1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::script::{Script,Builder};
11 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
12 use bitcoin::util::sighash;
13 use bitcoin::consensus::encode;
15 use bitcoin::hashes::Hash;
16 use bitcoin::hashes::sha256::Hash as Sha256;
17 use bitcoin::hashes::sha256d::Hash as Sha256d;
18 use bitcoin::hash_types::{Txid, BlockHash};
20 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
21 use bitcoin::secp256k1::{PublicKey,SecretKey};
22 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
23 use bitcoin::secp256k1;
25 use crate::ln::{PaymentPreimage, PaymentHash};
26 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
28 use crate::ln::msgs::{DecodeError, OptionalField, DataLossProtect};
29 use crate::ln::script::{self, ShutdownScript};
30 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT};
31 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
32 use crate::ln::chan_utils;
33 use crate::chain::BestBlock;
34 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
35 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS};
36 use crate::chain::transaction::{OutPoint, TransactionData};
37 use crate::chain::keysinterface::{Sign, KeysInterface};
38 use crate::util::events::ClosureReason;
39 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
40 use crate::util::logger::Logger;
41 use crate::util::errors::APIError;
42 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits};
43 use crate::util::scid_utils::scid_from_parts;
46 use crate::prelude::*;
47 use core::{cmp,mem,fmt};
49 #[cfg(any(test, fuzzing, debug_assertions))]
50 use crate::sync::Mutex;
51 use bitcoin::hashes::hex::ToHex;
54 pub struct ChannelValueStat {
55 pub value_to_self_msat: u64,
56 pub channel_value_msat: u64,
57 pub channel_reserve_msat: u64,
58 pub pending_outbound_htlcs_amount_msat: u64,
59 pub pending_inbound_htlcs_amount_msat: u64,
60 pub holding_cell_outbound_amount_msat: u64,
61 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
62 pub counterparty_dust_limit_msat: u64,
65 pub struct AvailableBalances {
66 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
67 pub balance_msat: u64,
68 /// Total amount available for our counterparty to send to us.
69 pub inbound_capacity_msat: u64,
70 /// Total amount available for us to send to our counterparty.
71 pub outbound_capacity_msat: u64,
72 /// The maximum value we can assign to the next outbound HTLC
73 pub next_outbound_htlc_limit_msat: u64,
76 #[derive(Debug, Clone, Copy, PartialEq)]
78 // Inbound states mirroring InboundHTLCState
80 AwaitingRemoteRevokeToAnnounce,
81 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
82 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
83 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
84 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
85 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
87 // Outbound state can only be `LocalAnnounced` or `Committed`
91 enum InboundHTLCRemovalReason {
92 FailRelay(msgs::OnionErrorPacket),
93 FailMalformed(([u8; 32], u16)),
94 Fulfill(PaymentPreimage),
97 enum InboundHTLCState {
98 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
99 /// update_add_htlc message for this HTLC.
100 RemoteAnnounced(PendingHTLCStatus),
101 /// Included in a received commitment_signed message (implying we've
102 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
103 /// state (see the example below). We have not yet included this HTLC in a
104 /// commitment_signed message because we are waiting on the remote's
105 /// aforementioned state revocation. One reason this missing remote RAA
106 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
107 /// is because every time we create a new "state", i.e. every time we sign a
108 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
109 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
110 /// sent provided the per_commitment_point for our current commitment tx.
111 /// The other reason we should not send a commitment_signed without their RAA
112 /// is because their RAA serves to ACK our previous commitment_signed.
114 /// Here's an example of how an HTLC could come to be in this state:
115 /// remote --> update_add_htlc(prev_htlc) --> local
116 /// remote --> commitment_signed(prev_htlc) --> local
117 /// remote <-- revoke_and_ack <-- local
118 /// remote <-- commitment_signed(prev_htlc) <-- local
119 /// [note that here, the remote does not respond with a RAA]
120 /// remote --> update_add_htlc(this_htlc) --> local
121 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
122 /// Now `this_htlc` will be assigned this state. It's unable to be officially
123 /// accepted, i.e. included in a commitment_signed, because we're missing the
124 /// RAA that provides our next per_commitment_point. The per_commitment_point
125 /// is used to derive commitment keys, which are used to construct the
126 /// signatures in a commitment_signed message.
127 /// Implies AwaitingRemoteRevoke.
129 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
130 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
131 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
132 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
133 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
134 /// channel (before it can then get forwarded and/or removed).
135 /// Implies AwaitingRemoteRevoke.
136 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
138 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
139 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
141 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
142 /// commitment transaction without it as otherwise we'll have to force-close the channel to
143 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
144 /// anyway). That said, ChannelMonitor does this for us (see
145 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
146 /// our own local state before then, once we're sure that the next commitment_signed and
147 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
148 LocalRemoved(InboundHTLCRemovalReason),
151 struct InboundHTLCOutput {
155 payment_hash: PaymentHash,
156 state: InboundHTLCState,
159 enum OutboundHTLCState {
160 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
161 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
162 /// we will promote to Committed (note that they may not accept it until the next time we
163 /// revoke, but we don't really care about that:
164 /// * they've revoked, so worst case we can announce an old state and get our (option on)
165 /// money back (though we won't), and,
166 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
167 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
168 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
169 /// we'll never get out of sync).
170 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
171 /// OutboundHTLCOutput's size just for a temporary bit
172 LocalAnnounced(Box<msgs::OnionPacket>),
174 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
175 /// the change (though they'll need to revoke before we fail the payment).
176 RemoteRemoved(OutboundHTLCOutcome),
177 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
178 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
179 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
180 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
181 /// remote revoke_and_ack on a previous state before we can do so.
182 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
183 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
184 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
185 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
186 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
187 /// revoke_and_ack to drop completely.
188 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
192 enum OutboundHTLCOutcome {
193 Success(Option<PaymentPreimage>),
194 Failure(HTLCFailReason),
197 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
198 fn from(o: Option<HTLCFailReason>) -> Self {
200 None => OutboundHTLCOutcome::Success(None),
201 Some(r) => OutboundHTLCOutcome::Failure(r)
206 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
207 fn into(self) -> Option<&'a HTLCFailReason> {
209 OutboundHTLCOutcome::Success(_) => None,
210 OutboundHTLCOutcome::Failure(ref r) => Some(r)
215 struct OutboundHTLCOutput {
219 payment_hash: PaymentHash,
220 state: OutboundHTLCState,
224 /// See AwaitingRemoteRevoke ChannelState for more info
225 enum HTLCUpdateAwaitingACK {
226 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
230 payment_hash: PaymentHash,
232 onion_routing_packet: msgs::OnionPacket,
235 payment_preimage: PaymentPreimage,
240 err_packet: msgs::OnionErrorPacket,
244 /// There are a few "states" and then a number of flags which can be applied:
245 /// We first move through init with OurInitSent -> TheirInitSent -> FundingCreated -> FundingSent.
246 /// TheirChannelReady and OurChannelReady then get set on FundingSent, and when both are set we
247 /// move on to ChannelReady.
248 /// Note that PeerDisconnected can be set on both ChannelReady and FundingSent.
249 /// ChannelReady can then get all remaining flags set on it, until we finish shutdown, then we
250 /// move on to ShutdownComplete, at which point most calls into this channel are disallowed.
252 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
253 OurInitSent = 1 << 0,
254 /// Implies we have received their open_channel/accept_channel message
255 TheirInitSent = 1 << 1,
256 /// We have sent funding_created and are awaiting a funding_signed to advance to FundingSent.
257 /// Note that this is nonsense for an inbound channel as we immediately generate funding_signed
258 /// upon receipt of funding_created, so simply skip this state.
260 /// Set when we have received/sent funding_created and funding_signed and are thus now waiting
261 /// on the funding transaction to confirm. The ChannelReady flags are set to indicate when we
262 /// and our counterparty consider the funding transaction confirmed.
264 /// Flag which can be set on FundingSent to indicate they sent us a channel_ready message.
265 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
266 TheirChannelReady = 1 << 4,
267 /// Flag which can be set on FundingSent to indicate we sent them a channel_ready message.
268 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
269 OurChannelReady = 1 << 5,
271 /// Flag which is set on ChannelReady and FundingSent indicating remote side is considered
272 /// "disconnected" and no updates are allowed until after we've done a channel_reestablish
274 PeerDisconnected = 1 << 7,
275 /// Flag which is set on ChannelReady, FundingCreated, and FundingSent indicating the user has
276 /// told us a ChannelMonitor update is pending async persistence somewhere and we should pause
277 /// sending any outbound messages until they've managed to finish.
278 MonitorUpdateInProgress = 1 << 8,
279 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
280 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
281 /// messages as then we will be unable to determine which HTLCs they included in their
282 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
284 /// Flag is set on ChannelReady.
285 AwaitingRemoteRevoke = 1 << 9,
286 /// Flag which is set on ChannelReady or FundingSent after receiving a shutdown message from
287 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
288 /// to respond with our own shutdown message when possible.
289 RemoteShutdownSent = 1 << 10,
290 /// Flag which is set on ChannelReady or FundingSent after sending a shutdown message. At this
291 /// point, we may not add any new HTLCs to the channel.
292 LocalShutdownSent = 1 << 11,
293 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
294 /// to drop us, but we store this anyway.
295 ShutdownComplete = 4096,
297 const BOTH_SIDES_SHUTDOWN_MASK: u32 = ChannelState::LocalShutdownSent as u32 | ChannelState::RemoteShutdownSent as u32;
298 const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32;
300 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
302 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
303 /// our counterparty or not. However, we don't want to announce updates right away to avoid
304 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
305 /// our channel_update message and track the current state here.
306 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
307 #[derive(Clone, Copy, PartialEq)]
308 pub(super) enum ChannelUpdateStatus {
309 /// We've announced the channel as enabled and are connected to our peer.
311 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
313 /// Our channel is live again, but we haven't announced the channel as enabled yet.
315 /// We've announced the channel as disabled.
319 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
321 pub enum AnnouncementSigsState {
322 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
323 /// we sent the last `AnnouncementSignatures`.
325 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
326 /// This state never appears on disk - instead we write `NotSent`.
328 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
329 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
330 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
331 /// they send back a `RevokeAndACK`.
332 /// This state never appears on disk - instead we write `NotSent`.
334 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
335 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
339 /// An enum indicating whether the local or remote side offered a given HTLC.
345 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
348 pending_htlcs_value_msat: u64,
349 on_counterparty_tx_dust_exposure_msat: u64,
350 on_holder_tx_dust_exposure_msat: u64,
351 holding_cell_msat: u64,
352 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
355 /// An enum gathering stats on commitment transaction, either local or remote.
356 struct CommitmentStats<'a> {
357 tx: CommitmentTransaction, // the transaction info
358 feerate_per_kw: u32, // the feerate included to build the transaction
359 total_fee_sat: u64, // the total fee included in the transaction
360 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
361 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
362 local_balance_msat: u64, // local balance before fees but considering dust limits
363 remote_balance_msat: u64, // remote balance before fees but considering dust limits
364 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
367 /// Used when calculating whether we or the remote can afford an additional HTLC.
368 struct HTLCCandidate {
370 origin: HTLCInitiator,
374 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
382 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
384 enum UpdateFulfillFetch {
386 monitor_update: ChannelMonitorUpdate,
387 htlc_value_msat: u64,
388 msg: Option<msgs::UpdateFulfillHTLC>,
393 /// The return type of get_update_fulfill_htlc_and_commit.
394 pub enum UpdateFulfillCommitFetch {
395 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
396 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
397 /// previously placed in the holding cell (and has since been removed).
399 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
400 monitor_update: ChannelMonitorUpdate,
401 /// The value of the HTLC which was claimed, in msat.
402 htlc_value_msat: u64,
403 /// The update_fulfill message and commitment_signed message (if the claim was not placed
404 /// in the holding cell).
405 msgs: Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)>,
407 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
408 /// or has been forgotten (presumably previously claimed).
412 /// The return value of `revoke_and_ack` on success, primarily updates to other channels or HTLC
414 pub(super) struct RAAUpdates {
415 pub commitment_update: Option<msgs::CommitmentUpdate>,
416 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
417 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
418 pub finalized_claimed_htlcs: Vec<HTLCSource>,
419 pub monitor_update: ChannelMonitorUpdate,
420 pub holding_cell_failed_htlcs: Vec<(HTLCSource, PaymentHash)>,
423 /// The return value of `monitor_updating_restored`
424 pub(super) struct MonitorRestoreUpdates {
425 pub raa: Option<msgs::RevokeAndACK>,
426 pub commitment_update: Option<msgs::CommitmentUpdate>,
427 pub order: RAACommitmentOrder,
428 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
429 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
430 pub finalized_claimed_htlcs: Vec<HTLCSource>,
431 pub funding_broadcastable: Option<Transaction>,
432 pub channel_ready: Option<msgs::ChannelReady>,
433 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
436 /// The return value of `channel_reestablish`
437 pub(super) struct ReestablishResponses {
438 pub channel_ready: Option<msgs::ChannelReady>,
439 pub raa: Option<msgs::RevokeAndACK>,
440 pub commitment_update: Option<msgs::CommitmentUpdate>,
441 pub order: RAACommitmentOrder,
442 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
443 pub shutdown_msg: Option<msgs::Shutdown>,
446 /// If the majority of the channels funds are to the fundee and the initiator holds only just
447 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
448 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
449 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
450 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
451 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
452 /// by this multiple without hitting this case, before sending.
453 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
454 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
455 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
456 /// leave the channel less usable as we hold a bigger reserve.
457 #[cfg(any(fuzzing, test))]
458 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
459 #[cfg(not(any(fuzzing, test)))]
460 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
462 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
463 /// channel creation on an inbound channel, we simply force-close and move on.
464 /// This constant is the one suggested in BOLT 2.
465 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
467 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
468 /// not have enough balance value remaining to cover the onchain cost of this new
469 /// HTLC weight. If this happens, our counterparty fails the reception of our
470 /// commitment_signed including this new HTLC due to infringement on the channel
472 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
473 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
474 /// leads to a channel force-close. Ultimately, this is an issue coming from the
475 /// design of LN state machines, allowing asynchronous updates.
476 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
478 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
479 /// commitment transaction fees, with at least this many HTLCs present on the commitment
480 /// transaction (not counting the value of the HTLCs themselves).
481 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
483 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
484 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
485 /// ChannelUpdate prompted by the config update. This value was determined as follows:
487 /// * The expected interval between ticks (1 minute).
488 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
489 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
490 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
491 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
493 // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
494 // has been completed, and then turn into a Channel to get compiler-time enforcement of things like
495 // calling channel_id() before we're set up or things like get_outbound_funding_signed on an
498 // Holder designates channel data owned for the benefice of the user client.
499 // Counterparty designates channel data owned by the another channel participant entity.
500 pub(super) struct Channel<Signer: Sign> {
501 config: LegacyChannelConfig,
503 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
504 // constructed using it. The second element in the tuple corresponds to the number of ticks that
505 // have elapsed since the update occurred.
506 prev_config: Option<(ChannelConfig, usize)>,
508 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
512 channel_id: [u8; 32],
515 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
516 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
518 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
519 // Note that a number of our tests were written prior to the behavior here which retransmits
520 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
522 #[cfg(any(test, feature = "_test_utils"))]
523 pub(crate) announcement_sigs_state: AnnouncementSigsState,
524 #[cfg(not(any(test, feature = "_test_utils")))]
525 announcement_sigs_state: AnnouncementSigsState,
527 secp_ctx: Secp256k1<secp256k1::All>,
528 channel_value_satoshis: u64,
530 latest_monitor_update_id: u64,
532 holder_signer: Signer,
533 shutdown_scriptpubkey: Option<ShutdownScript>,
534 destination_script: Script,
536 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
537 // generation start at 0 and count up...this simplifies some parts of implementation at the
538 // cost of others, but should really just be changed.
540 cur_holder_commitment_transaction_number: u64,
541 cur_counterparty_commitment_transaction_number: u64,
542 value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
543 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
544 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
545 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
547 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
548 /// need to ensure we resend them in the order we originally generated them. Note that because
549 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
550 /// sufficient to simply set this to the opposite of any message we are generating as we
551 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
552 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
554 resend_order: RAACommitmentOrder,
556 monitor_pending_channel_ready: bool,
557 monitor_pending_revoke_and_ack: bool,
558 monitor_pending_commitment_signed: bool,
559 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
560 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
561 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
563 // pending_update_fee is filled when sending and receiving update_fee.
565 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
566 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
567 // generating new commitment transactions with exactly the same criteria as inbound/outbound
568 // HTLCs with similar state.
569 pending_update_fee: Option<(u32, FeeUpdateState)>,
570 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
571 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
572 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
573 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
574 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
575 holding_cell_update_fee: Option<u32>,
576 next_holder_htlc_id: u64,
577 next_counterparty_htlc_id: u64,
580 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
581 /// when the channel is updated in ways which may impact the `channel_update` message or when a
582 /// new block is received, ensuring it's always at least moderately close to the current real
584 update_time_counter: u32,
586 #[cfg(debug_assertions)]
587 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
588 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
589 #[cfg(debug_assertions)]
590 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
591 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
593 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
594 target_closing_feerate_sats_per_kw: Option<u32>,
596 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
597 /// update, we need to delay processing it until later. We do that here by simply storing the
598 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
599 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
601 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
602 /// transaction. These are set once we reach `closing_negotiation_ready`.
604 pub(crate) closing_fee_limits: Option<(u64, u64)>,
606 closing_fee_limits: Option<(u64, u64)>,
608 /// Flag that ensures that `accept_inbound_channel` must be called before `funding_created`
609 /// is executed successfully. The reason for this flag is that when the
610 /// `UserConfig::manually_accept_inbound_channels` config flag is set to true, inbound channels
611 /// are required to be manually accepted by the node operator before the `msgs::AcceptChannel`
612 /// message is created and sent out. During the manual accept process, `accept_inbound_channel`
613 /// is called by `ChannelManager::accept_inbound_channel`.
615 /// The flag counteracts that a counterparty node could theoretically send a
616 /// `msgs::FundingCreated` message before the node operator has manually accepted an inbound
617 /// channel request made by the counterparty node. That would execute `funding_created` before
618 /// `accept_inbound_channel`, and `funding_created` should therefore not execute successfully.
619 inbound_awaiting_accept: bool,
621 /// The hash of the block in which the funding transaction was included.
622 funding_tx_confirmed_in: Option<BlockHash>,
623 funding_tx_confirmation_height: u32,
624 short_channel_id: Option<u64>,
625 /// Either the height at which this channel was created or the height at which it was last
626 /// serialized if it was serialized by versions prior to 0.0.103.
627 /// We use this to close if funding is never broadcasted.
628 channel_creation_height: u32,
630 counterparty_dust_limit_satoshis: u64,
633 pub(super) holder_dust_limit_satoshis: u64,
635 holder_dust_limit_satoshis: u64,
638 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
640 counterparty_max_htlc_value_in_flight_msat: u64,
643 pub(super) holder_max_htlc_value_in_flight_msat: u64,
645 holder_max_htlc_value_in_flight_msat: u64,
647 /// minimum channel reserve for self to maintain - set by them.
648 counterparty_selected_channel_reserve_satoshis: Option<u64>,
651 pub(super) holder_selected_channel_reserve_satoshis: u64,
653 holder_selected_channel_reserve_satoshis: u64,
655 counterparty_htlc_minimum_msat: u64,
656 holder_htlc_minimum_msat: u64,
658 pub counterparty_max_accepted_htlcs: u16,
660 counterparty_max_accepted_htlcs: u16,
661 //implied by OUR_MAX_HTLCS: max_accepted_htlcs: u16,
662 minimum_depth: Option<u32>,
664 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
666 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
667 funding_transaction: Option<Transaction>,
669 counterparty_cur_commitment_point: Option<PublicKey>,
670 counterparty_prev_commitment_point: Option<PublicKey>,
671 counterparty_node_id: PublicKey,
673 counterparty_shutdown_scriptpubkey: Option<Script>,
675 commitment_secrets: CounterpartyCommitmentSecrets,
677 channel_update_status: ChannelUpdateStatus,
678 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
679 /// not complete within a single timer tick (one minute), we should force-close the channel.
680 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
682 /// Note that this field is reset to false on deserialization to give us a chance to connect to
683 /// our peer and start the closing_signed negotiation fresh.
684 closing_signed_in_flight: bool,
686 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
687 /// This can be used to rebroadcast the channel_announcement message later.
688 announcement_sigs: Option<(Signature, Signature)>,
690 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
691 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
692 // be, by comparing the cached values to the fee of the tranaction generated by
693 // `build_commitment_transaction`.
694 #[cfg(any(test, fuzzing))]
695 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
696 #[cfg(any(test, fuzzing))]
697 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
699 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
700 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
701 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
702 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
703 /// message until we receive a channel_reestablish.
705 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
706 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
708 #[cfg(any(test, fuzzing))]
709 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
710 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
711 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
712 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
713 // is fine, but as a sanity check in our failure to generate the second claim, we check here
714 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
715 historical_inbound_htlc_fulfills: HashSet<u64>,
717 /// This channel's type, as negotiated during channel open
718 channel_type: ChannelTypeFeatures,
720 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
721 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
722 // the channel's funding UTXO.
724 // We also use this when sending our peer a channel_update that isn't to be broadcasted
725 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
726 // associated channel mapping.
728 // We only bother storing the most recent SCID alias at any time, though our counterparty has
729 // to store all of them.
730 latest_inbound_scid_alias: Option<u64>,
732 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
733 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
734 // don't currently support node id aliases and eventually privacy should be provided with
735 // blinded paths instead of simple scid+node_id aliases.
736 outbound_scid_alias: u64,
738 // We track whether we already emitted a `ChannelReady` event.
