1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::constants::ChainHash;
11 use bitcoin::blockdata::script::{Script,Builder};
12 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
13 use bitcoin::util::sighash;
14 use bitcoin::consensus::encode;
16 use bitcoin::hashes::Hash;
17 use bitcoin::hashes::sha256::Hash as Sha256;
18 use bitcoin::hashes::sha256d::Hash as Sha256d;
19 use bitcoin::hash_types::{Txid, BlockHash};
21 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
22 use bitcoin::secp256k1::{PublicKey,SecretKey};
23 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
24 use bitcoin::secp256k1;
26 use crate::ln::{ChannelId, PaymentPreimage, PaymentHash};
27 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
29 use crate::ln::msgs::DecodeError;
30 use crate::ln::script::{self, ShutdownScript};
31 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
32 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
33 use crate::ln::chan_utils;
34 use crate::ln::onion_utils::HTLCFailReason;
35 use crate::chain::BestBlock;
36 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
37 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
38 use crate::chain::transaction::{OutPoint, TransactionData};
39 use crate::sign::{EcdsaChannelSigner, WriteableEcdsaChannelSigner, EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
40 use crate::events::ClosureReason;
41 use crate::routing::gossip::NodeId;
42 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
43 use crate::util::logger::Logger;
44 use crate::util::errors::APIError;
45 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
46 use crate::util::scid_utils::scid_from_parts;
49 use crate::prelude::*;
50 use core::{cmp,mem,fmt};
52 #[cfg(any(test, fuzzing, debug_assertions))]
53 use crate::sync::Mutex;
54 use bitcoin::hashes::hex::ToHex;
55 use crate::sign::type_resolver::ChannelSignerType;
58 pub struct ChannelValueStat {
59 pub value_to_self_msat: u64,
60 pub channel_value_msat: u64,
61 pub channel_reserve_msat: u64,
62 pub pending_outbound_htlcs_amount_msat: u64,
63 pub pending_inbound_htlcs_amount_msat: u64,
64 pub holding_cell_outbound_amount_msat: u64,
65 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
66 pub counterparty_dust_limit_msat: u64,
69 pub struct AvailableBalances {
70 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
71 pub balance_msat: u64,
72 /// Total amount available for our counterparty to send to us.
73 pub inbound_capacity_msat: u64,
74 /// Total amount available for us to send to our counterparty.
75 pub outbound_capacity_msat: u64,
76 /// The maximum value we can assign to the next outbound HTLC
77 pub next_outbound_htlc_limit_msat: u64,
78 /// The minimum value we can assign to the next outbound HTLC
79 pub next_outbound_htlc_minimum_msat: u64,
82 #[derive(Debug, Clone, Copy, PartialEq)]
84 // Inbound states mirroring InboundHTLCState
86 AwaitingRemoteRevokeToAnnounce,
87 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
88 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
89 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
90 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
91 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
93 // Outbound state can only be `LocalAnnounced` or `Committed`
97 enum InboundHTLCRemovalReason {
98 FailRelay(msgs::OnionErrorPacket),
99 FailMalformed(([u8; 32], u16)),
100 Fulfill(PaymentPreimage),
103 enum InboundHTLCState {
104 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
105 /// update_add_htlc message for this HTLC.
106 RemoteAnnounced(PendingHTLCStatus),
107 /// Included in a received commitment_signed message (implying we've
108 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
109 /// state (see the example below). We have not yet included this HTLC in a
110 /// commitment_signed message because we are waiting on the remote's
111 /// aforementioned state revocation. One reason this missing remote RAA
112 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
113 /// is because every time we create a new "state", i.e. every time we sign a
114 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
115 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
116 /// sent provided the per_commitment_point for our current commitment tx.
117 /// The other reason we should not send a commitment_signed without their RAA
118 /// is because their RAA serves to ACK our previous commitment_signed.
120 /// Here's an example of how an HTLC could come to be in this state:
121 /// remote --> update_add_htlc(prev_htlc) --> local
122 /// remote --> commitment_signed(prev_htlc) --> local
123 /// remote <-- revoke_and_ack <-- local
124 /// remote <-- commitment_signed(prev_htlc) <-- local
125 /// [note that here, the remote does not respond with a RAA]
126 /// remote --> update_add_htlc(this_htlc) --> local
127 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
128 /// Now `this_htlc` will be assigned this state. It's unable to be officially
129 /// accepted, i.e. included in a commitment_signed, because we're missing the
130 /// RAA that provides our next per_commitment_point. The per_commitment_point
131 /// is used to derive commitment keys, which are used to construct the
132 /// signatures in a commitment_signed message.
133 /// Implies AwaitingRemoteRevoke.
135 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
136 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
137 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
138 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
139 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
140 /// channel (before it can then get forwarded and/or removed).
141 /// Implies AwaitingRemoteRevoke.
142 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
144 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
145 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
147 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
148 /// commitment transaction without it as otherwise we'll have to force-close the channel to
149 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
150 /// anyway). That said, ChannelMonitor does this for us (see
151 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
152 /// our own local state before then, once we're sure that the next commitment_signed and
153 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
154 LocalRemoved(InboundHTLCRemovalReason),
157 struct InboundHTLCOutput {
161 payment_hash: PaymentHash,
162 state: InboundHTLCState,
165 enum OutboundHTLCState {
166 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
167 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
168 /// we will promote to Committed (note that they may not accept it until the next time we
169 /// revoke, but we don't really care about that:
170 /// * they've revoked, so worst case we can announce an old state and get our (option on)
171 /// money back (though we won't), and,
172 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
173 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
174 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
175 /// we'll never get out of sync).
176 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
177 /// OutboundHTLCOutput's size just for a temporary bit
178 LocalAnnounced(Box<msgs::OnionPacket>),
180 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
181 /// the change (though they'll need to revoke before we fail the payment).
182 RemoteRemoved(OutboundHTLCOutcome),
183 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
184 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
185 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
186 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
187 /// remote revoke_and_ack on a previous state before we can do so.
188 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
189 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
190 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
191 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
192 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
193 /// revoke_and_ack to drop completely.
194 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
198 enum OutboundHTLCOutcome {
199 /// LDK version 0.0.105+ will always fill in the preimage here.
200 Success(Option<PaymentPreimage>),
201 Failure(HTLCFailReason),
204 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
205 fn from(o: Option<HTLCFailReason>) -> Self {
207 None => OutboundHTLCOutcome::Success(None),
208 Some(r) => OutboundHTLCOutcome::Failure(r)
213 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
214 fn into(self) -> Option<&'a HTLCFailReason> {
216 OutboundHTLCOutcome::Success(_) => None,
217 OutboundHTLCOutcome::Failure(ref r) => Some(r)
222 struct OutboundHTLCOutput {
226 payment_hash: PaymentHash,
227 state: OutboundHTLCState,
229 skimmed_fee_msat: Option<u64>,
232 /// See AwaitingRemoteRevoke ChannelState for more info
233 enum HTLCUpdateAwaitingACK {
234 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
238 payment_hash: PaymentHash,
240 onion_routing_packet: msgs::OnionPacket,
241 // The extra fee we're skimming off the top of this HTLC.
242 skimmed_fee_msat: Option<u64>,
245 payment_preimage: PaymentPreimage,
250 err_packet: msgs::OnionErrorPacket,
254 /// There are a few "states" and then a number of flags which can be applied:
255 /// We first move through init with `OurInitSent` -> `TheirInitSent` -> `FundingCreated` -> `FundingSent`.
256 /// `TheirChannelReady` and `OurChannelReady` then get set on `FundingSent`, and when both are set we
257 /// move on to `ChannelReady`.
258 /// Note that `PeerDisconnected` can be set on both `ChannelReady` and `FundingSent`.
259 /// `ChannelReady` can then get all remaining flags set on it, until we finish shutdown, then we
260 /// move on to `ShutdownComplete`, at which point most calls into this channel are disallowed.
262 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
263 OurInitSent = 1 << 0,
264 /// Implies we have received their `open_channel`/`accept_channel` message
265 TheirInitSent = 1 << 1,
266 /// We have sent `funding_created` and are awaiting a `funding_signed` to advance to `FundingSent`.
267 /// Note that this is nonsense for an inbound channel as we immediately generate `funding_signed`
268 /// upon receipt of `funding_created`, so simply skip this state.
270 /// Set when we have received/sent `funding_created` and `funding_signed` and are thus now waiting
271 /// on the funding transaction to confirm. The `ChannelReady` flags are set to indicate when we
272 /// and our counterparty consider the funding transaction confirmed.
274 /// Flag which can be set on `FundingSent` to indicate they sent us a `channel_ready` message.
275 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
276 TheirChannelReady = 1 << 4,
277 /// Flag which can be set on `FundingSent` to indicate we sent them a `channel_ready` message.
278 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
279 OurChannelReady = 1 << 5,
281 /// Flag which is set on `ChannelReady` and `FundingSent` indicating remote side is considered
282 /// "disconnected" and no updates are allowed until after we've done a `channel_reestablish`
284 PeerDisconnected = 1 << 7,
285 /// Flag which is set on `ChannelReady`, FundingCreated, and `FundingSent` indicating the user has
286 /// told us a `ChannelMonitor` update is pending async persistence somewhere and we should pause
287 /// sending any outbound messages until they've managed to finish.
288 MonitorUpdateInProgress = 1 << 8,
289 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
290 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
291 /// messages as then we will be unable to determine which HTLCs they included in their
292 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
294 /// Flag is set on `ChannelReady`.
295 AwaitingRemoteRevoke = 1 << 9,
296 /// Flag which is set on `ChannelReady` or `FundingSent` after receiving a shutdown message from
297 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
298 /// to respond with our own shutdown message when possible.
299 RemoteShutdownSent = 1 << 10,
300 /// Flag which is set on `ChannelReady` or `FundingSent` after sending a shutdown message. At this
301 /// point, we may not add any new HTLCs to the channel.
302 LocalShutdownSent = 1 << 11,
303 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
304 /// to drop us, but we store this anyway.
305 ShutdownComplete = 4096,
306 /// Flag which is set on `FundingSent` to indicate this channel is funded in a batch and the
307 /// broadcasting of the funding transaction is being held until all channels in the batch
308 /// have received funding_signed and have their monitors persisted.
309 WaitingForBatch = 1 << 13,
311 const BOTH_SIDES_SHUTDOWN_MASK: u32 =
312 ChannelState::LocalShutdownSent as u32 |
313 ChannelState::RemoteShutdownSent as u32;
314 const MULTI_STATE_FLAGS: u32 =
315 BOTH_SIDES_SHUTDOWN_MASK |
316 ChannelState::PeerDisconnected as u32 |
317 ChannelState::MonitorUpdateInProgress as u32;
318 const STATE_FLAGS: u32 =
320 ChannelState::TheirChannelReady as u32 |
321 ChannelState::OurChannelReady as u32 |
322 ChannelState::AwaitingRemoteRevoke as u32 |
323 ChannelState::WaitingForBatch as u32;
325 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
327 pub const DEFAULT_MAX_HTLCS: u16 = 50;
329 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
330 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
331 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
332 if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
336 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
338 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
340 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
342 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
343 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
344 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
345 /// `holder_max_htlc_value_in_flight_msat`.
346 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
348 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
349 /// `option_support_large_channel` (aka wumbo channels) is not supported.
351 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
353 /// Total bitcoin supply in satoshis.
354 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
356 /// The maximum network dust limit for standard script formats. This currently represents the
357 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
358 /// transaction non-standard and thus refuses to relay it.
359 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
360 /// implementations use this value for their dust limit today.
361 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
363 /// The maximum channel dust limit we will accept from our counterparty.
364 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
366 /// The dust limit is used for both the commitment transaction outputs as well as the closing
367 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
368 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
369 /// In order to avoid having to concern ourselves with standardness during the closing process, we
370 /// simply require our counterparty to use a dust limit which will leave any segwit output
372 /// See <https://github.com/lightning/bolts/issues/905> for more details.
373 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
375 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
376 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
378 /// Used to return a simple Error back to ChannelManager. Will get converted to a
379 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
380 /// channel_id in ChannelManager.
381 pub(super) enum ChannelError {
387 impl fmt::Debug for ChannelError {
388 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
390 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
391 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
392 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
397 impl fmt::Display for ChannelError {
398 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
400 &ChannelError::Ignore(ref e) => write!(f, "{}", e),
401 &ChannelError::Warn(ref e) => write!(f, "{}", e),
402 &ChannelError::Close(ref e) => write!(f, "{}", e),
407 macro_rules! secp_check {
408 ($res: expr, $err: expr) => {
411 Err(_) => return Err(ChannelError::Close($err)),
416 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
417 /// our counterparty or not. However, we don't want to announce updates right away to avoid
418 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
419 /// our channel_update message and track the current state here.
420 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
421 #[derive(Clone, Copy, PartialEq)]
422 pub(super) enum ChannelUpdateStatus {
423 /// We've announced the channel as enabled and are connected to our peer.
425 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
427 /// Our channel is live again, but we haven't announced the channel as enabled yet.
429 /// We've announced the channel as disabled.
433 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
435 pub enum AnnouncementSigsState {
436 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
437 /// we sent the last `AnnouncementSignatures`.
439 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
440 /// This state never appears on disk - instead we write `NotSent`.
442 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
443 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
444 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
445 /// they send back a `RevokeAndACK`.
446 /// This state never appears on disk - instead we write `NotSent`.
448 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
449 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
453 /// An enum indicating whether the local or remote side offered a given HTLC.
459 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
462 pending_htlcs_value_msat: u64,
463 on_counterparty_tx_dust_exposure_msat: u64,
464 on_holder_tx_dust_exposure_msat: u64,
465 holding_cell_msat: u64,
466 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
469 /// An enum gathering stats on commitment transaction, either local or remote.
470 struct CommitmentStats<'a> {
471 tx: CommitmentTransaction, // the transaction info
472 feerate_per_kw: u32, // the feerate included to build the transaction
473 total_fee_sat: u64, // the total fee included in the transaction
474 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
475 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
476 local_balance_msat: u64, // local balance before fees but considering dust limits
477 remote_balance_msat: u64, // remote balance before fees but considering dust limits
478 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
481 /// Used when calculating whether we or the remote can afford an additional HTLC.
482 struct HTLCCandidate {
484 origin: HTLCInitiator,
488 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
496 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
498 enum UpdateFulfillFetch {
500 monitor_update: ChannelMonitorUpdate,
501 htlc_value_msat: u64,
502 msg: Option<msgs::UpdateFulfillHTLC>,
507 /// The return type of get_update_fulfill_htlc_and_commit.
508 pub enum UpdateFulfillCommitFetch {
509 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
510 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
511 /// previously placed in the holding cell (and has since been removed).
513 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
514 monitor_update: ChannelMonitorUpdate,
515 /// The value of the HTLC which was claimed, in msat.
516 htlc_value_msat: u64,
518 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
519 /// or has been forgotten (presumably previously claimed).
523 /// The return value of `monitor_updating_restored`
524 pub(super) struct MonitorRestoreUpdates {
525 pub raa: Option<msgs::RevokeAndACK>,
526 pub commitment_update: Option<msgs::CommitmentUpdate>,
527 pub order: RAACommitmentOrder,
528 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
529 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
530 pub finalized_claimed_htlcs: Vec<HTLCSource>,
531 pub funding_broadcastable: Option<Transaction>,
532 pub channel_ready: Option<msgs::ChannelReady>,
533 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
536 /// The return value of `signer_maybe_unblocked`
538 pub(super) struct SignerResumeUpdates {
539 pub commitment_update: Option<msgs::CommitmentUpdate>,
540 pub funding_signed: Option<msgs::FundingSigned>,
541 pub funding_created: Option<msgs::FundingCreated>,
544 /// The return value of `channel_reestablish`
545 pub(super) struct ReestablishResponses {
546 pub channel_ready: Option<msgs::ChannelReady>,
547 pub raa: Option<msgs::RevokeAndACK>,
548 pub commitment_update: Option<msgs::CommitmentUpdate>,
549 pub order: RAACommitmentOrder,
550 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
551 pub shutdown_msg: Option<msgs::Shutdown>,
554 /// The return type of `force_shutdown`
556 /// Contains a tuple with the following:
557 /// - An optional (counterparty_node_id, funding_txo, [`ChannelMonitorUpdate`]) tuple
558 /// - A list of HTLCs to fail back in the form of the (source, payment hash, and this channel's
559 /// counterparty_node_id and channel_id).
560 /// - An optional transaction id identifying a corresponding batch funding transaction.
561 pub(crate) type ShutdownResult = (
562 Option<(PublicKey, OutPoint, ChannelMonitorUpdate)>,
563 Vec<(HTLCSource, PaymentHash, PublicKey, ChannelId)>,
567 /// If the majority of the channels funds are to the fundee and the initiator holds only just
568 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
569 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
570 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
571 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
572 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
573 /// by this multiple without hitting this case, before sending.
574 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
575 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
576 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
577 /// leave the channel less usable as we hold a bigger reserve.
578 #[cfg(any(fuzzing, test))]
579 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
580 #[cfg(not(any(fuzzing, test)))]
581 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
583 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
584 /// channel creation on an inbound channel, we simply force-close and move on.
585 /// This constant is the one suggested in BOLT 2.
586 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
588 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
589 /// not have enough balance value remaining to cover the onchain cost of this new
590 /// HTLC weight. If this happens, our counterparty fails the reception of our
591 /// commitment_signed including this new HTLC due to infringement on the channel
593 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
594 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
595 /// leads to a channel force-close. Ultimately, this is an issue coming from the
596 /// design of LN state machines, allowing asynchronous updates.
597 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
599 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
600 /// commitment transaction fees, with at least this many HTLCs present on the commitment
601 /// transaction (not counting the value of the HTLCs themselves).
602 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
604 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
605 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
606 /// ChannelUpdate prompted by the config update. This value was determined as follows:
608 /// * The expected interval between ticks (1 minute).
609 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
610 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
611 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
612 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
614 /// The number of ticks that may elapse while we're waiting for a response to a
615 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
618 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
619 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
621 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
622 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
623 /// exceeding this age limit will be force-closed and purged from memory.
624 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
626 /// Number of blocks needed for an output from a coinbase transaction to be spendable.
627 pub(crate) const COINBASE_MATURITY: u32 = 100;
629 struct PendingChannelMonitorUpdate {
630 update: ChannelMonitorUpdate,
633 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
634 (0, update, required),
637 /// The `ChannelPhase` enum describes the current phase in life of a lightning channel with each of
638 /// its variants containing an appropriate channel struct.
639 pub(super) enum ChannelPhase<SP: Deref> where SP::Target: SignerProvider {
640 UnfundedOutboundV1(OutboundV1Channel<SP>),
641 UnfundedInboundV1(InboundV1Channel<SP>),
645 impl<'a, SP: Deref> ChannelPhase<SP> where
646 SP::Target: SignerProvider,
647 <SP::Target as SignerProvider>::Signer: ChannelSigner,
649 pub fn context(&'a self) -> &'a ChannelContext<SP> {
651 ChannelPhase::Funded(chan) => &chan.context,
652 ChannelPhase::UnfundedOutboundV1(chan) => &chan.context,
653 ChannelPhase::UnfundedInboundV1(chan) => &chan.context,
657 pub fn context_mut(&'a mut self) -> &'a mut ChannelContext<SP> {
659 ChannelPhase::Funded(ref mut chan) => &mut chan.context,
660 ChannelPhase::UnfundedOutboundV1(ref mut chan) => &mut chan.context,
661 ChannelPhase::UnfundedInboundV1(ref mut chan) => &mut chan.context,
666 /// Contains all state common to unfunded inbound/outbound channels.
667 pub(super) struct UnfundedChannelContext {
668 /// A counter tracking how many ticks have elapsed since this unfunded channel was
669 /// created. If this unfunded channel reaches peer has yet to respond after reaching
670 /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
672 /// This is so that we don't keep channels around that haven't progressed to a funded state
673 /// in a timely manner.
674 unfunded_channel_age_ticks: usize,
677 impl UnfundedChannelContext {
678 /// Determines whether we should force-close and purge this unfunded channel from memory due to it
679 /// having reached the unfunded channel age limit.
681 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
682 pub fn should_expire_unfunded_channel(&mut self) -> bool {
683 self.unfunded_channel_age_ticks += 1;
684 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
688 /// Contains everything about the channel including state, and various flags.
689 pub(super) struct ChannelContext<SP: Deref> where SP::Target: SignerProvider {
690 config: LegacyChannelConfig,
692 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
693 // constructed using it. The second element in the tuple corresponds to the number of ticks that
694 // have elapsed since the update occurred.
695 prev_config: Option<(ChannelConfig, usize)>,
697 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
701 /// The current channel ID.
702 channel_id: ChannelId,
703 /// The temporary channel ID used during channel setup. Value kept even after transitioning to a final channel ID.
704 /// Will be `None` for channels created prior to 0.0.115.
705 temporary_channel_id: Option<ChannelId>,
708 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
709 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
711 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
712 // Note that a number of our tests were written prior to the behavior here which retransmits
713 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
715 #[cfg(any(test, feature = "_test_utils"))]
716 pub(crate) announcement_sigs_state: AnnouncementSigsState,
717 #[cfg(not(any(test, feature = "_test_utils")))]
718 announcement_sigs_state: AnnouncementSigsState,
720 secp_ctx: Secp256k1<secp256k1::All>,
721 channel_value_satoshis: u64,
723 latest_monitor_update_id: u64,
725 holder_signer: ChannelSignerType<<SP::Target as SignerProvider>::Signer>,
726 shutdown_scriptpubkey: Option<ShutdownScript>,
727 destination_script: Script,
729 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
730 // generation start at 0 and count up...this simplifies some parts of implementation at the
731 // cost of others, but should really just be changed.
733 cur_holder_commitment_transaction_number: u64,
734 cur_counterparty_commitment_transaction_number: u64,
735 value_to_self_msat: u64, // Excluding all pending_htlcs, fees, and anchor outputs
736 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
737 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
738 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
740 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
741 /// need to ensure we resend them in the order we originally generated them. Note that because
742 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
743 /// sufficient to simply set this to the opposite of any message we are generating as we
744 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
745 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
747 resend_order: RAACommitmentOrder,
749 monitor_pending_channel_ready: bool,
750 monitor_pending_revoke_and_ack: bool,
751 monitor_pending_commitment_signed: bool,
753 // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
754 // responsible for some of the HTLCs here or not - we don't know whether the update in question
755 // completed or not. We currently ignore these fields entirely when force-closing a channel,
756 // but need to handle this somehow or we run the risk of losing HTLCs!
757 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
758 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
759 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
761 /// If we went to send a commitment update (ie some messages then [`msgs::CommitmentSigned`])
762 /// but our signer (initially) refused to give us a signature, we should retry at some point in
763 /// the future when the signer indicates it may have a signature for us.
765 /// This flag is set in such a case. Note that we don't need to persist this as we'll end up
766 /// setting it again as a side-effect of [`Channel::channel_reestablish`].
767 signer_pending_commitment_update: bool,
768 /// Similar to [`Self::signer_pending_commitment_update`] but we're waiting to send either a
769 /// [`msgs::FundingCreated`] or [`msgs::FundingSigned`] depending on if this channel is
770 /// outbound or inbound.
771 signer_pending_funding: bool,
773 // pending_update_fee is filled when sending and receiving update_fee.
775 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
776 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
777 // generating new commitment transactions with exactly the same criteria as inbound/outbound
778 // HTLCs with similar state.
779 pending_update_fee: Option<(u32, FeeUpdateState)>,
780 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
781 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
782 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
783 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
784 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
785 holding_cell_update_fee: Option<u32>,
786 next_holder_htlc_id: u64,
787 next_counterparty_htlc_id: u64,
790 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
791 /// when the channel is updated in ways which may impact the `channel_update` message or when a
792 /// new block is received, ensuring it's always at least moderately close to the current real
794 update_time_counter: u32,
796 #[cfg(debug_assertions)]
797 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
798 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
799 #[cfg(debug_assertions)]
800 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
801 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
803 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
804 target_closing_feerate_sats_per_kw: Option<u32>,
806 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
807 /// update, we need to delay processing it until later. We do that here by simply storing the
808 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
809 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
811 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
812 /// transaction. These are set once we reach `closing_negotiation_ready`.
814 pub(crate) closing_fee_limits: Option<(u64, u64)>,
816 closing_fee_limits: Option<(u64, u64)>,
818 /// The hash of the block in which the funding transaction was included.
819 funding_tx_confirmed_in: Option<BlockHash>,
820 funding_tx_confirmation_height: u32,
821 short_channel_id: Option<u64>,
822 /// Either the height at which this channel was created or the height at which it was last
823 /// serialized if it was serialized by versions prior to 0.0.103.
824 /// We use this to close if funding is never broadcasted.
825 channel_creation_height: u32,
827 counterparty_dust_limit_satoshis: u64,
830 pub(super) holder_dust_limit_satoshis: u64,
832 holder_dust_limit_satoshis: u64,
835 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
837 counterparty_max_htlc_value_in_flight_msat: u64,
840 pub(super) holder_max_htlc_value_in_flight_msat: u64,
842 holder_max_htlc_value_in_flight_msat: u64,
844 /// minimum channel reserve for self to maintain - set by them.
845 counterparty_selected_channel_reserve_satoshis: Option<u64>,
848 pub(super) holder_selected_channel_reserve_satoshis: u64,
850 holder_selected_channel_reserve_satoshis: u64,
852 counterparty_htlc_minimum_msat: u64,
853 holder_htlc_minimum_msat: u64,
855 pub counterparty_max_accepted_htlcs: u16,
857 counterparty_max_accepted_htlcs: u16,
858 holder_max_accepted_htlcs: u16,
859 minimum_depth: Option<u32>,
861 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
863 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
864 funding_transaction: Option<Transaction>,
865 is_batch_funding: Option<()>,
867 counterparty_cur_commitment_point: Option<PublicKey>,
868 counterparty_prev_commitment_point: Option<PublicKey>,
869 counterparty_node_id: PublicKey,
871 counterparty_shutdown_scriptpubkey: Option<Script>,
873 commitment_secrets: CounterpartyCommitmentSecrets,
875 channel_update_status: ChannelUpdateStatus,
876 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
877 /// not complete within a single timer tick (one minute), we should force-close the channel.
878 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
880 /// Note that this field is reset to false on deserialization to give us a chance to connect to
881 /// our peer and start the closing_signed negotiation fresh.
882 closing_signed_in_flight: bool,
884 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
885 /// This can be used to rebroadcast the channel_announcement message later.
886 announcement_sigs: Option<(Signature, Signature)>,
888 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
889 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
890 // be, by comparing the cached values to the fee of the tranaction generated by
891 // `build_commitment_transaction`.
892 #[cfg(any(test, fuzzing))]
893 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
894 #[cfg(any(test, fuzzing))]
895 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
897 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
898 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
899 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
900 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
901 /// message until we receive a channel_reestablish.
903 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
904 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
906 /// An option set when we wish to track how many ticks have elapsed while waiting for a response
907 /// from our counterparty after sending a message. If the peer has yet to respond after reaching
908 /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
909 /// unblock the state machine.
911 /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
912 /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
913 /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
915 /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
916 /// [`msgs::RevokeAndACK`] message from the counterparty.
917 sent_message_awaiting_response: Option<usize>,
919 #[cfg(any(test, fuzzing))]
920 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
921 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
922 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
923 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
924 // is fine, but as a sanity check in our failure to generate the second claim, we check here
925 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
926 historical_inbound_htlc_fulfills: HashSet<u64>,
928 /// This channel's type, as negotiated during channel open
929 channel_type: ChannelTypeFeatures,
931 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
932 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
933 // the channel's funding UTXO.
935 // We also use this when sending our peer a channel_update that isn't to be broadcasted
936 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
937 // associated channel mapping.
939 // We only bother storing the most recent SCID alias at any time, though our counterparty has
940 // to store all of them.
941 latest_inbound_scid_alias: Option<u64>,
943 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
944 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
945 // don't currently support node id aliases and eventually privacy should be provided with
946 // blinded paths instead of simple scid+node_id aliases.
947 outbound_scid_alias: u64,
949 // We track whether we already emitted a `ChannelPending` event.
950 channel_pending_event_emitted: bool,
952 // We track whether we already emitted a `ChannelReady` event.
953 channel_ready_event_emitted: bool,
955 /// The unique identifier used to re-derive the private key material for the channel through
956 /// [`SignerProvider::derive_channel_signer`].
957 channel_keys_id: [u8; 32],
959 /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
960 /// store it here and only release it to the `ChannelManager` once it asks for it.
