485 }, &secp_ctx).unwrap();
8486 let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
8487 assert_eq!(htlc.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
8489 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
8490 assert_eq!(signature, htlc_holder_sig, "htlc sig");
8491 let trusted_tx = holder_commitment_tx.trust();
8492 htlc_tx.input[0].witness = trusted_tx.build_htlc_input_witness($htlc_idx, htlc_counterparty_sig, &htlc_holder_sig, &preimage);
8493 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&htlc_tx)));
8494 assert_eq!(serialize(&htlc_tx)[..], hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
8496 assert!(htlc_counterparty_sig_iter.next().is_none());
8500 // anchors: simple commitment tx with no HTLCs and single anchor
8501 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
8502 "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
8503 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8505 // simple commitment tx with no HTLCs
8506 chan.context.value_to_self_msat = 7000000000;
8508 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
8509 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
8510 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8512 // anchors: simple commitment tx with no HTLCs
8513 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
8514 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
8515 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8517 chan.context.pending_inbound_htlcs.push({
8518 let mut out = InboundHTLCOutput{
8520 amount_msat: 1000000,
8522 payment_hash: PaymentHash([0; 32]),
8523 state: InboundHTLCState::Committed,
8525 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
8528 chan.context.pending_inbound_htlcs.push({
8529 let mut out = InboundHTLCOutput{
8531 amount_msat: 2000000,
8533 payment_hash: PaymentHash([0; 32]),
8534 state: InboundHTLCState::Committed,
8536 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8539 chan.context.pending_outbound_htlcs.push({
8540 let mut out = OutboundHTLCOutput{
8542 amount_msat: 2000000,
8544 payment_hash: PaymentHash([0; 32]),
8545 state: OutboundHTLCState::Committed,
8546 source: HTLCSource::dummy(),
8547 skimmed_fee_msat: None,
8549 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
8552 chan.context.pending_outbound_htlcs.push({
8553 let mut out = OutboundHTLCOutput{
8555 amount_msat: 3000000,
8557 payment_hash: PaymentHash([0; 32]),
8558 state: OutboundHTLCState::Committed,
8559 source: HTLCSource::dummy(),
8560 skimmed_fee_msat: None,
8562 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
8565 chan.context.pending_inbound_htlcs.push({
8566 let mut out = InboundHTLCOutput{
8568 amount_msat: 4000000,
8570 payment_hash: PaymentHash([0; 32]),
8571 state: InboundHTLCState::Committed,
8573 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
8577 // commitment tx with all five HTLCs untrimmed (minimum feerate)
8578 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8579 chan.context.feerate_per_kw = 0;
8581 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
8582 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
8583 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8586 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
8587 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
8588 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8591 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
8592 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
8593 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8596 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
8597 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
8598 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8601 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
8602 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
8603 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8606 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
8607 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
8608 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8611 // commitment tx with seven outputs untrimmed (maximum feerate)
8612 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8613 chan.context.feerate_per_kw = 647;
8615 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
8616 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
8617 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8620 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
8621 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
8622 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8625 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
8626 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
8627 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8630 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
8631 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
8632 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8635 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
8636 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
8637 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8640 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
8641 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
8642 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8645 // commitment tx with six outputs untrimmed (minimum feerate)
8646 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8647 chan.context.feerate_per_kw = 648;
8649 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
8650 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
8651 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8654 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
8655 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
8656 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8659 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
8660 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
8661 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8664 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
8665 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
8666 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8669 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
8670 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
8671 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8674 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
8675 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8676 chan.context.feerate_per_kw = 645;
8677 chan.context.holder_dust_limit_satoshis = 1001;
8679 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
8680 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
8681 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8684 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
8685 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
8686 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
8689 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
8690 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
8691 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8694 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
8695 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
8696 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8699 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
8700 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
8701 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8704 // commitment tx with six outputs untrimmed (maximum feerate)
8705 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8706 chan.context.feerate_per_kw = 2069;
8707 chan.context.holder_dust_limit_satoshis = 546;
8709 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
8710 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
8711 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8714 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
8715 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
8716 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8719 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
8720 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
8721 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8724 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
8725 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
8726 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8729 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
8730 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
8731 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8734 // commitment tx with five outputs untrimmed (minimum feerate)
8735 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8736 chan.context.feerate_per_kw = 2070;
8738 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
8739 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
8740 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8743 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
8744 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