739 channel_ready_event_emitted: bool,
742 #[cfg(any(test, fuzzing))]
743 struct CommitmentTxInfoCached {
745 total_pending_htlcs: usize,
746 next_holder_htlc_id: u64,
747 next_counterparty_htlc_id: u64,
751 pub const OUR_MAX_HTLCS: u16 = 50; //TODO
753 pub(crate) fn commitment_tx_base_weight(opt_anchors: bool) -> u64 {
754 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
755 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
756 if opt_anchors { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
760 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
762 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
764 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
766 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
767 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
768 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
769 /// `holder_max_htlc_value_in_flight_msat`.
770 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
772 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
773 /// `option_support_large_channel` (aka wumbo channels) is not supported.
775 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
777 /// Total bitcoin supply in satoshis.
778 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
780 /// The maximum network dust limit for standard script formats. This currently represents the
781 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
782 /// transaction non-standard and thus refuses to relay it.
783 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
784 /// implementations use this value for their dust limit today.
785 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
787 /// The maximum channel dust limit we will accept from our counterparty.
788 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
790 /// The dust limit is used for both the commitment transaction outputs as well as the closing
791 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
792 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
793 /// In order to avoid having to concern ourselves with standardness during the closing process, we
794 /// simply require our counterparty to use a dust limit which will leave any segwit output
796 /// See https://github.com/lightning/bolts/issues/905 for more details.
797 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
799 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
800 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
802 /// Used to return a simple Error back to ChannelManager. Will get converted to a
803 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
804 /// channel_id in ChannelManager.
805 pub(super) enum ChannelError {
811 impl fmt::Debug for ChannelError {
812 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
814 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
815 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
816 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
821 macro_rules! secp_check {
822 ($res: expr, $err: expr) => {
825 Err(_) => return Err(ChannelError::Close($err)),
830 impl<Signer: Sign> Channel<Signer> {
831 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
832 /// `channel_value_satoshis` in msat, set through
833 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
835 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
837 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
838 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
839 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
841 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
844 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
846 channel_value_satoshis * 10 * configured_percent
849 /// Returns a minimum channel reserve value the remote needs to maintain,
850 /// required by us according to the configured or default
851 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
853 /// Guaranteed to return a value no larger than channel_value_satoshis
855 /// This is used both for outbound and inbound channels and has lower bound
856 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
857 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
858 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
859 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
862 /// This is for legacy reasons, present for forward-compatibility.
863 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
864 /// from storage. Hence, we use this function to not persist default values of
865 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
866 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
867 let (q, _) = channel_value_satoshis.overflowing_div(100);
868 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
871 pub(crate) fn opt_anchors(&self) -> bool {
872 self.channel_transaction_parameters.opt_anchors.is_some()
875 fn get_initial_channel_type(config: &UserConfig) -> ChannelTypeFeatures {
876 // The default channel type (ie the first one we try) depends on whether the channel is
877 // public - if it is, we just go with `only_static_remotekey` as it's the only option
878 // available. If it's private, we first try `scid_privacy` as it provides better privacy
879 // with no other changes, and fall back to `only_static_remotekey`
880 let mut ret = ChannelTypeFeatures::only_static_remote_key();
881 if !config.channel_handshake_config.announced_channel && config.channel_handshake_config.negotiate_scid_privacy {
882 ret.set_scid_privacy_required();
887 /// If we receive an error message, it may only be a rejection of the channel type we tried,
888 /// not of our ability to open any channel at all. Thus, on error, we should first call this
889 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
890 pub(crate) fn maybe_handle_error_without_close(&mut self, chain_hash: BlockHash) -> Result<msgs::OpenChannel, ()> {
891 if !self.is_outbound() || self.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
892 if self.channel_type == ChannelTypeFeatures::only_static_remote_key() {
893 // We've exhausted our options
896 self.channel_type = ChannelTypeFeatures::only_static_remote_key(); // We only currently support two types
897 Ok(self.get_open_channel(chain_hash))
901 pub fn new_outbound<K: Deref, F: Deref>(
902 fee_estimator: &LowerBoundedFeeEstimator<F>, keys_provider: &K, counterparty_node_id: PublicKey, their_features: &InitFeatures,
903 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
904 outbound_scid_alias: u64
905 ) -> Result<Channel<Signer>, APIError>
906 where K::Target: KeysInterface<Signer = Signer>,
907 F::Target: FeeEstimator,
909 let opt_anchors = false; // TODO - should be based on features
911 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
912 let holder_signer = keys_provider.get_channel_signer(false, channel_value_satoshis);
913 let pubkeys = holder_signer.pubkeys().clone();
915 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
916 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
918 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
919 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
921 let channel_value_msat = channel_value_satoshis * 1000;
922 if push_msat > channel_value_msat {
923 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
925 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
926 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
928 let holder_selected_channel_reserve_satoshis = Channel::<Signer>::get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
929 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
930 // Protocol level safety check in place, although it should never happen because
931 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
932 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
935 let feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
937 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
938 let commitment_tx_fee = Self::commit_tx_fee_msat(feerate, MIN_AFFORDABLE_HTLC_COUNT, opt_anchors);
939 if value_to_self_msat < commitment_tx_fee {
940 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
943 let mut secp_ctx = Secp256k1::new();
944 secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());
946 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
947 Some(keys_provider.get_shutdown_scriptpubkey())
950 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
951 if !shutdown_scriptpubkey.is_compatible(&their_features) {
952 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
959 config: LegacyChannelConfig {
960 options: config.channel_config.clone(),
961 announced_channel: config.channel_handshake_config.announced_channel,
962 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
967 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
969 channel_id: keys_provider.get_secure_random_bytes(),
970 channel_state: ChannelState::OurInitSent as u32,
971 announcement_sigs_state: AnnouncementSigsState::NotSent,
973 channel_value_satoshis,
975 latest_monitor_update_id: 0,
978 shutdown_scriptpubkey,
979 destination_script: keys_provider.get_destination_script(),
981 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
982 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
985 pending_inbound_htlcs: Vec::new(),
986 pending_outbound_htlcs: Vec::new(),
987 holding_cell_htlc_updates: Vec::new(),
988 pending_update_fee: None,
989 holding_cell_update_fee: None,
990 next_holder_htlc_id: 0,
991 next_counterparty_htlc_id: 0,
992 update_time_counter: 1,
994 resend_order: RAACommitmentOrder::CommitmentFirst,
996 monitor_pending_channel_ready: false,
997 monitor_pending_revoke_and_ack: false,
998 monitor_pending_commitment_signed: false,
999 monitor_pending_forwards: Vec::new(),
1000 monitor_pending_failures: Vec::new(),
1001 monitor_pending_finalized_fulfills: Vec::new(),
1003 #[cfg(debug_assertions)]
1004 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1005 #[cfg(debug_assertions)]
1006 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1008 last_sent_closing_fee: None,
1009 pending_counterparty_closing_signed: None,
1010 closing_fee_limits: None,
1011 target_closing_feerate_sats_per_kw: None,
1013 inbound_awaiting_accept: false,
1015 funding_tx_confirmed_in: None,
1016 funding_tx_confirmation_height: 0,
1017 short_channel_id: None,
1018 channel_creation_height: current_chain_height,
1020 feerate_per_kw: feerate,
1021 counterparty_dust_limit_satoshis: 0,
1022 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
1023 counterparty_max_htlc_value_in_flight_msat: 0,
1024 holder_max_htlc_value_in_flight_msat: Self::get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
1025 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
1026 holder_selected_channel_reserve_satoshis,
1027 counterparty_htlc_minimum_msat: 0,
1028 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
1029 counterparty_max_accepted_htlcs: 0,
1030 minimum_depth: None, // Filled in in accept_channel
1032 counterparty_forwarding_info: None,
1034 channel_transaction_parameters: ChannelTransactionParameters {
1035 holder_pubkeys: pubkeys,
1036 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
1037 is_outbound_from_holder: true,
1038 counterparty_parameters: None,
1039 funding_outpoint: None,
1040 opt_anchors: if opt_anchors { Some(()) } else { None },
1041 opt_non_zero_fee_anchors: None
1043 funding_transaction: None,
1045 counterparty_cur_commitment_point: None,
1046 counterparty_prev_commitment_point: None,
1047 counterparty_node_id,
1049 counterparty_shutdown_scriptpubkey: None,
1051 commitment_secrets: CounterpartyCommitmentSecrets::new(),
1053 channel_update_status: ChannelUpdateStatus::Enabled,
1054 closing_signed_in_flight: false,
1056 announcement_sigs: None,
1058 #[cfg(any(test, fuzzing))]
1059 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
1060 #[cfg(any(test, fuzzing))]
1061 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
1063 workaround_lnd_bug_4006: None,
1065 latest_inbound_scid_alias: None,
1066 outbound_scid_alias,
1068 channel_ready_event_emitted: false,
1070 #[cfg(any(test, fuzzing))]
1071 historical_inbound_htlc_fulfills: HashSet::new(),
1073 channel_type: Self::get_initial_channel_type(&config),
1077 fn check_remote_fee<F: Deref, L: Deref>(fee_estimator: &LowerBoundedFeeEstimator<F>,
1078 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L)
1079 -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
1081 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
1082 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
1083 // We generally don't care too much if they set the feerate to something very high, but it
1084 // could result in the channel being useless due to everything being dust.
1085 let upper_limit = cmp::max(250 * 25,
1086 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
1087 if feerate_per_kw as u64 > upper_limit {
1088 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
1090 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
1091 // Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
1092 // occasional issues with feerate disagreements between an initiator that wants a feerate
1093 // of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
1094 // sat/kw before the comparison here.
1095 if feerate_per_kw + 250 < lower_limit {
1096 if let Some(cur_feerate) = cur_feerate_per_kw {
1097 if feerate_per_kw > cur_feerate {
1099 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
1100 cur_feerate, feerate_per_kw);
1104 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {} (- 250)", feerate_per_kw, lower_limit)));
1109 /// Creates a new channel from a remote sides' request for one.
1110 /// Assumes chain_hash has already been checked and corresponds with what we expect!
1111 pub fn new_from_req<K: Deref, F: Deref, L: Deref>(
1112 fee_estimator: &LowerBoundedFeeEstimator<F>, keys_provider: &K, counterparty_node_id: PublicKey, their_features: &InitFeatures,
1113 msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig, current_chain_height: u32, logger: &L,
1114 outbound_scid_alias: u64
1115 ) -> Result<Channel<Signer>, ChannelError>
1116 where K::Target: KeysInterface<Signer = Signer>,
1117 F::Target: FeeEstimator,
1120 let opt_anchors = false; // TODO - should be based on features
1121 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
1123 // First check the channel type is known, failing before we do anything else if we don't
1124 // support this channel type.
1125 let channel_type = if let Some(channel_type) = &msg.channel_type {
1126 if channel_type.supports_any_optional_bits() {
1127 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
1130 if channel_type.requires_unknown_bits() {
1131 return Err(ChannelError::Close("Channel Type field contains unknown bits".to_owned()));
1134 // We currently only allow four channel types, so write it all out here - we allow
1135 // `only_static_remote_key` or `static_remote_key | zero_conf` in all contexts, and
1136 // further allow `static_remote_key | scid_privacy` or
1137 // `static_remote_key | scid_privacy | zero_conf`, if the channel is not
1138 // publicly announced.
1139 if *channel_type != ChannelTypeFeatures::only_static_remote_key() {
1140 if !channel_type.requires_scid_privacy() && !channel_type.requires_zero_conf() {
1141 return Err(ChannelError::Close("Channel Type was not understood".to_owned()));
1144 if channel_type.requires_scid_privacy() && announced_channel {
1145 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
1148 channel_type.clone()
1150 ChannelTypeFeatures::from_counterparty_init(&their_features)
1152 if !channel_type.supports_static_remote_key() {
1153 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
1156 let holder_signer = keys_provider.get_channel_signer(true, msg.funding_satoshis);
1157 let pubkeys = holder_signer.pubkeys().clone();
1158 let counterparty_pubkeys = ChannelPublicKeys {
1159 funding_pubkey: msg.funding_pubkey,
1160 revocation_basepoint: msg.revocation_basepoint,
1161 payment_point: msg.payment_point,
1162 delayed_payment_basepoint: msg.delayed_payment_basepoint,
1163 htlc_basepoint: msg.htlc_basepoint
1166 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
1167 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
1170 // Check sanity of message fields:
1171 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
1172 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
1174 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
1175 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
1177 if msg.channel_reserve_satoshis > msg.funding_satoshis {
1178 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
1180 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
1181 if msg.push_msat > full_channel_value_msat {
1182 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
1184 if msg.dust_limit_satoshis > msg.funding_satoshis {
1185 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
1187 if msg.htlc_minimum_msat >= full_channel_value_msat {
1188 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
1190 Channel::<Signer>::check_remote_fee(fee_estimator, msg.feerate_per_kw, None, logger)?;
1192 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
1193 if msg.to_self_delay > max_counterparty_selected_contest_delay {
1194 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
1196 if msg.max_accepted_htlcs < 1 {
1197 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
1199 if msg.max_accepted_htlcs > MAX_HTLCS {
1200 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
1203 // Now check against optional parameters as set by config...
1204 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
1205 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
1207 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
1208 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
1210 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
1211 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
1213 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
1214 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
1216 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
1217 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
1219 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1220 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1222 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
1223 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
1226 // Convert things into internal flags and prep our state:
1228 if config.channel_handshake_limits.force_announced_channel_preference {
1229 if config.channel_handshake_config.announced_channel != announced_channel {
1230 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
1234 let holder_selected_channel_reserve_satoshis = Channel::<Signer>::get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
1235 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1236 // Protocol level safety check in place, although it should never happen because
1237 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
1238 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1240 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
1241 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
1243 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1244 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
1245 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
1247 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
1248 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
1251 // check if the funder's amount for the initial commitment tx is sufficient
1252 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
1253 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
1254 let commitment_tx_fee = Self::commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, opt_anchors) / 1000;
1255 if funders_amount_msat / 1000 < commitment_tx_fee {
1256 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", funders_amount_msat / 1000, commitment_tx_fee)));
1259 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee;
1260 // While it's reasonable for us to not meet the channel reserve initially (if they don't
1261 // want to push much to us), our counterparty should always have more than our reserve.
1262 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
1263 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
1266 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
1267 match &msg.shutdown_scriptpubkey {
1268 &OptionalField::Present(ref script) => {
1269 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
1270 if script.len() == 0 {
1273 if !script::is_bolt2_compliant(&script, their_features) {
1274 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
1276 Some(script.clone())
1279 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
1280 &OptionalField::Absent => {
1281 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
1286 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
1287 Some(keys_provider.get_shutdown_scriptpubkey())
1290 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
1291 if !shutdown_scriptpubkey.is_compatible(&their_features) {
1292 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
1296 let mut secp_ctx = Secp256k1::new();
1297 secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());
1299 let chan = Channel {
1302 config: LegacyChannelConfig {
1303 options: config.channel_config.clone(),
1305 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
1310 inbound_handshake_limits_override: None,
1312 channel_id: msg.temporary_channel_id,
1313 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
1314 announcement_sigs_state: AnnouncementSigsState::NotSent,
1317 latest_monitor_update_id: 0,
1320 shutdown_scriptpubkey,
1321 destination_script: keys_provider.get_destination_script(),
1323 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1324 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1325 value_to_self_msat: msg.push_msat,
1327 pending_inbound_htlcs: Vec::new(),
1328 pending_outbound_htlcs: Vec::new(),
1329 holding_cell_htlc_updates: Vec::new(),
1330 pending_update_fee: None,
1331 holding_cell_update_fee: None,
1332 next_holder_htlc_id: 0,
1333 next_counterparty_htlc_id: 0,
1334 update_time_counter: 1,
1336 resend_order: RAACommitmentOrder::CommitmentFirst,
1338 monitor_pending_channel_ready: false,
1339 monitor_pending_revoke_and_ack: false,
1340 monitor_pending_commitment_signed: false,
1341 monitor_pending_forwards: Vec::new(),
1342 monitor_pending_failures: Vec::new(),
1343 monitor_pending_finalized_fulfills: Vec::new(),
1345 #[cfg(debug_assertions)]
1346 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
1347 #[cfg(debug_assertions)]
1348 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
1350 last_sent_closing_fee: None,
1351 pending_counterparty_closing_signed: None,
1352 closing_fee_limits: None,
1353 target_closing_feerate_sats_per_kw: None,
1355 inbound_awaiting_accept: true,
1357 funding_tx_confirmed_in: None,
1358 funding_tx_confirmation_height: 0,
1359 short_channel_id: None,
1360 channel_creation_height: current_chain_height,
1362 feerate_per_kw: msg.feerate_per_kw,
1363 channel_value_satoshis: msg.funding_satoshis,
1364 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
1365 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
1366 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
1367 holder_max_htlc_value_in_flight_msat: Self::get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
1368 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
1369 holder_selected_channel_reserve_satoshis,
1370 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
1371 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
1372 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
1373 minimum_depth: Some(cmp::max(config.channel_handshake_config.minimum_depth, 1)),
1375 counterparty_forwarding_info: None,
1377 channel_transaction_parameters: ChannelTransactionParameters {
1378 holder_pubkeys: pubkeys,
1379 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
1380 is_outbound_from_holder: false,
1381 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
1382 selected_contest_delay: msg.to_self_delay,
1383 pubkeys: counterparty_pubkeys,
1385 funding_outpoint: None,
1386 opt_anchors: if opt_anchors { Some(()) } else { None },
1387 opt_non_zero_fee_anchors: None
1389 funding_transaction: None,
1391 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
1392 counterparty_prev_commitment_point: None,
1393 counterparty_node_id,
1395 counterparty_shutdown_scriptpubkey,
1397 commitment_secrets: CounterpartyCommitmentSecrets::new(),
1399 channel_update_status: ChannelUpdateStatus::Enabled,
1400 closing_signed_in_flight: false,
1402 announcement_sigs: None,
1404 #[cfg(any(test, fuzzing))]
1405 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
1406 #[cfg(any(test, fuzzing))]
1407 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
1409 workaround_lnd_bug_4006: None,
1411 latest_inbound_scid_alias: None,
1412 outbound_scid_alias,
1414 channel_ready_event_emitted: false,
1416 #[cfg(any(test, fuzzing))]
1417 historical_inbound_htlc_fulfills: HashSet::new(),
1425 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1426 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1427 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1428 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1429 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1431 /// @local is used only to convert relevant internal structures which refer to remote vs local
1432 /// to decide value of outputs and direction of HTLCs.
1433 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1434 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1435 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1436 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1437 /// which peer generated this transaction and "to whom" this transaction flows.
1439 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1440 where L::Target: Logger
1442 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1443 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1444 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1446 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1447 let mut remote_htlc_total_msat = 0;
1448 let mut local_htlc_total_msat = 0;
1449 let mut value_to_self_msat_offset = 0;
1451 let mut feerate_per_kw = self.feerate_per_kw;
1452 if let Some((feerate, update_state)) = self.pending_update_fee {
1453 if match update_state {
1454 // Note that these match the inclusion criteria when scanning
1455 // pending_inbound_htlcs below.
1456 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1457 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1458 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1460 feerate_per_kw = feerate;
1464 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1465 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1466 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1467 log_bytes!(self.channel_id), if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1469 macro_rules! get_htlc_in_commitment {
1470 ($htlc: expr, $offered: expr) => {
1471 HTLCOutputInCommitment {
1473 amount_msat: $htlc.amount_msat,
1474 cltv_expiry: $htlc.cltv_expiry,
1475 payment_hash: $htlc.payment_hash,
1476 transaction_output_index: None
1481 macro_rules! add_htlc_output {
1482 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1483 if $outbound == local { // "offered HTLC output"
1484 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1485 let htlc_tx_fee = if self.opt_anchors() {
1488 feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000
1490 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1491 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1492 included_non_dust_htlcs.push((htlc_in_tx, $source));
1494 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1495 included_dust_htlcs.push((htlc_in_tx, $source));
1498 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1499 let htlc_tx_fee = if self.opt_anchors() {
1502 feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000
1504 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1505 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1506 included_non_dust_htlcs.push((htlc_in_tx, $source));
1508 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1509 included_dust_htlcs.push((htlc_in_tx, $source));
1515 for ref htlc in self.pending_inbound_htlcs.iter() {
1516 let (include, state_name) = match htlc.state {
1517 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1518 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1519 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1520 InboundHTLCState::Committed => (true, "Committed"),
1521 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1525 add_htlc_output!(htlc, false, None, state_name);
1526 remote_htlc_total_msat += htlc.amount_msat;
1528 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1530 &InboundHTLCState::LocalRemoved(ref reason) => {
1531 if generated_by_local {
1532 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1533 value_to_self_msat_offset += htlc.amount_msat as i64;
1542 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1544 for ref htlc in self.pending_outbound_htlcs.iter() {
1545 let (include, state_name) = match htlc.state {
1546 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1547 OutboundHTLCState::Committed => (true, "Committed"),
1548 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1549 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1550 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1553 let preimage_opt = match htlc.state {
1554 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1555 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1556 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1560 if let Some(preimage) = preimage_opt {
1561 preimages.push(preimage);
1565 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1566 local_htlc_total_msat += htlc.amount_msat;
1568 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1570 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1571 value_to_self_msat_offset -= htlc.amount_msat as i64;
1573 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1574 if !generated_by_local {
1575 value_to_self_msat_offset -= htlc.amount_msat as i64;
1583 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1584 assert!(value_to_self_msat >= 0);
1585 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1586 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1587 // "violate" their reserve value by couting those against it. Thus, we have to convert
1588 // everything to i64 before subtracting as otherwise we can overflow.
1589 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1590 assert!(value_to_remote_msat >= 0);
1592 #[cfg(debug_assertions)]
1594 // Make sure that the to_self/to_remote is always either past the appropriate
1595 // channel_reserve *or* it is making progress towards it.