961 blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
964 impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
965 /// Allowed in any state (including after shutdown)
966 pub fn get_update_time_counter(&self) -> u32 {
967 self.update_time_counter
970 pub fn get_latest_monitor_update_id(&self) -> u64 {
971 self.latest_monitor_update_id
974 pub fn should_announce(&self) -> bool {
975 self.config.announced_channel
978 pub fn is_outbound(&self) -> bool {
979 self.channel_transaction_parameters.is_outbound_from_holder
982 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
983 /// Allowed in any state (including after shutdown)
984 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
985 self.config.options.forwarding_fee_base_msat
988 /// Returns true if we've ever received a message from the remote end for this Channel
989 pub fn have_received_message(&self) -> bool {
990 self.channel_state & !STATE_FLAGS > (ChannelState::OurInitSent as u32)
993 /// Returns true if this channel is fully established and not known to be closing.
994 /// Allowed in any state (including after shutdown)
995 pub fn is_usable(&self) -> bool {
996 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
997 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
1000 /// shutdown state returns the state of the channel in its various stages of shutdown
1001 pub fn shutdown_state(&self) -> ChannelShutdownState {
1002 if self.channel_state & (ChannelState::ShutdownComplete as u32) != 0 {
1003 return ChannelShutdownState::ShutdownComplete;
1005 if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 && self.channel_state & (ChannelState::RemoteShutdownSent as u32) == 0 {
1006 return ChannelShutdownState::ShutdownInitiated;
1008 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && !self.closing_negotiation_ready() {
1009 return ChannelShutdownState::ResolvingHTLCs;
1011 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && self.closing_negotiation_ready() {
1012 return ChannelShutdownState::NegotiatingClosingFee;
1014 return ChannelShutdownState::NotShuttingDown;
1017 fn closing_negotiation_ready(&self) -> bool {
1018 self.pending_inbound_htlcs.is_empty() &&
1019 self.pending_outbound_htlcs.is_empty() &&
1020 self.pending_update_fee.is_none() &&
1021 self.channel_state &
1022 (BOTH_SIDES_SHUTDOWN_MASK |
1023 ChannelState::AwaitingRemoteRevoke as u32 |
1024 ChannelState::PeerDisconnected as u32 |
1025 ChannelState::MonitorUpdateInProgress as u32) == BOTH_SIDES_SHUTDOWN_MASK
1028 /// Returns true if this channel is currently available for use. This is a superset of
1029 /// is_usable() and considers things like the channel being temporarily disabled.
1030 /// Allowed in any state (including after shutdown)
1031 pub fn is_live(&self) -> bool {
1032 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
1035 // Public utilities:
1037 pub fn channel_id(&self) -> ChannelId {
1041 // Return the `temporary_channel_id` used during channel establishment.
1043 // Will return `None` for channels created prior to LDK version 0.0.115.
1044 pub fn temporary_channel_id(&self) -> Option<ChannelId> {
1045 self.temporary_channel_id
1048 pub fn minimum_depth(&self) -> Option<u32> {
1052 /// Gets the "user_id" value passed into the construction of this channel. It has no special
1053 /// meaning and exists only to allow users to have a persistent identifier of a channel.
1054 pub fn get_user_id(&self) -> u128 {
1058 /// Gets the channel's type
1059 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
1063 /// Gets the channel's `short_channel_id`.
1065 /// Will return `None` if the channel hasn't been confirmed yet.
1066 pub fn get_short_channel_id(&self) -> Option<u64> {
1067 self.short_channel_id
1070 /// Allowed in any state (including after shutdown)
1071 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
1072 self.latest_inbound_scid_alias
1075 /// Allowed in any state (including after shutdown)
1076 pub fn outbound_scid_alias(&self) -> u64 {
1077 self.outbound_scid_alias
1080 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
1081 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases
1082 /// or prior to any channel actions during `Channel` initialization.
1083 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
1084 debug_assert_eq!(self.outbound_scid_alias, 0);
1085 self.outbound_scid_alias = outbound_scid_alias;
1088 /// Returns the funding_txo we either got from our peer, or were given by
1089 /// get_funding_created.
1090 pub fn get_funding_txo(&self) -> Option<OutPoint> {
1091 self.channel_transaction_parameters.funding_outpoint
1094 /// Returns the block hash in which our funding transaction was confirmed.
1095 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
1096 self.funding_tx_confirmed_in
1099 /// Returns the current number of confirmations on the funding transaction.
1100 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
1101 if self.funding_tx_confirmation_height == 0 {
1102 // We either haven't seen any confirmation yet, or observed a reorg.
1106 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
1109 fn get_holder_selected_contest_delay(&self) -> u16 {
1110 self.channel_transaction_parameters.holder_selected_contest_delay
1113 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
1114 &self.channel_transaction_parameters.holder_pubkeys
1117 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
1118 self.channel_transaction_parameters.counterparty_parameters
1119 .as_ref().map(|params| params.selected_contest_delay)
1122 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
1123 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
1126 /// Allowed in any state (including after shutdown)
1127 pub fn get_counterparty_node_id(&self) -> PublicKey {
1128 self.counterparty_node_id
1131 /// Allowed in any state (including after shutdown)
1132 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
1133 self.holder_htlc_minimum_msat
1136 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1137 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
1138 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
1141 /// Allowed in any state (including after shutdown)
1142 pub fn get_announced_htlc_max_msat(&self) -> u64 {
1144 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
1145 // to use full capacity. This is an effort to reduce routing failures, because in many cases
1146 // channel might have been used to route very small values (either by honest users or as DoS).
1147 self.channel_value_satoshis * 1000 * 9 / 10,
1149 self.counterparty_max_htlc_value_in_flight_msat
1153 /// Allowed in any state (including after shutdown)
1154 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
1155 self.counterparty_htlc_minimum_msat
1158 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1159 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
1160 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
1163 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
1164 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
1165 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
1167 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
1168 party_max_htlc_value_in_flight_msat
1173 pub fn get_value_satoshis(&self) -> u64 {
1174 self.channel_value_satoshis
1177 pub fn get_fee_proportional_millionths(&self) -> u32 {
1178 self.config.options.forwarding_fee_proportional_millionths
1181 pub fn get_cltv_expiry_delta(&self) -> u16 {
1182 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
1185 pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
1186 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
1187 where F::Target: FeeEstimator
1189 match self.config.options.max_dust_htlc_exposure {
1190 MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
1191 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
1192 ConfirmationTarget::OnChainSweep);
1193 feerate_per_kw as u64 * multiplier
1195 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
1199 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
1200 pub fn prev_config(&self) -> Option<ChannelConfig> {
1201 self.prev_config.map(|prev_config| prev_config.0)
1204 // Checks whether we should emit a `ChannelPending` event.
1205 pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
1206 self.is_funding_broadcast() && !self.channel_pending_event_emitted
1209 // Returns whether we already emitted a `ChannelPending` event.
1210 pub(crate) fn channel_pending_event_emitted(&self) -> bool {
1211 self.channel_pending_event_emitted
1214 // Remembers that we already emitted a `ChannelPending` event.
1215 pub(crate) fn set_channel_pending_event_emitted(&mut self) {
1216 self.channel_pending_event_emitted = true;
1219 // Checks whether we should emit a `ChannelReady` event.
1220 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
1221 self.is_usable() && !self.channel_ready_event_emitted
1224 // Remembers that we already emitted a `ChannelReady` event.
1225 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
1226 self.channel_ready_event_emitted = true;
1229 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
1230 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
1231 /// no longer be considered when forwarding HTLCs.
1232 pub fn maybe_expire_prev_config(&mut self) {
1233 if self.prev_config.is_none() {
1236 let prev_config = self.prev_config.as_mut().unwrap();
1238 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
1239 self.prev_config = None;
1243 /// Returns the current [`ChannelConfig`] applied to the channel.
1244 pub fn config(&self) -> ChannelConfig {
1248 /// Updates the channel's config. A bool is returned indicating whether the config update
1249 /// applied resulted in a new ChannelUpdate message.
1250 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
1251 let did_channel_update =
1252 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
1253 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
1254 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
1255 if did_channel_update {
1256 self.prev_config = Some((self.config.options, 0));
1257 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
1258 // policy change to propagate throughout the network.
1259 self.update_time_counter += 1;
1261 self.config.options = *config;
1265 /// Returns true if funding_signed was sent/received and the
1266 /// funding transaction has been broadcast if necessary.
1267 pub fn is_funding_broadcast(&self) -> bool {
1268 self.channel_state & !STATE_FLAGS >= ChannelState::FundingSent as u32 &&
1269 self.channel_state & ChannelState::WaitingForBatch as u32 == 0
1272 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1273 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1274 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1275 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1276 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1278 /// @local is used only to convert relevant internal structures which refer to remote vs local
1279 /// to decide value of outputs and direction of HTLCs.
1280 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1281 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1282 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1283 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1284 /// which peer generated this transaction and "to whom" this transaction flows.
1286 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1287 where L::Target: Logger
1289 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1290 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1291 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1293 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1294 let mut remote_htlc_total_msat = 0;
1295 let mut local_htlc_total_msat = 0;
1296 let mut value_to_self_msat_offset = 0;
1298 let mut feerate_per_kw = self.feerate_per_kw;
1299 if let Some((feerate, update_state)) = self.pending_update_fee {
1300 if match update_state {
1301 // Note that these match the inclusion criteria when scanning
1302 // pending_inbound_htlcs below.
1303 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1304 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1305 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1307 feerate_per_kw = feerate;
1311 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1312 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1313 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1315 if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1317 macro_rules! get_htlc_in_commitment {
1318 ($htlc: expr, $offered: expr) => {
1319 HTLCOutputInCommitment {
1321 amount_msat: $htlc.amount_msat,
1322 cltv_expiry: $htlc.cltv_expiry,
1323 payment_hash: $htlc.payment_hash,
1324 transaction_output_index: None
1329 macro_rules! add_htlc_output {
1330 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1331 if $outbound == local { // "offered HTLC output"
1332 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1333 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1336 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
1338 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1339 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1340 included_non_dust_htlcs.push((htlc_in_tx, $source));
1342 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1343 included_dust_htlcs.push((htlc_in_tx, $source));
1346 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1347 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1350 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
1352 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1353 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1354 included_non_dust_htlcs.push((htlc_in_tx, $source));
1356 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1357 included_dust_htlcs.push((htlc_in_tx, $source));
1363 for ref htlc in self.pending_inbound_htlcs.iter() {
1364 let (include, state_name) = match htlc.state {
1365 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1366 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1367 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1368 InboundHTLCState::Committed => (true, "Committed"),
1369 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1373 add_htlc_output!(htlc, false, None, state_name);
1374 remote_htlc_total_msat += htlc.amount_msat;
1376 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1378 &InboundHTLCState::LocalRemoved(ref reason) => {
1379 if generated_by_local {
1380 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1381 value_to_self_msat_offset += htlc.amount_msat as i64;
1390 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1392 for ref htlc in self.pending_outbound_htlcs.iter() {
1393 let (include, state_name) = match htlc.state {
1394 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1395 OutboundHTLCState::Committed => (true, "Committed"),
1396 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1397 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1398 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1401 let preimage_opt = match htlc.state {
1402 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1403 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1404 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1408 if let Some(preimage) = preimage_opt {
1409 preimages.push(preimage);
1413 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1414 local_htlc_total_msat += htlc.amount_msat;
1416 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1418 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1419 value_to_self_msat_offset -= htlc.amount_msat as i64;
1421 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1422 if !generated_by_local {
1423 value_to_self_msat_offset -= htlc.amount_msat as i64;
1431 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1432 assert!(value_to_self_msat >= 0);
1433 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1434 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1435 // "violate" their reserve value by couting those against it. Thus, we have to convert
1436 // everything to i64 before subtracting as otherwise we can overflow.
1437 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1438 assert!(value_to_remote_msat >= 0);
1440 #[cfg(debug_assertions)]
1442 // Make sure that the to_self/to_remote is always either past the appropriate
1443 // channel_reserve *or* it is making progress towards it.
1444 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1445 self.holder_max_commitment_tx_output.lock().unwrap()
1447 self.counterparty_max_commitment_tx_output.lock().unwrap()
1449 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1450 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1451 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1452 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1455 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
1456 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1457 let (value_to_self, value_to_remote) = if self.is_outbound() {
1458 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1460 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1463 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1464 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1465 let (funding_pubkey_a, funding_pubkey_b) = if local {
1466 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1468 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1471 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1472 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1477 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1478 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1483 let num_nondust_htlcs = included_non_dust_htlcs.len();
1485 let channel_parameters =
1486 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1487 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1488 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1495 &mut included_non_dust_htlcs,
1498 let mut htlcs_included = included_non_dust_htlcs;
1499 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1500 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1501 htlcs_included.append(&mut included_dust_htlcs);
1503 // For the stats, trimmed-to-0 the value in msats accordingly
1504 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1505 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1513 local_balance_msat: value_to_self_msat as u64,
1514 remote_balance_msat: value_to_remote_msat as u64,
1520 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1521 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1522 /// our counterparty!)
1523 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1524 /// TODO Some magic rust shit to compile-time check this?
1525 fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
1526 let per_commitment_point = self.holder_signer.as_ref().get_per_commitment_point(commitment_number, &self.secp_ctx);
1527 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1528 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1529 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1531 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
1535 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1536 /// will sign and send to our counterparty.
1537 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
1538 fn build_remote_transaction_keys(&self) -> TxCreationKeys {
1539 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1540 //may see payments to it!
1541 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1542 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1543 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1545 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
1548 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1549 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1550 /// Panics if called before accept_channel/InboundV1Channel::new
1551 pub fn get_funding_redeemscript(&self) -> Script {
1552 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1555 fn counterparty_funding_pubkey(&self) -> &PublicKey {
1556 &self.get_counterparty_pubkeys().funding_pubkey
1559 pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
1563 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
1564 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
1565 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
1566 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
1567 // more dust balance if the feerate increases when we have several HTLCs pending
1568 // which are near the dust limit.
1569 let mut feerate_per_kw = self.feerate_per_kw;
1570 // If there's a pending update fee, use it to ensure we aren't under-estimating
1571 // potential feerate updates coming soon.
1572 if let Some((feerate, _)) = self.pending_update_fee {
1573 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1575 if let Some(feerate) = outbound_feerate_update {
1576 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1578 cmp::max(2530, feerate_per_kw * 1250 / 1000)
1581 /// Get forwarding information for the counterparty.
1582 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
1583 self.counterparty_forwarding_info.clone()
1586 /// Returns a HTLCStats about inbound pending htlcs
1587 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1589 let mut stats = HTLCStats {
1590 pending_htlcs: context.pending_inbound_htlcs.len() as u32,
1591 pending_htlcs_value_msat: 0,
1592 on_counterparty_tx_dust_exposure_msat: 0,
1593 on_holder_tx_dust_exposure_msat: 0,
1594 holding_cell_msat: 0,
1595 on_holder_tx_holding_cell_htlcs_count: 0,
1598 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1601 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1602 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1603 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1605 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1606 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1607 for ref htlc in context.pending_inbound_htlcs.iter() {
1608 stats.pending_htlcs_value_msat += htlc.amount_msat;
1609 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
1610 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1612 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
1613 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1619 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
1620 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1622 let mut stats = HTLCStats {
1623 pending_htlcs: context.pending_outbound_htlcs.len() as u32,
1624 pending_htlcs_value_msat: 0,
1625 on_counterparty_tx_dust_exposure_msat: 0,
1626 on_holder_tx_dust_exposure_msat: 0,
1627 holding_cell_msat: 0,
1628 on_holder_tx_holding_cell_htlcs_count: 0,
1631 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1634 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1635 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1636 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1638 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1639 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1640 for ref htlc in context.pending_outbound_htlcs.iter() {
1641 stats.pending_htlcs_value_msat += htlc.amount_msat;
1642 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
1643 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1645 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
1646 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1650 for update in context.holding_cell_htlc_updates.iter() {
1651 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
1652 stats.pending_htlcs += 1;
1653 stats.pending_htlcs_value_msat += amount_msat;
1654 stats.holding_cell_msat += amount_msat;
1655 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
1656 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
1658 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
1659 stats.on_holder_tx_dust_exposure_msat += amount_msat;
1661 stats.on_holder_tx_holding_cell_htlcs_count += 1;
1668 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
1669 /// Doesn't bother handling the
1670 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
1671 /// corner case properly.
1672 pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
1673 -> AvailableBalances
1674 where F::Target: FeeEstimator
1676 let context = &self;
1677 // Note that we have to handle overflow due to the above case.
1678 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
1679 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
1681 let mut balance_msat = context.value_to_self_msat;
1682 for ref htlc in context.pending_inbound_htlcs.iter() {
1683 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
1684 balance_msat += htlc.amount_msat;
1687 balance_msat -= outbound_stats.pending_htlcs_value_msat;
1689 let outbound_capacity_msat = context.value_to_self_msat
1690 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
1692 context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
1694 let mut available_capacity_msat = outbound_capacity_msat;
1696 let anchor_outputs_value_msat = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1697 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
1701 if context.is_outbound() {
1702 // We should mind channel commit tx fee when computing how much of the available capacity
1703 // can be used in the next htlc. Mirrors the logic in send_htlc.
1705 // The fee depends on whether the amount we will be sending is above dust or not,
1706 // and the answer will in turn change the amount itself — making it a circular
1708 // This complicates the computation around dust-values, up to the one-htlc-value.
1709 let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
1710 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1711 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
1714 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
1715 let mut max_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
1716 let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
1717 let mut min_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
1718 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1719 max_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
1720 min_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
1723 // We will first subtract the fee as if we were above-dust. Then, if the resulting
1724 // value ends up being below dust, we have this fee available again. In that case,
1725 // match the value to right-below-dust.
1726 let mut capacity_minus_commitment_fee_msat: i64 = available_capacity_msat as i64 -
1727 max_reserved_commit_tx_fee_msat as i64 - anchor_outputs_value_msat as i64;
1728 if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
1729 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
1730 debug_assert!(one_htlc_difference_msat != 0);
1731 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
1732 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
1733 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
1735 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
1738 // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
1739 // sending a new HTLC won't reduce their balance below our reserve threshold.
1740 let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
1741 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1742 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
1745 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
1746 let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
1748 let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
1749 let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
1750 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
1752 if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat + anchor_outputs_value_msat {
1753 // If another HTLC's fee would reduce the remote's balance below the reserve limit
1754 // we've selected for them, we can only send dust HTLCs.
1755 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
1759 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
1761 // If we get close to our maximum dust exposure, we end up in a situation where we can send
1762 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
1763 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
1764 // send above the dust limit (as the router can always overpay to meet the dust limit).
1765 let mut remaining_msat_below_dust_exposure_limit = None;
1766 let mut dust_exposure_dust_limit_msat = 0;
1767 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
1769 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1770 (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
1772 let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
1773 (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1774 context.holder_dust_limit_satoshis + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1776 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
1777 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1778 remaining_msat_below_dust_exposure_limit =
1779 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
1780 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
1783 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
1784 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1785 remaining_msat_below_dust_exposure_limit = Some(cmp::min(
1786 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
1787 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
1788 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
1791 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
1792 if available_capacity_msat < dust_exposure_dust_limit_msat {
1793 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
1795 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
1799 available_capacity_msat = cmp::min(available_capacity_msat,
1800 context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
1802 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
1803 available_capacity_msat = 0;
1807 inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
1808 - context.value_to_self_msat as i64
1809 - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
1810 - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
1812 outbound_capacity_msat,
1813 next_outbound_htlc_limit_msat: available_capacity_msat,
1814 next_outbound_htlc_minimum_msat,
1819 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
1820 let context = &self;
1821 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
1824 /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
1825 /// number of pending HTLCs that are on track to be in our next commitment tx.
1827 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1828 /// `fee_spike_buffer_htlc` is `Some`.
1830 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1831 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1833 /// Dust HTLCs are excluded.
1834 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1835 let context = &self;
1836 assert!(context.is_outbound());
1838 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1841 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1842 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1844 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1845 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1847 let mut addl_htlcs = 0;
1848 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1850 HTLCInitiator::LocalOffered => {
1851 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1855 HTLCInitiator::RemoteOffered => {
1856 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1862 let mut included_htlcs = 0;
1863 for ref htlc in context.pending_inbound_htlcs.iter() {
1864 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
1867 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
1868 // transaction including this HTLC if it times out before they RAA.
1869 included_htlcs += 1;
1872 for ref htlc in context.pending_outbound_htlcs.iter() {
1873 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
1877 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
1878 OutboundHTLCState::Committed => included_htlcs += 1,
1879 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1880 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
1881 // transaction won't be generated until they send us their next RAA, which will mean
1882 // dropping any HTLCs in this state.
1887 for htlc in context.holding_cell_htlc_updates.iter() {
1889 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
1890 if amount_msat / 1000 < real_dust_limit_timeout_sat {
1895 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
1896 // ack we're guaranteed to never include them in commitment txs anymore.
1900 let num_htlcs = included_htlcs + addl_htlcs;
1901 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1902 #[cfg(any(test, fuzzing))]
1905 if fee_spike_buffer_htlc.is_some() {
1906 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1908 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
1909 + context.holding_cell_htlc_updates.len();
1910 let commitment_tx_info = CommitmentTxInfoCached {
1912 total_pending_htlcs,
1913 next_holder_htlc_id: match htlc.origin {
1914 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1915 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1917 next_counterparty_htlc_id: match htlc.origin {
1918 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1919 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1921 feerate: context.feerate_per_kw,
1923 *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1928 /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
1929 /// pending HTLCs that are on track to be in their next commitment tx
1931 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1932 /// `fee_spike_buffer_htlc` is `Some`.
1934 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1935 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1937 /// Dust HTLCs are excluded.
1938 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1939 let context = &self;
1940 assert!(!context.is_outbound());
1942 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1945 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1946 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1948 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1949 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1951 let mut addl_htlcs = 0;
1952 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1954 HTLCInitiator::LocalOffered => {
1955 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1959 HTLCInitiator::RemoteOffered => {
1960 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1966 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
1967 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
1968 // committed outbound HTLCs, see below.
1969 let mut included_htlcs = 0;
1970 for ref htlc in context.pending_inbound_htlcs.iter() {
1971 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
1974 included_htlcs += 1;
1977 for ref htlc in context.pending_outbound_htlcs.iter() {
1978 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
1981 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
1982 // i.e. if they've responded to us with an RAA after announcement.
1984 OutboundHTLCState::Committed => included_htlcs += 1,
1985 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1986 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
1991 let num_htlcs = included_htlcs + addl_htlcs;
1992 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1993 #[cfg(any(test, fuzzing))]
1996 if fee_spike_buffer_htlc.is_some() {
1997 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1999 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
2000 let commitment_tx_info = CommitmentTxInfoCached {
2002 total_pending_htlcs,
2003 next_holder_htlc_id: match htlc.origin {
2004 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
2005 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
2007 next_counterparty_htlc_id: match htlc.origin {
2008 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
2009 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
2011 feerate: context.feerate_per_kw,
2013 *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2018 fn if_unbroadcasted_funding<F, O>(&self, f: F) -> Option<O>
2019 where F: Fn() -> Option<O> {
2020 if self.channel_state & ChannelState::FundingCreated as u32 != 0 ||
2021 self.channel_state & ChannelState::WaitingForBatch as u32 != 0 {
2028 /// Returns the transaction if there is a pending funding transaction that is yet to be
2030 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
2031 self.if_unbroadcasted_funding(|| self.funding_transaction.clone())
2034 /// Returns the transaction ID if there is a pending funding transaction that is yet to be
2036 pub fn unbroadcasted_funding_txid(&self) -> Option<Txid> {
2037 self.if_unbroadcasted_funding(||
2038 self.channel_transaction_parameters.funding_outpoint.map(|txo| txo.txid)
2042 /// Returns whether the channel is funded in a batch.
2043 pub fn is_batch_funding(&self) -> bool {
2044 self.is_batch_funding.is_some()
2047 /// Returns the transaction ID if there is a pending batch funding transaction that is yet to be
2049 pub fn unbroadcasted_batch_funding_txid(&self) -> Option<Txid> {
2050 self.unbroadcasted_funding_txid().filter(|_| self.is_batch_funding())
2053 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
2054 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
2055 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
2056 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
2057 /// immediately (others we will have to allow to time out).
2058 pub fn force_shutdown(&mut self, should_broadcast: bool) -> ShutdownResult {
2059 // Note that we MUST only generate a monitor update that indicates force-closure - we're
2060 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
2061 // being fully configured in some cases. Thus, its likely any monitor events we generate will
2062 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
2063 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
2065 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
2066 // return them to fail the payment.
2067 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
2068 let counterparty_node_id = self.get_counterparty_node_id();
2069 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
2071 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
2072 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
2077 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
2078 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
2079 // returning a channel monitor update here would imply a channel monitor update before
2080 // we even registered the channel monitor to begin with, which is invalid.
2081 // Thus, if we aren't actually at a point where we could conceivably broadcast the
2082 // funding transaction, don't return a funding txo (which prevents providing the
2083 // monitor update to the user, even if we return one).
2084 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
2085 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
2086 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
2087 Some((self.get_counterparty_node_id(), funding_txo, ChannelMonitorUpdate {
2088 update_id: self.latest_monitor_update_id,
2089 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
2093 let unbroadcasted_batch_funding_txid = self.unbroadcasted_batch_funding_txid();
2095 self.channel_state = ChannelState::ShutdownComplete as u32;
2096 self.update_time_counter += 1;
2097 (monitor_update, dropped_outbound_htlcs, unbroadcasted_batch_funding_txid)
2100 /// Only allowed after [`Self::channel_transaction_parameters`] is set.
2101 fn get_funding_created_msg<L: Deref>(&mut self, logger: &L) -> Option<msgs::FundingCreated> where L::Target: Logger {
2102 let counterparty_keys = self.build_remote_transaction_keys();
2103 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2104 let signature = match &self.holder_signer {
2105 // TODO (taproot|arik): move match into calling method for Taproot
2106 ChannelSignerType::Ecdsa(ecdsa) => {
2107 ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
2108 .map(|(sig, _)| sig).ok()?
2112 self.signer_pending_funding = false;
2113 Some(msgs::FundingCreated {
2114 temporary_channel_id: self.temporary_channel_id.unwrap(),
2115 funding_txid: self.channel_transaction_parameters.funding_outpoint.as_ref().unwrap().txid,
2116 funding_output_index: self.channel_transaction_parameters.funding_outpoint.as_ref().unwrap().index,
2119 partial_signature_with_nonce: None,
2121 next_local_nonce: None,
2125 /// Only allowed after [`Self::channel_transaction_parameters`] is set.
2126 fn get_funding_signed_msg<L: Deref>(&mut self, logger: &L) -> (CommitmentTransaction, Option<msgs::FundingSigned>) where L::Target: Logger {
2127 let counterparty_keys = self.build_remote_transaction_keys();
2128 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number + 1, &counterparty_keys, false, false, logger).tx;
2130 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2131 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2132 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2133 &self.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2135 match &self.holder_signer {
2136 // TODO (arik): move match into calling method for Taproot
2137 ChannelSignerType::Ecdsa(ecdsa) => {
2138 let funding_signed = ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
2139 .map(|(signature, _)| msgs::FundingSigned {
2140 channel_id: self.channel_id(),
2143 partial_signature_with_nonce: None,
2146 self.signer_pending_funding = funding_signed.is_none();
2148 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
2149 (counterparty_initial_commitment_tx, funding_signed)
2156 // Internal utility functions for channels
2158 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
2159 /// `channel_value_satoshis` in msat, set through
2160 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
2162 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
2164 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
2165 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
2166 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
2168 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
2171 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
2173 channel_value_satoshis * 10 * configured_percent
2176 /// Returns a minimum channel reserve value the remote needs to maintain,
2177 /// required by us according to the configured or default
2178 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
2180 /// Guaranteed to return a value no larger than channel_value_satoshis
2182 /// This is used both for outbound and inbound channels and has lower bound
2183 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
2184 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
2185 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
2186 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
2189 /// This is for legacy reasons, present for forward-compatibility.
2190 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
2191 /// from storage. Hence, we use this function to not persist default values of
2192 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
2193 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
2194 let (q, _) = channel_value_satoshis.overflowing_div(100);
2195 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
2198 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2199 // Note that num_htlcs should not include dust HTLCs.
2201 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2202 feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2205 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2206 // Note that num_htlcs should not include dust HTLCs.
2207 pub(crate) fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2208 // Note that we need to divide before multiplying to round properly,
2209 // since the lowest denomination of bitcoin on-chain is the satoshi.
2210 (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2213 // Holder designates channel data owned for the benefit of the user client.
2214 // Counterparty designates channel data owned by the another channel participant entity.