8745 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8748 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
8749 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
8750 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8753 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
8754 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
8755 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8758 // commitment tx with five outputs untrimmed (maximum feerate)
8759 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8760 chan.context.feerate_per_kw = 2194;
8762 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
8763 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
8764 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8767 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
8768 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
8769 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8772 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
8773 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
8774 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8777 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
8778 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
8779 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8782 // commitment tx with four outputs untrimmed (minimum feerate)
8783 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8784 chan.context.feerate_per_kw = 2195;
8786 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
8787 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
8788 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8791 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
8792 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
8793 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8796 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
8797 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
8798 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8801 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
8802 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8803 chan.context.feerate_per_kw = 2185;
8804 chan.context.holder_dust_limit_satoshis = 2001;
8805 let cached_channel_type = chan.context.channel_type;
8806 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8808 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
8809 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
8810 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8813 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
8814 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
8815 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8818 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
8819 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
8820 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8823 // commitment tx with four outputs untrimmed (maximum feerate)
8824 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8825 chan.context.feerate_per_kw = 3702;
8826 chan.context.holder_dust_limit_satoshis = 546;
8827 chan.context.channel_type = cached_channel_type.clone();
8829 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
8830 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
8831 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8834 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
8835 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
8836 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8839 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
8840 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
8841 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8844 // commitment tx with three outputs untrimmed (minimum feerate)
8845 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8846 chan.context.feerate_per_kw = 3703;
8848 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
8849 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
8850 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8853 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
8854 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
8855 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8858 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
8859 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8860 chan.context.feerate_per_kw = 3687;
8861 chan.context.holder_dust_limit_satoshis = 3001;
8862 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8864 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
8865 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
8866 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8869 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
8870 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
8871 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8874 // commitment tx with three outputs untrimmed (maximum feerate)
8875 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8876 chan.context.feerate_per_kw = 4914;
8877 chan.context.holder_dust_limit_satoshis = 546;
8878 chan.context.channel_type = cached_channel_type.clone();
8880 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
8881 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
8882 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8885 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
8886 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
8887 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8890 // commitment tx with two outputs untrimmed (minimum feerate)
8891 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8892 chan.context.feerate_per_kw = 4915;
8893 chan.context.holder_dust_limit_satoshis = 546;
8895 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
8896 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
8897 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8899 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
8900 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8901 chan.context.feerate_per_kw = 4894;
8902 chan.context.holder_dust_limit_satoshis = 4001;
8903 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8905 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
8906 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
8907 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8909 // commitment tx with two outputs untrimmed (maximum feerate)
8910 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8911 chan.context.feerate_per_kw = 9651180;
8912 chan.context.holder_dust_limit_satoshis = 546;
8913 chan.context.channel_type = cached_channel_type.clone();
8915 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
8916 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
8917 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8919 // commitment tx with one output untrimmed (minimum feerate)
8920 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8921 chan.context.feerate_per_kw = 9651181;
8923 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8924 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8925 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8927 // anchors: commitment tx with one output untrimmed (minimum dust limit)
8928 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8929 chan.context.feerate_per_kw = 6216010;
8930 chan.context.holder_dust_limit_satoshis = 4001;
8931 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8933 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
8934 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
8935 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8937 // commitment tx with fee greater than funder amount
8938 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8939 chan.context.feerate_per_kw = 9651936;
8940 chan.context.holder_dust_limit_satoshis = 546;
8941 chan.context.channel_type = cached_channel_type;
8943 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8944 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8945 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8947 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
8948 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
8949 chan.context.feerate_per_kw = 253;
8950 chan.context.pending_inbound_htlcs.clear();
8951 chan.context.pending_inbound_htlcs.push({
8952 let mut out = InboundHTLCOutput{
8954 amount_msat: 2000000,
8956 payment_hash: PaymentHash([0; 32]),
8957 state: InboundHTLCState::Committed,
8959 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8962 chan.context.pending_outbound_htlcs.clear();
8963 chan.context.pending_outbound_htlcs.push({
8964 let mut out = OutboundHTLCOutput{
8966 amount_msat: 5000001,
8968 payment_hash: PaymentHash([0; 32]),
8969 state: OutboundHTLCState::Committed,
8970 source: HTLCSource::dummy(),
8971 skimmed_fee_msat: None,
8973 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8976 chan.context.pending_outbound_htlcs.push({
8977 let mut out = OutboundHTLCOutput{
8979 amount_msat: 5000000,
8981 payment_hash: PaymentHash([0; 32]),
8982 state: OutboundHTLCState::Committed,