1596 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1597 self.holder_max_commitment_tx_output.lock().unwrap()
1599 self.counterparty_max_commitment_tx_output.lock().unwrap()
1601 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1602 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1603 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1604 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1607 let total_fee_sat = Channel::<Signer>::commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), self.channel_transaction_parameters.opt_anchors.is_some());
1608 let anchors_val = if self.channel_transaction_parameters.opt_anchors.is_some() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1609 let (value_to_self, value_to_remote) = if self.is_outbound() {
1610 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1612 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1615 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1616 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1617 let (funding_pubkey_a, funding_pubkey_b) = if local {
1618 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1620 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1623 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1624 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1629 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1630 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1635 let num_nondust_htlcs = included_non_dust_htlcs.len();
1637 let channel_parameters =
1638 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1639 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1640 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1643 self.channel_transaction_parameters.opt_anchors.is_some(),
1648 &mut included_non_dust_htlcs,
1651 let mut htlcs_included = included_non_dust_htlcs;
1652 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1653 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1654 htlcs_included.append(&mut included_dust_htlcs);
1656 // For the stats, trimmed-to-0 the value in msats accordingly
1657 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1658 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1666 local_balance_msat: value_to_self_msat as u64,
1667 remote_balance_msat: value_to_remote_msat as u64,
1673 fn get_closing_scriptpubkey(&self) -> Script {
1674 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
1675 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
1676 // outside of those situations will fail.
1677 self.shutdown_scriptpubkey.clone().unwrap().into_inner()
1681 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
1686 1 + // script length (0)
1690 )*4 + // * 4 for non-witness parts
1691 2 + // witness marker and flag
1692 1 + // witness element count
1693 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
1694 self.get_funding_redeemscript().len() as u64 + // funding witness script
1695 2*(1 + 71); // two signatures + sighash type flags
1696 if let Some(spk) = a_scriptpubkey {
1697 ret += ((8+1) + // output values and script length
1698 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
1700 if let Some(spk) = b_scriptpubkey {
1701 ret += ((8+1) + // output values and script length
1702 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
1708 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
1709 assert!(self.pending_inbound_htlcs.is_empty());
1710 assert!(self.pending_outbound_htlcs.is_empty());
1711 assert!(self.pending_update_fee.is_none());
1713 let mut total_fee_satoshis = proposed_total_fee_satoshis;
1714 let mut value_to_holder: i64 = (self.value_to_self_msat as i64) / 1000 - if self.is_outbound() { total_fee_satoshis as i64 } else { 0 };
1715 let mut value_to_counterparty: i64 = ((self.channel_value_satoshis * 1000 - self.value_to_self_msat) as i64 / 1000) - if self.is_outbound() { 0 } else { total_fee_satoshis as i64 };
1717 if value_to_holder < 0 {
1718 assert!(self.is_outbound());
1719 total_fee_satoshis += (-value_to_holder) as u64;
1720 } else if value_to_counterparty < 0 {
1721 assert!(!self.is_outbound());
1722 total_fee_satoshis += (-value_to_counterparty) as u64;
1725 if skip_remote_output || value_to_counterparty as u64 <= self.holder_dust_limit_satoshis {
1726 value_to_counterparty = 0;
1729 if value_to_holder as u64 <= self.holder_dust_limit_satoshis {
1730 value_to_holder = 0;
1733 assert!(self.shutdown_scriptpubkey.is_some());
1734 let holder_shutdown_script = self.get_closing_scriptpubkey();
1735 let counterparty_shutdown_script = self.counterparty_shutdown_scriptpubkey.clone().unwrap();
1736 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
1738 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
1739 (closing_transaction, total_fee_satoshis)
1742 fn funding_outpoint(&self) -> OutPoint {
1743 self.channel_transaction_parameters.funding_outpoint.unwrap()
1747 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1748 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1749 /// our counterparty!)
1750 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1751 /// TODO Some magic rust shit to compile-time check this?
1752 fn build_holder_transaction_keys(&self, commitment_number: u64) -> Result<TxCreationKeys, ChannelError> {
1753 let per_commitment_point = self.holder_signer.get_per_commitment_point(commitment_number, &self.secp_ctx);
1754 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1755 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1756 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1758 Ok(secp_check!(TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint), "Local tx keys generation got bogus keys".to_owned()))
1762 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1763 /// will sign and send to our counterparty.
1764 /// If an Err is returned, it is a ChannelError::Close (for get_outbound_funding_created)
1765 fn build_remote_transaction_keys(&self) -> Result<TxCreationKeys, ChannelError> {
1766 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1767 //may see payments to it!
1768 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1769 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1770 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1772 Ok(secp_check!(TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint), "Remote tx keys generation got bogus keys".to_owned()))
1775 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1776 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1777 /// Panics if called before accept_channel/new_from_req
1778 pub fn get_funding_redeemscript(&self) -> Script {
1779 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1782 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
1785 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
1786 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
1788 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
1790 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
1791 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
1792 where L::Target: Logger {
1793 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
1794 // (see equivalent if condition there).
1795 assert!(self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
1796 let mon_update_id = self.latest_monitor_update_id; // Forget the ChannelMonitor update
1797 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
1798 self.latest_monitor_update_id = mon_update_id;
1799 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
1800 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
1804 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
1805 // Either ChannelReady got set (which means it won't be unset) or there is no way any
1806 // caller thought we could have something claimed (cause we wouldn't have accepted in an
1807 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
1809 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
1810 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
1812 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
1814 let payment_hash_calc = PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner());
1816 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
1817 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
1818 // these, but for now we just have to treat them as normal.
1820 let mut pending_idx = core::usize::MAX;
1821 let mut htlc_value_msat = 0;
1822 for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
1823 if htlc.htlc_id == htlc_id_arg {
1824 assert_eq!(htlc.payment_hash, payment_hash_calc);
1826 InboundHTLCState::Committed => {},
1827 InboundHTLCState::LocalRemoved(ref reason) => {
1828 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1830 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id()));
1831 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
1833 return UpdateFulfillFetch::DuplicateClaim {};
1836 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1837 // Don't return in release mode here so that we can update channel_monitor
1841 htlc_value_msat = htlc.amount_msat;
1845 if pending_idx == core::usize::MAX {
1846 #[cfg(any(test, fuzzing))]
1847 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
1848 // this is simply a duplicate claim, not previously failed and we lost funds.
1849 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1850 return UpdateFulfillFetch::DuplicateClaim {};
1853 // Now update local state:
1855 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
1856 // can claim it even if the channel hits the chain before we see their next commitment.
1857 self.latest_monitor_update_id += 1;
1858 let monitor_update = ChannelMonitorUpdate {
1859 update_id: self.latest_monitor_update_id,
1860 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
1861 payment_preimage: payment_preimage_arg.clone(),
1865 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
1866 // Note that this condition is the same as the assertion in
1867 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
1868 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
1869 // do not not get into this branch.
1870 for pending_update in self.holding_cell_htlc_updates.iter() {
1871 match pending_update {
1872 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
1873 if htlc_id_arg == htlc_id {
1874 // Make sure we don't leave latest_monitor_update_id incremented here:
1875 self.latest_monitor_update_id -= 1;
1876 #[cfg(any(test, fuzzing))]
1877 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1878 return UpdateFulfillFetch::DuplicateClaim {};
1881 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
1882 if htlc_id_arg == htlc_id {
1883 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", log_bytes!(self.channel_id()));
1884 // TODO: We may actually be able to switch to a fulfill here, though its
1885 // rare enough it may not be worth the complexity burden.
1886 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
1887 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1893 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", log_bytes!(self.channel_id()), self.channel_state);
1894 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
1895 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
1897 #[cfg(any(test, fuzzing))]
1898 self.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
1899 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1901 #[cfg(any(test, fuzzing))]
1902 self.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
1905 let htlc = &mut self.pending_inbound_htlcs[pending_idx];
1906 if let InboundHTLCState::Committed = htlc.state {
1908 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1909 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1911 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
1912 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
1915 UpdateFulfillFetch::NewClaim {
1918 msg: Some(msgs::UpdateFulfillHTLC {
1919 channel_id: self.channel_id(),
1920 htlc_id: htlc_id_arg,
1921 payment_preimage: payment_preimage_arg,
1926 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> Result<UpdateFulfillCommitFetch, (ChannelError, ChannelMonitorUpdate)> where L::Target: Logger {
1927 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
1928 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg: Some(update_fulfill_htlc) } => {
1929 let (commitment, mut additional_update) = match self.send_commitment_no_status_check(logger) {
1930 Err(e) => return Err((e, monitor_update)),
1933 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
1934 // strictly increasing by one, so decrement it here.
1935 self.latest_monitor_update_id = monitor_update.update_id;
1936 monitor_update.updates.append(&mut additional_update.updates);
1937 Ok(UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, msgs: Some((update_fulfill_htlc, commitment)) })
1939 UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None } =>
1940 Ok(UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, msgs: None }),
1941 UpdateFulfillFetch::DuplicateClaim {} => Ok(UpdateFulfillCommitFetch::DuplicateClaim {}),
1945 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
1946 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
1947 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
1948 /// before we fail backwards.
1950 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
1951 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
1952 /// [`ChannelError::Ignore`].
1953 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
1954 -> Result<(), ChannelError> where L::Target: Logger {
1955 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
1956 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
1959 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
1960 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
1961 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
1962 /// before we fail backwards.
1964 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
1965 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
1966 /// [`ChannelError::Ignore`].
1967 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
1968 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
1969 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
1970 panic!("Was asked to fail an HTLC when channel was not in an operational state");
1972 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
1974 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
1975 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
1976 // these, but for now we just have to treat them as normal.
1978 let mut pending_idx = core::usize::MAX;
1979 for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
1980 if htlc.htlc_id == htlc_id_arg {
1982 InboundHTLCState::Committed => {},
1983 InboundHTLCState::LocalRemoved(ref reason) => {
1984 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1986 debug_assert!(false, "Tried to fail an HTLC that was already failed");
1991 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1992 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
1998 if pending_idx == core::usize::MAX {
1999 #[cfg(any(test, fuzzing))]
2000 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2001 // is simply a duplicate fail, not previously failed and we failed-back too early.
2002 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2006 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2007 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2008 force_holding_cell = true;
2011 // Now update local state:
2012 if force_holding_cell {
2013 for pending_update in self.holding_cell_htlc_updates.iter() {
2014 match pending_update {
2015 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2016 if htlc_id_arg == htlc_id {
2017 #[cfg(any(test, fuzzing))]
2018 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2022 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2023 if htlc_id_arg == htlc_id {
2024 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2025 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2031 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, log_bytes!(self.channel_id()));
2032 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2033 htlc_id: htlc_id_arg,
2039 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, log_bytes!(self.channel_id()));
2041 let htlc = &mut self.pending_inbound_htlcs[pending_idx];
2042 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2045 Ok(Some(msgs::UpdateFailHTLC {
2046 channel_id: self.channel_id(),
2047 htlc_id: htlc_id_arg,
2052 // Message handlers:
2054 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
2055 let peer_limits = if let Some(ref limits) = self.inbound_handshake_limits_override { limits } else { default_limits };
2057 // Check sanity of message fields:
2058 if !self.is_outbound() {
2059 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
2061 if self.channel_state != ChannelState::OurInitSent as u32 {
2062 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
2064 if msg.dust_limit_satoshis > 21000000 * 100000000 {
2065 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
2067 if msg.channel_reserve_satoshis > self.channel_value_satoshis {
2068 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.channel_value_satoshis)));
2070 if msg.dust_limit_satoshis > self.holder_selected_channel_reserve_satoshis {
2071 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.holder_selected_channel_reserve_satoshis)));
2073 if msg.channel_reserve_satoshis > self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis {
2074 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
2075 msg.channel_reserve_satoshis, self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis)));
2077 let full_channel_value_msat = (self.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
2078 if msg.htlc_minimum_msat >= full_channel_value_msat {
2079 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
2081 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
2082 if msg.to_self_delay > max_delay_acceptable {
2083 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
2085 if msg.max_accepted_htlcs < 1 {
2086 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
2088 if msg.max_accepted_htlcs > MAX_HTLCS {
2089 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
2092 // Now check against optional parameters as set by config...
2093 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
2094 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
2096 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
2097 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
2099 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
2100 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
2102 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
2103 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
2105 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
2106 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
2108 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
2109 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
2111 if msg.minimum_depth > peer_limits.max_minimum_depth {
2112 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
2115 if let Some(ty) = &msg.channel_type {
2116 if *ty != self.channel_type {
2117 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
2119 } else if their_features.supports_channel_type() {
2120 // Assume they've accepted the channel type as they said they understand it.
2122 self.channel_type = ChannelTypeFeatures::from_counterparty_init(&their_features)
2125 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
2126 match &msg.shutdown_scriptpubkey {
2127 &OptionalField::Present(ref script) => {
2128 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
2129 if script.len() == 0 {
2132 if !script::is_bolt2_compliant(&script, their_features) {
2133 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
2135 Some(script.clone())
2138 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
2139 &OptionalField::Absent => {
2140 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
2145 self.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
2146 self.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.channel_value_satoshis * 1000);
2147 self.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
2148 self.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
2149 self.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
2151 if peer_limits.trust_own_funding_0conf {
2152 self.minimum_depth = Some(msg.minimum_depth);
2154 self.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
2157 let counterparty_pubkeys = ChannelPublicKeys {
2158 funding_pubkey: msg.funding_pubkey,
2159 revocation_basepoint: msg.revocation_basepoint,
2160 payment_point: msg.payment_point,
2161 delayed_payment_basepoint: msg.delayed_payment_basepoint,
2162 htlc_basepoint: msg.htlc_basepoint
2165 self.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
2166 selected_contest_delay: msg.to_self_delay,
2167 pubkeys: counterparty_pubkeys,
2170 self.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
2171 self.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
2173 self.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
2174 self.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
2179 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(Txid, CommitmentTransaction, Signature), ChannelError> where L::Target: Logger {
2180 let funding_script = self.get_funding_redeemscript();
2182 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
2183 let initial_commitment_tx = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
2185 let trusted_tx = initial_commitment_tx.trust();
2186 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2187 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2188 // They sign the holder commitment transaction...
2189 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
2190 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.counterparty_funding_pubkey().serialize()),
2191 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
2192 encode::serialize_hex(&funding_script), log_bytes!(self.channel_id()));
2193 secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &sig, self.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
2196 let counterparty_keys = self.build_remote_transaction_keys()?;
2197 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2199 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2200 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2201 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2202 log_bytes!(self.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2204 let counterparty_signature = self.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
2205 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0;
2207 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
2208 Ok((counterparty_initial_bitcoin_tx.txid, initial_commitment_tx, counterparty_signature))
2211 fn counterparty_funding_pubkey(&self) -> &PublicKey {
2212 &self.get_counterparty_pubkeys().funding_pubkey
2215 pub fn funding_created<L: Deref>(&mut self, msg: &msgs::FundingCreated, best_block: BestBlock, logger: &L) -> Result<(msgs::FundingSigned, ChannelMonitor<Signer>, Option<msgs::ChannelReady>), ChannelError> where L::Target: Logger {
2216 if self.is_outbound() {
2217 return Err(ChannelError::Close("Received funding_created for an outbound channel?".to_owned()));
2219 if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
2220 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
2221 // remember the channel, so it's safe to just send an error_message here and drop the
2223 return Err(ChannelError::Close("Received funding_created after we got the channel!".to_owned()));
2225 if self.inbound_awaiting_accept {
2226 return Err(ChannelError::Close("FundingCreated message received before the channel was accepted".to_owned()));
2228 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2229 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2230 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2231 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2234 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
2235 self.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
2236 // This is an externally observable change before we finish all our checks. In particular
2237 // funding_created_signature may fail.
2238 self.holder_signer.ready_channel(&self.channel_transaction_parameters);
2240 let (counterparty_initial_commitment_txid, initial_commitment_tx, signature) = match self.funding_created_signature(&msg.signature, logger) {
2242 Err(ChannelError::Close(e)) => {
2243 self.channel_transaction_parameters.funding_outpoint = None;
2244 return Err(ChannelError::Close(e));
2247 // The only error we know how to handle is ChannelError::Close, so we fall over here
2248 // to make sure we don't continue with an inconsistent state.
2249 panic!("unexpected error type from funding_created_signature {:?}", e);
2253 let holder_commitment_tx = HolderCommitmentTransaction::new(
2254 initial_commitment_tx,
2257 &self.get_holder_pubkeys().funding_pubkey,
2258 self.counterparty_funding_pubkey()
2261 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2262 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2264 // Now that we're past error-generating stuff, update our local state:
2266 let funding_redeemscript = self.get_funding_redeemscript();
2267 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2268 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound());
2269 let shutdown_script = self.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2270 let channel_monitor = ChannelMonitor::new(self.secp_ctx.clone(), self.holder_signer.clone(),
2271 shutdown_script, self.get_holder_selected_contest_delay(),
2272 &self.destination_script, (funding_txo, funding_txo_script.clone()),
2273 &self.channel_transaction_parameters,
2274 funding_redeemscript.clone(), self.channel_value_satoshis,
2276 holder_commitment_tx, best_block, self.counterparty_node_id);
2278 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_commitment_txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
2280 self.channel_state = ChannelState::FundingSent as u32;
2281 self.channel_id = funding_txo.to_channel_id();
2282 self.cur_counterparty_commitment_transaction_number -= 1;
2283 self.cur_holder_commitment_transaction_number -= 1;
2285 log_info!(logger, "Generated funding_signed for peer for channel {}", log_bytes!(self.channel_id()));
2287 Ok((msgs::FundingSigned {
2288 channel_id: self.channel_id,
2290 }, channel_monitor, self.check_get_channel_ready(0)))
2293 /// Handles a funding_signed message from the remote end.
2294 /// If this call is successful, broadcast the funding transaction (and not before!)
2295 pub fn funding_signed<L: Deref>(&mut self, msg: &msgs::FundingSigned, best_block: BestBlock, logger: &L) -> Result<(ChannelMonitor<Signer>, Transaction, Option<msgs::ChannelReady>), ChannelError> where L::Target: Logger {
2296 if !self.is_outbound() {
2297 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2299 if self.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2300 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2302 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2303 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2304 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2305 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2308 let funding_script = self.get_funding_redeemscript();
2310 let counterparty_keys = self.build_remote_transaction_keys()?;
2311 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2312 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2313 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2315 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2316 log_bytes!(self.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2318 let holder_signer = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
2319 let initial_commitment_tx = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2321 let trusted_tx = initial_commitment_tx.trust();
2322 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2323 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2324 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2325 if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) {
2326 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2330 let holder_commitment_tx = HolderCommitmentTransaction::new(
2331 initial_commitment_tx,
2334 &self.get_holder_pubkeys().funding_pubkey,
2335 self.counterparty_funding_pubkey()
2338 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2339 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2342 let funding_redeemscript = self.get_funding_redeemscript();
2343 let funding_txo = self.get_funding_txo().unwrap();
2344 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2345 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound());
2346 let shutdown_script = self.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2347 let channel_monitor = ChannelMonitor::new(self.secp_ctx.clone(), self.holder_signer.clone(),
2348 shutdown_script, self.get_holder_selected_contest_delay(),
2349 &self.destination_script, (funding_txo, funding_txo_script),
2350 &self.channel_transaction_parameters,
2351 funding_redeemscript.clone(), self.channel_value_satoshis,
2353 holder_commitment_tx, best_block, self.counterparty_node_id);
2355 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_bitcoin_tx.txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
2357 assert_eq!(self.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2358 self.channel_state = ChannelState::FundingSent as u32;
2359 self.cur_holder_commitment_transaction_number -= 1;
2360 self.cur_counterparty_commitment_transaction_number -= 1;
2362 log_info!(logger, "Received funding_signed from peer for channel {}", log_bytes!(self.channel_id()));
2364 Ok((channel_monitor, self.funding_transaction.as_ref().cloned().unwrap(), self.check_get_channel_ready(0)))
2367 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2368 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2370 pub fn channel_ready<L: Deref>(&mut self, msg: &msgs::ChannelReady, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock, logger: &L) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError> where L::Target: Logger {
2371 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2372 self.workaround_lnd_bug_4006 = Some(msg.clone());
2373 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2376 if let Some(scid_alias) = msg.short_channel_id_alias {
2377 if Some(scid_alias) != self.short_channel_id {
2378 // The scid alias provided can be used to route payments *from* our counterparty,
2379 // i.e. can be used for inbound payments and provided in invoices, but is not used
2380 // when routing outbound payments.
2381 self.latest_inbound_scid_alias = Some(scid_alias);
2385 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
2387 if non_shutdown_state == ChannelState::FundingSent as u32 {
2388 self.channel_state |= ChannelState::TheirChannelReady as u32;
2389 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2390 self.channel_state = ChannelState::ChannelReady as u32 | (self.channel_state & MULTI_STATE_FLAGS);
2391 self.update_time_counter += 1;
2392 } else if self.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2393 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2394 (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2395 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2397 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2398 // required, or they're sending a fresh SCID alias.
2399 let expected_point =
2400 if self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2401 // If they haven't ever sent an updated point, the point they send should match
2403 self.counterparty_cur_commitment_point
2405 // If they have sent updated points, channel_ready is always supposed to match
2406 // their "first" point, which we re-derive here.