2215 pub(super) struct Channel<SP: Deref> where SP::Target: SignerProvider {
2216 pub context: ChannelContext<SP>,
2219 #[cfg(any(test, fuzzing))]
2220 struct CommitmentTxInfoCached {
2222 total_pending_htlcs: usize,
2223 next_holder_htlc_id: u64,
2224 next_counterparty_htlc_id: u64,
2228 impl<SP: Deref> Channel<SP> where
2229 SP::Target: SignerProvider,
2230 <SP::Target as SignerProvider>::Signer: WriteableEcdsaChannelSigner
2232 fn check_remote_fee<F: Deref, L: Deref>(
2233 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
2234 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
2235 ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
2237 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
2238 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
2239 // We generally don't care too much if they set the feerate to something very high, but it
2240 // could result in the channel being useless due to everything being dust. This doesn't
2241 // apply to channels supporting anchor outputs since HTLC transactions are pre-signed with a
2242 // zero fee, so their fee is no longer considered to determine dust limits.
2243 if !channel_type.supports_anchors_zero_fee_htlc_tx() {
2245 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee) as u64;
2246 if feerate_per_kw as u64 > upper_limit {
2247 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
2251 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
2252 ConfirmationTarget::MinAllowedAnchorChannelRemoteFee
2254 ConfirmationTarget::MinAllowedNonAnchorChannelRemoteFee
2256 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
2257 if feerate_per_kw < lower_limit {
2258 if let Some(cur_feerate) = cur_feerate_per_kw {
2259 if feerate_per_kw > cur_feerate {
2261 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
2262 cur_feerate, feerate_per_kw);
2266 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {}", feerate_per_kw, lower_limit)));
2272 fn get_closing_scriptpubkey(&self) -> Script {
2273 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
2274 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
2275 // outside of those situations will fail.
2276 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
2280 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
2285 1 + // script length (0)
2289 )*4 + // * 4 for non-witness parts
2290 2 + // witness marker and flag
2291 1 + // witness element count
2292 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
2293 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
2294 2*(1 + 71); // two signatures + sighash type flags
2295 if let Some(spk) = a_scriptpubkey {
2296 ret += ((8+1) + // output values and script length
2297 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2299 if let Some(spk) = b_scriptpubkey {
2300 ret += ((8+1) + // output values and script length
2301 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2307 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
2308 assert!(self.context.pending_inbound_htlcs.is_empty());
2309 assert!(self.context.pending_outbound_htlcs.is_empty());
2310 assert!(self.context.pending_update_fee.is_none());
2312 let mut total_fee_satoshis = proposed_total_fee_satoshis;
2313 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
2314 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
2316 if value_to_holder < 0 {
2317 assert!(self.context.is_outbound());
2318 total_fee_satoshis += (-value_to_holder) as u64;
2319 } else if value_to_counterparty < 0 {
2320 assert!(!self.context.is_outbound());
2321 total_fee_satoshis += (-value_to_counterparty) as u64;
2324 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
2325 value_to_counterparty = 0;
2328 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
2329 value_to_holder = 0;
2332 assert!(self.context.shutdown_scriptpubkey.is_some());
2333 let holder_shutdown_script = self.get_closing_scriptpubkey();
2334 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
2335 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
2337 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
2338 (closing_transaction, total_fee_satoshis)
2341 fn funding_outpoint(&self) -> OutPoint {
2342 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
2345 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
2348 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
2349 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
2351 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
2353 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
2354 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
2355 where L::Target: Logger {
2356 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
2357 // (see equivalent if condition there).
2358 assert!(self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
2359 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
2360 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
2361 self.context.latest_monitor_update_id = mon_update_id;
2362 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
2363 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
2367 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
2368 // Either ChannelReady got set (which means it won't be unset) or there is no way any
2369 // caller thought we could have something claimed (cause we wouldn't have accepted in an
2370 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
2372 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2373 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
2375 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2377 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2378 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2379 // these, but for now we just have to treat them as normal.
2381 let mut pending_idx = core::usize::MAX;
2382 let mut htlc_value_msat = 0;
2383 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2384 if htlc.htlc_id == htlc_id_arg {
2385 debug_assert_eq!(htlc.payment_hash, PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner()));
2386 log_debug!(logger, "Claiming inbound HTLC id {} with payment hash {} with preimage {}",
2387 htlc.htlc_id, htlc.payment_hash, payment_preimage_arg);
2389 InboundHTLCState::Committed => {},
2390 InboundHTLCState::LocalRemoved(ref reason) => {
2391 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2393 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", &htlc.payment_hash, &self.context.channel_id());
2394 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2396 return UpdateFulfillFetch::DuplicateClaim {};
2399 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2400 // Don't return in release mode here so that we can update channel_monitor
2404 htlc_value_msat = htlc.amount_msat;
2408 if pending_idx == core::usize::MAX {
2409 #[cfg(any(test, fuzzing))]
2410 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
2411 // this is simply a duplicate claim, not previously failed and we lost funds.
2412 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2413 return UpdateFulfillFetch::DuplicateClaim {};
2416 // Now update local state:
2418 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
2419 // can claim it even if the channel hits the chain before we see their next commitment.
2420 self.context.latest_monitor_update_id += 1;
2421 let monitor_update = ChannelMonitorUpdate {
2422 update_id: self.context.latest_monitor_update_id,
2423 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
2424 payment_preimage: payment_preimage_arg.clone(),
2428 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2429 // Note that this condition is the same as the assertion in
2430 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
2431 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
2432 // do not not get into this branch.
2433 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2434 match pending_update {
2435 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2436 if htlc_id_arg == htlc_id {
2437 // Make sure we don't leave latest_monitor_update_id incremented here:
2438 self.context.latest_monitor_update_id -= 1;
2439 #[cfg(any(test, fuzzing))]
2440 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2441 return UpdateFulfillFetch::DuplicateClaim {};
2444 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2445 if htlc_id_arg == htlc_id {
2446 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", &self.context.channel_id());
2447 // TODO: We may actually be able to switch to a fulfill here, though its
2448 // rare enough it may not be worth the complexity burden.
2449 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2450 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2456 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", &self.context.channel_id(), self.context.channel_state);
2457 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
2458 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
2460 #[cfg(any(test, fuzzing))]
2461 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2462 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2464 #[cfg(any(test, fuzzing))]
2465 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2468 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2469 if let InboundHTLCState::Committed = htlc.state {
2471 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2472 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2474 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", &htlc.payment_hash, &self.context.channel_id);
2475 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
2478 UpdateFulfillFetch::NewClaim {
2481 msg: Some(msgs::UpdateFulfillHTLC {
2482 channel_id: self.context.channel_id(),
2483 htlc_id: htlc_id_arg,
2484 payment_preimage: payment_preimage_arg,
2489 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
2490 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
2491 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
2492 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
2493 // Even if we aren't supposed to let new monitor updates with commitment state
2494 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
2495 // matter what. Sadly, to push a new monitor update which flies before others
2496 // already queued, we have to insert it into the pending queue and update the
2497 // update_ids of all the following monitors.
2498 if release_cs_monitor && msg.is_some() {
2499 let mut additional_update = self.build_commitment_no_status_check(logger);
2500 // build_commitment_no_status_check may bump latest_monitor_id but we want them
2501 // to be strictly increasing by one, so decrement it here.
2502 self.context.latest_monitor_update_id = monitor_update.update_id;
2503 monitor_update.updates.append(&mut additional_update.updates);
2505 let new_mon_id = self.context.blocked_monitor_updates.get(0)
2506 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
2507 monitor_update.update_id = new_mon_id;
2508 for held_update in self.context.blocked_monitor_updates.iter_mut() {
2509 held_update.update.update_id += 1;
2512 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
2513 let update = self.build_commitment_no_status_check(logger);
2514 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
2520 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
2521 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
2523 UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
2527 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2528 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2529 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2530 /// before we fail backwards.
2532 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2533 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2534 /// [`ChannelError::Ignore`].
2535 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
2536 -> Result<(), ChannelError> where L::Target: Logger {
2537 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
2538 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
2541 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2542 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2543 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2544 /// before we fail backwards.
2546 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2547 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2548 /// [`ChannelError::Ignore`].
2549 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
2550 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
2551 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2552 panic!("Was asked to fail an HTLC when channel was not in an operational state");
2554 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2556 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2557 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2558 // these, but for now we just have to treat them as normal.
2560 let mut pending_idx = core::usize::MAX;
2561 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2562 if htlc.htlc_id == htlc_id_arg {
2564 InboundHTLCState::Committed => {},
2565 InboundHTLCState::LocalRemoved(ref reason) => {
2566 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2568 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2573 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2574 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
2580 if pending_idx == core::usize::MAX {
2581 #[cfg(any(test, fuzzing))]
2582 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2583 // is simply a duplicate fail, not previously failed and we failed-back too early.
2584 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2588 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2589 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2590 force_holding_cell = true;
2593 // Now update local state:
2594 if force_holding_cell {
2595 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2596 match pending_update {
2597 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2598 if htlc_id_arg == htlc_id {
2599 #[cfg(any(test, fuzzing))]
2600 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2604 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2605 if htlc_id_arg == htlc_id {
2606 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2607 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2613 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, &self.context.channel_id());
2614 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2615 htlc_id: htlc_id_arg,
2621 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, &self.context.channel_id());
2623 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2624 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2627 Ok(Some(msgs::UpdateFailHTLC {
2628 channel_id: self.context.channel_id(),
2629 htlc_id: htlc_id_arg,
2634 // Message handlers:
2636 /// Handles a funding_signed message from the remote end.
2637 /// If this call is successful, broadcast the funding transaction (and not before!)
2638 pub fn funding_signed<L: Deref>(
2639 &mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
2640 ) -> Result<ChannelMonitor<<SP::Target as SignerProvider>::Signer>, ChannelError>
2644 if !self.context.is_outbound() {
2645 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2647 if self.context.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2648 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2650 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2651 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2652 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2653 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2656 let funding_script = self.context.get_funding_redeemscript();
2658 let counterparty_keys = self.context.build_remote_transaction_keys();
2659 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2660 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2661 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2663 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2664 &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2666 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2667 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2669 let trusted_tx = initial_commitment_tx.trust();
2670 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2671 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2672 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2673 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
2674 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2678 let holder_commitment_tx = HolderCommitmentTransaction::new(
2679 initial_commitment_tx,
2682 &self.context.get_holder_pubkeys().funding_pubkey,
2683 self.context.counterparty_funding_pubkey()
2686 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new())
2687 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2690 let funding_redeemscript = self.context.get_funding_redeemscript();
2691 let funding_txo = self.context.get_funding_txo().unwrap();
2692 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2693 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
2694 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2695 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
2696 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
2697 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
2698 shutdown_script, self.context.get_holder_selected_contest_delay(),
2699 &self.context.destination_script, (funding_txo, funding_txo_script),
2700 &self.context.channel_transaction_parameters,
2701 funding_redeemscript.clone(), self.context.channel_value_satoshis,
2703 holder_commitment_tx, best_block, self.context.counterparty_node_id);
2705 channel_monitor.provide_initial_counterparty_commitment_tx(
2706 counterparty_initial_bitcoin_tx.txid, Vec::new(),
2707 self.context.cur_counterparty_commitment_transaction_number,
2708 self.context.counterparty_cur_commitment_point.unwrap(),
2709 counterparty_initial_commitment_tx.feerate_per_kw(),
2710 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
2711 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
2713 assert_eq!(self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2714 if self.context.is_batch_funding() {
2715 self.context.channel_state = ChannelState::FundingSent as u32 | ChannelState::WaitingForBatch as u32;
2717 self.context.channel_state = ChannelState::FundingSent as u32;
2719 self.context.cur_holder_commitment_transaction_number -= 1;
2720 self.context.cur_counterparty_commitment_transaction_number -= 1;
2722 log_info!(logger, "Received funding_signed from peer for channel {}", &self.context.channel_id());
2724 let need_channel_ready = self.check_get_channel_ready(0).is_some();
2725 self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
2729 /// Updates the state of the channel to indicate that all channels in the batch have received
2730 /// funding_signed and persisted their monitors.
2731 /// The funding transaction is consequently allowed to be broadcast, and the channel can be
2732 /// treated as a non-batch channel going forward.
2733 pub fn set_batch_ready(&mut self) {
2734 self.context.is_batch_funding = None;
2735 self.context.channel_state &= !(ChannelState::WaitingForBatch as u32);
2738 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2739 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2741 pub fn channel_ready<NS: Deref, L: Deref>(
2742 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, chain_hash: ChainHash,
2743 user_config: &UserConfig, best_block: &BestBlock, logger: &L
2744 ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
2746 NS::Target: NodeSigner,
2749 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2750 self.context.workaround_lnd_bug_4006 = Some(msg.clone());
2751 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2754 if let Some(scid_alias) = msg.short_channel_id_alias {
2755 if Some(scid_alias) != self.context.short_channel_id {
2756 // The scid alias provided can be used to route payments *from* our counterparty,
2757 // i.e. can be used for inbound payments and provided in invoices, but is not used
2758 // when routing outbound payments.
2759 self.context.latest_inbound_scid_alias = Some(scid_alias);
2763 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
2765 // Our channel_ready shouldn't have been sent if we are waiting for other channels in the
2766 // batch, but we can receive channel_ready messages.
2768 non_shutdown_state & ChannelState::OurChannelReady as u32 == 0 ||
2769 non_shutdown_state & ChannelState::WaitingForBatch as u32 == 0
2771 if non_shutdown_state & !(ChannelState::WaitingForBatch as u32) == ChannelState::FundingSent as u32 {
2772 self.context.channel_state |= ChannelState::TheirChannelReady as u32;
2773 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2774 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
2775 self.context.update_time_counter += 1;
2776 } else if self.context.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2777 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2778 (self.context.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2779 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2781 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2782 // required, or they're sending a fresh SCID alias.
2783 let expected_point =
2784 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2785 // If they haven't ever sent an updated point, the point they send should match
2787 self.context.counterparty_cur_commitment_point
2788 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
2789 // If we've advanced the commitment number once, the second commitment point is
2790 // at `counterparty_prev_commitment_point`, which is not yet revoked.
2791 debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
2792 self.context.counterparty_prev_commitment_point
2794 // If they have sent updated points, channel_ready is always supposed to match
2795 // their "first" point, which we re-derive here.
2796 Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
2797 &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2798 ).expect("We already advanced, so previous secret keys should have been validated already")))
2800 if expected_point != Some(msg.next_per_commitment_point) {
2801 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2805 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2808 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
2809 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2811 log_info!(logger, "Received channel_ready from peer for channel {}", &self.context.channel_id());
2813 Ok(self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger))
2816 pub fn update_add_htlc<F, FE: Deref, L: Deref>(
2817 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
2818 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
2819 ) -> Result<(), ChannelError>
2820 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
2821 FE::Target: FeeEstimator, L::Target: Logger,
2823 // We can't accept HTLCs sent after we've sent a shutdown.
2824 let local_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2825 if local_sent_shutdown {
2826 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2828 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2829 let remote_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2830 if remote_sent_shutdown {
2831 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2833 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2834 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2836 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
2837 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2839 if msg.amount_msat == 0 {
2840 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2842 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
2843 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
2846 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
2847 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
2848 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
2849 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
2851 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
2852 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
2855 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2856 // the reserve_satoshis we told them to always have as direct payment so that they lose
2857 // something if we punish them for broadcasting an old state).
2858 // Note that we don't really care about having a small/no to_remote output in our local
2859 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2860 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2861 // present in the next commitment transaction we send them (at least for fulfilled ones,
2862 // failed ones won't modify value_to_self).
2863 // Note that we will send HTLCs which another instance of rust-lightning would think
2864 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2865 // Channel state once they will not be present in the next received commitment
2867 let mut removed_outbound_total_msat = 0;
2868 for ref htlc in self.context.pending_outbound_htlcs.iter() {
2869 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2870 removed_outbound_total_msat += htlc.amount_msat;
2871 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2872 removed_outbound_total_msat += htlc.amount_msat;
2876 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
2877 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2880 let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
2881 (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
2882 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
2884 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
2885 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2886 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2887 if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2888 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2889 on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2890 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2894 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
2895 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2896 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2897 if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2898 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2899 on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2900 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2904 let pending_value_to_self_msat =
2905 self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2906 let pending_remote_value_msat =
2907 self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2908 if pending_remote_value_msat < msg.amount_msat {
2909 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2912 // Check that the remote can afford to pay for this HTLC on-chain at the current
2913 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2915 let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
2916 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2917 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2919 let anchor_outputs_value_msat = if !self.context.is_outbound() && self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2920 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
2924 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(anchor_outputs_value_msat) < remote_commit_tx_fee_msat {
2925 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2927 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(remote_commit_tx_fee_msat).saturating_sub(anchor_outputs_value_msat) < self.context.holder_selected_channel_reserve_satoshis * 1000 {
2928 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2932 let anchor_outputs_value_msat = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2933 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
2937 if !self.context.is_outbound() {
2938 // `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2939 // the spec because the fee spike buffer requirement doesn't exist on the receiver's
2940 // side, only on the sender's. Note that with anchor outputs we are no longer as
2941 // sensitive to fee spikes, so we need to account for them.
2942 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2943 let mut remote_fee_cost_incl_stuck_buffer_msat = self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2944 if !self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2945 remote_fee_cost_incl_stuck_buffer_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
2947 if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(self.context.holder_selected_channel_reserve_satoshis * 1000).saturating_sub(anchor_outputs_value_msat) < remote_fee_cost_incl_stuck_buffer_msat {
2948 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2949 // the HTLC, i.e. its status is already set to failing.
2950 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", &self.context.channel_id());
2951 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2954 // Check that they won't violate our local required channel reserve by adding this HTLC.
2955 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2956 let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
2957 if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat + anchor_outputs_value_msat {
2958 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2961 if self.context.next_counterparty_htlc_id != msg.htlc_id {
2962 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
2964 if msg.cltv_expiry >= 500000000 {
2965 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2968 if self.context.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2969 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2970 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2974 // Now update local state:
2975 self.context.next_counterparty_htlc_id += 1;
2976 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
2977 htlc_id: msg.htlc_id,
2978 amount_msat: msg.amount_msat,
2979 payment_hash: msg.payment_hash,
2980 cltv_expiry: msg.cltv_expiry,
2981 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2986 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2988 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2989 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2990 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
2991 if htlc.htlc_id == htlc_id {
2992 let outcome = match check_preimage {
2993 None => fail_reason.into(),
2994 Some(payment_preimage) => {
2995 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2996 if payment_hash != htlc.payment_hash {
2997 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2999 OutboundHTLCOutcome::Success(Some(payment_preimage))
3003 OutboundHTLCState::LocalAnnounced(_) =>
3004 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
3005 OutboundHTLCState::Committed => {
3006 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
3008 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
3009 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
3014 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
3017 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
3018 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3019 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
3021 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3022 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
3025 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
3028 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
3029 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3030 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
3032 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3033 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
3036 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
3040 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
3041 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3042 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
3044 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3045 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
3048 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
3052 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
3053 where L::Target: Logger
3055 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3056 return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
3058 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3059 return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
3061 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3062 return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
3065 let funding_script = self.context.get_funding_redeemscript();
3067 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3069 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
3070 let commitment_txid = {
3071 let trusted_tx = commitment_stats.tx.trust();
3072 let bitcoin_tx = trusted_tx.built_transaction();
3073 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
3075 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
3076 log_bytes!(msg.signature.serialize_compact()[..]),
3077 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
3078 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), &self.context.channel_id());
3079 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
3080 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
3084 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
3086 // If our counterparty updated the channel fee in this commitment transaction, check that
3087 // they can actually afford the new fee now.
3088 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
3089 update_state == FeeUpdateState::RemoteAnnounced
3092 debug_assert!(!self.context.is_outbound());
3093 let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
3094 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
3095 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
3098 #[cfg(any(test, fuzzing))]
3100 if self.context.is_outbound() {
3101 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
3102 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3103 if let Some(info) = projected_commit_tx_info {
3104 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
3105 + self.context.holding_cell_htlc_updates.len();
3106 if info.total_pending_htlcs == total_pending_htlcs
3107 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
3108 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
3109 && info.feerate == self.context.feerate_per_kw {
3110 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
3116 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
3117 return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
3120 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
3121 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
3122 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
3123 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
3124 // backwards compatibility, we never use it in production. To provide test coverage, here,
3125 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
3126 #[allow(unused_assignments, unused_mut)]
3127 let mut separate_nondust_htlc_sources = false;
3128 #[cfg(all(feature = "std", any(test, fuzzing)))] {
3129 use core::hash::{BuildHasher, Hasher};
3130 // Get a random value using the only std API to do so - the DefaultHasher
3131 let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
3132 separate_nondust_htlc_sources = rand_val % 2 == 0;
3135 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
3136 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
3137 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
3138 if let Some(_) = htlc.transaction_output_index {
3139 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
3140 self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
3141 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
3143 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
3144 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
3145 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
3146 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
3147 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
3148 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), &self.context.channel_id());
3149 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
3150 return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
3152 if !separate_nondust_htlc_sources {
3153 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
3156 htlcs_and_sigs.push((htlc, None, source_opt.take()));
3158 if separate_nondust_htlc_sources {
3159 if let Some(source) = source_opt.take() {
3160 nondust_htlc_sources.push(source);
3163 debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
3166 let holder_commitment_tx = HolderCommitmentTransaction::new(
3167 commitment_stats.tx,
3169 msg.htlc_signatures.clone(),
3170 &self.context.get_holder_pubkeys().funding_pubkey,
3171 self.context.counterparty_funding_pubkey()
3174 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
3175 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
3177 // Update state now that we've passed all the can-fail calls...
3178 let mut need_commitment = false;
3179 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
3180 if *update_state == FeeUpdateState::RemoteAnnounced {
3181 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
3182 need_commitment = true;
3186 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
3187 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3188 Some(forward_info.clone())
3190 if let Some(forward_info) = new_forward {
3191 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3192 &htlc.payment_hash, &self.context.channel_id);
3193 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3194 need_commitment = true;
3197 let mut claimed_htlcs = Vec::new();
3198 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3199 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3200 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3201 &htlc.payment_hash, &self.context.channel_id);
3202 // Grab the preimage, if it exists, instead of cloning
3203 let mut reason = OutboundHTLCOutcome::Success(None);
3204 mem::swap(outcome, &mut reason);
3205 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
3206 // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
3207 // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
3208 // have a `Success(None)` reason. In this case we could forget some HTLC
3209 // claims, but such an upgrade is unlikely and including claimed HTLCs here
3210 // fixes a bug which the user was exposed to on 0.0.104 when they started the
3212 claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
3214 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3215 need_commitment = true;
3219 self.context.latest_monitor_update_id += 1;
3220 let mut monitor_update = ChannelMonitorUpdate {
3221 update_id: self.context.latest_monitor_update_id,
3222 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3223 commitment_tx: holder_commitment_tx,
3224 htlc_outputs: htlcs_and_sigs,
3226 nondust_htlc_sources,
3230 self.context.cur_holder_commitment_transaction_number -= 1;
3231 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3232 // build_commitment_no_status_check() next which will reset this to RAAFirst.
3233 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
3235 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3236 // In case we initially failed monitor updating without requiring a response, we need
3237 // to make sure the RAA gets sent first.
3238 self.context.monitor_pending_revoke_and_ack = true;
3239 if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3240 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3241 // the corresponding HTLC status updates so that
3242 // get_last_commitment_update_for_send includes the right HTLCs.
3243 self.context.monitor_pending_commitment_signed = true;
3244 let mut additional_update = self.build_commitment_no_status_check(logger);
3245 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3246 // strictly increasing by one, so decrement it here.
3247 self.context.latest_monitor_update_id = monitor_update.update_id;
3248 monitor_update.updates.append(&mut additional_update.updates);
3250 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3251 &self.context.channel_id);
3252 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3255 let need_commitment_signed = if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3256 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3257 // we'll send one right away when we get the revoke_and_ack when we
3258 // free_holding_cell_htlcs().
3259 let mut additional_update = self.build_commitment_no_status_check(logger);
3260 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3261 // strictly increasing by one, so decrement it here.
3262 self.context.latest_monitor_update_id = monitor_update.update_id;
3263 monitor_update.updates.append(&mut additional_update.updates);
3267 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3268 &self.context.channel_id(), if need_commitment_signed { " our own commitment_signed and" } else { "" });
3269 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
3270 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3273 /// Public version of the below, checking relevant preconditions first.
3274 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3275 /// returns `(None, Vec::new())`.
3276 pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
3277 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3278 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3279 where F::Target: FeeEstimator, L::Target: Logger
3281 if self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 &&
3282 (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3283 self.free_holding_cell_htlcs(fee_estimator, logger)
3284 } else { (None, Vec::new()) }
3287 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3288 /// for our counterparty.
3289 fn free_holding_cell_htlcs<F: Deref, L: Deref>(
3290 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3291 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3292 where F::Target: FeeEstimator, L::Target: Logger
3294 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3295 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
3296 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
3297 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, &self.context.channel_id());
3299 let mut monitor_update = ChannelMonitorUpdate {
3300 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
3301 updates: Vec::new(),
3304 let mut htlc_updates = Vec::new();
3305 mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
3306 let mut update_add_count = 0;
3307 let mut update_fulfill_count = 0;
3308 let mut update_fail_count = 0;
3309 let mut htlcs_to_fail = Vec::new();
3310 for htlc_update in htlc_updates.drain(..) {
3311 // Note that this *can* fail, though it should be due to rather-rare conditions on
3312 // fee races with adding too many outputs which push our total payments just over
3313 // the limit. In case it's less rare than I anticipate, we may want to revisit
3314 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3315 // to rebalance channels.
3316 match &htlc_update {
3317 &HTLCUpdateAwaitingACK::AddHTLC {
3318 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
3319 skimmed_fee_msat, ..
3321 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(),
3322 onion_routing_packet.clone(), false, skimmed_fee_msat, fee_estimator, logger)
3324 Ok(_) => update_add_count += 1,
3327 ChannelError::Ignore(ref msg) => {
3328 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}", &payment_hash, msg, &self.context.channel_id());
3329 // If we fail to send here, then this HTLC should
3330 // be failed backwards. Failing to send here
3331 // indicates that this HTLC may keep being put back
3332 // into the holding cell without ever being
3333 // successfully forwarded/failed/fulfilled, causing
3334 // our counterparty to eventually close on us.
3335 htlcs_to_fail.push((source.clone(), *payment_hash));
3338 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3344 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3345 // If an HTLC claim was previously added to the holding cell (via
3346 // `get_update_fulfill_htlc`, then generating the claim message itself must
3347 // not fail - any in between attempts to claim the HTLC will have resulted
3348 // in it hitting the holding cell again and we cannot change the state of a
3349 // holding cell HTLC from fulfill to anything else.
3350 let mut additional_monitor_update =
3351 if let UpdateFulfillFetch::NewClaim { monitor_update, .. } =
3352 self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger)
3353 { monitor_update } else { unreachable!() };
3354 update_fulfill_count += 1;
3355 monitor_update.updates.append(&mut additional_monitor_update.updates);
3357 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3358 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3359 Ok(update_fail_msg_option) => {
3360 // If an HTLC failure was previously added to the holding cell (via
3361 // `queue_fail_htlc`) then generating the fail message itself must
3362 // not fail - we should never end up in a state where we double-fail
3363 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3364 // for a full revocation before failing.
3365 debug_assert!(update_fail_msg_option.is_some());
3366 update_fail_count += 1;
3369 if let ChannelError::Ignore(_) = e {}
3371 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3378 if update_add_count == 0 && update_fulfill_count == 0 && update_fail_count == 0 && self.context.holding_cell_update_fee.is_none() {
3379 return (None, htlcs_to_fail);
3381 let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
3382 self.send_update_fee(feerate, false, fee_estimator, logger)
3387 let mut additional_update = self.build_commitment_no_status_check(logger);
3388 // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3389 // but we want them to be strictly increasing by one, so reset it here.
3390 self.context.latest_monitor_update_id = monitor_update.update_id;
3391 monitor_update.updates.append(&mut additional_update.updates);
3393 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3394 &self.context.channel_id(), if update_fee.is_some() { "a fee update, " } else { "" },
3395 update_add_count, update_fulfill_count, update_fail_count);
3397 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
3398 (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
3404 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3405 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3406 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3407 /// generating an appropriate error *after* the channel state has been updated based on the
3408 /// revoke_and_ack message.
3409 pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
3410 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L, hold_mon_update: bool,
3411 ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
3412 where F::Target: FeeEstimator, L::Target: Logger,
3414 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3415 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3417 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3418 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3420 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3421 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3424 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3426 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
3427 if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
3428 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3432 if self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3433 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3434 // haven't given them a new commitment transaction to broadcast). We should probably
3435 // take advantage of this by updating our channel monitor, sending them an error, and
3436 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3437 // lot of work, and there's some chance this is all a misunderstanding anyway.
3438 // We have to do *something*, though, since our signer may get mad at us for otherwise
3439 // jumping a remote commitment number, so best to just force-close and move on.