8983 source: HTLCSource::dummy(),
8984 skimmed_fee_msat: None,
8986 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8990 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
8991 "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
8992 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8995 "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
8996 "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
8997 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8999 "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
9000 "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
9001 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
9003 "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
9004 "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
9005 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
9008 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
9009 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
9010 "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
9011 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
9014 "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
9015 "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
9016 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
9018 "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
9019 "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
9020 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
9022 "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
9023 "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
9024 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
9029 fn test_per_commitment_secret_gen() {
9030 // Test vectors from BOLT 3 Appendix D:
9032 let mut seed = [0; 32];
9033 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
9034 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
9035 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
9037 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
9038 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
9039 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
9041 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
9042 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
9044 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
9045 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
9047 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
9048 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
9049 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
9053 fn test_key_derivation() {
9054 // Test vectors from BOLT 3 Appendix E:
9055 let secp_ctx = Secp256k1::new();
9057 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
9058 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
9060 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
9061 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
9063 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
9064 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
9066 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
9067 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
9069 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
9070 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
9072 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
9073 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
9075 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
9076 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
9080 fn test_zero_conf_channel_type_support() {
9081 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9082 let secp_ctx = Secp256k1::new();
9083 let seed = [42; 32];
9084 let network = Network::Testnet;
9085 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9086 let logger = test_utils::TestLogger::new();
9088 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9089 let config = UserConfig::default();
9090 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
9091 node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
9093 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
9094 channel_type_features.set_zero_conf_required();
9096 let mut open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9097 open_channel_msg.channel_type = Some(channel_type_features);
9098 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9099 let res = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
9100 node_b_node_id, &channelmanager::provided_channel_type_features(&config),
9101 &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false);
9102 assert!(res.is_ok());
9106 fn test_supports_anchors_zero_htlc_tx_fee() {
9107 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
9108 // resulting `channel_type`.
9109 let secp_ctx = Secp256k1::new();
9110 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9111 let network = Network::Testnet;
9112 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9113 let logger = test_utils::TestLogger::new();
9115 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9116 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9118 let mut config = UserConfig::default();
9119 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
9121 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
9122 // need to signal it.
9123 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9124 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9125 &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
9128 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
9130 let mut expected_channel_type = ChannelTypeFeatures::empty();
9131 expected_channel_type.set_static_remote_key_required();
9132 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
9134 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9135 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9136 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9139 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9140 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9141 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9142 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
9143 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9146 assert_eq!(channel_a.context.channel_type, expected_channel_type);
9147 assert_eq!(channel_b.context.channel_type, expected_channel_type);
9151 fn test_rejects_implicit_simple_anchors() {
9152 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
9153 // each side's `InitFeatures`, it is rejected.
9154 let secp_ctx = Secp256k1::new();
9155 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9156 let network = Network::Testnet;
9157 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9158 let logger = test_utils::TestLogger::new();
9160 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9161 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9163 let config = UserConfig::default();
9165 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
9166 let static_remote_key_required: u64 = 1 << 12;
9167 let simple_anchors_required: u64 = 1 << 20;
9168 let raw_init_features = static_remote_key_required | simple_anchors_required;
9169 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
9171 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9172 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9173 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9176 // Set `channel_type` to `None` to force the implicit feature negotiation.
9177 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9178 open_channel_msg.channel_type = None;
9180 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
9181 // `static_remote_key`, it will fail the channel.
9182 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9183 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9184 &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
9185 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9187 assert!(channel_b.is_err());
9191 fn test_rejects_simple_anchors_channel_type() {
9192 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
9194 let secp_ctx = Secp256k1::new();
9195 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9196 let network = Network::Testnet;
9197 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9198 let logger = test_utils::TestLogger::new();
9200 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9201 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9203 let config = UserConfig::default();
9205 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
9206 let static_remote_key_required: u64 = 1 << 12;
9207 let simple_anchors_required: u64 = 1 << 20;
9208 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
9209 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9210 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9211 assert!(!simple_anchors_init.requires_unknown_bits());
9212 assert!(!simple_anchors_channel_type.requires_unknown_bits());
9214 // First, we'll try to open a channel between A and B where A requests a channel type for
9215 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
9216 // B as it's not supported by LDK.