2407 Some(PublicKey::from_secret_key(&self.secp_ctx, &SecretKey::from_slice(
2408 &self.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2409 ).expect("We already advanced, so previous secret keys should have been validated already")))
2411 if expected_point != Some(msg.next_per_commitment_point) {
2412 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2416 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2419 self.counterparty_prev_commitment_point = self.counterparty_cur_commitment_point;
2420 self.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2422 log_info!(logger, "Received channel_ready from peer for channel {}", log_bytes!(self.channel_id()));
2424 Ok(self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger))
2427 /// Returns transaction if there is pending funding transaction that is yet to broadcast
2428 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
2429 if self.channel_state & (ChannelState::FundingCreated as u32) != 0 {
2430 self.funding_transaction.clone()
2436 /// Returns a HTLCStats about inbound pending htlcs
2437 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2438 let mut stats = HTLCStats {
2439 pending_htlcs: self.pending_inbound_htlcs.len() as u32,
2440 pending_htlcs_value_msat: 0,
2441 on_counterparty_tx_dust_exposure_msat: 0,
2442 on_holder_tx_dust_exposure_msat: 0,
2443 holding_cell_msat: 0,
2444 on_holder_tx_holding_cell_htlcs_count: 0,
2447 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2450 let dust_buffer_feerate = self.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2451 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2452 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2454 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2455 let holder_dust_limit_success_sat = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2456 for ref htlc in self.pending_inbound_htlcs.iter() {
2457 stats.pending_htlcs_value_msat += htlc.amount_msat;
2458 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
2459 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2461 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
2462 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2468 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
2469 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2470 let mut stats = HTLCStats {
2471 pending_htlcs: self.pending_outbound_htlcs.len() as u32,
2472 pending_htlcs_value_msat: 0,
2473 on_counterparty_tx_dust_exposure_msat: 0,
2474 on_holder_tx_dust_exposure_msat: 0,
2475 holding_cell_msat: 0,
2476 on_holder_tx_holding_cell_htlcs_count: 0,
2479 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2482 let dust_buffer_feerate = self.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2483 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2484 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2486 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
2487 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
2488 for ref htlc in self.pending_outbound_htlcs.iter() {
2489 stats.pending_htlcs_value_msat += htlc.amount_msat;
2490 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
2491 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2493 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
2494 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2498 for update in self.holding_cell_htlc_updates.iter() {
2499 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
2500 stats.pending_htlcs += 1;
2501 stats.pending_htlcs_value_msat += amount_msat;
2502 stats.holding_cell_msat += amount_msat;
2503 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
2504 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
2506 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
2507 stats.on_holder_tx_dust_exposure_msat += amount_msat;
2509 stats.on_holder_tx_holding_cell_htlcs_count += 1;
2516 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
2517 /// Doesn't bother handling the
2518 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
2519 /// corner case properly.
2520 pub fn get_available_balances(&self) -> AvailableBalances {
2521 // Note that we have to handle overflow due to the above case.
2522 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
2524 let mut balance_msat = self.value_to_self_msat;
2525 for ref htlc in self.pending_inbound_htlcs.iter() {
2526 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
2527 balance_msat += htlc.amount_msat;
2530 balance_msat -= outbound_stats.pending_htlcs_value_msat;
2532 let outbound_capacity_msat = cmp::max(self.value_to_self_msat as i64
2533 - outbound_stats.pending_htlcs_value_msat as i64
2534 - self.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) as i64 * 1000,
2537 inbound_capacity_msat: cmp::max(self.channel_value_satoshis as i64 * 1000
2538 - self.value_to_self_msat as i64
2539 - self.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
2540 - self.holder_selected_channel_reserve_satoshis as i64 * 1000,
2542 outbound_capacity_msat,
2543 next_outbound_htlc_limit_msat: cmp::max(cmp::min(outbound_capacity_msat as i64,
2544 self.counterparty_max_htlc_value_in_flight_msat as i64
2545 - outbound_stats.pending_htlcs_value_msat as i64),
2551 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
2552 (self.holder_selected_channel_reserve_satoshis, self.counterparty_selected_channel_reserve_satoshis)
2555 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2556 // Note that num_htlcs should not include dust HTLCs.
2557 fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, opt_anchors: bool) -> u64 {
2558 // Note that we need to divide before multiplying to round properly,
2559 // since the lowest denomination of bitcoin on-chain is the satoshi.
2560 (commitment_tx_base_weight(opt_anchors) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2563 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2564 // Note that num_htlcs should not include dust HTLCs.
2566 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, opt_anchors: bool) -> u64 {
2567 feerate_per_kw as u64 * (commitment_tx_base_weight(opt_anchors) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2570 // Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
2571 // number of pending HTLCs that are on track to be in our next commitment tx, plus an additional
2572 // HTLC if `fee_spike_buffer_htlc` is Some, plus a new HTLC given by `new_htlc_amount`. Dust HTLCs
2574 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
2575 assert!(self.is_outbound());
2577 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
2580 (self.feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000,
2581 self.feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000)
2583 let real_dust_limit_success_sat = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2584 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
2586 let mut addl_htlcs = 0;
2587 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
2589 HTLCInitiator::LocalOffered => {
2590 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
2594 HTLCInitiator::RemoteOffered => {
2595 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
2601 let mut included_htlcs = 0;
2602 for ref htlc in self.pending_inbound_htlcs.iter() {
2603 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
2606 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
2607 // transaction including this HTLC if it times out before they RAA.
2608 included_htlcs += 1;
2611 for ref htlc in self.pending_outbound_htlcs.iter() {
2612 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
2616 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
2617 OutboundHTLCState::Committed => included_htlcs += 1,
2618 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
2619 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
2620 // transaction won't be generated until they send us their next RAA, which will mean
2621 // dropping any HTLCs in this state.
2626 for htlc in self.holding_cell_htlc_updates.iter() {
2628 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
2629 if amount_msat / 1000 < real_dust_limit_timeout_sat {
2634 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
2635 // ack we're guaranteed to never include them in commitment txs anymore.
2639 let num_htlcs = included_htlcs + addl_htlcs;
2640 let res = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs, self.opt_anchors());
2641 #[cfg(any(test, fuzzing))]
2644 if fee_spike_buffer_htlc.is_some() {
2645 fee = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs - 1, self.opt_anchors());
2647 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len()
2648 + self.holding_cell_htlc_updates.len();
2649 let commitment_tx_info = CommitmentTxInfoCached {
2651 total_pending_htlcs,
2652 next_holder_htlc_id: match htlc.origin {
2653 HTLCInitiator::LocalOffered => self.next_holder_htlc_id + 1,
2654 HTLCInitiator::RemoteOffered => self.next_holder_htlc_id,
2656 next_counterparty_htlc_id: match htlc.origin {
2657 HTLCInitiator::LocalOffered => self.next_counterparty_htlc_id,
2658 HTLCInitiator::RemoteOffered => self.next_counterparty_htlc_id + 1,
2660 feerate: self.feerate_per_kw,
2662 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2667 // Get the commitment tx fee for the remote's next commitment transaction based on the number of
2668 // pending HTLCs that are on track to be in their next commitment tx, plus an additional HTLC if
2669 // `fee_spike_buffer_htlc` is Some, plus a new HTLC given by `new_htlc_amount`. Dust HTLCs are
2671 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
2672 assert!(!self.is_outbound());
2674 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
2677 (self.feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000,
2678 self.feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000)
2680 let real_dust_limit_success_sat = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
2681 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2683 let mut addl_htlcs = 0;
2684 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
2686 HTLCInitiator::LocalOffered => {
2687 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
2691 HTLCInitiator::RemoteOffered => {
2692 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
2698 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
2699 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
2700 // committed outbound HTLCs, see below.
2701 let mut included_htlcs = 0;
2702 for ref htlc in self.pending_inbound_htlcs.iter() {
2703 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
2706 included_htlcs += 1;
2709 for ref htlc in self.pending_outbound_htlcs.iter() {
2710 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
2713 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
2714 // i.e. if they've responded to us with an RAA after announcement.
2716 OutboundHTLCState::Committed => included_htlcs += 1,
2717 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
2718 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
2723 let num_htlcs = included_htlcs + addl_htlcs;
2724 let res = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs, self.opt_anchors());
2725 #[cfg(any(test, fuzzing))]
2728 if fee_spike_buffer_htlc.is_some() {
2729 fee = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs - 1, self.opt_anchors());
2731 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
2732 let commitment_tx_info = CommitmentTxInfoCached {
2734 total_pending_htlcs,
2735 next_holder_htlc_id: match htlc.origin {
2736 HTLCInitiator::LocalOffered => self.next_holder_htlc_id + 1,
2737 HTLCInitiator::RemoteOffered => self.next_holder_htlc_id,
2739 next_counterparty_htlc_id: match htlc.origin {
2740 HTLCInitiator::LocalOffered => self.next_counterparty_htlc_id,
2741 HTLCInitiator::RemoteOffered => self.next_counterparty_htlc_id + 1,
2743 feerate: self.feerate_per_kw,
2745 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2750 pub fn update_add_htlc<F, L: Deref>(&mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus, create_pending_htlc_status: F, logger: &L) -> Result<(), ChannelError>
2751 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus, L::Target: Logger {
2752 // We can't accept HTLCs sent after we've sent a shutdown.
2753 let local_sent_shutdown = (self.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2754 if local_sent_shutdown {
2755 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2757 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2758 let remote_sent_shutdown = (self.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2759 if remote_sent_shutdown {
2760 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2762 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2763 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2765 if msg.amount_msat > self.channel_value_satoshis * 1000 {
2766 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2768 if msg.amount_msat == 0 {
2769 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2771 if msg.amount_msat < self.holder_htlc_minimum_msat {
2772 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.holder_htlc_minimum_msat, msg.amount_msat)));
2775 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
2776 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
2777 if inbound_stats.pending_htlcs + 1 > OUR_MAX_HTLCS as u32 {
2778 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", OUR_MAX_HTLCS)));
2780 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.holder_max_htlc_value_in_flight_msat {
2781 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.holder_max_htlc_value_in_flight_msat)));
2783 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2784 // the reserve_satoshis we told them to always have as direct payment so that they lose
2785 // something if we punish them for broadcasting an old state).
2786 // Note that we don't really care about having a small/no to_remote output in our local
2787 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2788 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2789 // present in the next commitment transaction we send them (at least for fulfilled ones,
2790 // failed ones won't modify value_to_self).
2791 // Note that we will send HTLCs which another instance of rust-lightning would think
2792 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2793 // Channel state once they will not be present in the next received commitment
2795 let mut removed_outbound_total_msat = 0;
2796 for ref htlc in self.pending_outbound_htlcs.iter() {
2797 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2798 removed_outbound_total_msat += htlc.amount_msat;
2799 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2800 removed_outbound_total_msat += htlc.amount_msat;
2804 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2807 let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
2808 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2809 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2811 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2812 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2813 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2814 if on_counterparty_tx_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
2815 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2816 on_counterparty_tx_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat());
2817 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2821 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2822 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2823 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2824 if on_holder_tx_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
2825 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2826 on_holder_tx_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat());
2827 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2831 let pending_value_to_self_msat =
2832 self.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2833 let pending_remote_value_msat =
2834 self.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2835 if pending_remote_value_msat < msg.amount_msat {
2836 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2839 // Check that the remote can afford to pay for this HTLC on-chain at the current
2840 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2841 let remote_commit_tx_fee_msat = if self.is_outbound() { 0 } else {
2842 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2843 self.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2845 if pending_remote_value_msat - msg.amount_msat < remote_commit_tx_fee_msat {
2846 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2849 if pending_remote_value_msat - msg.amount_msat - remote_commit_tx_fee_msat < self.holder_selected_channel_reserve_satoshis * 1000 {
2850 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2853 if !self.is_outbound() {
2854 // `2 *` and `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2855 // the spec because in the spec, the fee spike buffer requirement doesn't exist on the
2856 // receiver's side, only on the sender's.
2857 // Note that when we eventually remove support for fee updates and switch to anchor output
2858 // fees, we will drop the `2 *`, since we no longer be as sensitive to fee spikes. But, keep
2859 // the extra htlc when calculating the next remote commitment transaction fee as we should
2860 // still be able to afford adding this HTLC plus one more future HTLC, regardless of being
2861 // sensitive to fee spikes.
2862 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2863 let remote_fee_cost_incl_stuck_buffer_msat = 2 * self.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2864 if pending_remote_value_msat - msg.amount_msat - self.holder_selected_channel_reserve_satoshis * 1000 < remote_fee_cost_incl_stuck_buffer_msat {
2865 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2866 // the HTLC, i.e. its status is already set to failing.
2867 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", log_bytes!(self.channel_id()));
2868 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2871 // Check that they won't violate our local required channel reserve by adding this HTLC.
2872 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2873 let local_commit_tx_fee_msat = self.next_local_commit_tx_fee_msat(htlc_candidate, None);
2874 if self.value_to_self_msat < self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat {
2875 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2878 if self.next_counterparty_htlc_id != msg.htlc_id {
2879 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.next_counterparty_htlc_id)));
2881 if msg.cltv_expiry >= 500000000 {
2882 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2885 if self.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2886 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2887 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2891 // Now update local state:
2892 self.next_counterparty_htlc_id += 1;
2893 self.pending_inbound_htlcs.push(InboundHTLCOutput {
2894 htlc_id: msg.htlc_id,
2895 amount_msat: msg.amount_msat,
2896 payment_hash: msg.payment_hash,
2897 cltv_expiry: msg.cltv_expiry,
2898 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2903 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2905 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2906 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2907 for htlc in self.pending_outbound_htlcs.iter_mut() {
2908 if htlc.htlc_id == htlc_id {
2909 let outcome = match check_preimage {
2910 None => fail_reason.into(),
2911 Some(payment_preimage) => {
2912 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2913 if payment_hash != htlc.payment_hash {
2914 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2916 OutboundHTLCOutcome::Success(Some(payment_preimage))
2920 OutboundHTLCState::LocalAnnounced(_) =>
2921 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2922 OutboundHTLCState::Committed => {
2923 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2925 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2926 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2931 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2934 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2935 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2936 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2938 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2939 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2942 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2945 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2946 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2947 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2949 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2950 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2953 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2957 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2958 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2959 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2961 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2962 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2965 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2969 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<(msgs::RevokeAndACK, Option<msgs::CommitmentSigned>, ChannelMonitorUpdate), (Option<ChannelMonitorUpdate>, ChannelError)>
2970 where L::Target: Logger
2972 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2973 return Err((None, ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned())));
2975 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2976 return Err((None, ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned())));
2978 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.last_sent_closing_fee.is_some() {
2979 return Err((None, ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned())));
2982 let funding_script = self.get_funding_redeemscript();
2984 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number).map_err(|e| (None, e))?;
2986 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, false, logger);
2987 let commitment_txid = {
2988 let trusted_tx = commitment_stats.tx.trust();
2989 let bitcoin_tx = trusted_tx.built_transaction();
2990 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2992 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
2993 log_bytes!(msg.signature.serialize_compact()[..]),
2994 log_bytes!(self.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
2995 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.channel_id()));
2996 if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.counterparty_funding_pubkey()) {
2997 return Err((None, ChannelError::Close("Invalid commitment tx signature from peer".to_owned())));
3001 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
3003 // If our counterparty updated the channel fee in this commitment transaction, check that
3004 // they can actually afford the new fee now.
3005 let update_fee = if let Some((_, update_state)) = self.pending_update_fee {
3006 update_state == FeeUpdateState::RemoteAnnounced
3009 debug_assert!(!self.is_outbound());
3010 let counterparty_reserve_we_require_msat = self.holder_selected_channel_reserve_satoshis * 1000;
3011 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
3012 return Err((None, ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned())));
3015 #[cfg(any(test, fuzzing))]
3017 if self.is_outbound() {
3018 let projected_commit_tx_info = self.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
3019 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3020 if let Some(info) = projected_commit_tx_info {
3021 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len()
3022 + self.holding_cell_htlc_updates.len();
3023 if info.total_pending_htlcs == total_pending_htlcs
3024 && info.next_holder_htlc_id == self.next_holder_htlc_id
3025 && info.next_counterparty_htlc_id == self.next_counterparty_htlc_id
3026 && info.feerate == self.feerate_per_kw {
3027 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
3033 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
3034 return Err((None, ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs))));
3037 // TODO: Sadly, we pass HTLCs twice to ChannelMonitor: once via the HolderCommitmentTransaction and once via the update
3038 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
3039 for (idx, (htlc, source)) in htlcs_cloned.drain(..).enumerate() {
3040 if let Some(_) = htlc.transaction_output_index {
3041 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
3042 self.get_counterparty_selected_contest_delay().unwrap(), &htlc, self.opt_anchors(),
3043 false, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
3045 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys);
3046 let htlc_sighashtype = if self.opt_anchors() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
3047 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
3048 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
3049 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
3050 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.channel_id()));
3051 if let Err(_) = self.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
3052 return Err((None, ChannelError::Close("Invalid HTLC tx signature from peer".to_owned())));
3054 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source));
3056 htlcs_and_sigs.push((htlc, None, source));
3060 let holder_commitment_tx = HolderCommitmentTransaction::new(
3061 commitment_stats.tx,
3063 msg.htlc_signatures.clone(),
3064 &self.get_holder_pubkeys().funding_pubkey,
3065 self.counterparty_funding_pubkey()
3068 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number - 1, &self.secp_ctx);
3069 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
3070 .map_err(|_| (None, ChannelError::Close("Failed to validate our commitment".to_owned())))?;
3071 let per_commitment_secret = self.holder_signer.release_commitment_secret(self.cur_holder_commitment_transaction_number + 1);
3073 // Update state now that we've passed all the can-fail calls...
3074 let mut need_commitment = false;
3075 if let &mut Some((_, ref mut update_state)) = &mut self.pending_update_fee {
3076 if *update_state == FeeUpdateState::RemoteAnnounced {
3077 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
3078 need_commitment = true;
3082 self.latest_monitor_update_id += 1;
3083 let mut monitor_update = ChannelMonitorUpdate {
3084 update_id: self.latest_monitor_update_id,
3085 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3086 commitment_tx: holder_commitment_tx,
3087 htlc_outputs: htlcs_and_sigs
3091 for htlc in self.pending_inbound_htlcs.iter_mut() {
3092 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3093 Some(forward_info.clone())
3095 if let Some(forward_info) = new_forward {
3096 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3097 log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
3098 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3099 need_commitment = true;
3102 for htlc in self.pending_outbound_htlcs.iter_mut() {
3103 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3104 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3105 log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
3106 // Grab the preimage, if it exists, instead of cloning
3107 let mut reason = OutboundHTLCOutcome::Success(None);
3108 mem::swap(outcome, &mut reason);
3109 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3110 need_commitment = true;
3114 self.cur_holder_commitment_transaction_number -= 1;
3115 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3116 // send_commitment_no_status_check() next which will reset this to RAAFirst.
3117 self.resend_order = RAACommitmentOrder::CommitmentFirst;
3119 if (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3120 // In case we initially failed monitor updating without requiring a response, we need
3121 // to make sure the RAA gets sent first.
3122 self.monitor_pending_revoke_and_ack = true;
3123 if need_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3124 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3125 // the corresponding HTLC status updates so that get_last_commitment_update
3126 // includes the right HTLCs.
3127 self.monitor_pending_commitment_signed = true;
3128 let (_, mut additional_update) = self.send_commitment_no_status_check(logger).map_err(|e| (None, e))?;
3129 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3130 // strictly increasing by one, so decrement it here.
3131 self.latest_monitor_update_id = monitor_update.update_id;
3132 monitor_update.updates.append(&mut additional_update.updates);
3134 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3135 log_bytes!(self.channel_id));
3136 return Err((Some(monitor_update), ChannelError::Ignore("Previous monitor update failure prevented generation of RAA".to_owned())));
3139 let commitment_signed = if need_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3140 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3141 // we'll send one right away when we get the revoke_and_ack when we
3142 // free_holding_cell_htlcs().
3143 let (msg, mut additional_update) = self.send_commitment_no_status_check(logger).map_err(|e| (None, e))?;
3144 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3145 // strictly increasing by one, so decrement it here.
3146 self.latest_monitor_update_id = monitor_update.update_id;
3147 monitor_update.updates.append(&mut additional_update.updates);
3151 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3152 log_bytes!(self.channel_id()), if commitment_signed.is_some() { " our own commitment_signed and" } else { "" });
3154 Ok((msgs::RevokeAndACK {
3155 channel_id: self.channel_id,
3156 per_commitment_secret,
3157 next_per_commitment_point,
3158 }, commitment_signed, monitor_update))
3161 /// Public version of the below, checking relevant preconditions first.
3162 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3163 /// returns `(None, Vec::new())`.
3164 pub fn maybe_free_holding_cell_htlcs<L: Deref>(&mut self, logger: &L) -> Result<(Option<(msgs::CommitmentUpdate, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash)>), ChannelError> where L::Target: Logger {
3165 if self.channel_state >= ChannelState::ChannelReady as u32 &&
3166 (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3167 self.free_holding_cell_htlcs(logger)
3168 } else { Ok((None, Vec::new())) }
3171 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3172 /// for our counterparty.
3173 fn free_holding_cell_htlcs<L: Deref>(&mut self, logger: &L) -> Result<(Option<(msgs::CommitmentUpdate, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash)>), ChannelError> where L::Target: Logger {
3174 assert_eq!(self.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3175 if self.holding_cell_htlc_updates.len() != 0 || self.holding_cell_update_fee.is_some() {
3176 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.holding_cell_htlc_updates.len(),
3177 if self.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, log_bytes!(self.channel_id()));
3179 let mut monitor_update = ChannelMonitorUpdate {
3180 update_id: self.latest_monitor_update_id + 1, // We don't increment this yet!
3181 updates: Vec::new(),
3184 let mut htlc_updates = Vec::new();
3185 mem::swap(&mut htlc_updates, &mut self.holding_cell_htlc_updates);
3186 let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
3187 let mut update_fulfill_htlcs = Vec::with_capacity(htlc_updates.len());
3188 let mut update_fail_htlcs = Vec::with_capacity(htlc_updates.len());
3189 let mut htlcs_to_fail = Vec::new();
3190 for htlc_update in htlc_updates.drain(..) {
3191 // Note that this *can* fail, though it should be due to rather-rare conditions on
3192 // fee races with adding too many outputs which push our total payments just over
3193 // the limit. In case it's less rare than I anticipate, we may want to revisit
3194 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3195 // to rebalance channels.