3440 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3443 #[cfg(any(test, fuzzing))]
3445 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3446 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3449 match &self.context.holder_signer {
3450 ChannelSignerType::Ecdsa(ecdsa) => {
3451 ecdsa.validate_counterparty_revocation(
3452 self.context.cur_counterparty_commitment_transaction_number + 1,
3454 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3458 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3459 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3460 self.context.latest_monitor_update_id += 1;
3461 let mut monitor_update = ChannelMonitorUpdate {
3462 update_id: self.context.latest_monitor_update_id,
3463 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3464 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
3465 secret: msg.per_commitment_secret,
3469 // Update state now that we've passed all the can-fail calls...
3470 // (note that we may still fail to generate the new commitment_signed message, but that's
3471 // OK, we step the channel here and *then* if the new generation fails we can fail the
3472 // channel based on that, but stepping stuff here should be safe either way.
3473 self.context.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3474 self.context.sent_message_awaiting_response = None;
3475 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
3476 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3477 self.context.cur_counterparty_commitment_transaction_number -= 1;
3479 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3480 self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3483 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", &self.context.channel_id());
3484 let mut to_forward_infos = Vec::new();
3485 let mut revoked_htlcs = Vec::new();
3486 let mut finalized_claimed_htlcs = Vec::new();
3487 let mut update_fail_htlcs = Vec::new();
3488 let mut update_fail_malformed_htlcs = Vec::new();
3489 let mut require_commitment = false;
3490 let mut value_to_self_msat_diff: i64 = 0;
3493 // Take references explicitly so that we can hold multiple references to self.context.
3494 let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
3495 let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
3497 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3498 pending_inbound_htlcs.retain(|htlc| {
3499 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3500 log_trace!(logger, " ...removing inbound LocalRemoved {}", &htlc.payment_hash);
3501 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3502 value_to_self_msat_diff += htlc.amount_msat as i64;
3507 pending_outbound_htlcs.retain(|htlc| {
3508 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3509 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", &htlc.payment_hash);
3510 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3511 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3513 finalized_claimed_htlcs.push(htlc.source.clone());
3514 // They fulfilled, so we sent them money
3515 value_to_self_msat_diff -= htlc.amount_msat as i64;
3520 for htlc in pending_inbound_htlcs.iter_mut() {
3521 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3523 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3527 let mut state = InboundHTLCState::Committed;
3528 mem::swap(&mut state, &mut htlc.state);
3530 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3531 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
3532 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3533 require_commitment = true;
3534 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3535 match forward_info {
3536 PendingHTLCStatus::Fail(fail_msg) => {
3537 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", &htlc.payment_hash);
3538 require_commitment = true;
3540 HTLCFailureMsg::Relay(msg) => {
3541 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3542 update_fail_htlcs.push(msg)
3544 HTLCFailureMsg::Malformed(msg) => {
3545 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3546 update_fail_malformed_htlcs.push(msg)
3550 PendingHTLCStatus::Forward(forward_info) => {
3551 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", &htlc.payment_hash);
3552 to_forward_infos.push((forward_info, htlc.htlc_id));
3553 htlc.state = InboundHTLCState::Committed;
3559 for htlc in pending_outbound_htlcs.iter_mut() {
3560 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3561 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", &htlc.payment_hash);
3562 htlc.state = OutboundHTLCState::Committed;
3564 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3565 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
3566 // Grab the preimage, if it exists, instead of cloning
3567 let mut reason = OutboundHTLCOutcome::Success(None);
3568 mem::swap(outcome, &mut reason);
3569 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3570 require_commitment = true;
3574 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3576 if let Some((feerate, update_state)) = self.context.pending_update_fee {
3577 match update_state {
3578 FeeUpdateState::Outbound => {
3579 debug_assert!(self.context.is_outbound());
3580 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3581 self.context.feerate_per_kw = feerate;
3582 self.context.pending_update_fee = None;
3584 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
3585 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3586 debug_assert!(!self.context.is_outbound());
3587 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3588 require_commitment = true;
3589 self.context.feerate_per_kw = feerate;
3590 self.context.pending_update_fee = None;
3595 let release_monitor = self.context.blocked_monitor_updates.is_empty() && !hold_mon_update;
3596 let release_state_str =
3597 if hold_mon_update { "Holding" } else if release_monitor { "Releasing" } else { "Blocked" };
3598 macro_rules! return_with_htlcs_to_fail {
3599 ($htlcs_to_fail: expr) => {
3600 if !release_monitor {
3601 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
3602 update: monitor_update,
3604 return Ok(($htlcs_to_fail, None));
3606 return Ok(($htlcs_to_fail, Some(monitor_update)));
3611 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3612 // We can't actually generate a new commitment transaction (incl by freeing holding
3613 // cells) while we can't update the monitor, so we just return what we have.
3614 if require_commitment {
3615 self.context.monitor_pending_commitment_signed = true;
3616 // When the monitor updating is restored we'll call
3617 // get_last_commitment_update_for_send(), which does not update state, but we're
3618 // definitely now awaiting a remote revoke before we can step forward any more, so
3620 let mut additional_update = self.build_commitment_no_status_check(logger);
3621 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3622 // strictly increasing by one, so decrement it here.
3623 self.context.latest_monitor_update_id = monitor_update.update_id;
3624 monitor_update.updates.append(&mut additional_update.updates);
3626 self.context.monitor_pending_forwards.append(&mut to_forward_infos);
3627 self.context.monitor_pending_failures.append(&mut revoked_htlcs);
3628 self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3629 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", &self.context.channel_id());
3630 return_with_htlcs_to_fail!(Vec::new());
3633 match self.free_holding_cell_htlcs(fee_estimator, logger) {
3634 (Some(mut additional_update), htlcs_to_fail) => {
3635 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3636 // strictly increasing by one, so decrement it here.
3637 self.context.latest_monitor_update_id = monitor_update.update_id;
3638 monitor_update.updates.append(&mut additional_update.updates);
3640 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with holding cell HTLCs freed. {} monitor update.",
3641 &self.context.channel_id(), release_state_str);
3643 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3644 return_with_htlcs_to_fail!(htlcs_to_fail);
3646 (None, htlcs_to_fail) => {
3647 if require_commitment {
3648 let mut additional_update = self.build_commitment_no_status_check(logger);
3650 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3651 // strictly increasing by one, so decrement it here.
3652 self.context.latest_monitor_update_id = monitor_update.update_id;
3653 monitor_update.updates.append(&mut additional_update.updates);
3655 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed. {} monitor update.",
3656 &self.context.channel_id(),
3657 update_fail_htlcs.len() + update_fail_malformed_htlcs.len(),
3660 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3661 return_with_htlcs_to_fail!(htlcs_to_fail);
3663 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary. {} monitor update.",
3664 &self.context.channel_id(), release_state_str);
3666 self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3667 return_with_htlcs_to_fail!(htlcs_to_fail);
3673 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3674 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3675 /// commitment update.
3676 pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
3677 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
3678 where F::Target: FeeEstimator, L::Target: Logger
3680 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
3681 assert!(msg_opt.is_none(), "We forced holding cell?");
3684 /// Adds a pending update to this channel. See the doc for send_htlc for
3685 /// further details on the optionness of the return value.
3686 /// If our balance is too low to cover the cost of the next commitment transaction at the
3687 /// new feerate, the update is cancelled.
3689 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3690 /// [`Channel`] if `force_holding_cell` is false.
3691 fn send_update_fee<F: Deref, L: Deref>(
3692 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
3693 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3694 ) -> Option<msgs::UpdateFee>
3695 where F::Target: FeeEstimator, L::Target: Logger
3697 if !self.context.is_outbound() {
3698 panic!("Cannot send fee from inbound channel");
3700 if !self.context.is_usable() {
3701 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3703 if !self.context.is_live() {
3704 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3707 // Before proposing a feerate update, check that we can actually afford the new fee.
3708 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3709 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3710 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3711 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3712 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
3713 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3714 if holder_balance_msat < buffer_fee_msat + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3715 //TODO: auto-close after a number of failures?
3716 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3720 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3721 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3722 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3723 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3724 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3725 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3728 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3729 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3733 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3734 force_holding_cell = true;
3737 if force_holding_cell {
3738 self.context.holding_cell_update_fee = Some(feerate_per_kw);
3742 debug_assert!(self.context.pending_update_fee.is_none());
3743 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3745 Some(msgs::UpdateFee {
3746 channel_id: self.context.channel_id,
3751 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3752 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3754 /// No further message handling calls may be made until a channel_reestablish dance has
3756 /// May return `Err(())`, which implies [`ChannelContext::force_shutdown`] should be called immediately.
3757 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) -> Result<(), ()> where L::Target: Logger {
3758 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
3759 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
3763 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3764 // While the below code should be idempotent, it's simpler to just return early, as
3765 // redundant disconnect events can fire, though they should be rare.
3769 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3770 self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
3773 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3774 // will be retransmitted.
3775 self.context.last_sent_closing_fee = None;
3776 self.context.pending_counterparty_closing_signed = None;
3777 self.context.closing_fee_limits = None;
3779 let mut inbound_drop_count = 0;
3780 self.context.pending_inbound_htlcs.retain(|htlc| {
3782 InboundHTLCState::RemoteAnnounced(_) => {
3783 // They sent us an update_add_htlc but we never got the commitment_signed.
3784 // We'll tell them what commitment_signed we're expecting next and they'll drop
3785 // this HTLC accordingly
3786 inbound_drop_count += 1;
3789 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3790 // We received a commitment_signed updating this HTLC and (at least hopefully)
3791 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3792 // in response to it yet, so don't touch it.
3795 InboundHTLCState::Committed => true,
3796 InboundHTLCState::LocalRemoved(_) => {
3797 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3798 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3799 // (that we missed). Keep this around for now and if they tell us they missed
3800 // the commitment_signed we can re-transmit the update then.
3805 self.context.next_counterparty_htlc_id -= inbound_drop_count;
3807 if let Some((_, update_state)) = self.context.pending_update_fee {
3808 if update_state == FeeUpdateState::RemoteAnnounced {
3809 debug_assert!(!self.context.is_outbound());
3810 self.context.pending_update_fee = None;
3814 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3815 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3816 // They sent us an update to remove this but haven't yet sent the corresponding
3817 // commitment_signed, we need to move it back to Committed and they can re-send
3818 // the update upon reconnection.
3819 htlc.state = OutboundHTLCState::Committed;
3823 self.context.sent_message_awaiting_response = None;
3825 self.context.channel_state |= ChannelState::PeerDisconnected as u32;
3826 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, &self.context.channel_id());
3830 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3831 /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
3832 /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
3833 /// update completes (potentially immediately).
3834 /// The messages which were generated with the monitor update must *not* have been sent to the
3835 /// remote end, and must instead have been dropped. They will be regenerated when
3836 /// [`Self::monitor_updating_restored`] is called.
3838 /// [`ChannelManager`]: super::channelmanager::ChannelManager
3839 /// [`chain::Watch`]: crate::chain::Watch
3840 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3841 fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3842 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3843 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3844 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3846 self.context.monitor_pending_revoke_and_ack |= resend_raa;
3847 self.context.monitor_pending_commitment_signed |= resend_commitment;
3848 self.context.monitor_pending_channel_ready |= resend_channel_ready;
3849 self.context.monitor_pending_forwards.append(&mut pending_forwards);
3850 self.context.monitor_pending_failures.append(&mut pending_fails);
3851 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3852 self.context.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3855 /// Indicates that the latest ChannelMonitor update has been committed by the client
3856 /// successfully and we should restore normal operation. Returns messages which should be sent
3857 /// to the remote side.
3858 pub fn monitor_updating_restored<L: Deref, NS: Deref>(
3859 &mut self, logger: &L, node_signer: &NS, chain_hash: ChainHash,
3860 user_config: &UserConfig, best_block_height: u32
3861 ) -> MonitorRestoreUpdates
3864 NS::Target: NodeSigner
3866 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3867 self.context.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3869 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3870 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3871 // first received the funding_signed.
3872 let mut funding_broadcastable =
3873 if self.context.is_outbound() && self.context.channel_state & !STATE_FLAGS >= ChannelState::FundingSent as u32 && self.context.channel_state & ChannelState::WaitingForBatch as u32 == 0 {
3874 self.context.funding_transaction.take()
3876 // That said, if the funding transaction is already confirmed (ie we're active with a
3877 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3878 if self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.context.minimum_depth != Some(0) {
3879 funding_broadcastable = None;
3882 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3883 // (and we assume the user never directly broadcasts the funding transaction and waits for
3884 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3885 // * an inbound channel that failed to persist the monitor on funding_created and we got
3886 // the funding transaction confirmed before the monitor was persisted, or
3887 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3888 let channel_ready = if self.context.monitor_pending_channel_ready {
3889 assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
3890 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3891 self.context.monitor_pending_channel_ready = false;
3892 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3893 Some(msgs::ChannelReady {
3894 channel_id: self.context.channel_id(),
3895 next_per_commitment_point,
3896 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3900 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block_height, logger);
3902 let mut accepted_htlcs = Vec::new();
3903 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
3904 let mut failed_htlcs = Vec::new();
3905 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
3906 let mut finalized_claimed_htlcs = Vec::new();
3907 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
3909 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3910 self.context.monitor_pending_revoke_and_ack = false;
3911 self.context.monitor_pending_commitment_signed = false;
3912 return MonitorRestoreUpdates {
3913 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3914 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3918 let raa = if self.context.monitor_pending_revoke_and_ack {
3919 Some(self.get_last_revoke_and_ack())
3921 let commitment_update = if self.context.monitor_pending_commitment_signed {
3922 self.get_last_commitment_update_for_send(logger).ok()
3924 if commitment_update.is_some() {
3925 self.mark_awaiting_response();
3928 self.context.monitor_pending_revoke_and_ack = false;
3929 self.context.monitor_pending_commitment_signed = false;
3930 let order = self.context.resend_order.clone();
3931 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3932 &self.context.channel_id(), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3933 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3934 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3935 MonitorRestoreUpdates {
3936 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3940 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3941 where F::Target: FeeEstimator, L::Target: Logger
3943 if self.context.is_outbound() {
3944 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3946 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3947 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3949 Channel::<SP>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
3950 let feerate_over_dust_buffer = msg.feerate_per_kw > self.context.get_dust_buffer_feerate(None);
3952 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3953 self.context.update_time_counter += 1;
3954 // If the feerate has increased over the previous dust buffer (note that
3955 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3956 // won't be pushed over our dust exposure limit by the feerate increase.
3957 if feerate_over_dust_buffer {
3958 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
3959 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
3960 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3961 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3962 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3963 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3964 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3965 msg.feerate_per_kw, holder_tx_dust_exposure)));
3967 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3968 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3969 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3975 /// Indicates that the signer may have some signatures for us, so we should retry if we're
3978 pub fn signer_maybe_unblocked<L: Deref>(&mut self, logger: &L) -> SignerResumeUpdates where L::Target: Logger {
3979 let commitment_update = if self.context.signer_pending_commitment_update {
3980 self.get_last_commitment_update_for_send(logger).ok()
3982 let funding_signed = if self.context.signer_pending_funding && !self.context.is_outbound() {
3983 self.context.get_funding_signed_msg(logger).1
3985 let funding_created = if self.context.signer_pending_funding && self.context.is_outbound() {
3986 self.context.get_funding_created_msg(logger)
3988 SignerResumeUpdates {
3995 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3996 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3997 let per_commitment_secret = self.context.holder_signer.as_ref().release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
3998 msgs::RevokeAndACK {
3999 channel_id: self.context.channel_id,
4000 per_commitment_secret,
4001 next_per_commitment_point,
4003 next_local_nonce: None,
4007 /// Gets the last commitment update for immediate sending to our peer.
4008 fn get_last_commitment_update_for_send<L: Deref>(&mut self, logger: &L) -> Result<msgs::CommitmentUpdate, ()> where L::Target: Logger {
4009 let mut update_add_htlcs = Vec::new();
4010 let mut update_fulfill_htlcs = Vec::new();
4011 let mut update_fail_htlcs = Vec::new();
4012 let mut update_fail_malformed_htlcs = Vec::new();
4014 for htlc in self.context.pending_outbound_htlcs.iter() {
4015 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
4016 update_add_htlcs.push(msgs::UpdateAddHTLC {
4017 channel_id: self.context.channel_id(),
4018 htlc_id: htlc.htlc_id,
4019 amount_msat: htlc.amount_msat,
4020 payment_hash: htlc.payment_hash,
4021 cltv_expiry: htlc.cltv_expiry,
4022 onion_routing_packet: (**onion_packet).clone(),
4023 skimmed_fee_msat: htlc.skimmed_fee_msat,
4028 for htlc in self.context.pending_inbound_htlcs.iter() {
4029 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
4031 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
4032 update_fail_htlcs.push(msgs::UpdateFailHTLC {
4033 channel_id: self.context.channel_id(),
4034 htlc_id: htlc.htlc_id,
4035 reason: err_packet.clone()
4038 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
4039 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
4040 channel_id: self.context.channel_id(),
4041 htlc_id: htlc.htlc_id,
4042 sha256_of_onion: sha256_of_onion.clone(),
4043 failure_code: failure_code.clone(),
4046 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
4047 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
4048 channel_id: self.context.channel_id(),
4049 htlc_id: htlc.htlc_id,
4050 payment_preimage: payment_preimage.clone(),
4057 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
4058 Some(msgs::UpdateFee {
4059 channel_id: self.context.channel_id(),
4060 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
4064 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
4065 &self.context.channel_id(), if update_fee.is_some() { " update_fee," } else { "" },
4066 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
4067 let commitment_signed = if let Ok(update) = self.send_commitment_no_state_update(logger).map(|(cu, _)| cu) {
4068 self.context.signer_pending_commitment_update = false;
4071 self.context.signer_pending_commitment_update = true;
4074 Ok(msgs::CommitmentUpdate {
4075 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
4080 /// Gets the `Shutdown` message we should send our peer on reconnect, if any.
4081 pub fn get_outbound_shutdown(&self) -> Option<msgs::Shutdown> {
4082 if self.context.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
4083 assert!(self.context.shutdown_scriptpubkey.is_some());
4084 Some(msgs::Shutdown {
4085 channel_id: self.context.channel_id,
4086 scriptpubkey: self.get_closing_scriptpubkey(),
4091 /// May panic if some calls other than message-handling calls (which will all Err immediately)
4092 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
4094 /// Some links printed in log lines are included here to check them during build (when run with
4095 /// `cargo doc --document-private-items`):
4096 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
4097 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
4098 pub fn channel_reestablish<L: Deref, NS: Deref>(
4099 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
4100 chain_hash: ChainHash, user_config: &UserConfig, best_block: &BestBlock
4101 ) -> Result<ReestablishResponses, ChannelError>
4104 NS::Target: NodeSigner
4106 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4107 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
4108 // almost certainly indicates we are going to end up out-of-sync in some way, so we
4109 // just close here instead of trying to recover.
4110 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
4113 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
4114 msg.next_local_commitment_number == 0 {
4115 return Err(ChannelError::Close("Peer sent an invalid channel_reestablish to force close in a non-standard way".to_owned()));
4118 if msg.next_remote_commitment_number > 0 {
4119 let expected_point = self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
4120 let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
4121 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
4122 if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
4123 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
4125 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
4126 macro_rules! log_and_panic {
4127 ($err_msg: expr) => {
4128 log_error!(logger, $err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
4129 panic!($err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
4132 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
4133 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
4134 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
4135 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
4136 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
4137 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
4138 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
4139 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
4143 // Before we change the state of the channel, we check if the peer is sending a very old
4144 // commitment transaction number, if yes we send a warning message.
4145 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
4146 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
4148 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
4152 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
4153 // remaining cases either succeed or ErrorMessage-fail).
4154 self.context.channel_state &= !(ChannelState::PeerDisconnected as u32);
4155 self.context.sent_message_awaiting_response = None;
4157 let shutdown_msg = self.get_outbound_shutdown();
4159 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger);
4161 if self.context.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
4162 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
4163 if self.context.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
4164 self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4165 if msg.next_remote_commitment_number != 0 {
4166 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
4168 // Short circuit the whole handler as there is nothing we can resend them
4169 return Ok(ReestablishResponses {
4170 channel_ready: None,
4171 raa: None, commitment_update: None,
4172 order: RAACommitmentOrder::CommitmentFirst,
4173 shutdown_msg, announcement_sigs,
4177 // We have OurChannelReady set!
4178 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4179 return Ok(ReestablishResponses {
4180 channel_ready: Some(msgs::ChannelReady {
4181 channel_id: self.context.channel_id(),
4182 next_per_commitment_point,
4183 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4185 raa: None, commitment_update: None,
4186 order: RAACommitmentOrder::CommitmentFirst,
4187 shutdown_msg, announcement_sigs,
4191 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
4192 // Remote isn't waiting on any RevokeAndACK from us!
4193 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
4195 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.context.cur_holder_commitment_transaction_number {
4196 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4197 self.context.monitor_pending_revoke_and_ack = true;
4200 Some(self.get_last_revoke_and_ack())
4203 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
4206 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
4207 // revoke_and_ack, not on sending commitment_signed, so we add one if have
4208 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
4209 // the corresponding revoke_and_ack back yet.
4210 let is_awaiting_remote_revoke = self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 != 0;
4211 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
4212 self.mark_awaiting_response();
4214 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
4216 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
4217 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
4218 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4219 Some(msgs::ChannelReady {
4220 channel_id: self.context.channel_id(),
4221 next_per_commitment_point,
4222 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4226 if msg.next_local_commitment_number == next_counterparty_commitment_number {
4227 if required_revoke.is_some() {
4228 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
4230 log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
4233 Ok(ReestablishResponses {
4234 channel_ready, shutdown_msg, announcement_sigs,
4235 raa: required_revoke,
4236 commitment_update: None,
4237 order: self.context.resend_order.clone(),
4239 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
4240 if required_revoke.is_some() {
4241 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
4243 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", &self.context.channel_id());
4246 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4247 self.context.monitor_pending_commitment_signed = true;
4248 Ok(ReestablishResponses {
4249 channel_ready, shutdown_msg, announcement_sigs,
4250 commitment_update: None, raa: None,
4251 order: self.context.resend_order.clone(),
4254 Ok(ReestablishResponses {
4255 channel_ready, shutdown_msg, announcement_sigs,
4256 raa: required_revoke,
4257 commitment_update: self.get_last_commitment_update_for_send(logger).ok(),
4258 order: self.context.resend_order.clone(),
4262 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4266 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4267 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4268 /// at which point they will be recalculated.
4269 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4271 where F::Target: FeeEstimator
4273 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
4275 // Propose a range from our current Background feerate to our Normal feerate plus our
4276 // force_close_avoidance_max_fee_satoshis.
4277 // If we fail to come to consensus, we'll have to force-close.
4278 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::ChannelCloseMinimum);
4279 // Use NonAnchorChannelFee because this should be an estimate for a channel close
4280 // that we don't expect to need fee bumping
4281 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
4282 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
4284 // The spec requires that (when the channel does not have anchors) we only send absolute
4285 // channel fees no greater than the absolute channel fee on the current commitment
4286 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4287 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4288 // some force-closure by old nodes, but we wanted to close the channel anyway.
4290 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
4291 let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
4292 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4293 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4296 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4297 // below our dust limit, causing the output to disappear. We don't bother handling this
4298 // case, however, as this should only happen if a channel is closed before any (material)
4299 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4300 // come to consensus with our counterparty on appropriate fees, however it should be a
4301 // relatively rare case. We can revisit this later, though note that in order to determine
4302 // if the funders' output is dust we have to know the absolute fee we're going to use.
4303 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4304 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4305 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
4306 // We always add force_close_avoidance_max_fee_satoshis to our normal
4307 // feerate-calculated fee, but allow the max to be overridden if we're using a
4308 // target feerate-calculated fee.
4309 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
4310 proposed_max_feerate as u64 * tx_weight / 1000)
4312 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
4315 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4316 self.context.closing_fee_limits.clone().unwrap()
4319 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4320 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4321 /// this point if we're the funder we should send the initial closing_signed, and in any case
4322 /// shutdown should complete within a reasonable timeframe.
4323 fn closing_negotiation_ready(&self) -> bool {
4324 self.context.closing_negotiation_ready()
4327 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4328 /// an Err if no progress is being made and the channel should be force-closed instead.
4329 /// Should be called on a one-minute timer.
4330 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4331 if self.closing_negotiation_ready() {
4332 if self.context.closing_signed_in_flight {
4333 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4335 self.context.closing_signed_in_flight = true;
4341 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4342 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4343 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4344 where F::Target: FeeEstimator, L::Target: Logger
4346 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4347 return Ok((None, None));
4350 if !self.context.is_outbound() {
4351 if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
4352 return self.closing_signed(fee_estimator, &msg);
4354 return Ok((None, None));
4357 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4359 assert!(self.context.shutdown_scriptpubkey.is_some());
4360 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4361 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4362 our_min_fee, our_max_fee, total_fee_satoshis);
4364 match &self.context.holder_signer {
4365 ChannelSignerType::Ecdsa(ecdsa) => {
4367 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4368 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4370 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4371 Ok((Some(msgs::ClosingSigned {
4372 channel_id: self.context.channel_id,
4373 fee_satoshis: total_fee_satoshis,
4375 fee_range: Some(msgs::ClosingSignedFeeRange {
4376 min_fee_satoshis: our_min_fee,
4377 max_fee_satoshis: our_max_fee,
4384 // Marks a channel as waiting for a response from the counterparty. If it's not received
4385 // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
4387 fn mark_awaiting_response(&mut self) {
4388 self.context.sent_message_awaiting_response = Some(0);
4391 /// Determines whether we should disconnect the counterparty due to not receiving a response
4392 /// within our expected timeframe.
4394 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
4395 pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
4396 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
4399 // Don't disconnect when we're not waiting on a response.
4402 *ticks_elapsed += 1;
4403 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
4407 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
4408 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4410 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4411 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4413 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
4414 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4415 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4416 // can do that via error message without getting a connection fail anyway...
4417 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4419 for htlc in self.context.pending_inbound_htlcs.iter() {
4420 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4421 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4424 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
4426 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4427 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4430 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
4431 if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
4432 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4435 self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4438 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4439 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4440 // any further commitment updates after we set LocalShutdownSent.
4441 let send_shutdown = (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4443 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
4446 assert!(send_shutdown);
4447 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
4448 Ok(scriptpubkey) => scriptpubkey,
4449 Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
4451 if !shutdown_scriptpubkey.is_compatible(their_features) {
4452 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4454 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4459 // From here on out, we may not fail!
4461 self.context.channel_state |= ChannelState::RemoteShutdownSent as u32;
4462 self.context.update_time_counter += 1;
4464 let monitor_update = if update_shutdown_script {
4465 self.context.latest_monitor_update_id += 1;
4466 let monitor_update = ChannelMonitorUpdate {
4467 update_id: self.context.latest_monitor_update_id,
4468 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4469 scriptpubkey: self.get_closing_scriptpubkey(),
4472 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
4473 self.push_ret_blockable_mon_update(monitor_update)
4475 let shutdown = if send_shutdown {
4476 Some(msgs::Shutdown {
4477 channel_id: self.context.channel_id,
4478 scriptpubkey: self.get_closing_scriptpubkey(),
4482 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4483 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4484 // cell HTLCs and return them to fail the payment.
4485 self.context.holding_cell_update_fee = None;
4486 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
4487 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4489 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4490 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4497 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
4498 self.context.update_time_counter += 1;
4500 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4503 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4504 let mut tx = closing_tx.trust().built_transaction().clone();
4506 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4508 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
4509 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
4510 let mut holder_sig = sig.serialize_der().to_vec();
4511 holder_sig.push(EcdsaSighashType::All as u8);
4512 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4513 cp_sig.push(EcdsaSighashType::All as u8);
4514 if funding_key[..] < counterparty_funding_key[..] {
4515 tx.input[0].witness.push(holder_sig);
4516 tx.input[0].witness.push(cp_sig);
4518 tx.input[0].witness.push(cp_sig);
4519 tx.input[0].witness.push(holder_sig);
4522 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
4526 pub fn closing_signed<F: Deref>(
4527 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4528 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4529 where F::Target: FeeEstimator
4531 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4532 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4534 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4535 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4537 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
4538 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4540 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4541 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4544 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
4545 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4548 if self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4549 self.context.pending_counterparty_closing_signed = Some(msg.clone());
4550 return Ok((None, None));
4553 let funding_redeemscript = self.context.get_funding_redeemscript();
4554 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4555 if used_total_fee != msg.fee_satoshis {
4556 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4558 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4560 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
4563 // The remote end may have decided to revoke their output due to inconsistent dust
4564 // limits, so check for that case by re-checking the signature here.