9217 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9218 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9219 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9222 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9223 open_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9225 let res = InboundV1Channel::<&TestKeysInterface>::new(
9226 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9227 &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
9228 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9230 assert!(res.is_err());
9232 // Then, we'll try to open another channel where A requests a channel type for
9233 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
9234 // original `option_anchors` feature, which should be rejected by A as it's not supported by
9236 let mut channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9237 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
9238 10000000, 100000, 42, &config, 0, 42
9241 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9243 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9244 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9245 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
9246 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9249 let mut accept_channel_msg = channel_b.get_accept_channel_message();
9250 accept_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9252 let res = channel_a.accept_channel(
9253 &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
9255 assert!(res.is_err());
9259 fn test_waiting_for_batch() {
9260 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9261 let logger = test_utils::TestLogger::new();
9262 let secp_ctx = Secp256k1::new();
9263 let seed = [42; 32];
9264 let network = Network::Testnet;
9265 let best_block = BestBlock::from_network(network);
9266 let chain_hash = ChainHash::using_genesis_block(network);
9267 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9269 let mut config = UserConfig::default();
9270 // Set trust_own_funding_0conf while ensuring we don't send channel_ready for a
9271 // channel in a batch before all channels are ready.
9272 config.channel_handshake_limits.trust_own_funding_0conf = true;
9274 // Create a channel from node a to node b that will be part of batch funding.
9275 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9276 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(
9281 &channelmanager::provided_init_features(&config),
9290 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9291 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9292 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(
9297 &channelmanager::provided_channel_type_features(&config),
9298 &channelmanager::provided_init_features(&config),
9304 true, // Allow node b to send a 0conf channel_ready.
9307 let accept_channel_msg = node_b_chan.accept_inbound_channel();
9308 node_a_chan.accept_channel(
9309 &accept_channel_msg,
9310 &config.channel_handshake_limits,
9311 &channelmanager::provided_init_features(&config),
9314 // Fund the channel with a batch funding transaction.
9315 let output_script = node_a_chan.context.get_funding_redeemscript();
9316 let tx = Transaction {
9318 lock_time: PackedLockTime::ZERO,
9322 value: 10000000, script_pubkey: output_script.clone(),
9325 value: 10000000, script_pubkey: Builder::new().into_script(),
9328 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9329 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(
9334 ).map_err(|_| ()).unwrap();
9335 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(
9336 &funding_created_msg.unwrap(),
9340 ).map_err(|_| ()).unwrap();
9341 let node_b_updates = node_b_chan.monitor_updating_restored(
9349 // Receive funding_signed, but the channel will be configured to hold sending channel_ready and
9350 // broadcasting the funding transaction until the batch is ready.
9351 let _ = node_a_chan.funding_signed(
9352 &funding_signed_msg.unwrap(),
9357 let node_a_updates = node_a_chan.monitor_updating_restored(
9364 // Our channel_ready shouldn't be sent yet, even with trust_own_funding_0conf set,
9365 // as the funding transaction depends on all channels in the batch becoming ready.
9366 assert!(node_a_updates.channel_ready.is_none());
9367 assert!(node_a_updates.funding_broadcastable.is_none());
9369 node_a_chan.context.channel_state,
9370 ChannelState::FundingSent as u32 |
9371 ChannelState::WaitingForBatch as u32,
9374 // It is possible to receive a 0conf channel_ready from the remote node.
9375 node_a_chan.channel_ready(
9376 &node_b_updates.channel_ready.unwrap(),
9384 node_a_chan.context.channel_state,
9385 ChannelState::FundingSent as u32 |
9386 ChannelState::WaitingForBatch as u32 |
9387 ChannelState::TheirChannelReady as u32,
9390 // Clear the ChannelState::WaitingForBatch only when called by ChannelManager.
9391 node_a_chan.set_batch_ready();
9393 node_a_chan.context.channel_state,
9394 ChannelState::FundingSent as u32 |
9395 ChannelState::TheirChannelReady as u32,
9397 assert!(node_a_chan.check_get_channel_ready(0).is_some());