3196 match &htlc_update {
3197 &HTLCUpdateAwaitingACK::AddHTLC {amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet, ..} => {
3198 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(), onion_routing_packet.clone(), false, logger) {
3199 Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()),
3202 ChannelError::Ignore(ref msg) => {
3203 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}",
3204 log_bytes!(payment_hash.0), msg, log_bytes!(self.channel_id()));
3205 // If we fail to send here, then this HTLC should
3206 // be failed backwards. Failing to send here
3207 // indicates that this HTLC may keep being put back
3208 // into the holding cell without ever being
3209 // successfully forwarded/failed/fulfilled, causing
3210 // our counterparty to eventually close on us.
3211 htlcs_to_fail.push((source.clone(), *payment_hash));
3214 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3220 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3221 // If an HTLC claim was previously added to the holding cell (via
3222 // `get_update_fulfill_htlc`, then generating the claim message itself must
3223 // not fail - any in between attempts to claim the HTLC will have resulted
3224 // in it hitting the holding cell again and we cannot change the state of a
3225 // holding cell HTLC from fulfill to anything else.
3226 let (update_fulfill_msg_option, mut additional_monitor_update) =
3227 if let UpdateFulfillFetch::NewClaim { msg, monitor_update, .. } = self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger) {
3228 (msg, monitor_update)
3229 } else { unreachable!() };
3230 update_fulfill_htlcs.push(update_fulfill_msg_option.unwrap());
3231 monitor_update.updates.append(&mut additional_monitor_update.updates);
3233 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3234 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3235 Ok(update_fail_msg_option) => {
3236 // If an HTLC failure was previously added to the holding cell (via
3237 // `queue_fail_htlc`) then generating the fail message itself must
3238 // not fail - we should never end up in a state where we double-fail
3239 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3240 // for a full revocation before failing.
3241 update_fail_htlcs.push(update_fail_msg_option.unwrap())
3244 if let ChannelError::Ignore(_) = e {}
3246 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3253 if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.holding_cell_update_fee.is_none() {
3254 return Ok((None, htlcs_to_fail));
3256 let update_fee = if let Some(feerate) = self.holding_cell_update_fee.take() {
3257 self.send_update_fee(feerate, false, logger)
3262 let (commitment_signed, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3263 // send_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3264 // but we want them to be strictly increasing by one, so reset it here.
3265 self.latest_monitor_update_id = monitor_update.update_id;
3266 monitor_update.updates.append(&mut additional_update.updates);
3268 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3269 log_bytes!(self.channel_id()), if update_fee.is_some() { "a fee update, " } else { "" },
3270 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len());
3272 Ok((Some((msgs::CommitmentUpdate {
3274 update_fulfill_htlcs,
3276 update_fail_malformed_htlcs: Vec::new(),
3279 }, monitor_update)), htlcs_to_fail))
3281 Ok((None, Vec::new()))
3285 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3286 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3287 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3288 /// generating an appropriate error *after* the channel state has been updated based on the
3289 /// revoke_and_ack message.
3290 pub fn revoke_and_ack<L: Deref>(&mut self, msg: &msgs::RevokeAndACK, logger: &L) -> Result<RAAUpdates, ChannelError>
3291 where L::Target: Logger,
3293 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3294 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3296 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3297 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3299 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.last_sent_closing_fee.is_some() {
3300 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3303 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3305 if let Some(counterparty_prev_commitment_point) = self.counterparty_prev_commitment_point {
3306 if PublicKey::from_secret_key(&self.secp_ctx, &secret) != counterparty_prev_commitment_point {
3307 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3311 if self.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3312 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3313 // haven't given them a new commitment transaction to broadcast). We should probably
3314 // take advantage of this by updating our channel monitor, sending them an error, and
3315 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3316 // lot of work, and there's some chance this is all a misunderstanding anyway.
3317 // We have to do *something*, though, since our signer may get mad at us for otherwise
3318 // jumping a remote commitment number, so best to just force-close and move on.
3319 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3322 #[cfg(any(test, fuzzing))]
3324 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3325 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3328 self.holder_signer.validate_counterparty_revocation(
3329 self.cur_counterparty_commitment_transaction_number + 1,
3331 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3333 self.commitment_secrets.provide_secret(self.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3334 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3335 self.latest_monitor_update_id += 1;
3336 let mut monitor_update = ChannelMonitorUpdate {
3337 update_id: self.latest_monitor_update_id,
3338 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3339 idx: self.cur_counterparty_commitment_transaction_number + 1,
3340 secret: msg.per_commitment_secret,
3344 // Update state now that we've passed all the can-fail calls...
3345 // (note that we may still fail to generate the new commitment_signed message, but that's
3346 // OK, we step the channel here and *then* if the new generation fails we can fail the
3347 // channel based on that, but stepping stuff here should be safe either way.
3348 self.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3349 self.counterparty_prev_commitment_point = self.counterparty_cur_commitment_point;
3350 self.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3351 self.cur_counterparty_commitment_transaction_number -= 1;
3353 if self.announcement_sigs_state == AnnouncementSigsState::Committed {
3354 self.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3357 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", log_bytes!(self.channel_id()));
3358 let mut to_forward_infos = Vec::new();
3359 let mut revoked_htlcs = Vec::new();
3360 let mut finalized_claimed_htlcs = Vec::new();
3361 let mut update_fail_htlcs = Vec::new();
3362 let mut update_fail_malformed_htlcs = Vec::new();
3363 let mut require_commitment = false;
3364 let mut value_to_self_msat_diff: i64 = 0;
3367 // Take references explicitly so that we can hold multiple references to self.
3368 let pending_inbound_htlcs: &mut Vec<_> = &mut self.pending_inbound_htlcs;
3369 let pending_outbound_htlcs: &mut Vec<_> = &mut self.pending_outbound_htlcs;
3371 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3372 pending_inbound_htlcs.retain(|htlc| {
3373 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3374 log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0));
3375 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3376 value_to_self_msat_diff += htlc.amount_msat as i64;
3381 pending_outbound_htlcs.retain(|htlc| {
3382 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3383 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
3384 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3385 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3387 finalized_claimed_htlcs.push(htlc.source.clone());
3388 // They fulfilled, so we sent them money
3389 value_to_self_msat_diff -= htlc.amount_msat as i64;
3394 for htlc in pending_inbound_htlcs.iter_mut() {
3395 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3397 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3401 let mut state = InboundHTLCState::Committed;
3402 mem::swap(&mut state, &mut htlc.state);
3404 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3405 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3406 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3407 require_commitment = true;
3408 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3409 match forward_info {
3410 PendingHTLCStatus::Fail(fail_msg) => {
3411 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", log_bytes!(htlc.payment_hash.0));
3412 require_commitment = true;
3414 HTLCFailureMsg::Relay(msg) => {
3415 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3416 update_fail_htlcs.push(msg)
3418 HTLCFailureMsg::Malformed(msg) => {
3419 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3420 update_fail_malformed_htlcs.push(msg)
3424 PendingHTLCStatus::Forward(forward_info) => {
3425 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0));
3426 to_forward_infos.push((forward_info, htlc.htlc_id));
3427 htlc.state = InboundHTLCState::Committed;
3433 for htlc in pending_outbound_htlcs.iter_mut() {
3434 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3435 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
3436 htlc.state = OutboundHTLCState::Committed;
3438 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3439 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3440 // Grab the preimage, if it exists, instead of cloning
3441 let mut reason = OutboundHTLCOutcome::Success(None);
3442 mem::swap(outcome, &mut reason);
3443 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3444 require_commitment = true;
3448 self.value_to_self_msat = (self.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3450 if let Some((feerate, update_state)) = self.pending_update_fee {
3451 match update_state {
3452 FeeUpdateState::Outbound => {
3453 debug_assert!(self.is_outbound());
3454 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3455 self.feerate_per_kw = feerate;
3456 self.pending_update_fee = None;
3458 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); },
3459 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3460 debug_assert!(!self.is_outbound());
3461 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3462 require_commitment = true;
3463 self.feerate_per_kw = feerate;
3464 self.pending_update_fee = None;
3469 if (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3470 // We can't actually generate a new commitment transaction (incl by freeing holding
3471 // cells) while we can't update the monitor, so we just return what we have.
3472 if require_commitment {
3473 self.monitor_pending_commitment_signed = true;
3474 // When the monitor updating is restored we'll call get_last_commitment_update(),
3475 // which does not update state, but we're definitely now awaiting a remote revoke
3476 // before we can step forward any more, so set it here.
3477 let (_, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3478 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3479 // strictly increasing by one, so decrement it here.
3480 self.latest_monitor_update_id = monitor_update.update_id;
3481 monitor_update.updates.append(&mut additional_update.updates);
3483 self.monitor_pending_forwards.append(&mut to_forward_infos);
3484 self.monitor_pending_failures.append(&mut revoked_htlcs);
3485 self.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3486 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", log_bytes!(self.channel_id()));
3487 return Ok(RAAUpdates {
3488 commitment_update: None, finalized_claimed_htlcs: Vec::new(),
3489 accepted_htlcs: Vec::new(), failed_htlcs: Vec::new(),
3491 holding_cell_failed_htlcs: Vec::new()
3495 match self.free_holding_cell_htlcs(logger)? {
3496 (Some((mut commitment_update, mut additional_update)), htlcs_to_fail) => {
3497 commitment_update.update_fail_htlcs.reserve(update_fail_htlcs.len());
3498 for fail_msg in update_fail_htlcs.drain(..) {
3499 commitment_update.update_fail_htlcs.push(fail_msg);
3501 commitment_update.update_fail_malformed_htlcs.reserve(update_fail_malformed_htlcs.len());
3502 for fail_msg in update_fail_malformed_htlcs.drain(..) {
3503 commitment_update.update_fail_malformed_htlcs.push(fail_msg);
3506 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3507 // strictly increasing by one, so decrement it here.
3508 self.latest_monitor_update_id = monitor_update.update_id;
3509 monitor_update.updates.append(&mut additional_update.updates);
3512 commitment_update: Some(commitment_update),
3513 finalized_claimed_htlcs,
3514 accepted_htlcs: to_forward_infos,
3515 failed_htlcs: revoked_htlcs,
3517 holding_cell_failed_htlcs: htlcs_to_fail
3520 (None, htlcs_to_fail) => {
3521 if require_commitment {
3522 let (commitment_signed, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3524 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3525 // strictly increasing by one, so decrement it here.
3526 self.latest_monitor_update_id = monitor_update.update_id;
3527 monitor_update.updates.append(&mut additional_update.updates);
3529 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed.",
3530 log_bytes!(self.channel_id()), update_fail_htlcs.len() + update_fail_malformed_htlcs.len());
3532 commitment_update: Some(msgs::CommitmentUpdate {
3533 update_add_htlcs: Vec::new(),
3534 update_fulfill_htlcs: Vec::new(),
3536 update_fail_malformed_htlcs,
3540 finalized_claimed_htlcs,
3541 accepted_htlcs: to_forward_infos, failed_htlcs: revoked_htlcs,
3542 monitor_update, holding_cell_failed_htlcs: htlcs_to_fail
3545 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary.", log_bytes!(self.channel_id()));
3547 commitment_update: None,
3548 finalized_claimed_htlcs,
3549 accepted_htlcs: to_forward_infos, failed_htlcs: revoked_htlcs,
3550 monitor_update, holding_cell_failed_htlcs: htlcs_to_fail
3557 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3558 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3559 /// commitment update.
3560 pub fn queue_update_fee<L: Deref>(&mut self, feerate_per_kw: u32, logger: &L) where L::Target: Logger {
3561 let msg_opt = self.send_update_fee(feerate_per_kw, true, logger);
3562 assert!(msg_opt.is_none(), "We forced holding cell?");
3565 /// Adds a pending update to this channel. See the doc for send_htlc for
3566 /// further details on the optionness of the return value.
3567 /// If our balance is too low to cover the cost of the next commitment transaction at the
3568 /// new feerate, the update is cancelled.
3570 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3571 /// [`Channel`] if `force_holding_cell` is false.
3572 fn send_update_fee<L: Deref>(&mut self, feerate_per_kw: u32, mut force_holding_cell: bool, logger: &L) -> Option<msgs::UpdateFee> where L::Target: Logger {
3573 if !self.is_outbound() {
3574 panic!("Cannot send fee from inbound channel");
3576 if !self.is_usable() {
3577 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3579 if !self.is_live() {
3580 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3583 // Before proposing a feerate update, check that we can actually afford the new fee.
3584 let inbound_stats = self.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3585 let outbound_stats = self.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3586 let keys = if let Ok(keys) = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number) { keys } else { return None; };
3587 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3588 let buffer_fee_msat = Channel::<Signer>::commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.opt_anchors()) * 1000;
3589 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3590 if holder_balance_msat < buffer_fee_msat + self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3591 //TODO: auto-close after a number of failures?
3592 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3596 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3597 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3598 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3599 if holder_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3600 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3603 if counterparty_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3604 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3608 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3609 force_holding_cell = true;
3612 if force_holding_cell {
3613 self.holding_cell_update_fee = Some(feerate_per_kw);
3617 debug_assert!(self.pending_update_fee.is_none());
3618 self.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3620 Some(msgs::UpdateFee {
3621 channel_id: self.channel_id,
3626 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3627 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3629 /// No further message handling calls may be made until a channel_reestablish dance has
3631 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) where L::Target: Logger {
3632 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
3633 if self.channel_state < ChannelState::FundingSent as u32 {
3634 self.channel_state = ChannelState::ShutdownComplete as u32;
3638 if self.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3639 // While the below code should be idempotent, it's simpler to just return early, as
3640 // redundant disconnect events can fire, though they should be rare.
3644 if self.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.announcement_sigs_state == AnnouncementSigsState::Committed {
3645 self.announcement_sigs_state = AnnouncementSigsState::NotSent;
3648 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3649 // will be retransmitted.
3650 self.last_sent_closing_fee = None;
3651 self.pending_counterparty_closing_signed = None;
3652 self.closing_fee_limits = None;
3654 let mut inbound_drop_count = 0;
3655 self.pending_inbound_htlcs.retain(|htlc| {
3657 InboundHTLCState::RemoteAnnounced(_) => {
3658 // They sent us an update_add_htlc but we never got the commitment_signed.
3659 // We'll tell them what commitment_signed we're expecting next and they'll drop
3660 // this HTLC accordingly
3661 inbound_drop_count += 1;
3664 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3665 // We received a commitment_signed updating this HTLC and (at least hopefully)
3666 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3667 // in response to it yet, so don't touch it.
3670 InboundHTLCState::Committed => true,
3671 InboundHTLCState::LocalRemoved(_) => {
3672 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3673 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3674 // (that we missed). Keep this around for now and if they tell us they missed
3675 // the commitment_signed we can re-transmit the update then.
3680 self.next_counterparty_htlc_id -= inbound_drop_count;
3682 if let Some((_, update_state)) = self.pending_update_fee {
3683 if update_state == FeeUpdateState::RemoteAnnounced {
3684 debug_assert!(!self.is_outbound());
3685 self.pending_update_fee = None;
3689 for htlc in self.pending_outbound_htlcs.iter_mut() {
3690 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3691 // They sent us an update to remove this but haven't yet sent the corresponding
3692 // commitment_signed, we need to move it back to Committed and they can re-send
3693 // the update upon reconnection.
3694 htlc.state = OutboundHTLCState::Committed;
3698 self.channel_state |= ChannelState::PeerDisconnected as u32;
3699 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, log_bytes!(self.channel_id()));
3702 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3703 /// This must be called immediately after the [`chain::Watch`] call which returned
3704 /// [`ChannelMonitorUpdateStatus::InProgress`].
3705 /// The messages which were generated with the monitor update must *not* have been sent to the
3706 /// remote end, and must instead have been dropped. They will be regenerated when
3707 /// [`Self::monitor_updating_restored`] is called.
3709 /// [`chain::Watch`]: crate::chain::Watch
3710 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3711 pub fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3712 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3713 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3714 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3716 self.monitor_pending_revoke_and_ack |= resend_raa;
3717 self.monitor_pending_commitment_signed |= resend_commitment;
3718 self.monitor_pending_channel_ready |= resend_channel_ready;
3719 self.monitor_pending_forwards.append(&mut pending_forwards);
3720 self.monitor_pending_failures.append(&mut pending_fails);
3721 self.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3722 self.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3725 /// Indicates that the latest ChannelMonitor update has been committed by the client
3726 /// successfully and we should restore normal operation. Returns messages which should be sent
3727 /// to the remote side.
3728 pub fn monitor_updating_restored<L: Deref>(&mut self, logger: &L, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block_height: u32) -> MonitorRestoreUpdates where L::Target: Logger {
3729 assert_eq!(self.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3730 self.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3732 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3733 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3734 // first received the funding_signed.
3735 let mut funding_broadcastable =
3736 if self.is_outbound() && self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 {
3737 self.funding_transaction.take()
3739 // That said, if the funding transaction is already confirmed (ie we're active with a
3740 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3741 if self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.minimum_depth != Some(0) {
3742 funding_broadcastable = None;
3745 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3746 // (and we assume the user never directly broadcasts the funding transaction and waits for
3747 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3748 // * an inbound channel that failed to persist the monitor on funding_created and we got
3749 // the funding transaction confirmed before the monitor was persisted, or
3750 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3751 let channel_ready = if self.monitor_pending_channel_ready {
3752 assert!(!self.is_outbound() || self.minimum_depth == Some(0),
3753 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3754 self.monitor_pending_channel_ready = false;
3755 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
3756 Some(msgs::ChannelReady {
3757 channel_id: self.channel_id(),
3758 next_per_commitment_point,
3759 short_channel_id_alias: Some(self.outbound_scid_alias),
3763 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, best_block_height, logger);
3765 let mut accepted_htlcs = Vec::new();
3766 mem::swap(&mut accepted_htlcs, &mut self.monitor_pending_forwards);
3767 let mut failed_htlcs = Vec::new();
3768 mem::swap(&mut failed_htlcs, &mut self.monitor_pending_failures);
3769 let mut finalized_claimed_htlcs = Vec::new();
3770 mem::swap(&mut finalized_claimed_htlcs, &mut self.monitor_pending_finalized_fulfills);
3772 if self.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3773 self.monitor_pending_revoke_and_ack = false;
3774 self.monitor_pending_commitment_signed = false;
3775 return MonitorRestoreUpdates {
3776 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3777 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3781 let raa = if self.monitor_pending_revoke_and_ack {
3782 Some(self.get_last_revoke_and_ack())
3784 let commitment_update = if self.monitor_pending_commitment_signed {
3785 Some(self.get_last_commitment_update(logger))
3788 self.monitor_pending_revoke_and_ack = false;
3789 self.monitor_pending_commitment_signed = false;
3790 let order = self.resend_order.clone();
3791 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3792 log_bytes!(self.channel_id()), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3793 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3794 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3795 MonitorRestoreUpdates {
3796 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3800 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3801 where F::Target: FeeEstimator, L::Target: Logger
3803 if self.is_outbound() {
3804 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3806 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3807 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3809 Channel::<Signer>::check_remote_fee(fee_estimator, msg.feerate_per_kw, Some(self.feerate_per_kw), logger)?;
3810 let feerate_over_dust_buffer = msg.feerate_per_kw > self.get_dust_buffer_feerate(None);
3812 self.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3813 self.update_time_counter += 1;
3814 // If the feerate has increased over the previous dust buffer (note that
3815 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3816 // won't be pushed over our dust exposure limit by the feerate increase.
3817 if feerate_over_dust_buffer {
3818 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
3819 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
3820 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3821 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3822 if holder_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3823 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3824 msg.feerate_per_kw, holder_tx_dust_exposure)));
3826 if counterparty_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3827 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3828 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3834 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3835 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
3836 let per_commitment_secret = self.holder_signer.release_commitment_secret(self.cur_holder_commitment_transaction_number + 2);
3837 msgs::RevokeAndACK {
3838 channel_id: self.channel_id,
3839 per_commitment_secret,
3840 next_per_commitment_point,
3844 fn get_last_commitment_update<L: Deref>(&self, logger: &L) -> msgs::CommitmentUpdate where L::Target: Logger {
3845 let mut update_add_htlcs = Vec::new();
3846 let mut update_fulfill_htlcs = Vec::new();
3847 let mut update_fail_htlcs = Vec::new();
3848 let mut update_fail_malformed_htlcs = Vec::new();
3850 for htlc in self.pending_outbound_htlcs.iter() {
3851 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3852 update_add_htlcs.push(msgs::UpdateAddHTLC {
3853 channel_id: self.channel_id(),
3854 htlc_id: htlc.htlc_id,
3855 amount_msat: htlc.amount_msat,
3856 payment_hash: htlc.payment_hash,
3857 cltv_expiry: htlc.cltv_expiry,
3858 onion_routing_packet: (**onion_packet).clone(),
3863 for htlc in self.pending_inbound_htlcs.iter() {
3864 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3866 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3867 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3868 channel_id: self.channel_id(),
3869 htlc_id: htlc.htlc_id,
3870 reason: err_packet.clone()
3873 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3874 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3875 channel_id: self.channel_id(),
3876 htlc_id: htlc.htlc_id,
3877 sha256_of_onion: sha256_of_onion.clone(),
3878 failure_code: failure_code.clone(),
3881 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
3882 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
3883 channel_id: self.channel_id(),
3884 htlc_id: htlc.htlc_id,
3885 payment_preimage: payment_preimage.clone(),
3892 let update_fee = if self.is_outbound() && self.pending_update_fee.is_some() {
3893 Some(msgs::UpdateFee {
3894 channel_id: self.channel_id(),
3895 feerate_per_kw: self.pending_update_fee.unwrap().0,
3899 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
3900 log_bytes!(self.channel_id()), if update_fee.is_some() { " update_fee," } else { "" },
3901 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
3902 msgs::CommitmentUpdate {
3903 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
3904 commitment_signed: self.send_commitment_no_state_update(logger).expect("It looks like we failed to re-generate a commitment_signed we had previously sent?").0,
3908 /// May panic if some calls other than message-handling calls (which will all Err immediately)
3909 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
3911 /// Some links printed in log lines are included here to check them during build (when run with
3912 /// `cargo doc --document-private-items`):
3913 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
3914 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
3915 pub fn channel_reestablish<L: Deref>(&mut self, msg: &msgs::ChannelReestablish, logger: &L,
3916 node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock)
3917 -> Result<ReestablishResponses, ChannelError> where L::Target: Logger {
3918 if self.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
3919 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
3920 // almost certainly indicates we are going to end up out-of-sync in some way, so we
3921 // just close here instead of trying to recover.