4565 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4566 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4567 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4571 for outp in closing_tx.trust().built_transaction().output.iter() {
4572 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4573 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4577 assert!(self.context.shutdown_scriptpubkey.is_some());
4578 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
4579 if last_fee == msg.fee_satoshis {
4580 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4581 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4582 self.context.update_time_counter += 1;
4583 return Ok((None, Some(tx)));
4587 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4589 macro_rules! propose_fee {
4590 ($new_fee: expr) => {
4591 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4592 (closing_tx, $new_fee)
4594 self.build_closing_transaction($new_fee, false)
4597 return match &self.context.holder_signer {
4598 ChannelSignerType::Ecdsa(ecdsa) => {
4600 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4601 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4603 let signed_tx = if $new_fee == msg.fee_satoshis {
4604 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4605 self.context.update_time_counter += 1;
4606 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4610 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
4611 Ok((Some(msgs::ClosingSigned {
4612 channel_id: self.context.channel_id,
4613 fee_satoshis: used_fee,
4615 fee_range: Some(msgs::ClosingSignedFeeRange {
4616 min_fee_satoshis: our_min_fee,
4617 max_fee_satoshis: our_max_fee,
4625 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4626 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4627 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4629 if max_fee_satoshis < our_min_fee {
4630 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4632 if min_fee_satoshis > our_max_fee {
4633 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4636 if !self.context.is_outbound() {
4637 // They have to pay, so pick the highest fee in the overlapping range.
4638 // We should never set an upper bound aside from their full balance
4639 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
4640 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4642 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4643 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4644 msg.fee_satoshis, our_min_fee, our_max_fee)));
4646 // The proposed fee is in our acceptable range, accept it and broadcast!
4647 propose_fee!(msg.fee_satoshis);
4650 // Old fee style negotiation. We don't bother to enforce whether they are complying
4651 // with the "making progress" requirements, we just comply and hope for the best.
4652 if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
4653 if msg.fee_satoshis > last_fee {
4654 if msg.fee_satoshis < our_max_fee {
4655 propose_fee!(msg.fee_satoshis);
4656 } else if last_fee < our_max_fee {
4657 propose_fee!(our_max_fee);
4659 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4662 if msg.fee_satoshis > our_min_fee {
4663 propose_fee!(msg.fee_satoshis);
4664 } else if last_fee > our_min_fee {
4665 propose_fee!(our_min_fee);
4667 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4671 if msg.fee_satoshis < our_min_fee {
4672 propose_fee!(our_min_fee);
4673 } else if msg.fee_satoshis > our_max_fee {
4674 propose_fee!(our_max_fee);
4676 propose_fee!(msg.fee_satoshis);
4682 fn internal_htlc_satisfies_config(
4683 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4684 ) -> Result<(), (&'static str, u16)> {
4685 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4686 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4687 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4688 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4690 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4691 0x1000 | 12, // fee_insufficient
4694 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4696 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4697 0x1000 | 13, // incorrect_cltv_expiry
4703 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4704 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4705 /// unsuccessful, falls back to the previous one if one exists.
4706 pub fn htlc_satisfies_config(
4707 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4708 ) -> Result<(), (&'static str, u16)> {
4709 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
4711 if let Some(prev_config) = self.context.prev_config() {
4712 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4719 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4720 self.context.cur_holder_commitment_transaction_number + 1
4723 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4724 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4727 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4728 self.context.cur_counterparty_commitment_transaction_number + 2
4732 pub fn get_signer(&self) -> &ChannelSignerType<<SP::Target as SignerProvider>::Signer> {
4733 &self.context.holder_signer
4737 pub fn get_value_stat(&self) -> ChannelValueStat {
4739 value_to_self_msat: self.context.value_to_self_msat,
4740 channel_value_msat: self.context.channel_value_satoshis * 1000,
4741 channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4742 pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4743 pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4744 holding_cell_outbound_amount_msat: {
4746 for h in self.context.holding_cell_htlc_updates.iter() {
4748 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4756 counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
4757 counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
4761 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4762 /// Allowed in any state (including after shutdown)
4763 pub fn is_awaiting_monitor_update(&self) -> bool {
4764 (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4767 /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
4768 pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
4769 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
4770 self.context.blocked_monitor_updates[0].update.update_id - 1
4773 /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
4774 /// further blocked monitor update exists after the next.
4775 pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
4776 if self.context.blocked_monitor_updates.is_empty() { return None; }
4777 Some((self.context.blocked_monitor_updates.remove(0).update,
4778 !self.context.blocked_monitor_updates.is_empty()))
4781 /// Pushes a new monitor update into our monitor update queue, returning it if it should be
4782 /// immediately given to the user for persisting or `None` if it should be held as blocked.
4783 fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
4784 -> Option<ChannelMonitorUpdate> {
4785 let release_monitor = self.context.blocked_monitor_updates.is_empty();
4786 if !release_monitor {
4787 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4796 pub fn blocked_monitor_updates_pending(&self) -> usize {
4797 self.context.blocked_monitor_updates.len()
4800 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4801 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4802 /// transaction. If the channel is inbound, this implies simply that the channel has not
4804 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4805 if !self.is_awaiting_monitor_update() { return false; }
4806 if self.context.channel_state &
4807 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32 | ChannelState::WaitingForBatch as u32)
4808 == ChannelState::FundingSent as u32 {
4809 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4810 // FundingSent set, though our peer could have sent their channel_ready.
4811 debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
4814 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4815 self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4816 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4817 // waiting for the initial monitor persistence. Thus, we check if our commitment
4818 // transaction numbers have both been iterated only exactly once (for the
4819 // funding_signed), and we're awaiting monitor update.
4821 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4822 // only way to get an awaiting-monitor-update state during initial funding is if the
4823 // initial monitor persistence is still pending).
4825 // Because deciding we're awaiting initial broadcast spuriously could result in
4826 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4827 // we hard-assert here, even in production builds.
4828 if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
4829 assert!(self.context.monitor_pending_channel_ready);
4830 assert_eq!(self.context.latest_monitor_update_id, 0);
4836 /// Returns true if our channel_ready has been sent
4837 pub fn is_our_channel_ready(&self) -> bool {
4838 (self.context.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.context.channel_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32
4841 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4842 pub fn received_shutdown(&self) -> bool {
4843 (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4846 /// Returns true if we either initiated or agreed to shut down the channel.
4847 pub fn sent_shutdown(&self) -> bool {
4848 (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4851 /// Returns true if this channel is fully shut down. True here implies that no further actions
4852 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4853 /// will be handled appropriately by the chain monitor.
4854 pub fn is_shutdown(&self) -> bool {
4855 if (self.context.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4856 assert!(self.context.channel_state == ChannelState::ShutdownComplete as u32);
4861 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4862 self.context.channel_update_status
4865 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4866 self.context.update_time_counter += 1;
4867 self.context.channel_update_status = status;
4870 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4872 // * always when a new block/transactions are confirmed with the new height
4873 // * when funding is signed with a height of 0
4874 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
4878 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4879 if funding_tx_confirmations <= 0 {
4880 self.context.funding_tx_confirmation_height = 0;
4883 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
4887 // Note that we don't include ChannelState::WaitingForBatch as we don't want to send
4888 // channel_ready until the entire batch is ready.
4889 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4890 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4891 self.context.channel_state |= ChannelState::OurChannelReady as u32;
4893 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4894 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
4895 self.context.update_time_counter += 1;
4897 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4898 // We got a reorg but not enough to trigger a force close, just ignore.
4901 if self.context.funding_tx_confirmation_height != 0 && self.context.channel_state & !STATE_FLAGS < ChannelState::ChannelReady as u32 {
4902 // We should never see a funding transaction on-chain until we've received
4903 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4904 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4905 // however, may do this and we shouldn't treat it as a bug.
4906 #[cfg(not(fuzzing))]
4907 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4908 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4909 self.context.channel_state);
4911 // We got a reorg but not enough to trigger a force close, just ignore.
4915 if need_commitment_update {
4916 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4917 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4918 let next_per_commitment_point =
4919 self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
4920 return Some(msgs::ChannelReady {
4921 channel_id: self.context.channel_id,
4922 next_per_commitment_point,
4923 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4927 self.context.monitor_pending_channel_ready = true;
4933 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4934 /// In the first case, we store the confirmation height and calculating the short channel id.
4935 /// In the second, we simply return an Err indicating we need to be force-closed now.
4936 pub fn transactions_confirmed<NS: Deref, L: Deref>(
4937 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
4938 chain_hash: ChainHash, node_signer: &NS, user_config: &UserConfig, logger: &L
4939 ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4941 NS::Target: NodeSigner,
4944 let mut msgs = (None, None);
4945 if let Some(funding_txo) = self.context.get_funding_txo() {
4946 for &(index_in_block, tx) in txdata.iter() {
4947 // Check if the transaction is the expected funding transaction, and if it is,
4948 // check that it pays the right amount to the right script.
4949 if self.context.funding_tx_confirmation_height == 0 {
4950 if tx.txid() == funding_txo.txid {
4951 let txo_idx = funding_txo.index as usize;
4952 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
4953 tx.output[txo_idx].value != self.context.channel_value_satoshis {
4954 if self.context.is_outbound() {
4955 // If we generated the funding transaction and it doesn't match what it
4956 // should, the client is really broken and we should just panic and
4957 // tell them off. That said, because hash collisions happen with high
4958 // probability in fuzzing mode, if we're fuzzing we just close the
4959 // channel and move on.
4960 #[cfg(not(fuzzing))]
4961 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4963 self.context.update_time_counter += 1;
4964 let err_reason = "funding tx had wrong script/value or output index";
4965 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4967 if self.context.is_outbound() {
4968 if !tx.is_coin_base() {
4969 for input in tx.input.iter() {
4970 if input.witness.is_empty() {
4971 // We generated a malleable funding transaction, implying we've
4972 // just exposed ourselves to funds loss to our counterparty.
4973 #[cfg(not(fuzzing))]
4974 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4979 self.context.funding_tx_confirmation_height = height;
4980 self.context.funding_tx_confirmed_in = Some(*block_hash);
4981 self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4982 Ok(scid) => Some(scid),
4983 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4986 // If this is a coinbase transaction and not a 0-conf channel
4987 // we should update our min_depth to 100 to handle coinbase maturity
4988 if tx.is_coin_base() &&
4989 self.context.minimum_depth.unwrap_or(0) > 0 &&
4990 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
4991 self.context.minimum_depth = Some(COINBASE_MATURITY);
4994 // If we allow 1-conf funding, we may need to check for channel_ready here and
4995 // send it immediately instead of waiting for a best_block_updated call (which
4996 // may have already happened for this block).
4997 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4998 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
4999 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
5000 msgs = (Some(channel_ready), announcement_sigs);
5003 for inp in tx.input.iter() {
5004 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
5005 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, &self.context.channel_id());
5006 return Err(ClosureReason::CommitmentTxConfirmed);
5014 /// When a new block is connected, we check the height of the block against outbound holding
5015 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
5016 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
5017 /// handled by the ChannelMonitor.
5019 /// If we return Err, the channel may have been closed, at which point the standard
5020 /// requirements apply - no calls may be made except those explicitly stated to be allowed
5023 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
5025 pub fn best_block_updated<NS: Deref, L: Deref>(
5026 &mut self, height: u32, highest_header_time: u32, chain_hash: ChainHash,
5027 node_signer: &NS, user_config: &UserConfig, logger: &L
5028 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
5030 NS::Target: NodeSigner,
5033 self.do_best_block_updated(height, highest_header_time, Some((chain_hash, node_signer, user_config)), logger)
5036 fn do_best_block_updated<NS: Deref, L: Deref>(
5037 &mut self, height: u32, highest_header_time: u32,
5038 chain_node_signer: Option<(ChainHash, &NS, &UserConfig)>, logger: &L
5039 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
5041 NS::Target: NodeSigner,
5044 let mut timed_out_htlcs = Vec::new();
5045 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
5046 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
5048 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
5049 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5051 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
5052 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
5053 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
5061 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
5063 if let Some(channel_ready) = self.check_get_channel_ready(height) {
5064 let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
5065 self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
5067 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
5068 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
5071 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
5072 if non_shutdown_state & !STATE_FLAGS >= ChannelState::ChannelReady as u32 ||
5073 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
5074 let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
5075 if self.context.funding_tx_confirmation_height == 0 {
5076 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
5077 // zero if it has been reorged out, however in either case, our state flags
5078 // indicate we've already sent a channel_ready
5079 funding_tx_confirmations = 0;
5082 // If we've sent channel_ready (or have both sent and received channel_ready), and
5083 // the funding transaction has become unconfirmed,
5084 // close the channel and hope we can get the latest state on chain (because presumably
5085 // the funding transaction is at least still in the mempool of most nodes).
5087 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
5088 // 0-conf channel, but not doing so may lead to the
5089 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
5091 if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
5092 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
5093 self.context.minimum_depth.unwrap(), funding_tx_confirmations);
5094 return Err(ClosureReason::ProcessingError { err: err_reason });
5096 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
5097 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
5098 log_info!(logger, "Closing channel {} due to funding timeout", &self.context.channel_id);
5099 // If funding_tx_confirmed_in is unset, the channel must not be active
5100 assert!(non_shutdown_state & !STATE_FLAGS <= ChannelState::ChannelReady as u32);
5101 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
5102 return Err(ClosureReason::FundingTimedOut);
5105 let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
5106 self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
5108 Ok((None, timed_out_htlcs, announcement_sigs))
5111 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
5112 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
5113 /// before the channel has reached channel_ready and we can just wait for more blocks.
5114 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
5115 if self.context.funding_tx_confirmation_height != 0 {
5116 // We handle the funding disconnection by calling best_block_updated with a height one
5117 // below where our funding was connected, implying a reorg back to conf_height - 1.
5118 let reorg_height = self.context.funding_tx_confirmation_height - 1;
5119 // We use the time field to bump the current time we set on channel updates if its
5120 // larger. If we don't know that time has moved forward, we can just set it to the last
5121 // time we saw and it will be ignored.
5122 let best_time = self.context.update_time_counter;
5123 match self.do_best_block_updated(reorg_height, best_time, None::<(ChainHash, &&NodeSigner, &UserConfig)>, logger) {
5124 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
5125 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
5126 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
5127 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
5133 // We never learned about the funding confirmation anyway, just ignore
5138 // Methods to get unprompted messages to send to the remote end (or where we already returned
5139 // something in the handler for the message that prompted this message):
5141 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
5142 /// announceable and available for use (have exchanged [`ChannelReady`] messages in both
5143 /// directions). Should be used for both broadcasted announcements and in response to an
5144 /// AnnouncementSignatures message from the remote peer.
5146 /// Will only fail if we're not in a state where channel_announcement may be sent (including
5149 /// This will only return ChannelError::Ignore upon failure.
5151 /// [`ChannelReady`]: crate::ln::msgs::ChannelReady
5152 fn get_channel_announcement<NS: Deref>(
5153 &self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
5154 ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5155 if !self.context.config.announced_channel {
5156 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
5158 if !self.context.is_usable() {
5159 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
5162 let short_channel_id = self.context.get_short_channel_id()
5163 .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
5164 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
5165 .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
5166 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
5167 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
5169 let msg = msgs::UnsignedChannelAnnouncement {
5170 features: channelmanager::provided_channel_features(&user_config),
5173 node_id_1: if were_node_one { node_id } else { counterparty_node_id },
5174 node_id_2: if were_node_one { counterparty_node_id } else { node_id },
5175 bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
5176 bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
5177 excess_data: Vec::new(),
5183 fn get_announcement_sigs<NS: Deref, L: Deref>(
5184 &mut self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
5185 best_block_height: u32, logger: &L
5186 ) -> Option<msgs::AnnouncementSignatures>
5188 NS::Target: NodeSigner,
5191 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5195 if !self.context.is_usable() {
5199 if self.context.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
5200 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
5204 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
5208 log_trace!(logger, "Creating an announcement_signatures message for channel {}", &self.context.channel_id());
5209 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5212 log_trace!(logger, "{:?}", e);
5216 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
5218 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
5223 match &self.context.holder_signer {
5224 ChannelSignerType::Ecdsa(ecdsa) => {
5225 let our_bitcoin_sig = match ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
5227 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
5232 let short_channel_id = match self.context.get_short_channel_id() {
5234 None => return None,
5237 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
5239 Some(msgs::AnnouncementSignatures {
5240 channel_id: self.context.channel_id(),
5242 node_signature: our_node_sig,
5243 bitcoin_signature: our_bitcoin_sig,
5249 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
5251 fn sign_channel_announcement<NS: Deref>(
5252 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
5253 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5254 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
5255 let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
5256 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
5257 let were_node_one = announcement.node_id_1 == our_node_key;
5259 let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
5260 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
5261 match &self.context.holder_signer {
5262 ChannelSignerType::Ecdsa(ecdsa) => {
5263 let our_bitcoin_sig = ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
5264 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
5265 Ok(msgs::ChannelAnnouncement {
5266 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
5267 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
5268 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
5269 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
5270 contents: announcement,
5275 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5279 /// Processes an incoming announcement_signatures message, providing a fully-signed
5280 /// channel_announcement message which we can broadcast and storing our counterparty's
5281 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5282 pub fn announcement_signatures<NS: Deref>(
5283 &mut self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32,
5284 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
5285 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5286 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
5288 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5290 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
5291 return Err(ChannelError::Close(format!(
5292 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5293 &announcement, self.context.get_counterparty_node_id())));
5295 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
5296 return Err(ChannelError::Close(format!(
5297 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5298 &announcement, self.context.counterparty_funding_pubkey())));
5301 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5302 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5303 return Err(ChannelError::Ignore(
5304 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5307 self.sign_channel_announcement(node_signer, announcement)
5310 /// Gets a signed channel_announcement for this channel, if we previously received an
5311 /// announcement_signatures from our counterparty.
5312 pub fn get_signed_channel_announcement<NS: Deref>(
5313 &self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32, user_config: &UserConfig
5314 ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
5315 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5318 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5320 Err(_) => return None,
5322 match self.sign_channel_announcement(node_signer, announcement) {
5323 Ok(res) => Some(res),
5328 /// May panic if called on a channel that wasn't immediately-previously
5329 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5330 pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5331 assert_eq!(self.context.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5332 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5333 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5334 // current to_remote balances. However, it no longer has any use, and thus is now simply
5335 // set to a dummy (but valid, as required by the spec) public key.
5336 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5337 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5338 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5339 let mut pk = [2; 33]; pk[1] = 0xff;
5340 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5341 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5342 let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
5343 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), &self.context.channel_id());
5346 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", &self.context.channel_id());
5349 self.mark_awaiting_response();
5350 msgs::ChannelReestablish {
5351 channel_id: self.context.channel_id(),
5352 // The protocol has two different commitment number concepts - the "commitment
5353 // transaction number", which starts from 0 and counts up, and the "revocation key
5354 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5355 // commitment transaction numbers by the index which will be used to reveal the
5356 // revocation key for that commitment transaction, which means we have to convert them
5357 // to protocol-level commitment numbers here...
5359 // next_local_commitment_number is the next commitment_signed number we expect to
5360 // receive (indicating if they need to resend one that we missed).
5361 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
5362 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5363 // receive, however we track it by the next commitment number for a remote transaction
5364 // (which is one further, as they always revoke previous commitment transaction, not
5365 // the one we send) so we have to decrement by 1. Note that if
5366 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5367 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5369 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
5370 your_last_per_commitment_secret: remote_last_secret,
5371 my_current_per_commitment_point: dummy_pubkey,
5372 // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
5373 // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
5374 // txid of that interactive transaction, else we MUST NOT set it.
5375 next_funding_txid: None,
5380 // Send stuff to our remote peers:
5382 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5383 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5384 /// commitment update.
5386 /// `Err`s will only be [`ChannelError::Ignore`].
5387 pub fn queue_add_htlc<F: Deref, L: Deref>(
5388 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5389 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5390 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5391 ) -> Result<(), ChannelError>
5392 where F::Target: FeeEstimator, L::Target: Logger
5395 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
5396 skimmed_fee_msat, fee_estimator, logger)
5397 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5399 if let ChannelError::Ignore(_) = err { /* fine */ }
5400 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5405 /// Adds a pending outbound HTLC to this channel, note that you probably want
5406 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5408 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5410 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5411 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5413 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5414 /// we may not yet have sent the previous commitment update messages and will need to
5415 /// regenerate them.
5417 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5418 /// on this [`Channel`] if `force_holding_cell` is false.
5420 /// `Err`s will only be [`ChannelError::Ignore`].
5421 fn send_htlc<F: Deref, L: Deref>(
5422 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5423 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
5424 skimmed_fee_msat: Option<u64>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5425 ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
5426 where F::Target: FeeEstimator, L::Target: Logger
5428 if (self.context.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5429 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5431 let channel_total_msat = self.context.channel_value_satoshis * 1000;
5432 if amount_msat > channel_total_msat {
5433 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5436 if amount_msat == 0 {
5437 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5440 let available_balances = self.context.get_available_balances(fee_estimator);
5441 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
5442 return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
5443 available_balances.next_outbound_htlc_minimum_msat)));
5446 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
5447 return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
5448 available_balances.next_outbound_htlc_limit_msat)));
5451 if (self.context.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5452 // Note that this should never really happen, if we're !is_live() on receipt of an
5453 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5454 // the user to send directly into a !is_live() channel. However, if we
5455 // disconnected during the time the previous hop was doing the commitment dance we may
5456 // end up getting here after the forwarding delay. In any case, returning an
5457 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5458 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5461 let need_holding_cell = (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
5462 log_debug!(logger, "Pushing new outbound HTLC with hash {} for {} msat {}",
5463 payment_hash, amount_msat,
5464 if force_holding_cell { "into holding cell" }
5465 else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
5466 else { "to peer" });
5468 if need_holding_cell {
5469 force_holding_cell = true;
5472 // Now update local state:
5473 if force_holding_cell {
5474 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5479 onion_routing_packet,
5485 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
5486 htlc_id: self.context.next_holder_htlc_id,
5488 payment_hash: payment_hash.clone(),
5490 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5495 let res = msgs::UpdateAddHTLC {
5496 channel_id: self.context.channel_id,
5497 htlc_id: self.context.next_holder_htlc_id,
5501 onion_routing_packet,
5504 self.context.next_holder_htlc_id += 1;
5509 fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
5510 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5511 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5512 // fail to generate this, we still are at least at a position where upgrading their status
5514 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
5515 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5516 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5518 if let Some(state) = new_state {
5519 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
5523 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5524 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5525 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
5526 // Grab the preimage, if it exists, instead of cloning
5527 let mut reason = OutboundHTLCOutcome::Success(None);
5528 mem::swap(outcome, &mut reason);
5529 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5532 if let Some((feerate, update_state)) = self.context.pending_update_fee {
5533 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5534 debug_assert!(!self.context.is_outbound());
5535 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5536 self.context.feerate_per_kw = feerate;
5537 self.context.pending_update_fee = None;
5540 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5542 let (mut htlcs_ref, counterparty_commitment_tx) =
5543 self.build_commitment_no_state_update(logger);
5544 let counterparty_commitment_txid = counterparty_commitment_tx.trust().txid();
5545 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5546 htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5548 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5549 self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
5552 self.context.latest_monitor_update_id += 1;
5553 let monitor_update = ChannelMonitorUpdate {
5554 update_id: self.context.latest_monitor_update_id,
5555 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5556 commitment_txid: counterparty_commitment_txid,
5557 htlc_outputs: htlcs.clone(),
5558 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
5559 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap(),
5560 feerate_per_kw: Some(counterparty_commitment_tx.feerate_per_kw()),
5561 to_broadcaster_value_sat: Some(counterparty_commitment_tx.to_broadcaster_value_sat()),
5562 to_countersignatory_value_sat: Some(counterparty_commitment_tx.to_countersignatory_value_sat()),
5565 self.context.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5569 fn build_commitment_no_state_update<L: Deref>(&self, logger: &L)
5570 -> (Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>, CommitmentTransaction)
5571 where L::Target: Logger
5573 let counterparty_keys = self.context.build_remote_transaction_keys();
5574 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5575 let counterparty_commitment_tx = commitment_stats.tx;
5577 #[cfg(any(test, fuzzing))]
5579 if !self.context.is_outbound() {
5580 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5581 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5582 if let Some(info) = projected_commit_tx_info {
5583 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
5584 if info.total_pending_htlcs == total_pending_htlcs
5585 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
5586 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
5587 && info.feerate == self.context.feerate_per_kw {
5588 let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
5589 assert_eq!(actual_fee, info.fee);
5595 (commitment_stats.htlcs_included, counterparty_commitment_tx)
5598 /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
5599 /// generation when we shouldn't change HTLC/channel state.
5600 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5601 // Get the fee tests from `build_commitment_no_state_update`
5602 #[cfg(any(test, fuzzing))]
5603 self.build_commitment_no_state_update(logger);
5605 let counterparty_keys = self.context.build_remote_transaction_keys();
5606 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5607 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5609 match &self.context.holder_signer {
5610 ChannelSignerType::Ecdsa(ecdsa) => {
5611 let (signature, htlc_signatures);
5614 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5615 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5619 let res = ecdsa.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.context.secp_ctx)
5620 .map_err(|_| ChannelError::Ignore("Failed to get signatures for new commitment_signed".to_owned()))?;
5622 htlc_signatures = res.1;
5624 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5625 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5626 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
5627 log_bytes!(signature.serialize_compact()[..]), &self.context.channel_id());
5629 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5630 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5631 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5632 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
5633 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5634 log_bytes!(htlc_sig.serialize_compact()[..]), &self.context.channel_id());
5638 Ok((msgs::CommitmentSigned {
5639 channel_id: self.context.channel_id,
5643 partial_signature_with_nonce: None,
5644 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5649 /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
5650 /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
5652 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5653 /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
5654 pub fn send_htlc_and_commit<F: Deref, L: Deref>(
5655 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
5656 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5657 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5658 ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
5659 where F::Target: FeeEstimator, L::Target: Logger
5661 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
5662 onion_routing_packet, false, skimmed_fee_msat, fee_estimator, logger);
5663 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
5666 let monitor_update = self.build_commitment_no_status_check(logger);
5667 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
5668 Ok(self.push_ret_blockable_mon_update(monitor_update))
5674 /// Applies the `ChannelUpdate` and returns a boolean indicating whether a change actually
5676 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<bool, ChannelError> {
5677 let new_forwarding_info = Some(CounterpartyForwardingInfo {
5678 fee_base_msat: msg.contents.fee_base_msat,
5679 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5680 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5682 let did_change = self.context.counterparty_forwarding_info != new_forwarding_info;
5684 self.context.counterparty_forwarding_info = new_forwarding_info;
5690 /// Begins the shutdown process, getting a message for the remote peer and returning all
5691 /// holding cell HTLCs for payment failure.
5693 /// May jump to the channel being fully shutdown (see [`Self::is_shutdown`]) in which case no
5694 /// [`ChannelMonitorUpdate`] will be returned).
5695 pub fn get_shutdown(&mut self, signer_provider: &SP, their_features: &InitFeatures,
5696 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
5697 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5699 for htlc in self.context.pending_outbound_htlcs.iter() {
5700 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5701 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5704 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5705 if (self.context.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5706 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5708 else if (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5709 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5712 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
5713 return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
5715 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
5716 if self.context.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5717 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5720 // If we haven't funded the channel yet, we don't need to bother ensuring the shutdown
5721 // script is set, we just force-close and call it a day.
5722 let mut chan_closed = false;
5723 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
5727 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5729 None if !chan_closed => {
5730 // use override shutdown script if provided
5731 let shutdown_scriptpubkey = match override_shutdown_script {
5732 Some(script) => script,
5734 // otherwise, use the shutdown scriptpubkey provided by the signer
5735 match signer_provider.get_shutdown_scriptpubkey() {
5736 Ok(scriptpubkey) => scriptpubkey,
5737 Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
5741 if !shutdown_scriptpubkey.is_compatible(their_features) {
5742 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5744 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5750 // From here on out, we may not fail!
5751 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5752 if self.context.channel_state & !STATE_FLAGS < ChannelState::FundingSent as u32 {
5753 self.context.channel_state = ChannelState::ShutdownComplete as u32;
5755 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
5757 self.context.update_time_counter += 1;
5759 let monitor_update = if update_shutdown_script {
5760 self.context.latest_monitor_update_id += 1;
5761 let monitor_update = ChannelMonitorUpdate {
5762 update_id: self.context.latest_monitor_update_id,
5763 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5764 scriptpubkey: self.get_closing_scriptpubkey(),
5767 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5768 self.push_ret_blockable_mon_update(monitor_update)
5770 let shutdown = msgs::Shutdown {
5771 channel_id: self.context.channel_id,
5772 scriptpubkey: self.get_closing_scriptpubkey(),
5775 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5776 // our shutdown until we've committed all of the pending changes.