3922 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
3925 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
3926 msg.next_local_commitment_number == 0 {
3927 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish".to_owned()));
3930 if msg.next_remote_commitment_number > 0 {
3931 match msg.data_loss_protect {
3932 OptionalField::Present(ref data_loss) => {
3933 let expected_point = self.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.secp_ctx);
3934 let given_secret = SecretKey::from_slice(&data_loss.your_last_per_commitment_secret)
3935 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
3936 if expected_point != PublicKey::from_secret_key(&self.secp_ctx, &given_secret) {
3937 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
3939 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number {
3940 macro_rules! log_and_panic {
3941 ($err_msg: expr) => {
3942 log_error!(logger, $err_msg, log_bytes!(self.channel_id), log_pubkey!(self.counterparty_node_id));
3943 panic!($err_msg, log_bytes!(self.channel_id), log_pubkey!(self.counterparty_node_id));
3946 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
3947 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
3948 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
3949 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
3950 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
3951 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
3952 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
3953 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
3956 OptionalField::Absent => {}
3960 // Before we change the state of the channel, we check if the peer is sending a very old
3961 // commitment transaction number, if yes we send a warning message.
3962 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number - 1;
3963 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
3965 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
3969 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
3970 // remaining cases either succeed or ErrorMessage-fail).
3971 self.channel_state &= !(ChannelState::PeerDisconnected as u32);
3973 let shutdown_msg = if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
3974 assert!(self.shutdown_scriptpubkey.is_some());
3975 Some(msgs::Shutdown {
3976 channel_id: self.channel_id,
3977 scriptpubkey: self.get_closing_scriptpubkey(),
3981 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger);
3983 if self.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
3984 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
3985 if self.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
3986 self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3987 if msg.next_remote_commitment_number != 0 {
3988 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
3990 // Short circuit the whole handler as there is nothing we can resend them
3991 return Ok(ReestablishResponses {
3992 channel_ready: None,
3993 raa: None, commitment_update: None,
3994 order: RAACommitmentOrder::CommitmentFirst,
3995 shutdown_msg, announcement_sigs,
3999 // We have OurChannelReady set!
4000 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
4001 return Ok(ReestablishResponses {
4002 channel_ready: Some(msgs::ChannelReady {
4003 channel_id: self.channel_id(),
4004 next_per_commitment_point,
4005 short_channel_id_alias: Some(self.outbound_scid_alias),
4007 raa: None, commitment_update: None,
4008 order: RAACommitmentOrder::CommitmentFirst,
4009 shutdown_msg, announcement_sigs,
4013 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number {
4014 // Remote isn't waiting on any RevokeAndACK from us!
4015 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
4017 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.cur_holder_commitment_transaction_number {
4018 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4019 self.monitor_pending_revoke_and_ack = true;
4022 Some(self.get_last_revoke_and_ack())
4025 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
4028 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
4029 // revoke_and_ack, not on sending commitment_signed, so we add one if have
4030 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
4031 // the corresponding revoke_and_ack back yet.
4032 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.cur_counterparty_commitment_transaction_number + if (self.channel_state & ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 };
4034 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number == 1 {
4035 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
4036 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
4037 Some(msgs::ChannelReady {
4038 channel_id: self.channel_id(),
4039 next_per_commitment_point,
4040 short_channel_id_alias: Some(self.outbound_scid_alias),
4044 if msg.next_local_commitment_number == next_counterparty_commitment_number {
4045 if required_revoke.is_some() {
4046 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.channel_id()));
4048 log_debug!(logger, "Reconnected channel {} with no loss", log_bytes!(self.channel_id()));
4051 Ok(ReestablishResponses {
4052 channel_ready, shutdown_msg, announcement_sigs,
4053 raa: required_revoke,
4054 commitment_update: None,
4055 order: self.resend_order.clone(),
4057 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
4058 if required_revoke.is_some() {
4059 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", log_bytes!(self.channel_id()));
4061 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.channel_id()));
4064 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4065 self.monitor_pending_commitment_signed = true;
4066 Ok(ReestablishResponses {
4067 channel_ready, shutdown_msg, announcement_sigs,
4068 commitment_update: None, raa: None,
4069 order: self.resend_order.clone(),
4072 Ok(ReestablishResponses {
4073 channel_ready, shutdown_msg, announcement_sigs,
4074 raa: required_revoke,
4075 commitment_update: Some(self.get_last_commitment_update(logger)),
4076 order: self.resend_order.clone(),
4080 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4084 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4085 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4086 /// at which point they will be recalculated.
4087 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4089 where F::Target: FeeEstimator
4091 if let Some((min, max)) = self.closing_fee_limits { return (min, max); }
4093 // Propose a range from our current Background feerate to our Normal feerate plus our
4094 // force_close_avoidance_max_fee_satoshis.
4095 // If we fail to come to consensus, we'll have to force-close.
4096 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
4097 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
4098 let mut proposed_max_feerate = if self.is_outbound() { normal_feerate } else { u32::max_value() };
4100 // The spec requires that (when the channel does not have anchors) we only send absolute
4101 // channel fees no greater than the absolute channel fee on the current commitment
4102 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4103 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4104 // some force-closure by old nodes, but we wanted to close the channel anyway.
4106 if let Some(target_feerate) = self.target_closing_feerate_sats_per_kw {
4107 let min_feerate = if self.is_outbound() { target_feerate } else { cmp::min(self.feerate_per_kw, target_feerate) };
4108 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4109 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4112 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4113 // below our dust limit, causing the output to disappear. We don't bother handling this
4114 // case, however, as this should only happen if a channel is closed before any (material)
4115 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4116 // come to consensus with our counterparty on appropriate fees, however it should be a
4117 // relatively rare case. We can revisit this later, though note that in order to determine
4118 // if the funders' output is dust we have to know the absolute fee we're going to use.
4119 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4120 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4121 let proposed_max_total_fee_satoshis = if self.is_outbound() {
4122 // We always add force_close_avoidance_max_fee_satoshis to our normal
4123 // feerate-calculated fee, but allow the max to be overridden if we're using a
4124 // target feerate-calculated fee.
4125 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.config.options.force_close_avoidance_max_fee_satoshis,
4126 proposed_max_feerate as u64 * tx_weight / 1000)
4128 self.channel_value_satoshis - (self.value_to_self_msat + 999) / 1000
4131 self.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4132 self.closing_fee_limits.clone().unwrap()
4135 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4136 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4137 /// this point if we're the funder we should send the initial closing_signed, and in any case
4138 /// shutdown should complete within a reasonable timeframe.
4139 fn closing_negotiation_ready(&self) -> bool {
4140 self.pending_inbound_htlcs.is_empty() && self.pending_outbound_htlcs.is_empty() &&
4141 self.channel_state &
4142 (BOTH_SIDES_SHUTDOWN_MASK | ChannelState::AwaitingRemoteRevoke as u32 |
4143 ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4144 == BOTH_SIDES_SHUTDOWN_MASK &&
4145 self.pending_update_fee.is_none()
4148 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4149 /// an Err if no progress is being made and the channel should be force-closed instead.
4150 /// Should be called on a one-minute timer.
4151 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4152 if self.closing_negotiation_ready() {
4153 if self.closing_signed_in_flight {
4154 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4156 self.closing_signed_in_flight = true;
4162 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4163 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4164 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4165 where F::Target: FeeEstimator, L::Target: Logger
4167 if self.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4168 return Ok((None, None));
4171 if !self.is_outbound() {
4172 if let Some(msg) = &self.pending_counterparty_closing_signed.take() {
4173 return self.closing_signed(fee_estimator, &msg);
4175 return Ok((None, None));
4178 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4180 assert!(self.shutdown_scriptpubkey.is_some());
4181 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4182 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4183 our_min_fee, our_max_fee, total_fee_satoshis);
4185 let sig = self.holder_signer
4186 .sign_closing_transaction(&closing_tx, &self.secp_ctx)
4187 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4189 self.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4190 Ok((Some(msgs::ClosingSigned {
4191 channel_id: self.channel_id,
4192 fee_satoshis: total_fee_satoshis,
4194 fee_range: Some(msgs::ClosingSignedFeeRange {
4195 min_fee_satoshis: our_min_fee,
4196 max_fee_satoshis: our_max_fee,
4201 pub fn shutdown<K: Deref>(
4202 &mut self, keys_provider: &K, their_features: &InitFeatures, msg: &msgs::Shutdown
4203 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4204 where K::Target: KeysInterface
4206 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4207 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4209 if self.channel_state < ChannelState::FundingSent as u32 {
4210 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4211 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4212 // can do that via error message without getting a connection fail anyway...
4213 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4215 for htlc in self.pending_inbound_htlcs.iter() {
4216 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4217 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4220 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
4222 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4223 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4226 if self.counterparty_shutdown_scriptpubkey.is_some() {
4227 if Some(&msg.scriptpubkey) != self.counterparty_shutdown_scriptpubkey.as_ref() {
4228 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4231 self.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4234 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4235 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4236 // any further commitment updates after we set LocalShutdownSent.
4237 let send_shutdown = (self.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4239 let update_shutdown_script = match self.shutdown_scriptpubkey {
4242 assert!(send_shutdown);
4243 let shutdown_scriptpubkey = keys_provider.get_shutdown_scriptpubkey();
4244 if !shutdown_scriptpubkey.is_compatible(their_features) {
4245 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4247 self.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4252 // From here on out, we may not fail!
4254 self.channel_state |= ChannelState::RemoteShutdownSent as u32;
4255 self.update_time_counter += 1;
4257 let monitor_update = if update_shutdown_script {
4258 self.latest_monitor_update_id += 1;
4259 Some(ChannelMonitorUpdate {
4260 update_id: self.latest_monitor_update_id,
4261 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4262 scriptpubkey: self.get_closing_scriptpubkey(),
4266 let shutdown = if send_shutdown {
4267 Some(msgs::Shutdown {
4268 channel_id: self.channel_id,
4269 scriptpubkey: self.get_closing_scriptpubkey(),
4273 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4274 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4275 // cell HTLCs and return them to fail the payment.
4276 self.holding_cell_update_fee = None;
4277 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
4278 self.holding_cell_htlc_updates.retain(|htlc_update| {
4280 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4281 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4288 self.channel_state |= ChannelState::LocalShutdownSent as u32;
4289 self.update_time_counter += 1;
4291 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4294 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4295 let mut tx = closing_tx.trust().built_transaction().clone();
4297 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4299 let funding_key = self.get_holder_pubkeys().funding_pubkey.serialize();
4300 let counterparty_funding_key = self.counterparty_funding_pubkey().serialize();
4301 let mut holder_sig = sig.serialize_der().to_vec();
4302 holder_sig.push(EcdsaSighashType::All as u8);
4303 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4304 cp_sig.push(EcdsaSighashType::All as u8);
4305 if funding_key[..] < counterparty_funding_key[..] {
4306 tx.input[0].witness.push(holder_sig);
4307 tx.input[0].witness.push(cp_sig);
4309 tx.input[0].witness.push(cp_sig);
4310 tx.input[0].witness.push(holder_sig);
4313 tx.input[0].witness.push(self.get_funding_redeemscript().into_bytes());
4317 pub fn closing_signed<F: Deref>(
4318 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4319 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4320 where F::Target: FeeEstimator
4322 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4323 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4325 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4326 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4328 if !self.pending_inbound_htlcs.is_empty() || !self.pending_outbound_htlcs.is_empty() {
4329 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4331 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4332 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4335 if self.is_outbound() && self.last_sent_closing_fee.is_none() {
4336 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4339 if self.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4340 self.pending_counterparty_closing_signed = Some(msg.clone());
4341 return Ok((None, None));
4344 let funding_redeemscript = self.get_funding_redeemscript();
4345 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4346 if used_total_fee != msg.fee_satoshis {
4347 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4349 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis);
4351 match self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) {
4354 // The remote end may have decided to revoke their output due to inconsistent dust
4355 // limits, so check for that case by re-checking the signature here.
4356 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4357 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis);
4358 secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4362 for outp in closing_tx.trust().built_transaction().output.iter() {
4363 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4364 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4368 assert!(self.shutdown_scriptpubkey.is_some());
4369 if let Some((last_fee, sig)) = self.last_sent_closing_fee {
4370 if last_fee == msg.fee_satoshis {
4371 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4372 self.channel_state = ChannelState::ShutdownComplete as u32;
4373 self.update_time_counter += 1;
4374 return Ok((None, Some(tx)));
4378 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4380 macro_rules! propose_fee {
4381 ($new_fee: expr) => {
4382 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4383 (closing_tx, $new_fee)
4385 self.build_closing_transaction($new_fee, false)
4388 let sig = self.holder_signer
4389 .sign_closing_transaction(&closing_tx, &self.secp_ctx)
4390 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4392 let signed_tx = if $new_fee == msg.fee_satoshis {
4393 self.channel_state = ChannelState::ShutdownComplete as u32;
4394 self.update_time_counter += 1;
4395 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4399 self.last_sent_closing_fee = Some((used_fee, sig.clone()));
4400 return Ok((Some(msgs::ClosingSigned {
4401 channel_id: self.channel_id,
4402 fee_satoshis: used_fee,
4404 fee_range: Some(msgs::ClosingSignedFeeRange {
4405 min_fee_satoshis: our_min_fee,
4406 max_fee_satoshis: our_max_fee,
4412 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4413 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4414 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4416 if max_fee_satoshis < our_min_fee {
4417 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4419 if min_fee_satoshis > our_max_fee {
4420 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4423 if !self.is_outbound() {
4424 // They have to pay, so pick the highest fee in the overlapping range.
4425 // We should never set an upper bound aside from their full balance
4426 debug_assert_eq!(our_max_fee, self.channel_value_satoshis - (self.value_to_self_msat + 999) / 1000);
4427 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4429 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4430 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4431 msg.fee_satoshis, our_min_fee, our_max_fee)));
4433 // The proposed fee is in our acceptable range, accept it and broadcast!
4434 propose_fee!(msg.fee_satoshis);
4437 // Old fee style negotiation. We don't bother to enforce whether they are complying
4438 // with the "making progress" requirements, we just comply and hope for the best.
4439 if let Some((last_fee, _)) = self.last_sent_closing_fee {
4440 if msg.fee_satoshis > last_fee {
4441 if msg.fee_satoshis < our_max_fee {
4442 propose_fee!(msg.fee_satoshis);
4443 } else if last_fee < our_max_fee {
4444 propose_fee!(our_max_fee);
4446 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4449 if msg.fee_satoshis > our_min_fee {
4450 propose_fee!(msg.fee_satoshis);
4451 } else if last_fee > our_min_fee {
4452 propose_fee!(our_min_fee);
4454 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4458 if msg.fee_satoshis < our_min_fee {
4459 propose_fee!(our_min_fee);
4460 } else if msg.fee_satoshis > our_max_fee {
4461 propose_fee!(our_max_fee);
4463 propose_fee!(msg.fee_satoshis);
4469 // Public utilities:
4471 pub fn channel_id(&self) -> [u8; 32] {
4475 pub fn minimum_depth(&self) -> Option<u32> {
4479 /// Gets the "user_id" value passed into the construction of this channel. It has no special
4480 /// meaning and exists only to allow users to have a persistent identifier of a channel.
4481 pub fn get_user_id(&self) -> u128 {
4485 /// Gets the channel's type
4486 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
4490 /// Guaranteed to be Some after both ChannelReady messages have been exchanged (and, thus,
4491 /// is_usable() returns true).
4492 /// Allowed in any state (including after shutdown)
4493 pub fn get_short_channel_id(&self) -> Option<u64> {
4494 self.short_channel_id
4497 /// Allowed in any state (including after shutdown)
4498 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
4499 self.latest_inbound_scid_alias
4502 /// Allowed in any state (including after shutdown)
4503 pub fn outbound_scid_alias(&self) -> u64 {
4504 self.outbound_scid_alias
4506 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
4507 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases.
4508 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
4509 assert_eq!(self.outbound_scid_alias, 0);
4510 self.outbound_scid_alias = outbound_scid_alias;
4513 /// Returns the funding_txo we either got from our peer, or were given by
4514 /// get_outbound_funding_created.
4515 pub fn get_funding_txo(&self) -> Option<OutPoint> {
4516 self.channel_transaction_parameters.funding_outpoint
4519 /// Returns the block hash in which our funding transaction was confirmed.
4520 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
4521 self.funding_tx_confirmed_in
4524 /// Returns the current number of confirmations on the funding transaction.
4525 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
4526 if self.funding_tx_confirmation_height == 0 {
4527 // We either haven't seen any confirmation yet, or observed a reorg.
4531 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
4534 fn get_holder_selected_contest_delay(&self) -> u16 {
4535 self.channel_transaction_parameters.holder_selected_contest_delay
4538 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
4539 &self.channel_transaction_parameters.holder_pubkeys
4542 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
4543 self.channel_transaction_parameters.counterparty_parameters
4544 .as_ref().map(|params| params.selected_contest_delay)
4547 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
4548 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
4551 /// Allowed in any state (including after shutdown)
4552 pub fn get_counterparty_node_id(&self) -> PublicKey {
4553 self.counterparty_node_id
4556 /// Allowed in any state (including after shutdown)
4557 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
4558 self.holder_htlc_minimum_msat
4561 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
4562 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
4563 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
4566 /// Allowed in any state (including after shutdown)
4567 pub fn get_announced_htlc_max_msat(&self) -> u64 {
4569 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
4570 // to use full capacity. This is an effort to reduce routing failures, because in many cases
4571 // channel might have been used to route very small values (either by honest users or as DoS).
4572 self.channel_value_satoshis * 1000 * 9 / 10,
4574 self.counterparty_max_htlc_value_in_flight_msat
4578 /// Allowed in any state (including after shutdown)
4579 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
4580 self.counterparty_htlc_minimum_msat
4583 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
4584 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
4585 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
4588 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
4589 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
4590 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
4592 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
4593 party_max_htlc_value_in_flight_msat
4598 pub fn get_value_satoshis(&self) -> u64 {
4599 self.channel_value_satoshis
4602 pub fn get_fee_proportional_millionths(&self) -> u32 {
4603 self.config.options.forwarding_fee_proportional_millionths
4606 pub fn get_cltv_expiry_delta(&self) -> u16 {
4607 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
4610 pub fn get_max_dust_htlc_exposure_msat(&self) -> u64 {
4611 self.config.options.max_dust_htlc_exposure_msat
4614 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
4615 pub fn prev_config(&self) -> Option<ChannelConfig> {
4616 self.prev_config.map(|prev_config| prev_config.0)
4619 // Checks whether we should emit a `ChannelReady` event.
4620 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
4621 self.is_usable() && !self.channel_ready_event_emitted
4624 // Remembers that we already emitted a `ChannelReady` event.
4625 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
4626 self.channel_ready_event_emitted = true;
4629 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
4630 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
4631 /// no longer be considered when forwarding HTLCs.
4632 pub fn maybe_expire_prev_config(&mut self) {
4633 if self.prev_config.is_none() {
4636 let prev_config = self.prev_config.as_mut().unwrap();
4638 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
4639 self.prev_config = None;
4643 /// Returns the current [`ChannelConfig`] applied to the channel.
4644 pub fn config(&self) -> ChannelConfig {
4648 /// Updates the channel's config. A bool is returned indicating whether the config update
4649 /// applied resulted in a new ChannelUpdate message.
4650 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
4651 let did_channel_update =
4652 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
4653 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
4654 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
4655 if did_channel_update {
4656 self.prev_config = Some((self.config.options, 0));
4657 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
4658 // policy change to propagate throughout the network.
4659 self.update_time_counter += 1;
4661 self.config.options = *config;
4665 fn internal_htlc_satisfies_config(
4666 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4667 ) -> Result<(), (&'static str, u16)> {
4668 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4669 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4670 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4671 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4673 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4674 0x1000 | 12, // fee_insufficient
4677 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4679 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4680 0x1000 | 13, // incorrect_cltv_expiry
4686 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4687 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4688 /// unsuccessful, falls back to the previous one if one exists.
4689 pub fn htlc_satisfies_config(
4690 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4691 ) -> Result<(), (&'static str, u16)> {
4692 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.config())
4694 if let Some(prev_config) = self.prev_config() {
4695 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4702 pub fn get_feerate(&self) -> u32 {
4706 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
4707 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
4708 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
4709 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
4710 // more dust balance if the feerate increases when we have several HTLCs pending
4711 // which are near the dust limit.
4712 let mut feerate_per_kw = self.feerate_per_kw;
4713 // If there's a pending update fee, use it to ensure we aren't under-estimating
4714 // potential feerate updates coming soon.