5777 self.context.holding_cell_update_fee = None;
5778 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5779 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5781 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5782 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5789 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
5790 "we can't both complete shutdown and return a monitor update");
5792 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5795 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
5796 self.context.holding_cell_htlc_updates.iter()
5797 .flat_map(|htlc_update| {
5799 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
5800 => Some((source, payment_hash)),
5804 .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
5808 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
5809 pub(super) struct OutboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
5810 pub context: ChannelContext<SP>,
5811 pub unfunded_context: UnfundedChannelContext,
5814 impl<SP: Deref> OutboundV1Channel<SP> where SP::Target: SignerProvider {
5815 pub fn new<ES: Deref, F: Deref>(
5816 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
5817 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
5818 outbound_scid_alias: u64
5819 ) -> Result<OutboundV1Channel<SP>, APIError>
5820 where ES::Target: EntropySource,
5821 F::Target: FeeEstimator
5823 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
5824 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
5825 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
5826 let pubkeys = holder_signer.pubkeys().clone();
5828 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
5829 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
5831 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
5832 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
5834 let channel_value_msat = channel_value_satoshis * 1000;
5835 if push_msat > channel_value_msat {
5836 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
5838 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
5839 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
5841 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
5842 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5843 // Protocol level safety check in place, although it should never happen because
5844 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
5845 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
5848 let channel_type = Self::get_initial_channel_type(&config, their_features);
5849 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
5851 let (commitment_conf_target, anchor_outputs_value_msat) = if channel_type.supports_anchors_zero_fee_htlc_tx() {
5852 (ConfirmationTarget::AnchorChannelFee, ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000)
5854 (ConfirmationTarget::NonAnchorChannelFee, 0)
5856 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
5858 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
5859 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
5860 if value_to_self_msat.saturating_sub(anchor_outputs_value_msat) < commitment_tx_fee {
5861 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
5864 let mut secp_ctx = Secp256k1::new();
5865 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
5867 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
5868 match signer_provider.get_shutdown_scriptpubkey() {
5869 Ok(scriptpubkey) => Some(scriptpubkey),
5870 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
5874 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
5875 if !shutdown_scriptpubkey.is_compatible(&their_features) {
5876 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5880 let destination_script = match signer_provider.get_destination_script() {
5881 Ok(script) => script,
5882 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
5885 let temporary_channel_id = ChannelId::temporary_from_entropy_source(entropy_source);
5888 context: ChannelContext {
5891 config: LegacyChannelConfig {
5892 options: config.channel_config.clone(),
5893 announced_channel: config.channel_handshake_config.announced_channel,
5894 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
5899 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
5901 channel_id: temporary_channel_id,
5902 temporary_channel_id: Some(temporary_channel_id),
5903 channel_state: ChannelState::OurInitSent as u32,
5904 announcement_sigs_state: AnnouncementSigsState::NotSent,
5906 channel_value_satoshis,
5908 latest_monitor_update_id: 0,
5910 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
5911 shutdown_scriptpubkey,
5914 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5915 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5918 pending_inbound_htlcs: Vec::new(),
5919 pending_outbound_htlcs: Vec::new(),
5920 holding_cell_htlc_updates: Vec::new(),
5921 pending_update_fee: None,
5922 holding_cell_update_fee: None,
5923 next_holder_htlc_id: 0,
5924 next_counterparty_htlc_id: 0,
5925 update_time_counter: 1,
5927 resend_order: RAACommitmentOrder::CommitmentFirst,
5929 monitor_pending_channel_ready: false,
5930 monitor_pending_revoke_and_ack: false,
5931 monitor_pending_commitment_signed: false,
5932 monitor_pending_forwards: Vec::new(),
5933 monitor_pending_failures: Vec::new(),
5934 monitor_pending_finalized_fulfills: Vec::new(),
5936 signer_pending_commitment_update: false,
5937 signer_pending_funding: false,
5939 #[cfg(debug_assertions)]
5940 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5941 #[cfg(debug_assertions)]
5942 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5944 last_sent_closing_fee: None,
5945 pending_counterparty_closing_signed: None,
5946 closing_fee_limits: None,
5947 target_closing_feerate_sats_per_kw: None,
5949 funding_tx_confirmed_in: None,
5950 funding_tx_confirmation_height: 0,
5951 short_channel_id: None,
5952 channel_creation_height: current_chain_height,
5954 feerate_per_kw: commitment_feerate,
5955 counterparty_dust_limit_satoshis: 0,
5956 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
5957 counterparty_max_htlc_value_in_flight_msat: 0,
5958 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
5959 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
5960 holder_selected_channel_reserve_satoshis,
5961 counterparty_htlc_minimum_msat: 0,
5962 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
5963 counterparty_max_accepted_htlcs: 0,
5964 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
5965 minimum_depth: None, // Filled in in accept_channel
5967 counterparty_forwarding_info: None,
5969 channel_transaction_parameters: ChannelTransactionParameters {
5970 holder_pubkeys: pubkeys,
5971 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
5972 is_outbound_from_holder: true,
5973 counterparty_parameters: None,
5974 funding_outpoint: None,
5975 channel_type_features: channel_type.clone()
5977 funding_transaction: None,
5978 is_batch_funding: None,
5980 counterparty_cur_commitment_point: None,
5981 counterparty_prev_commitment_point: None,
5982 counterparty_node_id,
5984 counterparty_shutdown_scriptpubkey: None,
5986 commitment_secrets: CounterpartyCommitmentSecrets::new(),
5988 channel_update_status: ChannelUpdateStatus::Enabled,
5989 closing_signed_in_flight: false,
5991 announcement_sigs: None,
5993 #[cfg(any(test, fuzzing))]
5994 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
5995 #[cfg(any(test, fuzzing))]
5996 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
5998 workaround_lnd_bug_4006: None,
5999 sent_message_awaiting_response: None,
6001 latest_inbound_scid_alias: None,
6002 outbound_scid_alias,
6004 channel_pending_event_emitted: false,
6005 channel_ready_event_emitted: false,
6007 #[cfg(any(test, fuzzing))]
6008 historical_inbound_htlc_fulfills: HashSet::new(),
6013 blocked_monitor_updates: Vec::new(),
6015 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6019 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
6020 /// a funding_created message for the remote peer.
6021 /// Panics if called at some time other than immediately after initial handshake, if called twice,
6022 /// or if called on an inbound channel.
6023 /// Note that channel_id changes during this call!
6024 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
6025 /// If an Err is returned, it is a ChannelError::Close.
6026 pub fn get_funding_created<L: Deref>(mut self, funding_transaction: Transaction, funding_txo: OutPoint, is_batch_funding: bool, logger: &L)
6027 -> Result<(Channel<SP>, Option<msgs::FundingCreated>), (Self, ChannelError)> where L::Target: Logger {
6028 if !self.context.is_outbound() {
6029 panic!("Tried to create outbound funding_created message on an inbound channel!");
6031 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6032 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
6034 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6035 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6036 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6037 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6040 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6041 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
6043 // Now that we're past error-generating stuff, update our local state:
6045 self.context.channel_state = ChannelState::FundingCreated as u32;
6046 self.context.channel_id = funding_txo.to_channel_id();
6048 // If the funding transaction is a coinbase transaction, we need to set the minimum depth to 100.
6049 // We can skip this if it is a zero-conf channel.
6050 if funding_transaction.is_coin_base() &&
6051 self.context.minimum_depth.unwrap_or(0) > 0 &&
6052 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
6053 self.context.minimum_depth = Some(COINBASE_MATURITY);
6056 self.context.funding_transaction = Some(funding_transaction);
6057 self.context.is_batch_funding = Some(()).filter(|_| is_batch_funding);
6059 let funding_created = self.context.get_funding_created_msg(logger);
6060 if funding_created.is_none() {
6061 self.context.signer_pending_funding = true;
6064 let channel = Channel {
6065 context: self.context,
6068 Ok((channel, funding_created))
6071 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
6072 // The default channel type (ie the first one we try) depends on whether the channel is
6073 // public - if it is, we just go with `only_static_remotekey` as it's the only option
6074 // available. If it's private, we first try `scid_privacy` as it provides better privacy
6075 // with no other changes, and fall back to `only_static_remotekey`.
6076 let mut ret = ChannelTypeFeatures::only_static_remote_key();
6077 if !config.channel_handshake_config.announced_channel &&
6078 config.channel_handshake_config.negotiate_scid_privacy &&
6079 their_features.supports_scid_privacy() {
6080 ret.set_scid_privacy_required();
6083 // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
6084 // set it now. If they don't understand it, we'll fall back to our default of
6085 // `only_static_remotekey`.
6086 if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
6087 their_features.supports_anchors_zero_fee_htlc_tx() {
6088 ret.set_anchors_zero_fee_htlc_tx_required();
6094 /// If we receive an error message, it may only be a rejection of the channel type we tried,
6095 /// not of our ability to open any channel at all. Thus, on error, we should first call this
6096 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
6097 pub(crate) fn maybe_handle_error_without_close<F: Deref>(
6098 &mut self, chain_hash: ChainHash, fee_estimator: &LowerBoundedFeeEstimator<F>
6099 ) -> Result<msgs::OpenChannel, ()>
6101 F::Target: FeeEstimator
6103 if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
6104 if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
6105 // We've exhausted our options
6108 // We support opening a few different types of channels. Try removing our additional
6109 // features one by one until we've either arrived at our default or the counterparty has
6112 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
6113 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
6114 // checks whether the counterparty supports every feature, this would only happen if the
6115 // counterparty is advertising the feature, but rejecting channels proposing the feature for
6117 if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
6118 self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
6119 self.context.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
6120 assert!(!self.context.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
6121 } else if self.context.channel_type.supports_scid_privacy() {
6122 self.context.channel_type.clear_scid_privacy();
6124 self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
6126 self.context.channel_transaction_parameters.channel_type_features = self.context.channel_type.clone();
6127 Ok(self.get_open_channel(chain_hash))
6130 pub fn get_open_channel(&self, chain_hash: ChainHash) -> msgs::OpenChannel {
6131 if !self.context.is_outbound() {
6132 panic!("Tried to open a channel for an inbound channel?");
6134 if self.context.channel_state != ChannelState::OurInitSent as u32 {
6135 panic!("Cannot generate an open_channel after we've moved forward");
6138 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6139 panic!("Tried to send an open_channel for a channel that has already advanced");
6142 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6143 let keys = self.context.get_holder_pubkeys();
6147 temporary_channel_id: self.context.channel_id,
6148 funding_satoshis: self.context.channel_value_satoshis,
6149 push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
6150 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6151 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6152 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6153 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6154 feerate_per_kw: self.context.feerate_per_kw as u32,
6155 to_self_delay: self.context.get_holder_selected_contest_delay(),
6156 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6157 funding_pubkey: keys.funding_pubkey,
6158 revocation_basepoint: keys.revocation_basepoint,
6159 payment_point: keys.payment_point,
6160 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6161 htlc_basepoint: keys.htlc_basepoint,
6162 first_per_commitment_point,
6163 channel_flags: if self.context.config.announced_channel {1} else {0},
6164 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6165 Some(script) => script.clone().into_inner(),
6166 None => Builder::new().into_script(),
6168 channel_type: Some(self.context.channel_type.clone()),
6173 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
6174 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
6176 // Check sanity of message fields:
6177 if !self.context.is_outbound() {
6178 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
6180 if self.context.channel_state != ChannelState::OurInitSent as u32 {
6181 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
6183 if msg.dust_limit_satoshis > 21000000 * 100000000 {
6184 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
6186 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
6187 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
6189 if msg.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
6190 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
6192 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
6193 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
6194 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
6196 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
6197 if msg.htlc_minimum_msat >= full_channel_value_msat {
6198 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6200 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6201 if msg.to_self_delay > max_delay_acceptable {
6202 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
6204 if msg.max_accepted_htlcs < 1 {
6205 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6207 if msg.max_accepted_htlcs > MAX_HTLCS {
6208 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6211 // Now check against optional parameters as set by config...
6212 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
6213 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
6215 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
6216 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
6218 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
6219 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
6221 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
6222 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
6224 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6225 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6227 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6228 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6230 if msg.minimum_depth > peer_limits.max_minimum_depth {
6231 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
6234 if let Some(ty) = &msg.channel_type {
6235 if *ty != self.context.channel_type {
6236 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
6238 } else if their_features.supports_channel_type() {
6239 // Assume they've accepted the channel type as they said they understand it.
6241 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6242 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6243 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6245 self.context.channel_type = channel_type.clone();
6246 self.context.channel_transaction_parameters.channel_type_features = channel_type;
6249 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6250 match &msg.shutdown_scriptpubkey {
6251 &Some(ref script) => {
6252 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6253 if script.len() == 0 {
6256 if !script::is_bolt2_compliant(&script, their_features) {
6257 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
6259 Some(script.clone())
6262 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6264 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6269 self.context.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
6270 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
6271 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
6272 self.context.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
6273 self.context.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
6275 if peer_limits.trust_own_funding_0conf {
6276 self.context.minimum_depth = Some(msg.minimum_depth);
6278 self.context.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
6281 let counterparty_pubkeys = ChannelPublicKeys {
6282 funding_pubkey: msg.funding_pubkey,
6283 revocation_basepoint: msg.revocation_basepoint,
6284 payment_point: msg.payment_point,
6285 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6286 htlc_basepoint: msg.htlc_basepoint
6289 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
6290 selected_contest_delay: msg.to_self_delay,
6291 pubkeys: counterparty_pubkeys,
6294 self.context.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
6295 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
6297 self.context.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
6298 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
6304 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
6305 pub(super) struct InboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
6306 pub context: ChannelContext<SP>,
6307 pub unfunded_context: UnfundedChannelContext,
6310 impl<SP: Deref> InboundV1Channel<SP> where SP::Target: SignerProvider {
6311 /// Creates a new channel from a remote sides' request for one.
6312 /// Assumes chain_hash has already been checked and corresponds with what we expect!
6313 pub fn new<ES: Deref, F: Deref, L: Deref>(
6314 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
6315 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
6316 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
6317 current_chain_height: u32, logger: &L, is_0conf: bool,
6318 ) -> Result<InboundV1Channel<SP>, ChannelError>
6319 where ES::Target: EntropySource,
6320 F::Target: FeeEstimator,
6323 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
6325 // First check the channel type is known, failing before we do anything else if we don't
6326 // support this channel type.
6327 let channel_type = if let Some(channel_type) = &msg.channel_type {
6328 if channel_type.supports_any_optional_bits() {
6329 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
6332 // We only support the channel types defined by the `ChannelManager` in
6333 // `provided_channel_type_features`. The channel type must always support
6334 // `static_remote_key`.
6335 if !channel_type.requires_static_remote_key() {
6336 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
6338 // Make sure we support all of the features behind the channel type.
6339 if !channel_type.is_subset(our_supported_features) {
6340 return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
6342 if channel_type.requires_scid_privacy() && announced_channel {
6343 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
6345 channel_type.clone()
6347 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6348 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6349 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6354 let channel_keys_id = signer_provider.generate_channel_keys_id(true, msg.funding_satoshis, user_id);
6355 let holder_signer = signer_provider.derive_channel_signer(msg.funding_satoshis, channel_keys_id);
6356 let pubkeys = holder_signer.pubkeys().clone();
6357 let counterparty_pubkeys = ChannelPublicKeys {
6358 funding_pubkey: msg.funding_pubkey,
6359 revocation_basepoint: msg.revocation_basepoint,
6360 payment_point: msg.payment_point,
6361 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6362 htlc_basepoint: msg.htlc_basepoint
6365 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
6366 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
6369 // Check sanity of message fields:
6370 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
6371 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
6373 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
6374 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
6376 if msg.channel_reserve_satoshis > msg.funding_satoshis {
6377 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
6379 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
6380 if msg.push_msat > full_channel_value_msat {
6381 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
6383 if msg.dust_limit_satoshis > msg.funding_satoshis {
6384 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
6386 if msg.htlc_minimum_msat >= full_channel_value_msat {
6387 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6389 Channel::<SP>::check_remote_fee(&channel_type, fee_estimator, msg.feerate_per_kw, None, logger)?;
6391 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6392 if msg.to_self_delay > max_counterparty_selected_contest_delay {
6393 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
6395 if msg.max_accepted_htlcs < 1 {
6396 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6398 if msg.max_accepted_htlcs > MAX_HTLCS {
6399 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6402 // Now check against optional parameters as set by config...
6403 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
6404 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
6406 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
6407 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
6409 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
6410 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
6412 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
6413 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
6415 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
6416 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
6418 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6419 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6421 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6422 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6425 // Convert things into internal flags and prep our state:
6427 if config.channel_handshake_limits.force_announced_channel_preference {
6428 if config.channel_handshake_config.announced_channel != announced_channel {
6429 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
6433 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
6434 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6435 // Protocol level safety check in place, although it should never happen because
6436 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
6437 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6439 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
6440 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
6442 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6443 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
6444 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
6446 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
6447 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
6450 // check if the funder's amount for the initial commitment tx is sufficient
6451 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
6452 let anchor_outputs_value = if channel_type.supports_anchors_zero_fee_htlc_tx() {
6453 ANCHOR_OUTPUT_VALUE_SATOSHI * 2
6457 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
6458 let commitment_tx_fee = commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
6459 if (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value) < commitment_tx_fee {
6460 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value), commitment_tx_fee)));
6463 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee - anchor_outputs_value;
6464 // While it's reasonable for us to not meet the channel reserve initially (if they don't
6465 // want to push much to us), our counterparty should always have more than our reserve.
6466 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
6467 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
6470 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6471 match &msg.shutdown_scriptpubkey {
6472 &Some(ref script) => {
6473 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6474 if script.len() == 0 {
6477 if !script::is_bolt2_compliant(&script, their_features) {
6478 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
6480 Some(script.clone())
6483 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6485 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6490 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
6491 match signer_provider.get_shutdown_scriptpubkey() {
6492 Ok(scriptpubkey) => Some(scriptpubkey),
6493 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
6497 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
6498 if !shutdown_scriptpubkey.is_compatible(&their_features) {
6499 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
6503 let destination_script = match signer_provider.get_destination_script() {
6504 Ok(script) => script,
6505 Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
6508 let mut secp_ctx = Secp256k1::new();
6509 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
6511 let minimum_depth = if is_0conf {
6514 Some(cmp::max(config.channel_handshake_config.minimum_depth, 1))
6518 context: ChannelContext {
6521 config: LegacyChannelConfig {
6522 options: config.channel_config.clone(),
6524 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
6529 inbound_handshake_limits_override: None,
6531 temporary_channel_id: Some(msg.temporary_channel_id),
6532 channel_id: msg.temporary_channel_id,
6533 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
6534 announcement_sigs_state: AnnouncementSigsState::NotSent,
6537 latest_monitor_update_id: 0,
6539 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
6540 shutdown_scriptpubkey,
6543 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6544 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6545 value_to_self_msat: msg.push_msat,
6547 pending_inbound_htlcs: Vec::new(),
6548 pending_outbound_htlcs: Vec::new(),
6549 holding_cell_htlc_updates: Vec::new(),
6550 pending_update_fee: None,
6551 holding_cell_update_fee: None,
6552 next_holder_htlc_id: 0,
6553 next_counterparty_htlc_id: 0,
6554 update_time_counter: 1,
6556 resend_order: RAACommitmentOrder::CommitmentFirst,
6558 monitor_pending_channel_ready: false,
6559 monitor_pending_revoke_and_ack: false,
6560 monitor_pending_commitment_signed: false,
6561 monitor_pending_forwards: Vec::new(),
6562 monitor_pending_failures: Vec::new(),
6563 monitor_pending_finalized_fulfills: Vec::new(),
6565 signer_pending_commitment_update: false,
6566 signer_pending_funding: false,
6568 #[cfg(debug_assertions)]
6569 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6570 #[cfg(debug_assertions)]
6571 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6573 last_sent_closing_fee: None,
6574 pending_counterparty_closing_signed: None,
6575 closing_fee_limits: None,
6576 target_closing_feerate_sats_per_kw: None,
6578 funding_tx_confirmed_in: None,
6579 funding_tx_confirmation_height: 0,
6580 short_channel_id: None,
6581 channel_creation_height: current_chain_height,
6583 feerate_per_kw: msg.feerate_per_kw,
6584 channel_value_satoshis: msg.funding_satoshis,
6585 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
6586 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
6587 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
6588 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
6589 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
6590 holder_selected_channel_reserve_satoshis,
6591 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
6592 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
6593 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
6594 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
6597 counterparty_forwarding_info: None,
6599 channel_transaction_parameters: ChannelTransactionParameters {
6600 holder_pubkeys: pubkeys,
6601 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
6602 is_outbound_from_holder: false,
6603 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
6604 selected_contest_delay: msg.to_self_delay,
6605 pubkeys: counterparty_pubkeys,
6607 funding_outpoint: None,
6608 channel_type_features: channel_type.clone()
6610 funding_transaction: None,
6611 is_batch_funding: None,
6613 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
6614 counterparty_prev_commitment_point: None,
6615 counterparty_node_id,
6617 counterparty_shutdown_scriptpubkey,
6619 commitment_secrets: CounterpartyCommitmentSecrets::new(),
6621 channel_update_status: ChannelUpdateStatus::Enabled,
6622 closing_signed_in_flight: false,
6624 announcement_sigs: None,
6626 #[cfg(any(test, fuzzing))]
6627 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6628 #[cfg(any(test, fuzzing))]
6629 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6631 workaround_lnd_bug_4006: None,
6632 sent_message_awaiting_response: None,
6634 latest_inbound_scid_alias: None,
6635 outbound_scid_alias: 0,
6637 channel_pending_event_emitted: false,
6638 channel_ready_event_emitted: false,
6640 #[cfg(any(test, fuzzing))]
6641 historical_inbound_htlc_fulfills: HashSet::new(),
6646 blocked_monitor_updates: Vec::new(),
6648 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6654 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
6655 /// should be sent back to the counterparty node.
6657 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6658 pub fn accept_inbound_channel(&mut self) -> msgs::AcceptChannel {
6659 if self.context.is_outbound() {
6660 panic!("Tried to send accept_channel for an outbound channel?");
6662 if self.context.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
6663 panic!("Tried to send accept_channel after channel had moved forward");
6665 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6666 panic!("Tried to send an accept_channel for a channel that has already advanced");
6669 self.generate_accept_channel_message()
6672 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
6673 /// inbound channel. If the intention is to accept an inbound channel, use
6674 /// [`InboundV1Channel::accept_inbound_channel`] instead.
6676 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6677 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
6678 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6679 let keys = self.context.get_holder_pubkeys();
6681 msgs::AcceptChannel {
6682 temporary_channel_id: self.context.channel_id,
6683 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6684 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6685 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6686 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6687 minimum_depth: self.context.minimum_depth.unwrap(),
6688 to_self_delay: self.context.get_holder_selected_contest_delay(),
6689 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6690 funding_pubkey: keys.funding_pubkey,
6691 revocation_basepoint: keys.revocation_basepoint,
6692 payment_point: keys.payment_point,
6693 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6694 htlc_basepoint: keys.htlc_basepoint,
6695 first_per_commitment_point,
6696 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6697 Some(script) => script.clone().into_inner(),
6698 None => Builder::new().into_script(),
6700 channel_type: Some(self.context.channel_type.clone()),
6702 next_local_nonce: None,
6706 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
6707 /// inbound channel without accepting it.
6709 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6711 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
6712 self.generate_accept_channel_message()
6715 fn check_funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<CommitmentTransaction, ChannelError> where L::Target: Logger {
6716 let funding_script = self.context.get_funding_redeemscript();
6718 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
6719 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
6720 let trusted_tx = initial_commitment_tx.trust();
6721 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
6722 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
6723 // They sign the holder commitment transaction...
6724 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
6725 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
6726 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
6727 encode::serialize_hex(&funding_script), &self.context.channel_id());
6728 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
6730 Ok(initial_commitment_tx)
6733 pub fn funding_created<L: Deref>(
6734 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
6735 ) -> Result<(Channel<SP>, Option<msgs::FundingSigned>, ChannelMonitor<<SP::Target as SignerProvider>::Signer>), (Self, ChannelError)>
6739 if self.context.is_outbound() {
6740 return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
6742 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6743 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
6744 // remember the channel, so it's safe to just send an error_message here and drop the
6746 return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
6748 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6749 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6750 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6751 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6754 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
6755 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6756 // This is an externally observable change before we finish all our checks. In particular
6757 // check_funding_created_signature may fail.
6758 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
6760 let initial_commitment_tx = match self.check_funding_created_signature(&msg.signature, logger) {
6762 Err(ChannelError::Close(e)) => {
6763 self.context.channel_transaction_parameters.funding_outpoint = None;
6764 return Err((self, ChannelError::Close(e)));
6767 // The only error we know how to handle is ChannelError::Close, so we fall over here
6768 // to make sure we don't continue with an inconsistent state.
6769 panic!("unexpected error type from check_funding_created_signature {:?}", e);
6773 let holder_commitment_tx = HolderCommitmentTransaction::new(
6774 initial_commitment_tx,
6777 &self.context.get_holder_pubkeys().funding_pubkey,
6778 self.context.counterparty_funding_pubkey()
6781 if let Err(_) = self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
6782 return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
6785 self.context.channel_state = ChannelState::FundingSent as u32;
6786 self.context.channel_id = funding_txo.to_channel_id();
6787 self.context.cur_counterparty_commitment_transaction_number -= 1;
6788 self.context.cur_holder_commitment_transaction_number -= 1;
6790 let (counterparty_initial_commitment_tx, funding_signed) = self.context.get_funding_signed_msg(logger);
6792 // Now that we're past error-generating stuff, update our local state:
6794 let funding_redeemscript = self.context.get_funding_redeemscript();
6795 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
6796 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
6797 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
6798 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
6799 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6800 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
6801 shutdown_script, self.context.get_holder_selected_contest_delay(),
6802 &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
6803 &self.context.channel_transaction_parameters,
6804 funding_redeemscript.clone(), self.context.channel_value_satoshis,
6806 holder_commitment_tx, best_block, self.context.counterparty_node_id);
6808 channel_monitor.provide_initial_counterparty_commitment_tx(
6809 counterparty_initial_commitment_tx.trust().txid(), Vec::new(),
6810 self.context.cur_counterparty_commitment_transaction_number + 1,
6811 self.context.counterparty_cur_commitment_point.unwrap(), self.context.feerate_per_kw,
6812 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
6813 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
6815 log_info!(logger, "Generated funding_signed for peer for channel {}", &self.context.channel_id());
6817 // Promote the channel to a full-fledged one now that we have updated the state and have a
6818 // `ChannelMonitor`.
6819 let mut channel = Channel {
6820 context: self.context,
6823 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
6824 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
6826 Ok((channel, funding_signed, channel_monitor))
6830 const SERIALIZATION_VERSION: u8 = 3;
6831 const MIN_SERIALIZATION_VERSION: u8 = 2;
6833 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
6839 impl Writeable for ChannelUpdateStatus {
6840 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6841 // We only care about writing out the current state as it was announced, ie only either
6842 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
6843 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
6845 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
6846 ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
6847 ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
6848 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
6854 impl Readable for ChannelUpdateStatus {
6855 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6856 Ok(match <u8 as Readable>::read(reader)? {
6857 0 => ChannelUpdateStatus::Enabled,
6858 1 => ChannelUpdateStatus::Disabled,
6859 _ => return Err(DecodeError::InvalidValue),
6864 impl Writeable for AnnouncementSigsState {
6865 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6866 // We only care about writing out the current state as if we had just disconnected, at
6867 // which point we always set anything but AnnouncementSigsReceived to NotSent.
6869 AnnouncementSigsState::NotSent => 0u8.write(writer),
6870 AnnouncementSigsState::MessageSent => 0u8.write(writer),
6871 AnnouncementSigsState::Committed => 0u8.write(writer),
6872 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6877 impl Readable for AnnouncementSigsState {
6878 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6879 Ok(match <u8 as Readable>::read(reader)? {
6880 0 => AnnouncementSigsState::NotSent,
6881 1 => AnnouncementSigsState::PeerReceived,
6882 _ => return Err(DecodeError::InvalidValue),
6887 impl<SP: Deref> Writeable for Channel<SP> where SP::Target: SignerProvider {
6888 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6889 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6892 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6894 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6895 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6896 // the low bytes now and the optional high bytes later.
6897 let user_id_low = self.context.user_id as u64;
6898 user_id_low.write(writer)?;
6900 // Version 1 deserializers expected to read parts of the config object here. Version 2
6901 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6902 // `minimum_depth` we simply write dummy values here.
6903 writer.write_all(&[0; 8])?;
6905 self.context.channel_id.write(writer)?;
6906 (self.context.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6907 self.context.channel_value_satoshis.write(writer)?;
6909 self.context.latest_monitor_update_id.write(writer)?;
6911 let mut key_data = VecWriter(Vec::new());
6912 // TODO (taproot|arik): Introduce serialization distinction for non-ECDSA signers.
6913 self.context.holder_signer.as_ecdsa().expect("Only ECDSA signers may be serialized").write(&mut key_data)?;
6914 assert!(key_data.0.len() < core::usize::MAX);
6915 assert!(key_data.0.len() < core::u32::MAX as usize);
6916 (key_data.0.len() as u32).write(writer)?;
6917 writer.write_all(&key_data.0[..])?;
6919 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6920 // deserialized from that format.
6921 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6922 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6923 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6925 self.context.destination_script.write(writer)?;
6927 self.context.cur_holder_commitment_transaction_number.write(writer)?;
6928 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
6929 self.context.value_to_self_msat.write(writer)?;
6931 let mut dropped_inbound_htlcs = 0;
6932 for htlc in self.context.pending_inbound_htlcs.iter() {
6933 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6934 dropped_inbound_htlcs += 1;
6937 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6938 for htlc in self.context.pending_inbound_htlcs.iter() {
6939 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6942 htlc.htlc_id.write(writer)?;
6943 htlc.amount_msat.write(writer)?;
6944 htlc.cltv_expiry.write(writer)?;
6945 htlc.payment_hash.write(writer)?;
6947 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6948 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6950 htlc_state.write(writer)?;
6952 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6954 htlc_state.write(writer)?;
6956 &InboundHTLCState::Committed => {
6959 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6961 removal_reason.write(writer)?;
6966 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6967 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
6969 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
6970 for (idx, htlc) in self.context.pending_outbound_htlcs.iter().enumerate() {
6971 htlc.htlc_id.write(writer)?;
6972 htlc.amount_msat.write(writer)?;
6973 htlc.cltv_expiry.write(writer)?;
6974 htlc.payment_hash.write(writer)?;
6975 htlc.source.write(writer)?;
6977 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6979 onion_packet.write(writer)?;
6981 &OutboundHTLCState::Committed => {
6984 &OutboundHTLCState::RemoteRemoved(_) => {
6985 // Treat this as a Committed because we haven't received the CS - they'll
6986 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6989 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6991 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6992 preimages.push(preimage);
6994 let reason: Option<&HTLCFailReason> = outcome.into();
6995 reason.write(writer)?;
6997 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6999 if let OutboundHTLCOutcome::Success(preimage) = outcome {
7000 preimages.push(preimage);
7002 let reason: Option<&HTLCFailReason> = outcome.into();
7003 reason.write(writer)?;
7006 if let Some(skimmed_fee) = htlc.skimmed_fee_msat {
7007 if pending_outbound_skimmed_fees.is_empty() {
7008 for _ in 0..idx { pending_outbound_skimmed_fees.push(None); }
7010 pending_outbound_skimmed_fees.push(Some(skimmed_fee));
7011 } else if !pending_outbound_skimmed_fees.is_empty() {
7012 pending_outbound_skimmed_fees.push(None);
7016 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
7017 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
7018 for (idx, update) in self.context.holding_cell_htlc_updates.iter().enumerate() {
7020 &HTLCUpdateAwaitingACK::AddHTLC {
7021 ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
7025 amount_msat.write(writer)?;
7026 cltv_expiry.write(writer)?;
7027 payment_hash.write(writer)?;
7028 source.write(writer)?;
7029 onion_routing_packet.write(writer)?;
7031 if let Some(skimmed_fee) = skimmed_fee_msat {
7032 if holding_cell_skimmed_fees.is_empty() {
7033 for _ in 0..idx { holding_cell_skimmed_fees.push(None); }
7035 holding_cell_skimmed_fees.push(Some(skimmed_fee));
7036 } else if !holding_cell_skimmed_fees.is_empty() { holding_cell_skimmed_fees.push(None); }
7038 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
7040 payment_preimage.write(writer)?;
7041 htlc_id.write(writer)?;
7043 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
7045 htlc_id.write(writer)?;
7046 err_packet.write(writer)?;
7051 match self.context.resend_order {
7052 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
7053 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
7056 self.context.monitor_pending_channel_ready.write(writer)?;
7057 self.context.monitor_pending_revoke_and_ack.write(writer)?;
7058 self.context.monitor_pending_commitment_signed.write(writer)?;
7060 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
7061 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
7062 pending_forward.write(writer)?;
7063 htlc_id.write(writer)?;
7066 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
7067 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
7068 htlc_source.write(writer)?;
7069 payment_hash.write(writer)?;
7070 fail_reason.write(writer)?;
7073 if self.context.is_outbound() {
7074 self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
7075 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
7076 Some(feerate).write(writer)?;
7078 // As for inbound HTLCs, if the update was only announced and never committed in a
7079 // commitment_signed, drop it.
7080 None::<u32>.write(writer)?;
7082 self.context.holding_cell_update_fee.write(writer)?;
7084 self.context.next_holder_htlc_id.write(writer)?;
7085 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
7086 self.context.update_time_counter.write(writer)?;
7087 self.context.feerate_per_kw.write(writer)?;
7089 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7090 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7091 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7092 // consider the stale state on reload.
7095 self.context.funding_tx_confirmed_in.write(writer)?;
7096 self.context.funding_tx_confirmation_height.write(writer)?;
7097 self.context.short_channel_id.write(writer)?;
7099 self.context.counterparty_dust_limit_satoshis.write(writer)?;
7100 self.context.holder_dust_limit_satoshis.write(writer)?;
7101 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
7103 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
7104 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
7106 self.context.counterparty_htlc_minimum_msat.write(writer)?;
7107 self.context.holder_htlc_minimum_msat.write(writer)?;
7108 self.context.counterparty_max_accepted_htlcs.write(writer)?;
7110 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
7111 self.context.minimum_depth.unwrap_or(0).write(writer)?;
7113 match &self.context.counterparty_forwarding_info {
7116 info.fee_base_msat.write(writer)?;
7117 info.fee_proportional_millionths.write(writer)?;
7118 info.cltv_expiry_delta.write(writer)?;
7120 None => 0u8.write(writer)?
7123 self.context.channel_transaction_parameters.write(writer)?;
7124 self.context.funding_transaction.write(writer)?;
7126 self.context.counterparty_cur_commitment_point.write(writer)?;
7127 self.context.counterparty_prev_commitment_point.write(writer)?;
7128 self.context.counterparty_node_id.write(writer)?;
7130 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
7132 self.context.commitment_secrets.write(writer)?;
7134 self.context.channel_update_status.write(writer)?;
7136 #[cfg(any(test, fuzzing))]
7137 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
7138 #[cfg(any(test, fuzzing))]
7139 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
7140 htlc.write(writer)?;
7143 // If the channel type is something other than only-static-remote-key, then we need to have
7144 // older clients fail to deserialize this channel at all. If the type is
7145 // only-static-remote-key, we simply consider it "default" and don't write the channel type
7147 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
7148 Some(&self.context.channel_type) } else { None };
7150 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
7151 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
7152 // a different percentage of the channel value then 10%, which older versions of LDK used
7153 // to set it to before the percentage was made configurable.
7154 let serialized_holder_selected_reserve =
7155 if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
7156 { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
7158 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
7159 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
7160 let serialized_holder_htlc_max_in_flight =
7161 if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
7162 { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
7164 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
7165 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
7167 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7168 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
7169 // we write the high bytes as an option here.
7170 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
7172 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
7174 write_tlv_fields!(writer, {
7175 (0, self.context.announcement_sigs, option),
7176 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
7177 // default value instead of being Option<>al. Thus, to maintain compatibility we write
7178 // them twice, once with their original default values above, and once as an option
7179 // here. On the read side, old versions will simply ignore the odd-type entries here,
7180 // and new versions map the default values to None and allow the TLV entries here to
7182 (1, self.context.minimum_depth, option),
7183 (2, chan_type, option),
7184 (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
7185 (4, serialized_holder_selected_reserve, option),
7186 (5, self.context.config, required),
7187 (6, serialized_holder_htlc_max_in_flight, option),
7188 (7, self.context.shutdown_scriptpubkey, option),
7189 (8, self.context.blocked_monitor_updates, optional_vec),
7190 (9, self.context.target_closing_feerate_sats_per_kw, option),
7191 (11, self.context.monitor_pending_finalized_fulfills, required_vec),
7192 (13, self.context.channel_creation_height, required),
7193 (15, preimages, required_vec),
7194 (17, self.context.announcement_sigs_state, required),
7195 (19, self.context.latest_inbound_scid_alias, option),
7196 (21, self.context.outbound_scid_alias, required),
7197 (23, channel_ready_event_emitted, option),
7198 (25, user_id_high_opt, option),
7199 (27, self.context.channel_keys_id, required),
7200 (28, holder_max_accepted_htlcs, option),
7201 (29, self.context.temporary_channel_id, option),
7202 (31, channel_pending_event_emitted, option),
7203 (35, pending_outbound_skimmed_fees, optional_vec),
7204 (37, holding_cell_skimmed_fees, optional_vec),
7205 (38, self.context.is_batch_funding, option),
7212 const MAX_ALLOC_SIZE: usize = 64*1024;
7213 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<SP>
7215 ES::Target: EntropySource,
7216 SP::Target: SignerProvider
7218 fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
7219 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
7220 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
7222 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7223 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
7224 // the low bytes now and the high bytes later.
7225 let user_id_low: u64 = Readable::read(reader)?;
7227 let mut config = Some(LegacyChannelConfig::default());
7229 // Read the old serialization of the ChannelConfig from version 0.0.98.
7230 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
7231 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
7232 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
7233 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
7235 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
7236 let mut _val: u64 = Readable::read(reader)?;
7239 let channel_id = Readable::read(reader)?;
7240 let channel_state = Readable::read(reader)?;
7241 let channel_value_satoshis = Readable::read(reader)?;
7243 let latest_monitor_update_id = Readable::read(reader)?;
7245 let mut keys_data = None;
7247 // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
7248 // the `channel_keys_id` TLV is present below.
7249 let keys_len: u32 = Readable::read(reader)?;
7250 keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
7251 while keys_data.as_ref().unwrap().len() != keys_len as usize {
7252 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
7253 let mut data = [0; 1024];
7254 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
7255 reader.read_exact(read_slice)?;
7256 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
7260 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
7261 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
7262 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
7265 let destination_script = Readable::read(reader)?;
7267 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
7268 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
7269 let value_to_self_msat = Readable::read(reader)?;
7271 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
7273 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7274 for _ in 0..pending_inbound_htlc_count {
7275 pending_inbound_htlcs.push(InboundHTLCOutput {
7276 htlc_id: Readable::read(reader)?,
7277 amount_msat: Readable::read(reader)?,
7278 cltv_expiry: Readable::read(reader)?,
7279 payment_hash: Readable::read(reader)?,
7280 state: match <u8 as Readable>::read(reader)? {
7281 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
7282 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
7283 3 => InboundHTLCState::Committed,
7284 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
7285 _ => return Err(DecodeError::InvalidValue),
7290 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
7291 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7292 for _ in 0..pending_outbound_htlc_count {
7293 pending_outbound_htlcs.push(OutboundHTLCOutput {
7294 htlc_id: Readable::read(reader)?,
7295 amount_msat: Readable::read(reader)?,
7296 cltv_expiry: Readable::read(reader)?,
7297 payment_hash: Readable::read(reader)?,
7298 source: Readable::read(reader)?,
7299 state: match <u8 as Readable>::read(reader)? {
7300 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
7301 1 => OutboundHTLCState::Committed,
7303 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7304 OutboundHTLCState::RemoteRemoved(option.into())
7307 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7308 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
7311 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7312 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
7314 _ => return Err(DecodeError::InvalidValue),
7316 skimmed_fee_msat: None,
7320 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
7321 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
7322 for _ in 0..holding_cell_htlc_update_count {
7323 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
7324 0 => HTLCUpdateAwaitingACK::AddHTLC {
7325 amount_msat: Readable::read(reader)?,
7326 cltv_expiry: Readable::read(reader)?,
7327 payment_hash: Readable::read(reader)?,
7328 source: Readable::read(reader)?,
7329 onion_routing_packet: Readable::read(reader)?,
7330 skimmed_fee_msat: None,
7332 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
7333 payment_preimage: Readable::read(reader)?,
7334 htlc_id: Readable::read(reader)?,
7336 2 => HTLCUpdateAwaitingACK::FailHTLC {
7337 htlc_id: Readable::read(reader)?,
7338 err_packet: Readable::read(reader)?,
7340 _ => return Err(DecodeError::InvalidValue),
7344 let resend_order = match <u8 as Readable>::read(reader)? {
7345 0 => RAACommitmentOrder::CommitmentFirst,
7346 1 => RAACommitmentOrder::RevokeAndACKFirst,
7347 _ => return Err(DecodeError::InvalidValue),
7350 let monitor_pending_channel_ready = Readable::read(reader)?;
7351 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
7352 let monitor_pending_commitment_signed = Readable::read(reader)?;
7354 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
7355 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
7356 for _ in 0..monitor_pending_forwards_count {
7357 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
7360 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
7361 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
7362 for _ in 0..monitor_pending_failures_count {
7363 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
7366 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
7368 let holding_cell_update_fee = Readable::read(reader)?;
7370 let next_holder_htlc_id = Readable::read(reader)?;
7371 let next_counterparty_htlc_id = Readable::read(reader)?;
7372 let update_time_counter = Readable::read(reader)?;
7373 let feerate_per_kw = Readable::read(reader)?;
7375 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7376 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7377 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7378 // consider the stale state on reload.
7379 match <u8 as Readable>::read(reader)? {
7382 let _: u32 = Readable::read(reader)?;
7383 let _: u64 = Readable::read(reader)?;
7384 let _: Signature = Readable::read(reader)?;
7386 _ => return Err(DecodeError::InvalidValue),
7389 let funding_tx_confirmed_in = Readable::read(reader)?;
7390 let funding_tx_confirmation_height = Readable::read(reader)?;
7391 let short_channel_id = Readable::read(reader)?;
7393 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
7394 let holder_dust_limit_satoshis = Readable::read(reader)?;
7395 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
7396 let mut counterparty_selected_channel_reserve_satoshis = None;
7398 // Read the old serialization from version 0.0.98.
7399 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
7401 // Read the 8 bytes of backwards-compatibility data.
7402 let _dummy: u64 = Readable::read(reader)?;
7404 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
7405 let holder_htlc_minimum_msat = Readable::read(reader)?;
7406 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
7408 let mut minimum_depth = None;
7410 // Read the old serialization from version 0.0.98.
7411 minimum_depth = Some(Readable::read(reader)?);
7413 // Read the 4 bytes of backwards-compatibility data.
7414 let _dummy: u32 = Readable::read(reader)?;
7417 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
7419 1 => Some(CounterpartyForwardingInfo {
7420 fee_base_msat: Readable::read(reader)?,
7421 fee_proportional_millionths: Readable::read(reader)?,
7422 cltv_expiry_delta: Readable::read(reader)?,
7424 _ => return Err(DecodeError::InvalidValue),
7427 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
7428 let funding_transaction: Option<Transaction> = Readable::read(reader)?;
7430 let counterparty_cur_commitment_point = Readable::read(reader)?;
7432 let counterparty_prev_commitment_point = Readable::read(reader)?;
7433 let counterparty_node_id = Readable::read(reader)?;
7435 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
7436 let commitment_secrets = Readable::read(reader)?;
7438 let channel_update_status = Readable::read(reader)?;
7440 #[cfg(any(test, fuzzing))]
7441 let mut historical_inbound_htlc_fulfills = HashSet::new();
7442 #[cfg(any(test, fuzzing))]
7444 let htlc_fulfills_len: u64 = Readable::read(reader)?;
7445 for _ in 0..htlc_fulfills_len {
7446 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
7450 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
7451 Some((feerate, if channel_parameters.is_outbound_from_holder {
7452 FeeUpdateState::Outbound
7454 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
7460 let mut announcement_sigs = None;
7461 let mut target_closing_feerate_sats_per_kw = None;
7462 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
7463 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
7464 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
7465 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
7466 // only, so we default to that if none was written.
7467 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
7468 let mut channel_creation_height = Some(serialized_height);
7469 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
7471 // If we read an old Channel, for simplicity we just treat it as "we never sent an
7472 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
7473 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
7474 let mut latest_inbound_scid_alias = None;
7475 let mut outbound_scid_alias = None;
7476 let mut channel_pending_event_emitted = None;
7477 let mut channel_ready_event_emitted = None;
7479 let mut user_id_high_opt: Option<u64> = None;
7480 let mut channel_keys_id: Option<[u8; 32]> = None;
7481 let mut temporary_channel_id: Option<ChannelId> = None;
7482 let mut holder_max_accepted_htlcs: Option<u16> = None;
7484 let mut blocked_monitor_updates = Some(Vec::new());
7486 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7487 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7489 let mut is_batch_funding: Option<()> = None;
7491 read_tlv_fields!(reader, {
7492 (0, announcement_sigs, option),
7493 (1, minimum_depth, option),
7494 (2, channel_type, option),
7495 (3, counterparty_selected_channel_reserve_satoshis, option),
7496 (4, holder_selected_channel_reserve_satoshis, option),
7497 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
7498 (6, holder_max_htlc_value_in_flight_msat, option),
7499 (7, shutdown_scriptpubkey, option),
7500 (8, blocked_monitor_updates, optional_vec),
7501 (9, target_closing_feerate_sats_per_kw, option),
7502 (11, monitor_pending_finalized_fulfills, optional_vec),
7503 (13, channel_creation_height, option),
7504 (15, preimages_opt, optional_vec),
7505 (17, announcement_sigs_state, option),
7506 (19, latest_inbound_scid_alias, option),
7507 (21, outbound_scid_alias, option),
7508 (23, channel_ready_event_emitted, option),
7509 (25, user_id_high_opt, option),
7510 (27, channel_keys_id, option),
7511 (28, holder_max_accepted_htlcs, option),
7512 (29, temporary_channel_id, option),
7513 (31, channel_pending_event_emitted, option),
7514 (35, pending_outbound_skimmed_fees_opt, optional_vec),
7515 (37, holding_cell_skimmed_fees_opt, optional_vec),
7516 (38, is_batch_funding, option),
7519 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
7520 let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7521 // If we've gotten to the funding stage of the channel, populate the signer with its
7522 // required channel parameters.
7523 let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
7524 if non_shutdown_state & !STATE_FLAGS >= (ChannelState::FundingCreated as u32) {
7525 holder_signer.provide_channel_parameters(&channel_parameters);
7527 (channel_keys_id, holder_signer)
7529 // `keys_data` can be `None` if we had corrupted data.
7530 let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
7531 let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
7532 (holder_signer.channel_keys_id(), holder_signer)
7535 if let Some(preimages) = preimages_opt {
7536 let mut iter = preimages.into_iter();
7537 for htlc in pending_outbound_htlcs.iter_mut() {
7539 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
7540 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7542 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
7543 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7548 // We expect all preimages to be consumed above
7549 if iter.next().is_some() {
7550 return Err(DecodeError::InvalidValue);
7554 let chan_features = channel_type.as_ref().unwrap();
7555 if !chan_features.is_subset(our_supported_features) {
7556 // If the channel was written by a new version and negotiated with features we don't
7557 // understand yet, refuse to read it.
7558 return Err(DecodeError::UnknownRequiredFeature);
7561 // ChannelTransactionParameters may have had an empty features set upon deserialization.
7562 // To account for that, we're proactively setting/overriding the field here.
7563 channel_parameters.channel_type_features = chan_features.clone();
7565 let mut secp_ctx = Secp256k1::new();
7566 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
7568 // `user_id` used to be a single u64 value. In order to remain backwards
7569 // compatible with versions prior to 0.0.113, the u128 is serialized as two
7570 // separate u64 values.
7571 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
7573 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
7575 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
7576 let mut iter = skimmed_fees.into_iter();
7577 for htlc in pending_outbound_htlcs.iter_mut() {
7578 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7580 // We expect all skimmed fees to be consumed above
7581 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7583 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
7584 let mut iter = skimmed_fees.into_iter();
7585 for htlc in holding_cell_htlc_updates.iter_mut() {
7586 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
7587 *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7590 // We expect all skimmed fees to be consumed above
7591 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7595 context: ChannelContext {
7598 config: config.unwrap(),
7602 // Note that we don't care about serializing handshake limits as we only ever serialize
7603 // channel data after the handshake has completed.
7604 inbound_handshake_limits_override: None,
7607 temporary_channel_id,
7609 announcement_sigs_state: announcement_sigs_state.unwrap(),
7611 channel_value_satoshis,
7613 latest_monitor_update_id,
7615 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
7616 shutdown_scriptpubkey,
7619 cur_holder_commitment_transaction_number,
7620 cur_counterparty_commitment_transaction_number,
7623 holder_max_accepted_htlcs,
7624 pending_inbound_htlcs,
7625 pending_outbound_htlcs,
7626 holding_cell_htlc_updates,
7630 monitor_pending_channel_ready,
7631 monitor_pending_revoke_and_ack,
7632 monitor_pending_commitment_signed,
7633 monitor_pending_forwards,
7634 monitor_pending_failures,
7635 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
7637 signer_pending_commitment_update: false,
7638 signer_pending_funding: false,
7641 holding_cell_update_fee,
7642 next_holder_htlc_id,
7643 next_counterparty_htlc_id,
7644 update_time_counter,
7647 #[cfg(debug_assertions)]
7648 holder_max_commitment_tx_output: Mutex::new((0, 0)),
7649 #[cfg(debug_assertions)]
7650 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
7652 last_sent_closing_fee: None,
7653 pending_counterparty_closing_signed: None,
7654 closing_fee_limits: None,
7655 target_closing_feerate_sats_per_kw,
7657 funding_tx_confirmed_in,
7658 funding_tx_confirmation_height,
7660 channel_creation_height: channel_creation_height.unwrap(),
7662 counterparty_dust_limit_satoshis,
7663 holder_dust_limit_satoshis,
7664 counterparty_max_htlc_value_in_flight_msat,
7665 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
7666 counterparty_selected_channel_reserve_satoshis,
7667 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
7668 counterparty_htlc_minimum_msat,
7669 holder_htlc_minimum_msat,
7670 counterparty_max_accepted_htlcs,
7673 counterparty_forwarding_info,
7675 channel_transaction_parameters: channel_parameters,
7676 funding_transaction,
7679 counterparty_cur_commitment_point,
7680 counterparty_prev_commitment_point,
7681 counterparty_node_id,
7683 counterparty_shutdown_scriptpubkey,
7687 channel_update_status,
7688 closing_signed_in_flight: false,
7692 #[cfg(any(test, fuzzing))]
7693 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
7694 #[cfg(any(test, fuzzing))]
7695 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
7697 workaround_lnd_bug_4006: None,
7698 sent_message_awaiting_response: None,
7700 latest_inbound_scid_alias,
7701 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
7702 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
7704 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
7705 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
7707 #[cfg(any(test, fuzzing))]
7708 historical_inbound_htlc_fulfills,
7710 channel_type: channel_type.unwrap(),
7713 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
7722 use bitcoin::blockdata::constants::ChainHash;
7723 use bitcoin::blockdata::script::{Script, Builder};
7724 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7725 use bitcoin::blockdata::opcodes;
7726 use bitcoin::network::constants::Network;
7728 use crate::ln::PaymentHash;
7729 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
7730 use crate::ln::channel::InitFeatures;
7731 use crate::ln::channel::{Channel, ChannelState, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, commit_tx_fee_msat};
7732 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
7733 use crate::ln::features::ChannelTypeFeatures;
7734 use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
7735 use crate::ln::script::ShutdownScript;
7736 use crate::ln::chan_utils;
7737 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
7738 use crate::chain::BestBlock;
7739 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
7740 use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
7741 use crate::chain::transaction::OutPoint;
7742 use crate::routing::router::Path;
7743 use crate::util::config::UserConfig;
7744 use crate::util::errors::APIError;
7745 use crate::util::test_utils;
7746 use crate::util::test_utils::{OnGetShutdownScriptpubkey, TestKeysInterface};
7747 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
7748 use bitcoin::secp256k1::ffi::Signature as FFISignature;
7749 use bitcoin::secp256k1::{SecretKey,PublicKey};
7750 use bitcoin::hashes::sha256::Hash as Sha256;
7751 use bitcoin::hashes::Hash;
7752 use bitcoin::hash_types::WPubkeyHash;
7753 use bitcoin::PackedLockTime;
7754 use bitcoin::util::address::WitnessVersion;
7755 use crate::prelude::*;
7757 struct TestFeeEstimator {
7760 impl FeeEstimator for TestFeeEstimator {
7761 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
7767 fn test_max_funding_satoshis_no_wumbo() {
7768 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
7769 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
7770 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
7774 fn test_no_fee_check_overflow() {
7775 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
7776 // arithmetic, causing a panic with debug assertions enabled.
7777 let fee_est = TestFeeEstimator { fee_est: 42 };
7778 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7779 assert!(Channel::<&TestKeysInterface>::check_remote_fee(
7780 &ChannelTypeFeatures::only_static_remote_key(), &bounded_fee_estimator,
7781 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
7785 signer: InMemorySigner,
7788 impl EntropySource for Keys {
7789 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
7792 impl SignerProvider for Keys {
7793 type Signer = InMemorySigner;
7795 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
7796 self.signer.channel_keys_id()
7799 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::Signer {
7803 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
7805 fn get_destination_script(&self) -> Result<Script, ()> {
7806 let secp_ctx = Secp256k1::signing_only();
7807 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7808 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
7809 Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script())
7812 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
7813 let secp_ctx = Secp256k1::signing_only();
7814 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7815 Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
7819 #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
7820 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
7821 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
7825 fn upfront_shutdown_script_incompatibility() {
7826 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
7827 let non_v0_segwit_shutdown_script =
7828 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
7830 let seed = [42; 32];
7831 let network = Network::Testnet;
7832 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7833 keys_provider.expect(OnGetShutdownScriptpubkey {
7834 returns: non_v0_segwit_shutdown_script.clone(),
7837 let secp_ctx = Secp256k1::new();
7838 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7839 let config = UserConfig::default();
7840 match OutboundV1Channel::<&TestKeysInterface>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
7841 Err(APIError::IncompatibleShutdownScript { script }) => {
7842 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
7844 Err(e) => panic!("Unexpected error: {:?}", e),
7845 Ok(_) => panic!("Expected error"),
7849 // Check that, during channel creation, we use the same feerate in the open channel message
7850 // as we do in the Channel object creation itself.
7852 fn test_open_channel_msg_fee() {
7853 let original_fee = 253;
7854 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
7855 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7856 let secp_ctx = Secp256k1::new();
7857 let seed = [42; 32];
7858 let network = Network::Testnet;
7859 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7861 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7862 let config = UserConfig::default();
7863 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7865 // Now change the fee so we can check that the fee in the open_channel message is the
7866 // same as the old fee.
7867 fee_est.fee_est = 500;
7868 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
7869 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
7873 fn test_holder_vs_counterparty_dust_limit() {
7874 // Test that when calculating the local and remote commitment transaction fees, the correct
7875 // dust limits are used.
7876 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7877 let secp_ctx = Secp256k1::new();
7878 let seed = [42; 32];
7879 let network = Network::Testnet;
7880 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7881 let logger = test_utils::TestLogger::new();
7882 let best_block = BestBlock::from_network(network);
7884 // Go through the flow of opening a channel between two nodes, making sure
7885 // they have different dust limits.
7887 // Create Node A's channel pointing to Node B's pubkey
7888 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7889 let config = UserConfig::default();
7890 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7892 // Create Node B's channel by receiving Node A's open_channel message
7893 // Make sure A's dust limit is as we expect.
7894 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
7895 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7896 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
7898 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7899 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
7900 accept_channel_msg.dust_limit_satoshis = 546;
7901 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7902 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7904 // Node A --> Node B: funding created
7905 let output_script = node_a_chan.context.get_funding_redeemscript();
7906 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7907 value: 10000000, script_pubkey: output_script.clone(),
7909 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7910 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
7911 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7913 // Node B --> Node A: funding signed
7914 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
7916 // Put some inbound and outbound HTLCs in A's channel.
7917 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
7918 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
7920 amount_msat: htlc_amount_msat,
7921 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
7922 cltv_expiry: 300000000,
7923 state: InboundHTLCState::Committed,
7926 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
7928 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
7929 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
7930 cltv_expiry: 200000000,
7931 state: OutboundHTLCState::Committed,
7932 source: HTLCSource::OutboundRoute {
7933 path: Path { hops: Vec::new(), blinded_tail: None },
7934 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7935 first_hop_htlc_msat: 548,
7936 payment_id: PaymentId([42; 32]),
7938 skimmed_fee_msat: None,
7941 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
7942 // the dust limit check.