4715 if let Some((feerate, _)) = self.pending_update_fee {
4716 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
4718 if let Some(feerate) = outbound_feerate_update {
4719 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
4721 cmp::max(2530, feerate_per_kw * 1250 / 1000)
4724 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4725 self.cur_holder_commitment_transaction_number + 1
4728 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4729 self.cur_counterparty_commitment_transaction_number + 1 - if self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4732 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4733 self.cur_counterparty_commitment_transaction_number + 2
4737 pub fn get_signer(&self) -> &Signer {
4742 pub fn get_value_stat(&self) -> ChannelValueStat {
4744 value_to_self_msat: self.value_to_self_msat,
4745 channel_value_msat: self.channel_value_satoshis * 1000,
4746 channel_reserve_msat: self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4747 pending_outbound_htlcs_amount_msat: self.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4748 pending_inbound_htlcs_amount_msat: self.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4749 holding_cell_outbound_amount_msat: {
4751 for h in self.holding_cell_htlc_updates.iter() {
4753 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4761 counterparty_max_htlc_value_in_flight_msat: self.counterparty_max_htlc_value_in_flight_msat,
4762 counterparty_dust_limit_msat: self.counterparty_dust_limit_satoshis * 1000,
4766 /// Allowed in any state (including after shutdown)
4767 pub fn get_update_time_counter(&self) -> u32 {
4768 self.update_time_counter
4771 pub fn get_latest_monitor_update_id(&self) -> u64 {
4772 self.latest_monitor_update_id
4775 pub fn should_announce(&self) -> bool {
4776 self.config.announced_channel
4779 pub fn is_outbound(&self) -> bool {
4780 self.channel_transaction_parameters.is_outbound_from_holder
4783 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
4784 /// Allowed in any state (including after shutdown)
4785 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
4786 self.config.options.forwarding_fee_base_msat
4789 /// Returns true if we've ever received a message from the remote end for this Channel
4790 pub fn have_received_message(&self) -> bool {
4791 self.channel_state > (ChannelState::OurInitSent as u32)
4794 /// Returns true if this channel is fully established and not known to be closing.
4795 /// Allowed in any state (including after shutdown)
4796 pub fn is_usable(&self) -> bool {
4797 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
4798 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
4801 /// Returns true if this channel is currently available for use. This is a superset of
4802 /// is_usable() and considers things like the channel being temporarily disabled.
4803 /// Allowed in any state (including after shutdown)
4804 pub fn is_live(&self) -> bool {
4805 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
4808 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4809 /// Allowed in any state (including after shutdown)
4810 pub fn is_awaiting_monitor_update(&self) -> bool {
4811 (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4814 /// Returns true if funding_created was sent/received.
4815 pub fn is_funding_initiated(&self) -> bool {
4816 self.channel_state >= ChannelState::FundingSent as u32
4819 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4820 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4821 /// transaction. If the channel is inbound, this implies simply that the channel has not
4823 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4824 if !self.is_awaiting_monitor_update() { return false; }
4825 if self.channel_state &
4826 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4827 == ChannelState::FundingSent as u32 {
4828 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4829 // FundingSent set, though our peer could have sent their channel_ready.
4830 debug_assert!(self.minimum_depth.unwrap_or(1) > 0);
4833 if self.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4834 self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4835 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4836 // waiting for the initial monitor persistence. Thus, we check if our commitment
4837 // transaction numbers have both been iterated only exactly once (for the
4838 // funding_signed), and we're awaiting monitor update.
4840 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4841 // only way to get an awaiting-monitor-update state during initial funding is if the
4842 // initial monitor persistence is still pending).
4844 // Because deciding we're awaiting initial broadcast spuriously could result in
4845 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4846 // we hard-assert here, even in production builds.
4847 if self.is_outbound() { assert!(self.funding_transaction.is_some()); }
4848 assert!(self.monitor_pending_channel_ready);
4849 assert_eq!(self.latest_monitor_update_id, 0);
4855 /// Returns true if our channel_ready has been sent
4856 pub fn is_our_channel_ready(&self) -> bool {
4857 (self.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.channel_state >= ChannelState::ChannelReady as u32
4860 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4861 pub fn received_shutdown(&self) -> bool {
4862 (self.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4865 /// Returns true if we either initiated or agreed to shut down the channel.
4866 pub fn sent_shutdown(&self) -> bool {
4867 (self.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4870 /// Returns true if this channel is fully shut down. True here implies that no further actions
4871 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4872 /// will be handled appropriately by the chain monitor.
4873 pub fn is_shutdown(&self) -> bool {
4874 if (self.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4875 assert!(self.channel_state == ChannelState::ShutdownComplete as u32);
4880 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4881 self.channel_update_status
4884 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4885 self.update_time_counter += 1;
4886 self.channel_update_status = status;
4889 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4891 // * always when a new block/transactions are confirmed with the new height
4892 // * when funding is signed with a height of 0
4893 if self.funding_tx_confirmation_height == 0 && self.minimum_depth != Some(0) {
4897 let funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1;
4898 if funding_tx_confirmations <= 0 {
4899 self.funding_tx_confirmation_height = 0;
4902 if funding_tx_confirmations < self.minimum_depth.unwrap_or(0) as i64 {
4906 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
4907 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4908 self.channel_state |= ChannelState::OurChannelReady as u32;
4910 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4911 self.channel_state = ChannelState::ChannelReady as u32 | (self.channel_state & MULTI_STATE_FLAGS);
4912 self.update_time_counter += 1;
4914 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4915 // We got a reorg but not enough to trigger a force close, just ignore.
4918 if self.funding_tx_confirmation_height != 0 && self.channel_state < ChannelState::ChannelReady as u32 {
4919 // We should never see a funding transaction on-chain until we've received
4920 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4921 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4922 // however, may do this and we shouldn't treat it as a bug.
4923 #[cfg(not(fuzzing))]
4924 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4925 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4926 self.channel_state);
4928 // We got a reorg but not enough to trigger a force close, just ignore.
4932 if need_commitment_update {
4933 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4934 if self.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4935 let next_per_commitment_point =
4936 self.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.secp_ctx);
4937 return Some(msgs::ChannelReady {
4938 channel_id: self.channel_id,
4939 next_per_commitment_point,
4940 short_channel_id_alias: Some(self.outbound_scid_alias),
4944 self.monitor_pending_channel_ready = true;
4950 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4951 /// In the first case, we store the confirmation height and calculating the short channel id.
4952 /// In the second, we simply return an Err indicating we need to be force-closed now.
4953 pub fn transactions_confirmed<L: Deref>(&mut self, block_hash: &BlockHash, height: u32,
4954 txdata: &TransactionData, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L)
4955 -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
4956 if let Some(funding_txo) = self.get_funding_txo() {
4957 for &(index_in_block, tx) in txdata.iter() {
4958 // Check if the transaction is the expected funding transaction, and if it is,
4959 // check that it pays the right amount to the right script.
4960 if self.funding_tx_confirmation_height == 0 {
4961 if tx.txid() == funding_txo.txid {
4962 let txo_idx = funding_txo.index as usize;
4963 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.get_funding_redeemscript().to_v0_p2wsh() ||
4964 tx.output[txo_idx].value != self.channel_value_satoshis {
4965 if self.is_outbound() {
4966 // If we generated the funding transaction and it doesn't match what it
4967 // should, the client is really broken and we should just panic and
4968 // tell them off. That said, because hash collisions happen with high
4969 // probability in fuzzing mode, if we're fuzzing we just close the
4970 // channel and move on.
4971 #[cfg(not(fuzzing))]
4972 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4974 self.update_time_counter += 1;
4975 let err_reason = "funding tx had wrong script/value or output index";
4976 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4978 if self.is_outbound() {
4979 for input in tx.input.iter() {
4980 if input.witness.is_empty() {
4981 // We generated a malleable funding transaction, implying we've
4982 // just exposed ourselves to funds loss to our counterparty.
4983 #[cfg(not(fuzzing))]
4984 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4988 self.funding_tx_confirmation_height = height;
4989 self.funding_tx_confirmed_in = Some(*block_hash);
4990 self.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4991 Ok(scid) => Some(scid),
4992 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4996 // If we allow 1-conf funding, we may need to check for channel_ready here and
4997 // send it immediately instead of waiting for a best_block_updated call (which
4998 // may have already happened for this block).
4999 if let Some(channel_ready) = self.check_get_channel_ready(height) {
5000 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id));
5001 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger);
5002 return Ok((Some(channel_ready), announcement_sigs));
5005 for inp in tx.input.iter() {
5006 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
5007 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, log_bytes!(self.channel_id()));
5008 return Err(ClosureReason::CommitmentTxConfirmed);
5016 /// When a new block is connected, we check the height of the block against outbound holding
5017 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
5018 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
5019 /// handled by the ChannelMonitor.
5021 /// If we return Err, the channel may have been closed, at which point the standard
5022 /// requirements apply - no calls may be made except those explicitly stated to be allowed
5025 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
5027 pub fn best_block_updated<L: Deref>(&mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L)
5028 -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
5029 self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_pk)), logger)
5032 fn do_best_block_updated<L: Deref>(&mut self, height: u32, highest_header_time: u32, genesis_node_pk: Option<(BlockHash, PublicKey)>, logger: &L)
5033 -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
5034 let mut timed_out_htlcs = Vec::new();
5035 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
5036 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
5038 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
5039 self.holding_cell_htlc_updates.retain(|htlc_update| {
5041 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
5042 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
5043 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
5051 self.update_time_counter = cmp::max(self.update_time_counter, highest_header_time);
5053 if let Some(channel_ready) = self.check_get_channel_ready(height) {
5054 let announcement_sigs = if let Some((genesis_block_hash, node_pk)) = genesis_node_pk {
5055 self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger)
5057 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id));
5058 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
5061 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
5062 if non_shutdown_state >= ChannelState::ChannelReady as u32 ||
5063 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
5064 let mut funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1;
5065 if self.funding_tx_confirmation_height == 0 {
5066 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
5067 // zero if it has been reorged out, however in either case, our state flags
5068 // indicate we've already sent a channel_ready
5069 funding_tx_confirmations = 0;
5072 // If we've sent channel_ready (or have both sent and received channel_ready), and
5073 // the funding transaction has become unconfirmed,
5074 // close the channel and hope we can get the latest state on chain (because presumably
5075 // the funding transaction is at least still in the mempool of most nodes).
5077 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
5078 // 0-conf channel, but not doing so may lead to the
5079 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
5081 if funding_tx_confirmations == 0 && self.funding_tx_confirmed_in.is_some() {
5082 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
5083 self.minimum_depth.unwrap(), funding_tx_confirmations);
5084 return Err(ClosureReason::ProcessingError { err: err_reason });
5086 } else if !self.is_outbound() && self.funding_tx_confirmed_in.is_none() &&
5087 height >= self.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
5088 log_info!(logger, "Closing channel {} due to funding timeout", log_bytes!(self.channel_id));
5089 // If funding_tx_confirmed_in is unset, the channel must not be active
5090 assert!(non_shutdown_state <= ChannelState::ChannelReady as u32);
5091 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
5092 return Err(ClosureReason::FundingTimedOut);
5095 let announcement_sigs = if let Some((genesis_block_hash, node_pk)) = genesis_node_pk {
5096 self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger)
5098 Ok((None, timed_out_htlcs, announcement_sigs))
5101 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
5102 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
5103 /// before the channel has reached channel_ready and we can just wait for more blocks.
5104 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
5105 if self.funding_tx_confirmation_height != 0 {
5106 // We handle the funding disconnection by calling best_block_updated with a height one
5107 // below where our funding was connected, implying a reorg back to conf_height - 1.
5108 let reorg_height = self.funding_tx_confirmation_height - 1;
5109 // We use the time field to bump the current time we set on channel updates if its
5110 // larger. If we don't know that time has moved forward, we can just set it to the last
5111 // time we saw and it will be ignored.
5112 let best_time = self.update_time_counter;
5113 match self.do_best_block_updated(reorg_height, best_time, None, logger) {
5114 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
5115 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
5116 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
5117 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
5123 // We never learned about the funding confirmation anyway, just ignore
5128 // Methods to get unprompted messages to send to the remote end (or where we already returned
5129 // something in the handler for the message that prompted this message):
5131 pub fn get_open_channel(&self, chain_hash: BlockHash) -> msgs::OpenChannel {
5132 if !self.is_outbound() {
5133 panic!("Tried to open a channel for an inbound channel?");
5135 if self.channel_state != ChannelState::OurInitSent as u32 {
5136 panic!("Cannot generate an open_channel after we've moved forward");
5139 if self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5140 panic!("Tried to send an open_channel for a channel that has already advanced");
5143 let first_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
5144 let keys = self.get_holder_pubkeys();
5148 temporary_channel_id: self.channel_id,
5149 funding_satoshis: self.channel_value_satoshis,
5150 push_msat: self.channel_value_satoshis * 1000 - self.value_to_self_msat,
5151 dust_limit_satoshis: self.holder_dust_limit_satoshis,
5152 max_htlc_value_in_flight_msat: self.holder_max_htlc_value_in_flight_msat,
5153 channel_reserve_satoshis: self.holder_selected_channel_reserve_satoshis,
5154 htlc_minimum_msat: self.holder_htlc_minimum_msat,
5155 feerate_per_kw: self.feerate_per_kw as u32,
5156 to_self_delay: self.get_holder_selected_contest_delay(),
5157 max_accepted_htlcs: OUR_MAX_HTLCS,
5158 funding_pubkey: keys.funding_pubkey,
5159 revocation_basepoint: keys.revocation_basepoint,
5160 payment_point: keys.payment_point,
5161 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5162 htlc_basepoint: keys.htlc_basepoint,
5163 first_per_commitment_point,
5164 channel_flags: if self.config.announced_channel {1} else {0},
5165 shutdown_scriptpubkey: OptionalField::Present(match &self.shutdown_scriptpubkey {
5166 Some(script) => script.clone().into_inner(),
5167 None => Builder::new().into_script(),
5169 channel_type: Some(self.channel_type.clone()),
5173 pub fn inbound_is_awaiting_accept(&self) -> bool {
5174 self.inbound_awaiting_accept
5177 /// Sets this channel to accepting 0conf, must be done before `get_accept_channel`
5178 pub fn set_0conf(&mut self) {
5179 assert!(self.inbound_awaiting_accept);
5180 self.minimum_depth = Some(0);
5183 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
5184 /// should be sent back to the counterparty node.
5186 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5187 pub fn accept_inbound_channel(&mut self, user_id: u128) -> msgs::AcceptChannel {
5188 if self.is_outbound() {
5189 panic!("Tried to send accept_channel for an outbound channel?");
5191 if self.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
5192 panic!("Tried to send accept_channel after channel had moved forward");
5194 if self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5195 panic!("Tried to send an accept_channel for a channel that has already advanced");
5197 if !self.inbound_awaiting_accept {
5198 panic!("The inbound channel has already been accepted");
5201 self.user_id = user_id;
5202 self.inbound_awaiting_accept = false;
5204 self.generate_accept_channel_message()
5207 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
5208 /// inbound channel. If the intention is to accept an inbound channel, use
5209 /// [`Channel::accept_inbound_channel`] instead.
5211 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5212 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
5213 let first_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
5214 let keys = self.get_holder_pubkeys();
5216 msgs::AcceptChannel {
5217 temporary_channel_id: self.channel_id,
5218 dust_limit_satoshis: self.holder_dust_limit_satoshis,
5219 max_htlc_value_in_flight_msat: self.holder_max_htlc_value_in_flight_msat,
5220 channel_reserve_satoshis: self.holder_selected_channel_reserve_satoshis,
5221 htlc_minimum_msat: self.holder_htlc_minimum_msat,
5222 minimum_depth: self.minimum_depth.unwrap(),
5223 to_self_delay: self.get_holder_selected_contest_delay(),
5224 max_accepted_htlcs: OUR_MAX_HTLCS,
5225 funding_pubkey: keys.funding_pubkey,
5226 revocation_basepoint: keys.revocation_basepoint,
5227 payment_point: keys.payment_point,
5228 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5229 htlc_basepoint: keys.htlc_basepoint,
5230 first_per_commitment_point,
5231 shutdown_scriptpubkey: OptionalField::Present(match &self.shutdown_scriptpubkey {
5232 Some(script) => script.clone().into_inner(),
5233 None => Builder::new().into_script(),
5235 channel_type: Some(self.channel_type.clone()),
5239 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
5240 /// inbound channel without accepting it.
5242 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5244 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
5245 self.generate_accept_channel_message()
5248 /// If an Err is returned, it is a ChannelError::Close (for get_outbound_funding_created)
5249 fn get_outbound_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ChannelError> where L::Target: Logger {
5250 let counterparty_keys = self.build_remote_transaction_keys()?;
5251 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
5252 Ok(self.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
5253 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0)
5256 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
5257 /// a funding_created message for the remote peer.
5258 /// Panics if called at some time other than immediately after initial handshake, if called twice,
5259 /// or if called on an inbound channel.
5260 /// Note that channel_id changes during this call!
5261 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
5262 /// If an Err is returned, it is a ChannelError::Close.
5263 pub fn get_outbound_funding_created<L: Deref>(&mut self, funding_transaction: Transaction, funding_txo: OutPoint, logger: &L) -> Result<msgs::FundingCreated, ChannelError> where L::Target: Logger {
5264 if !self.is_outbound() {
5265 panic!("Tried to create outbound funding_created message on an inbound channel!");
5267 if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
5268 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
5270 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
5271 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
5272 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5273 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
5276 self.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
5277 self.holder_signer.ready_channel(&self.channel_transaction_parameters);
5279 let signature = match self.get_outbound_funding_created_signature(logger) {
5282 log_error!(logger, "Got bad signatures: {:?}!", e);
5283 self.channel_transaction_parameters.funding_outpoint = None;
5288 let temporary_channel_id = self.channel_id;
5290 // Now that we're past error-generating stuff, update our local state:
5292 self.channel_state = ChannelState::FundingCreated as u32;
5293 self.channel_id = funding_txo.to_channel_id();
5294 self.funding_transaction = Some(funding_transaction);
5296 Ok(msgs::FundingCreated {
5297 temporary_channel_id,
5298 funding_txid: funding_txo.txid,
5299 funding_output_index: funding_txo.index,
5304 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
5305 /// announceable and available for use (have exchanged ChannelReady messages in both
5306 /// directions). Should be used for both broadcasted announcements and in response to an
5307 /// AnnouncementSignatures message from the remote peer.
5309 /// Will only fail if we're not in a state where channel_announcement may be sent (including
5312 /// This will only return ChannelError::Ignore upon failure.
5313 fn get_channel_announcement(&self, node_id: PublicKey, chain_hash: BlockHash) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> {
5314 if !self.config.announced_channel {
5315 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
5317 if !self.is_usable() {
5318 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
5321 let were_node_one = node_id.serialize()[..] < self.counterparty_node_id.serialize()[..];
5323 let msg = msgs::UnsignedChannelAnnouncement {
5324 features: channelmanager::provided_channel_features(),
5326 short_channel_id: self.get_short_channel_id().unwrap(),
5327 node_id_1: if were_node_one { node_id } else { self.get_counterparty_node_id() },
5328 node_id_2: if were_node_one { self.get_counterparty_node_id() } else { node_id },
5329 bitcoin_key_1: if were_node_one { self.get_holder_pubkeys().funding_pubkey } else { self.counterparty_funding_pubkey().clone() },
5330 bitcoin_key_2: if were_node_one { self.counterparty_funding_pubkey().clone() } else { self.get_holder_pubkeys().funding_pubkey },
5331 excess_data: Vec::new(),
5337 fn get_announcement_sigs<L: Deref>(&mut self, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block_height: u32, logger: &L)
5338 -> Option<msgs::AnnouncementSignatures> where L::Target: Logger {
5339 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5343 if !self.is_usable() {
5347 if self.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
5348 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
5352 if self.announcement_sigs_state != AnnouncementSigsState::NotSent {
5356 log_trace!(logger, "Creating an announcement_signatures message for channel {}", log_bytes!(self.channel_id()));
5357 let announcement = match self.get_channel_announcement(node_pk, genesis_block_hash) {
5360 log_trace!(logger, "Cannot create an announcement_signatures as channel is not public.");
5364 let (our_node_sig, our_bitcoin_sig) = match self.holder_signer.sign_channel_announcement(&announcement, &self.secp_ctx) {
5366 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
5371 self.announcement_sigs_state = AnnouncementSigsState::MessageSent;
5373 Some(msgs::AnnouncementSignatures {
5374 channel_id: self.channel_id(),
5375 short_channel_id: self.get_short_channel_id().unwrap(),
5376 node_signature: our_node_sig,
5377 bitcoin_signature: our_bitcoin_sig,
5381 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
5383 fn sign_channel_announcement(&self, our_node_id: PublicKey, announcement: msgs::UnsignedChannelAnnouncement) -> Result<msgs::ChannelAnnouncement, ChannelError> {
5384 if let Some((their_node_sig, their_bitcoin_sig)) = self.announcement_sigs {
5385 let were_node_one = announcement.node_id_1 == our_node_id;
5387 let (our_node_sig, our_bitcoin_sig) = self.holder_signer.sign_channel_announcement(&announcement, &self.secp_ctx)
5388 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
5389 Ok(msgs::ChannelAnnouncement {
5390 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
5391 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
5392 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
5393 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
5394 contents: announcement,
5397 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5401 /// Processes an incoming announcement_signatures message, providing a fully-signed
5402 /// channel_announcement message which we can broadcast and storing our counterparty's
5403 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5404 pub fn announcement_signatures(&mut self, our_node_id: PublicKey, chain_hash: BlockHash, best_block_height: u32, msg: &msgs::AnnouncementSignatures) -> Result<msgs::ChannelAnnouncement, ChannelError> {
5405 let announcement = self.get_channel_announcement(our_node_id.clone(), chain_hash)?;
5407 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5409 if self.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() {
5410 return Err(ChannelError::Close(format!(
5411 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5412 &announcement, self.get_counterparty_node_id())));
5414 if self.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() {
5415 return Err(ChannelError::Close(format!(
5416 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5417 &announcement, self.counterparty_funding_pubkey())));
5420 self.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5421 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5422 return Err(ChannelError::Ignore(
5423 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5426 self.sign_channel_announcement(our_node_id, announcement)
5429 /// Gets a signed channel_announcement for this channel, if we previously received an
5430 /// announcement_signatures from our counterparty.