7943 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7944 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7945 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
7946 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
7948 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
7949 // of the HTLCs are seen to be above the dust limit.
7950 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7951 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
7952 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7953 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7954 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
7958 fn test_timeout_vs_success_htlc_dust_limit() {
7959 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
7960 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
7961 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
7962 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
7963 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
7964 let secp_ctx = Secp256k1::new();
7965 let seed = [42; 32];
7966 let network = Network::Testnet;
7967 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7969 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7970 let config = UserConfig::default();
7971 let mut chan = OutboundV1Channel::<&TestKeysInterface>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7973 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
7974 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
7976 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
7977 // counted as dust when it shouldn't be.
7978 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
7979 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7980 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7981 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7983 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7984 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
7985 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7986 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7987 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7989 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7991 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7992 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
7993 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7994 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7995 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7997 // If swapped: this HTLC would be counted as dust when it shouldn't be.
7998 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
7999 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
8000 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
8001 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
8005 fn channel_reestablish_no_updates() {
8006 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8007 let logger = test_utils::TestLogger::new();
8008 let secp_ctx = Secp256k1::new();
8009 let seed = [42; 32];
8010 let network = Network::Testnet;
8011 let best_block = BestBlock::from_network(network);
8012 let chain_hash = ChainHash::using_genesis_block(network);
8013 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8015 // Go through the flow of opening a channel between two nodes.
8017 // Create Node A's channel pointing to Node B's pubkey
8018 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8019 let config = UserConfig::default();
8020 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8022 // Create Node B's channel by receiving Node A's open_channel message
8023 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
8024 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8025 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
8027 // Node B --> Node A: accept channel
8028 let accept_channel_msg = node_b_chan.accept_inbound_channel();
8029 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
8031 // Node A --> Node B: funding created
8032 let output_script = node_a_chan.context.get_funding_redeemscript();
8033 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
8034 value: 10000000, script_pubkey: output_script.clone(),
8036 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
8037 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
8038 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
8040 // Node B --> Node A: funding signed
8041 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
8043 // Now disconnect the two nodes and check that the commitment point in
8044 // Node B's channel_reestablish message is sane.
8045 assert!(node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
8046 let msg = node_b_chan.get_channel_reestablish(&&logger);
8047 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
8048 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
8049 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
8051 // Check that the commitment point in Node A's channel_reestablish message
8053 assert!(node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
8054 let msg = node_a_chan.get_channel_reestablish(&&logger);
8055 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
8056 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
8057 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
8061 fn test_configured_holder_max_htlc_value_in_flight() {
8062 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8063 let logger = test_utils::TestLogger::new();
8064 let secp_ctx = Secp256k1::new();
8065 let seed = [42; 32];
8066 let network = Network::Testnet;
8067 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8068 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8069 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8071 let mut config_2_percent = UserConfig::default();
8072 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
8073 let mut config_99_percent = UserConfig::default();
8074 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
8075 let mut config_0_percent = UserConfig::default();
8076 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
8077 let mut config_101_percent = UserConfig::default();
8078 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
8080 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
8081 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
8082 // which is set to the lower bound + 1 (2%) of the `channel_value`.
8083 let chan_1 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
8084 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
8085 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
8087 // Test with the upper bound - 1 of valid values (99%).
8088 let chan_2 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
8089 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
8090 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
8092 let chan_1_open_channel_msg = chan_1.get_open_channel(ChainHash::using_genesis_block(network));
8094 // Test that `InboundV1Channel::new` creates a channel with the correct value for
8095 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
8096 // which is set to the lower bound - 1 (2%) of the `channel_value`.
8097 let chan_3 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8098 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
8099 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
8101 // Test with the upper bound - 1 of valid values (99%).
8102 let chan_4 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8103 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
8104 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
8106 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
8107 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
8108 let chan_5 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
8109 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
8110 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
8112 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
8113 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
8115 let chan_6 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
8116 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
8117 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
8119 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
8120 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
8121 let chan_7 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8122 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
8123 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
8125 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
8126 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
8128 let chan_8 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
8129 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
8130 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
8134 fn test_configured_holder_selected_channel_reserve_satoshis() {
8136 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
8137 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
8138 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
8140 // Test with valid but unreasonably high channel reserves
8141 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
8142 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
8143 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
8145 // Test with calculated channel reserve less than lower bound
8146 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
8147 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
8149 // Test with invalid channel reserves since sum of both is greater than or equal
8151 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
8152 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
8155 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
8156 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
8157 let logger = test_utils::TestLogger::new();
8158 let secp_ctx = Secp256k1::new();
8159 let seed = [42; 32];
8160 let network = Network::Testnet;
8161 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8162 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8163 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8166 let mut outbound_node_config = UserConfig::default();
8167 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8168 let chan = OutboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
8170 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
8171 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
8173 let chan_open_channel_msg = chan.get_open_channel(ChainHash::using_genesis_block(network));
8174 let mut inbound_node_config = UserConfig::default();
8175 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8177 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
8178 let chan_inbound_node = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false).unwrap();
8180 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
8182 assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
8183 assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
8185 // Channel Negotiations failed
8186 let result = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false);
8187 assert!(result.is_err());
8192 fn channel_update() {
8193 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8194 let logger = test_utils::TestLogger::new();
8195 let secp_ctx = Secp256k1::new();
8196 let seed = [42; 32];
8197 let network = Network::Testnet;
8198 let best_block = BestBlock::from_network(network);
8199 let chain_hash = ChainHash::using_genesis_block(network);
8200 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8202 // Create Node A's channel pointing to Node B's pubkey
8203 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8204 let config = UserConfig::default();
8205 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8207 // Create Node B's channel by receiving Node A's open_channel message
8208 // Make sure A's dust limit is as we expect.
8209 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
8210 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8211 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
8213 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
8214 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
8215 accept_channel_msg.dust_limit_satoshis = 546;
8216 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
8217 node_a_chan.context.holder_dust_limit_satoshis = 1560;
8219 // Node A --> Node B: funding created
8220 let output_script = node_a_chan.context.get_funding_redeemscript();
8221 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
8222 value: 10000000, script_pubkey: output_script.clone(),
8224 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
8225 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
8226 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
8228 // Node B --> Node A: funding signed
8229 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
8231 // Make sure that receiving a channel update will update the Channel as expected.
8232 let update = ChannelUpdate {
8233 contents: UnsignedChannelUpdate {
8235 short_channel_id: 0,
8238 cltv_expiry_delta: 100,
8239 htlc_minimum_msat: 5,
8240 htlc_maximum_msat: MAX_VALUE_MSAT,
8242 fee_proportional_millionths: 11,
8243 excess_data: Vec::new(),
8245 signature: Signature::from(unsafe { FFISignature::new() })
8247 assert!(node_a_chan.channel_update(&update).unwrap());
8249 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
8250 // change our official htlc_minimum_msat.
8251 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
8252 match node_a_chan.context.counterparty_forwarding_info() {
8254 assert_eq!(info.cltv_expiry_delta, 100);
8255 assert_eq!(info.fee_base_msat, 110);
8256 assert_eq!(info.fee_proportional_millionths, 11);
8258 None => panic!("expected counterparty forwarding info to be Some")
8261 assert!(!node_a_chan.channel_update(&update).unwrap());
8264 #[cfg(feature = "_test_vectors")]
8266 fn outbound_commitment_test() {
8267 use bitcoin::util::sighash;
8268 use bitcoin::consensus::encode::serialize;
8269 use bitcoin::blockdata::transaction::EcdsaSighashType;
8270 use bitcoin::hashes::hex::FromHex;
8271 use bitcoin::hash_types::Txid;
8272 use bitcoin::secp256k1::Message;
8273 use crate::sign::{ChannelDerivationParameters, HTLCDescriptor, EcdsaChannelSigner};
8274 use crate::ln::PaymentPreimage;
8275 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
8276 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
8277 use crate::util::logger::Logger;
8278 use crate::sync::Arc;
8280 // Test vectors from BOLT 3 Appendices C and F (anchors):
8281 let feeest = TestFeeEstimator{fee_est: 15000};
8282 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
8283 let secp_ctx = Secp256k1::new();
8285 let mut signer = InMemorySigner::new(
8287 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
8288 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
8289 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8290 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
8291 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8293 // These aren't set in the test vectors:
8294 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
8300 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
8301 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
8302 let keys_provider = Keys { signer: signer.clone() };
8304 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8305 let mut config = UserConfig::default();
8306 config.channel_handshake_config.announced_channel = false;
8307 let mut chan = OutboundV1Channel::<&Keys>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
8308 chan.context.holder_dust_limit_satoshis = 546;
8309 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
8311 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
8313 let counterparty_pubkeys = ChannelPublicKeys {
8314 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8315 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
8316 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
8317 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8318 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
8320 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
8321 CounterpartyChannelTransactionParameters {
8322 pubkeys: counterparty_pubkeys.clone(),
8323 selected_contest_delay: 144
8325 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
8326 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
8328 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
8329 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8331 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
8332 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
8334 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
8335 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8337 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
8338 // derived from a commitment_seed, so instead we copy it here and call
8339 // build_commitment_transaction.
8340 let delayed_payment_base = &chan.context.holder_signer.as_ref().pubkeys().delayed_payment_basepoint;
8341 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8342 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8343 let htlc_basepoint = &chan.context.holder_signer.as_ref().pubkeys().htlc_basepoint;
8344 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
8346 macro_rules! test_commitment {
8347 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8348 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8349 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
8353 macro_rules! test_commitment_with_anchors {
8354 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8355 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8356 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
8360 macro_rules! test_commitment_common {
8361 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
8362 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
8364 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
8365 let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
8367 let htlcs = commitment_stats.htlcs_included.drain(..)
8368 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
8370 (commitment_stats.tx, htlcs)
8372 let trusted_tx = commitment_tx.trust();
8373 let unsigned_tx = trusted_tx.built_transaction();
8374 let redeemscript = chan.context.get_funding_redeemscript();
8375 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
8376 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
8377 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
8378 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
8380 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
8381 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
8382 let mut counterparty_htlc_sigs = Vec::new();
8383 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
8385 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8386 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
8387 counterparty_htlc_sigs.push(remote_signature);
8389 assert_eq!(htlcs.len(), per_htlc.len());
8391 let holder_commitment_tx = HolderCommitmentTransaction::new(
8392 commitment_tx.clone(),
8393 counterparty_signature,
8394 counterparty_htlc_sigs,
8395 &chan.context.holder_signer.as_ref().pubkeys().funding_pubkey,
8396 chan.context.counterparty_funding_pubkey()
8398 let holder_sig = signer.sign_holder_commitment(&holder_commitment_tx, &secp_ctx).unwrap();
8399 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
8401 let funding_redeemscript = chan.context.get_funding_redeemscript();
8402 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
8403 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
8405 // ((htlc, counterparty_sig), (index, holder_sig))
8406 let mut htlc_counterparty_sig_iter = holder_commitment_tx.counterparty_htlc_sigs.iter();
8409 log_trace!(logger, "verifying htlc {}", $htlc_idx);
8410 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8412 let ref htlc = htlcs[$htlc_idx];
8413 let mut htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
8414 chan.context.get_counterparty_selected_contest_delay().unwrap(),
8415 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
8416 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
8417 let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
8418 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
8419 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
8421 let mut preimage: Option<PaymentPreimage> = None;
8424 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
8425 if out == htlc.payment_hash {
8426 preimage = Some(PaymentPreimage([i; 32]));
8430 assert!(preimage.is_some());
8433 let htlc_counterparty_sig = htlc_counterparty_sig_iter.next().unwrap();
8434 let htlc_holder_sig = signer.sign_holder_htlc_transaction(&htlc_tx, 0, &HTLCDescriptor {
8435 channel_derivation_parameters: ChannelDerivationParameters {
8436 value_satoshis: chan.context.channel_value_satoshis,
8437 keys_id: chan.context.channel_keys_id,
8438 transaction_parameters: chan.context.channel_transaction_parameters.clone(),
8440 commitment_txid: trusted_tx.txid(),
8441 per_commitment_number: trusted_tx.commitment_number(),
8442 per_commitment_point: trusted_tx.per_commitment_point(),
8443 feerate_per_kw: trusted_tx.feerate_per_kw(),
8445 preimage: preimage.clone(),
8446 counterparty_sig: *htlc_counterparty_sig,
8447 }, &secp_ctx).unwrap();
8448 let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
8449 assert_eq!(htlc.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
8451 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
8452 assert_eq!(signature, htlc_holder_sig, "htlc sig");
8453 let trusted_tx = holder_commitment_tx.trust();
8454 htlc_tx.input[0].witness = trusted_tx.build_htlc_input_witness($htlc_idx, htlc_counterparty_sig, &htlc_holder_sig, &preimage);
8455 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&htlc_tx)));
8456 assert_eq!(serialize(&htlc_tx)[..], hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
8458 assert!(htlc_counterparty_sig_iter.next().is_none());
8462 // anchors: simple commitment tx with no HTLCs and single anchor
8463 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
8464 "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
8465 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8467 // simple commitment tx with no HTLCs
8468 chan.context.value_to_self_msat = 7000000000;
8470 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
8471 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
8472 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8474 // anchors: simple commitment tx with no HTLCs
8475 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
8476 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
8477 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8479 chan.context.pending_inbound_htlcs.push({
8480 let mut out = InboundHTLCOutput{
8482 amount_msat: 1000000,
8484 payment_hash: PaymentHash([0; 32]),
8485 state: InboundHTLCState::Committed,
8487 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
8490 chan.context.pending_inbound_htlcs.push({
8491 let mut out = InboundHTLCOutput{
8493 amount_msat: 2000000,
8495 payment_hash: PaymentHash([0; 32]),
8496 state: InboundHTLCState::Committed,
8498 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8501 chan.context.pending_outbound_htlcs.push({
8502 let mut out = OutboundHTLCOutput{
8504 amount_msat: 2000000,
8506 payment_hash: PaymentHash([0; 32]),
8507 state: OutboundHTLCState::Committed,
8508 source: HTLCSource::dummy(),
8509 skimmed_fee_msat: None,
8511 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
8514 chan.context.pending_outbound_htlcs.push({
8515 let mut out = OutboundHTLCOutput{
8517 amount_msat: 3000000,
8519 payment_hash: PaymentHash([0; 32]),
8520 state: OutboundHTLCState::Committed,
8521 source: HTLCSource::dummy(),
8522 skimmed_fee_msat: None,
8524 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
8527 chan.context.pending_inbound_htlcs.push({
8528 let mut out = InboundHTLCOutput{
8530 amount_msat: 4000000,
8532 payment_hash: PaymentHash([0; 32]),
8533 state: InboundHTLCState::Committed,
8535 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
8539 // commitment tx with all five HTLCs untrimmed (minimum feerate)
8540 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8541 chan.context.feerate_per_kw = 0;
8543 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
8544 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
8545 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8548 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
8549 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
8550 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8553 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
8554 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
8555 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8558 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
8559 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
8560 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8563 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
8564 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
8565 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8568 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
8569 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
8570 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8573 // commitment tx with seven outputs untrimmed (maximum feerate)
8574 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8575 chan.context.feerate_per_kw = 647;
8577 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
8578 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
8579 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8582 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
8583 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
8584 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8587 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
8588 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
8589 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8592 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
8593 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
8594 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8597 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
8598 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
8599 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8602 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
8603 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
8604 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8607 // commitment tx with six outputs untrimmed (minimum feerate)
8608 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8609 chan.context.feerate_per_kw = 648;
8611 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
8612 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
8613 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8616 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
8617 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
8618 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8621 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
8622 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
8623 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8626 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
8627 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
8628 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8631 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
8632 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
8633 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8636 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
8637 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8638 chan.context.feerate_per_kw = 645;
8639 chan.context.holder_dust_limit_satoshis = 1001;
8641 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
8642 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
8643 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8646 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
8647 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
8648 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
8651 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
8652 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
8653 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8656 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
8657 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
8658 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8661 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
8662 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
8663 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8666 // commitment tx with six outputs untrimmed (maximum feerate)
8667 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8668 chan.context.feerate_per_kw = 2069;
8669 chan.context.holder_dust_limit_satoshis = 546;
8671 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
8672 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
8673 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8676 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
8677 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
8678 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8681 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
8682 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
8683 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8686 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
8687 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
8688 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8691 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
8692 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
8693 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8696 // commitment tx with five outputs untrimmed (minimum feerate)
8697 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8698 chan.context.feerate_per_kw = 2070;
8700 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
8701 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
8702 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8705 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
8706 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
8707 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8710 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
8711 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
8712 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8715 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
8716 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
8717 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8720 // commitment tx with five outputs untrimmed (maximum feerate)
8721 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8722 chan.context.feerate_per_kw = 2194;
8724 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
8725 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
8726 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8729 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
8730 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
8731 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8734 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
8735 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
8736 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8739 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
8740 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
8741 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8744 // commitment tx with four outputs untrimmed (minimum feerate)
8745 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8746 chan.context.feerate_per_kw = 2195;
8748 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
8749 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
8750 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8753 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
8754 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
8755 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8758 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
8759 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
8760 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8763 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
8764 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8765 chan.context.feerate_per_kw = 2185;
8766 chan.context.holder_dust_limit_satoshis = 2001;
8767 let cached_channel_type = chan.context.channel_type;
8768 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8770 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
8771 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
8772 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8775 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
8776 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
8777 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8780 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
8781 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
8782 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8785 // commitment tx with four outputs untrimmed (maximum feerate)
8786 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8787 chan.context.feerate_per_kw = 3702;
8788 chan.context.holder_dust_limit_satoshis = 546;
8789 chan.context.channel_type = cached_channel_type.clone();
8791 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
8792 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
8793 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8796 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
8797 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
8798 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8801 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
8802 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
8803 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8806 // commitment tx with three outputs untrimmed (minimum feerate)
8807 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8808 chan.context.feerate_per_kw = 3703;
8810 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
8811 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
8812 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8815 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
8816 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
8817 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8820 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
8821 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8822 chan.context.feerate_per_kw = 3687;
8823 chan.context.holder_dust_limit_satoshis = 3001;
8824 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8826 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
8827 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
8828 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8831 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
8832 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
8833 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8836 // commitment tx with three outputs untrimmed (maximum feerate)
8837 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8838 chan.context.feerate_per_kw = 4914;
8839 chan.context.holder_dust_limit_satoshis = 546;
8840 chan.context.channel_type = cached_channel_type.clone();
8842 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
8843 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
8844 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8847 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
8848 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
8849 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8852 // commitment tx with two outputs untrimmed (minimum feerate)
8853 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8854 chan.context.feerate_per_kw = 4915;
8855 chan.context.holder_dust_limit_satoshis = 546;
8857 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
8858 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
8859 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8861 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
8862 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8863 chan.context.feerate_per_kw = 4894;
8864 chan.context.holder_dust_limit_satoshis = 4001;
8865 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8867 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
8868 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
8869 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8871 // commitment tx with two outputs untrimmed (maximum feerate)
8872 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8873 chan.context.feerate_per_kw = 9651180;
8874 chan.context.holder_dust_limit_satoshis = 546;
8875 chan.context.channel_type = cached_channel_type.clone();
8877 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
8878 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
8879 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8881 // commitment tx with one output untrimmed (minimum feerate)
8882 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8883 chan.context.feerate_per_kw = 9651181;
8885 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8886 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8887 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8889 // anchors: commitment tx with one output untrimmed (minimum dust limit)
8890 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8891 chan.context.feerate_per_kw = 6216010;
8892 chan.context.holder_dust_limit_satoshis = 4001;
8893 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8895 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
8896 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
8897 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8899 // commitment tx with fee greater than funder amount
8900 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8901 chan.context.feerate_per_kw = 9651936;
8902 chan.context.holder_dust_limit_satoshis = 546;
8903 chan.context.channel_type = cached_channel_type;
8905 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8906 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8907 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8909 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
8910 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
8911 chan.context.feerate_per_kw = 253;
8912 chan.context.pending_inbound_htlcs.clear();
8913 chan.context.pending_inbound_htlcs.push({
8914 let mut out = InboundHTLCOutput{
8916 amount_msat: 2000000,
8918 payment_hash: PaymentHash([0; 32]),
8919 state: InboundHTLCState::Committed,
8921 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8924 chan.context.pending_outbound_htlcs.clear();
8925 chan.context.pending_outbound_htlcs.push({
8926 let mut out = OutboundHTLCOutput{
8928 amount_msat: 5000001,
8930 payment_hash: PaymentHash([0; 32]),
8931 state: OutboundHTLCState::Committed,
8932 source: HTLCSource::dummy(),
8933 skimmed_fee_msat: None,
8935 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8938 chan.context.pending_outbound_htlcs.push({
8939 let mut out = OutboundHTLCOutput{
8941 amount_msat: 5000000,
8943 payment_hash: PaymentHash([0; 32]),
8944 state: OutboundHTLCState::Committed,
8945 source: HTLCSource::dummy(),
8946 skimmed_fee_msat: None,
8948 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8952 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
8953 "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
8954 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8957 "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
8958 "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
8959 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8961 "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
8962 "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
8963 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
8965 "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
8966 "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
8967 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
8970 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8971 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
8972 "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
8973 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8976 "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
8977 "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
8978 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8980 "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
8981 "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
8982 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
8984 "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
8985 "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
8986 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
8991 fn test_per_commitment_secret_gen() {
8992 // Test vectors from BOLT 3 Appendix D:
8994 let mut seed = [0; 32];
8995 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
8996 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8997 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
8999 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
9000 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
9001 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
9003 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
9004 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
9006 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
9007 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
9009 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
9010 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
9011 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
9015 fn test_key_derivation() {
9016 // Test vectors from BOLT 3 Appendix E:
9017 let secp_ctx = Secp256k1::new();
9019 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
9020 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
9022 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
9023 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
9025 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
9026 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
9028 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
9029 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
9031 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
9032 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
9034 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
9035 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
9037 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
9038 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
9042 fn test_zero_conf_channel_type_support() {
9043 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9044 let secp_ctx = Secp256k1::new();
9045 let seed = [42; 32];
9046 let network = Network::Testnet;
9047 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9048 let logger = test_utils::TestLogger::new();
9050 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9051 let config = UserConfig::default();
9052 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
9053 node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
9055 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
9056 channel_type_features.set_zero_conf_required();
9058 let mut open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9059 open_channel_msg.channel_type = Some(channel_type_features);
9060 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9061 let res = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
9062 node_b_node_id, &channelmanager::provided_channel_type_features(&config),
9063 &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false);
9064 assert!(res.is_ok());
9068 fn test_supports_anchors_zero_htlc_tx_fee() {
9069 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
9070 // resulting `channel_type`.
9071 let secp_ctx = Secp256k1::new();
9072 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9073 let network = Network::Testnet;
9074 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9075 let logger = test_utils::TestLogger::new();
9077 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9078 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9080 let mut config = UserConfig::default();
9081 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
9083 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
9084 // need to signal it.
9085 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9086 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9087 &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
9090 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
9092 let mut expected_channel_type = ChannelTypeFeatures::empty();
9093 expected_channel_type.set_static_remote_key_required();
9094 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
9096 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9097 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9098 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9101 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9102 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9103 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9104 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
9105 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9108 assert_eq!(channel_a.context.channel_type, expected_channel_type);
9109 assert_eq!(channel_b.context.channel_type, expected_channel_type);
9113 fn test_rejects_implicit_simple_anchors() {
9114 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
9115 // each side's `InitFeatures`, it is rejected.
9116 let secp_ctx = Secp256k1::new();
9117 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9118 let network = Network::Testnet;
9119 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9120 let logger = test_utils::TestLogger::new();
9122 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9123 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9125 let config = UserConfig::default();
9127 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
9128 let static_remote_key_required: u64 = 1 << 12;
9129 let simple_anchors_required: u64 = 1 << 20;
9130 let raw_init_features = static_remote_key_required | simple_anchors_required;
9131 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
9133 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9134 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9135 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9138 // Set `channel_type` to `None` to force the implicit feature negotiation.
9139 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9140 open_channel_msg.channel_type = None;
9142 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
9143 // `static_remote_key`, it will fail the channel.
9144 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9145 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9146 &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
9147 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9149 assert!(channel_b.is_err());
9153 fn test_rejects_simple_anchors_channel_type() {
9154 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
9156 let secp_ctx = Secp256k1::new();
9157 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9158 let network = Network::Testnet;
9159 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9160 let logger = test_utils::TestLogger::new();
9162 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9163 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9165 let config = UserConfig::default();
9167 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
9168 let static_remote_key_required: u64 = 1 << 12;
9169 let simple_anchors_required: u64 = 1 << 20;
9170 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
9171 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9172 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9173 assert!(!simple_anchors_init.requires_unknown_bits());
9174 assert!(!simple_anchors_channel_type.requires_unknown_bits());
9176 // First, we'll try to open a channel between A and B where A requests a channel type for
9177 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
9178 // B as it's not supported by LDK.
9179 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9180 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9181 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9184 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9185 open_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9187 let res = InboundV1Channel::<&TestKeysInterface>::new(
9188 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9189 &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
9190 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9192 assert!(res.is_err());
9194 // Then, we'll try to open another channel where A requests a channel type for
9195 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
9196 // original `option_anchors` feature, which should be rejected by A as it's not supported by
9198 let mut channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9199 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
9200 10000000, 100000, 42, &config, 0, 42
9203 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
9205 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9206 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9207 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
9208 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9211 let mut accept_channel_msg = channel_b.get_accept_channel_message();
9212 accept_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9214 let res = channel_a.accept_channel(
9215 &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
9217 assert!(res.is_err());
9221 fn test_waiting_for_batch() {
9222 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9223 let logger = test_utils::TestLogger::new();
9224 let secp_ctx = Secp256k1::new();
9225 let seed = [42; 32];
9226 let network = Network::Testnet;
9227 let best_block = BestBlock::from_network(network);
9228 let chain_hash = ChainHash::using_genesis_block(network);
9229 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9231 let mut config = UserConfig::default();
9232 // Set trust_own_funding_0conf while ensuring we don't send channel_ready for a
9233 // channel in a batch before all channels are ready.
9234 config.channel_handshake_limits.trust_own_funding_0conf = true;
9236 // Create a channel from node a to node b that will be part of batch funding.
9237 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9238 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(
9243 &channelmanager::provided_init_features(&config),
9252 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9253 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9254 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(
9259 &channelmanager::provided_channel_type_features(&config),
9260 &channelmanager::provided_init_features(&config),
9266 true, // Allow node b to send a 0conf channel_ready.
9269 let accept_channel_msg = node_b_chan.accept_inbound_channel();
9270 node_a_chan.accept_channel(
9271 &accept_channel_msg,
9272 &config.channel_handshake_limits,
9273 &channelmanager::provided_init_features(&config),
9276 // Fund the channel with a batch funding transaction.
9277 let output_script = node_a_chan.context.get_funding_redeemscript();
9278 let tx = Transaction {
9280 lock_time: PackedLockTime::ZERO,
9284 value: 10000000, script_pubkey: output_script.clone(),
9287 value: 10000000, script_pubkey: Builder::new().into_script(),
9290 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9291 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(
9296 ).map_err(|_| ()).unwrap();
9297 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(
9298 &funding_created_msg.unwrap(),
9302 ).map_err(|_| ()).unwrap();
9303 let node_b_updates = node_b_chan.monitor_updating_restored(
9311 // Receive funding_signed, but the channel will be configured to hold sending channel_ready and
9312 // broadcasting the funding transaction until the batch is ready.
9313 let _ = node_a_chan.funding_signed(
9314 &funding_signed_msg.unwrap(),
9319 let node_a_updates = node_a_chan.monitor_updating_restored(
9326 // Our channel_ready shouldn't be sent yet, even with trust_own_funding_0conf set,
9327 // as the funding transaction depends on all channels in the batch becoming ready.
9328 assert!(node_a_updates.channel_ready.is_none());
9329 assert!(node_a_updates.funding_broadcastable.is_none());
9331 node_a_chan.context.channel_state,
9332 ChannelState::FundingSent as u32 |
9333 ChannelState::WaitingForBatch as u32,
9336 // It is possible to receive a 0conf channel_ready from the remote node.
9337 node_a_chan.channel_ready(
9338 &node_b_updates.channel_ready.unwrap(),
9346 node_a_chan.context.channel_state,
9347 ChannelState::FundingSent as u32 |
9348 ChannelState::WaitingForBatch as u32 |
9349 ChannelState::TheirChannelReady as u32,
9352 // Clear the ChannelState::WaitingForBatch only when called by ChannelManager.
9353 node_a_chan.set_batch_ready();
9355 node_a_chan.context.channel_state,
9356 ChannelState::FundingSent as u32 |
9357 ChannelState::TheirChannelReady as u32,
9359 assert!(node_a_chan.check_get_channel_ready(0).is_some());