5431 pub fn get_signed_channel_announcement(&self, our_node_id: PublicKey, chain_hash: BlockHash, best_block_height: u32) -> Option<msgs::ChannelAnnouncement> {
5432 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5435 let announcement = match self.get_channel_announcement(our_node_id.clone(), chain_hash) {
5437 Err(_) => return None,
5439 match self.sign_channel_announcement(our_node_id, announcement) {
5440 Ok(res) => Some(res),
5445 /// May panic if called on a channel that wasn't immediately-previously
5446 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5447 pub fn get_channel_reestablish<L: Deref>(&self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5448 assert_eq!(self.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5449 assert_ne!(self.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5450 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5451 // current to_remote balances. However, it no longer has any use, and thus is now simply
5452 // set to a dummy (but valid, as required by the spec) public key.
5453 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5454 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5455 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5456 let mut pk = [2; 33]; pk[1] = 0xff;
5457 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5458 let data_loss_protect = if self.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5459 let remote_last_secret = self.commitment_secrets.get_secret(self.cur_counterparty_commitment_transaction_number + 2).unwrap();
5460 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), log_bytes!(self.channel_id()));
5461 OptionalField::Present(DataLossProtect {
5462 your_last_per_commitment_secret: remote_last_secret,
5463 my_current_per_commitment_point: dummy_pubkey
5466 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", log_bytes!(self.channel_id()));
5467 OptionalField::Present(DataLossProtect {
5468 your_last_per_commitment_secret: [0;32],
5469 my_current_per_commitment_point: dummy_pubkey,
5472 msgs::ChannelReestablish {
5473 channel_id: self.channel_id(),
5474 // The protocol has two different commitment number concepts - the "commitment
5475 // transaction number", which starts from 0 and counts up, and the "revocation key
5476 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5477 // commitment transaction numbers by the index which will be used to reveal the
5478 // revocation key for that commitment transaction, which means we have to convert them
5479 // to protocol-level commitment numbers here...
5481 // next_local_commitment_number is the next commitment_signed number we expect to
5482 // receive (indicating if they need to resend one that we missed).
5483 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number,
5484 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5485 // receive, however we track it by the next commitment number for a remote transaction
5486 // (which is one further, as they always revoke previous commitment transaction, not
5487 // the one we send) so we have to decrement by 1. Note that if
5488 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5489 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5491 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.cur_counterparty_commitment_transaction_number - 1,
5497 // Send stuff to our remote peers:
5499 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5500 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5501 /// commitment update.
5503 /// `Err`s will only be [`ChannelError::Ignore`].
5504 pub fn queue_add_htlc<L: Deref>(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5505 onion_routing_packet: msgs::OnionPacket, logger: &L)
5506 -> Result<(), ChannelError> where L::Target: Logger {
5508 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true, logger)
5509 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5511 if let ChannelError::Ignore(_) = err { /* fine */ }
5512 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5517 /// Adds a pending outbound HTLC to this channel, note that you probably want
5518 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5520 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5522 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5523 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5525 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5526 /// we may not yet have sent the previous commitment update messages and will need to
5527 /// regenerate them.
5529 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5530 /// on this [`Channel`] if `force_holding_cell` is false.
5532 /// `Err`s will only be [`ChannelError::Ignore`].
5533 fn send_htlc<L: Deref>(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5534 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool, logger: &L)
5535 -> Result<Option<msgs::UpdateAddHTLC>, ChannelError> where L::Target: Logger {
5536 if (self.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5537 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5539 let channel_total_msat = self.channel_value_satoshis * 1000;
5540 if amount_msat > channel_total_msat {
5541 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5544 if amount_msat == 0 {
5545 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5548 if amount_msat < self.counterparty_htlc_minimum_msat {
5549 return Err(ChannelError::Ignore(format!("Cannot send less than their minimum HTLC value ({})", self.counterparty_htlc_minimum_msat)));
5552 if (self.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5553 // Note that this should never really happen, if we're !is_live() on receipt of an
5554 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5555 // the user to send directly into a !is_live() channel. However, if we
5556 // disconnected during the time the previous hop was doing the commitment dance we may
5557 // end up getting here after the forwarding delay. In any case, returning an
5558 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5559 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5562 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
5563 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
5564 if outbound_stats.pending_htlcs + 1 > self.counterparty_max_accepted_htlcs as u32 {
5565 return Err(ChannelError::Ignore(format!("Cannot push more than their max accepted HTLCs ({})", self.counterparty_max_accepted_htlcs)));
5567 // Check their_max_htlc_value_in_flight_msat
5568 if outbound_stats.pending_htlcs_value_msat + amount_msat > self.counterparty_max_htlc_value_in_flight_msat {
5569 return Err(ChannelError::Ignore(format!("Cannot send value that would put us over the max HTLC value in flight our peer will accept ({})", self.counterparty_max_htlc_value_in_flight_msat)));
5572 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
5573 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, true, logger);
5574 if !self.is_outbound() {
5575 // Check that we won't violate the remote channel reserve by adding this HTLC.
5576 let htlc_candidate = HTLCCandidate::new(amount_msat, HTLCInitiator::LocalOffered);
5577 let counterparty_commit_tx_fee_msat = self.next_remote_commit_tx_fee_msat(htlc_candidate, None);
5578 let holder_selected_chan_reserve_msat = self.holder_selected_channel_reserve_satoshis * 1000;
5579 if commitment_stats.remote_balance_msat < counterparty_commit_tx_fee_msat + holder_selected_chan_reserve_msat {
5580 return Err(ChannelError::Ignore("Cannot send value that would put counterparty balance under holder-announced channel reserve value".to_owned()));
5584 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
5587 let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
5588 (dust_buffer_feerate * htlc_success_tx_weight(false) / 1000,
5589 dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000)
5591 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
5592 if amount_msat / 1000 < exposure_dust_limit_success_sats {
5593 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + amount_msat;
5594 if on_counterparty_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
5595 return Err(ChannelError::Ignore(format!("Cannot send value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
5596 on_counterparty_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat())));
5600 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
5601 if amount_msat / 1000 < exposure_dust_limit_timeout_sats {
5602 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + amount_msat;
5603 if on_holder_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
5604 return Err(ChannelError::Ignore(format!("Cannot send value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
5605 on_holder_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat())));
5609 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
5610 if holder_balance_msat < amount_msat {
5611 return Err(ChannelError::Ignore(format!("Cannot send value that would overdraw remaining funds. Amount: {}, pending value to self {}", amount_msat, holder_balance_msat)));
5614 // `2 *` and extra HTLC are for the fee spike buffer.
5615 let commit_tx_fee_msat = if self.is_outbound() {
5616 let htlc_candidate = HTLCCandidate::new(amount_msat, HTLCInitiator::LocalOffered);
5617 FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * self.next_local_commit_tx_fee_msat(htlc_candidate, Some(()))
5619 if holder_balance_msat - amount_msat < commit_tx_fee_msat {
5620 return Err(ChannelError::Ignore(format!("Cannot send value that would not leave enough to pay for fees. Pending value to self: {}. local_commit_tx_fee {}", holder_balance_msat, commit_tx_fee_msat)));
5623 // Check self.counterparty_selected_channel_reserve_satoshis (the amount we must keep as
5624 // reserve for the remote to have something to claim if we misbehave)
5625 let chan_reserve_msat = self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000;
5626 if holder_balance_msat - amount_msat - commit_tx_fee_msat < chan_reserve_msat {
5627 return Err(ChannelError::Ignore(format!("Cannot send value that would put our balance under counterparty-announced channel reserve value ({})", chan_reserve_msat)));
5630 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
5631 force_holding_cell = true;
5634 // Now update local state:
5635 if force_holding_cell {
5636 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5641 onion_routing_packet,
5646 self.pending_outbound_htlcs.push(OutboundHTLCOutput {
5647 htlc_id: self.next_holder_htlc_id,
5649 payment_hash: payment_hash.clone(),
5651 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5655 let res = msgs::UpdateAddHTLC {
5656 channel_id: self.channel_id,
5657 htlc_id: self.next_holder_htlc_id,
5661 onion_routing_packet,
5663 self.next_holder_htlc_id += 1;
5668 /// Only fails in case of bad keys
5669 fn send_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> Result<(msgs::CommitmentSigned, ChannelMonitorUpdate), ChannelError> where L::Target: Logger {
5670 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5671 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5672 // fail to generate this, we still are at least at a position where upgrading their status
5674 for htlc in self.pending_inbound_htlcs.iter_mut() {
5675 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5676 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5678 if let Some(state) = new_state {
5679 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5683 for htlc in self.pending_outbound_htlcs.iter_mut() {
5684 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5685 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5686 // Grab the preimage, if it exists, instead of cloning
5687 let mut reason = OutboundHTLCOutcome::Success(None);
5688 mem::swap(outcome, &mut reason);
5689 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5692 if let Some((feerate, update_state)) = self.pending_update_fee {
5693 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5694 debug_assert!(!self.is_outbound());
5695 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5696 self.feerate_per_kw = feerate;
5697 self.pending_update_fee = None;
5700 self.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5702 let (res, counterparty_commitment_txid, htlcs) = match self.send_commitment_no_state_update(logger) {
5703 Ok((res, (counterparty_commitment_tx, mut htlcs))) => {
5704 // Update state now that we've passed all the can-fail calls...
5705 let htlcs_no_ref: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5706 htlcs.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5707 (res, counterparty_commitment_tx, htlcs_no_ref)
5709 Err(e) => return Err(e),
5712 if self.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5713 self.announcement_sigs_state = AnnouncementSigsState::Committed;
5716 self.latest_monitor_update_id += 1;
5717 let monitor_update = ChannelMonitorUpdate {
5718 update_id: self.latest_monitor_update_id,
5719 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5720 commitment_txid: counterparty_commitment_txid,
5721 htlc_outputs: htlcs.clone(),
5722 commitment_number: self.cur_counterparty_commitment_transaction_number,
5723 their_per_commitment_point: self.counterparty_cur_commitment_point.unwrap()
5726 self.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5727 Ok((res, monitor_update))
5730 /// Only fails in case of bad keys. Used for channel_reestablish commitment_signed generation
5731 /// when we shouldn't change HTLC/channel state.
5732 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5733 let counterparty_keys = self.build_remote_transaction_keys()?;
5734 let commitment_stats = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5735 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5736 let (signature, htlc_signatures);
5738 #[cfg(any(test, fuzzing))]
5740 if !self.is_outbound() {
5741 let projected_commit_tx_info = self.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5742 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5743 if let Some(info) = projected_commit_tx_info {
5744 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
5745 if info.total_pending_htlcs == total_pending_htlcs
5746 && info.next_holder_htlc_id == self.next_holder_htlc_id
5747 && info.next_counterparty_htlc_id == self.next_counterparty_htlc_id
5748 && info.feerate == self.feerate_per_kw {
5749 let actual_fee = Self::commit_tx_fee_msat(self.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.opt_anchors());
5750 assert_eq!(actual_fee, info.fee);
5757 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5758 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5762 let res = self.holder_signer.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.secp_ctx)
5763 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?;
5765 htlc_signatures = res.1;
5767 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5768 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5769 &counterparty_commitment_txid, encode::serialize_hex(&self.get_funding_redeemscript()),
5770 log_bytes!(signature.serialize_compact()[..]), log_bytes!(self.channel_id()));
5772 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5773 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5774 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.get_holder_selected_contest_delay(), htlc, self.opt_anchors(), false, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5775 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &counterparty_keys)),
5776 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5777 log_bytes!(htlc_sig.serialize_compact()[..]), log_bytes!(self.channel_id()));
5781 Ok((msgs::CommitmentSigned {
5782 channel_id: self.channel_id,
5785 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5788 /// Adds a pending outbound HTLC to this channel, and creates a signed commitment transaction
5789 /// to send to the remote peer in one go.
5791 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5792 /// [`Self::send_htlc`] and [`Self::send_commitment_no_state_update`] for more info.
5793 pub fn send_htlc_and_commit<L: Deref>(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource, onion_routing_packet: msgs::OnionPacket, logger: &L) -> Result<Option<(msgs::UpdateAddHTLC, msgs::CommitmentSigned, ChannelMonitorUpdate)>, ChannelError> where L::Target: Logger {
5794 match self.send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, false, logger)? {
5795 Some(update_add_htlc) => {
5796 let (commitment_signed, monitor_update) = self.send_commitment_no_status_check(logger)?;
5797 Ok(Some((update_add_htlc, commitment_signed, monitor_update)))
5803 /// Get forwarding information for the counterparty.
5804 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
5805 self.counterparty_forwarding_info.clone()
5808 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<(), ChannelError> {
5809 if msg.contents.htlc_minimum_msat >= self.channel_value_satoshis * 1000 {
5810 return Err(ChannelError::Close("Minimum htlc value is greater than channel value".to_string()));
5812 self.counterparty_forwarding_info = Some(CounterpartyForwardingInfo {
5813 fee_base_msat: msg.contents.fee_base_msat,
5814 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5815 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5821 /// Begins the shutdown process, getting a message for the remote peer and returning all
5822 /// holding cell HTLCs for payment failure.
5823 pub fn get_shutdown<K: Deref>(&mut self, keys_provider: &K, their_features: &InitFeatures, target_feerate_sats_per_kw: Option<u32>)
5824 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5825 where K::Target: KeysInterface {
5826 for htlc in self.pending_outbound_htlcs.iter() {
5827 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5828 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5831 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5832 if (self.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5833 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5835 else if (self.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5836 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5839 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
5840 if self.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5841 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5844 let update_shutdown_script = match self.shutdown_scriptpubkey {
5847 let shutdown_scriptpubkey = keys_provider.get_shutdown_scriptpubkey();
5848 if !shutdown_scriptpubkey.is_compatible(their_features) {
5849 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5851 self.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5856 // From here on out, we may not fail!
5857 self.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5858 if self.channel_state < ChannelState::FundingSent as u32 {
5859 self.channel_state = ChannelState::ShutdownComplete as u32;
5861 self.channel_state |= ChannelState::LocalShutdownSent as u32;
5863 self.update_time_counter += 1;
5865 let monitor_update = if update_shutdown_script {
5866 self.latest_monitor_update_id += 1;
5867 Some(ChannelMonitorUpdate {
5868 update_id: self.latest_monitor_update_id,
5869 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5870 scriptpubkey: self.get_closing_scriptpubkey(),
5874 let shutdown = msgs::Shutdown {
5875 channel_id: self.channel_id,
5876 scriptpubkey: self.get_closing_scriptpubkey(),
5879 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5880 // our shutdown until we've committed all of the pending changes.
5881 self.holding_cell_update_fee = None;
5882 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
5883 self.holding_cell_htlc_updates.retain(|htlc_update| {
5885 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5886 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5893 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5896 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
5897 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
5898 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
5899 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
5900 /// immediately (others we will have to allow to time out).
5901 pub fn force_shutdown(&mut self, should_broadcast: bool) -> (Option<(OutPoint, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash, PublicKey, [u8; 32])>) {
5902 // Note that we MUST only generate a monitor update that indicates force-closure - we're
5903 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
5904 // being fully configured in some cases. Thus, its likely any monitor events we generate will
5905 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
5906 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
5908 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
5909 // return them to fail the payment.
5910 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
5911 let counterparty_node_id = self.get_counterparty_node_id();
5912 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
5914 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
5915 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
5920 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
5921 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
5922 // returning a channel monitor update here would imply a channel monitor update before
5923 // we even registered the channel monitor to begin with, which is invalid.
5924 // Thus, if we aren't actually at a point where we could conceivably broadcast the
5925 // funding transaction, don't return a funding txo (which prevents providing the
5926 // monitor update to the user, even if we return one).
5927 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
5928 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
5929 self.latest_monitor_update_id += 1;
5930 Some((funding_txo, ChannelMonitorUpdate {
5931 update_id: self.latest_monitor_update_id,
5932 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
5937 self.channel_state = ChannelState::ShutdownComplete as u32;
5938 self.update_time_counter += 1;
5939 (monitor_update, dropped_outbound_htlcs)
5942 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=&HTLCSource> {
5943 self.holding_cell_htlc_updates.iter()
5944 .flat_map(|htlc_update| {
5946 HTLCUpdateAwaitingACK::AddHTLC { source, .. } => { Some(source) }
5950 .chain(self.pending_outbound_htlcs.iter().map(|htlc| &htlc.source))
5954 const SERIALIZATION_VERSION: u8 = 2;
5955 const MIN_SERIALIZATION_VERSION: u8 = 2;
5957 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
5963 impl Writeable for ChannelUpdateStatus {
5964 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
5965 // We only care about writing out the current state as it was announced, ie only either
5966 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
5967 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
5969 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
5970 ChannelUpdateStatus::DisabledStaged => 0u8.write(writer)?,
5971 ChannelUpdateStatus::EnabledStaged => 1u8.write(writer)?,
5972 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
5978 impl Readable for ChannelUpdateStatus {
5979 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
5980 Ok(match <u8 as Readable>::read(reader)? {
5981 0 => ChannelUpdateStatus::Enabled,
5982 1 => ChannelUpdateStatus::Disabled,
5983 _ => return Err(DecodeError::InvalidValue),
5988 impl Writeable for AnnouncementSigsState {
5989 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
5990 // We only care about writing out the current state as if we had just disconnected, at
5991 // which point we always set anything but AnnouncementSigsReceived to NotSent.
5993 AnnouncementSigsState::NotSent => 0u8.write(writer),
5994 AnnouncementSigsState::MessageSent => 0u8.write(writer),
5995 AnnouncementSigsState::Committed => 0u8.write(writer),
5996 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6001 impl Readable for AnnouncementSigsState {
6002 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6003 Ok(match <u8 as Readable>::read(reader)? {
6004 0 => AnnouncementSigsState::NotSent,
6005 1 => AnnouncementSigsState::PeerReceived,
6006 _ => return Err(DecodeError::InvalidValue),
6011 impl<Signer: Sign> Writeable for Channel<Signer> {
6012 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6013 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6016 write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6018 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6019 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6020 // the low bytes now and the optional high bytes later.
6021 let user_id_low = self.user_id as u64;
6022 user_id_low.write(writer)?;
6024 // Version 1 deserializers expected to read parts of the config object here. Version 2
6025 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6026 // `minimum_depth` we simply write dummy values here.
6027 writer.write_all(&[0; 8])?;
6029 self.channel_id.write(writer)?;
6030 (self.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6031 self.channel_value_satoshis.write(writer)?;
6033 self.latest_monitor_update_id.write(writer)?;
6035 let mut key_data = VecWriter(Vec::new());
6036 self.holder_signer.write(&mut key_data)?;
6037 assert!(key_data.0.len() < core::usize::MAX);
6038 assert!(key_data.0.len() < core::u32::MAX as usize);
6039 (key_data.0.len() as u32).write(writer)?;
6040 writer.write_all(&key_data.0[..])?;
6042 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6043 // deserialized from that format.
6044 match self.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6045 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6046 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6048 self.destination_script.write(writer)?;
6050 self.cur_holder_commitment_transaction_number.write(writer)?;
6051 self.cur_counterparty_commitment_transaction_number.write(writer)?;
6052 self.value_to_self_msat.write(writer)?;
6054 let mut dropped_inbound_htlcs = 0;
6055 for htlc in self.pending_inbound_htlcs.iter() {
6056 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6057 dropped_inbound_htlcs += 1;
6060 (self.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6061 for htlc in self.pending_inbound_htlcs.iter() {
6062 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6065 htlc.htlc_id.write(writer)?;
6066 htlc.amount_msat.write(writer)?;
6067 htlc.cltv_expiry.write(writer)?;
6068 htlc.payment_hash.write(writer)?;
6070 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6071 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6073 htlc_state.write(writer)?;
6075 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6077 htlc_state.write(writer)?;
6079 &InboundHTLCState::Committed => {
6082 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6084 removal_reason.write(writer)?;
6089 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6091 (self.pending_outbound_htlcs.len() as u64).write(writer)?;
6092 for htlc in self.pending_outbound_htlcs.iter() {
6093 htlc.htlc_id.write(writer)?;
6094 htlc.amount_msat.write(writer)?;
6095 htlc.cltv_expiry.write(writer)?;
6096 htlc.payment_hash.write(writer)?;
6097 htlc.source.write(writer)?;
6099 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6101 onion_packet.write(writer)?;
6103 &OutboundHTLCState::Committed => {
6106 &OutboundHTLCState::RemoteRemoved(_) => {
6107 // Treat this as a Committed because we haven't received the CS - they'll
6108 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6111 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6113 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6114 preimages.push(preimage);
6116 let reason: Option<&HTLCFailReason> = outcome.into();
6117 reason.write(writer)?;
6119 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6121 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6122 preimages.push(preimage);
6124 let reason: Option<&HTLCFailReason> = outcome.into();
6125 reason.write(writer)?;
6130 (self.holding_cell_htlc_updates.len() as u64).write(writer)?;
6131 for update in self.holding_cell_htlc_updates.iter() {
6133 &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet } => {
6135 amount_msat.write(writer)?;
6136 cltv_expiry.write(writer)?;
6137 payment_hash.write(writer)?;
6138 source.write(writer)?;
6139 onion_routing_packet.write(writer)?;
6141 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
6143 payment_preimage.write(writer)?;
6144 htlc_id.write(writer)?;
6146 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
6148 htlc_id.write(writer)?;
6149 err_packet.write(writer)?;
6154 match self.resend_order {
6155 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
6156 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
6159 self.monitor_pending_channel_ready.write(writer)?;
6160 self.monitor_pending_revoke_and_ack.write(writer)?;
6161 self.monitor_pending_commitment_signed.write(writer)?;
6163 (self.monitor_pending_forwards.len() as u64).write(writer)?;
6164 for &(ref pending_forward, ref htlc_id) in self.monitor_pending_forwards.iter() {
6165 pending_forward.write(writer)?;
6166 htlc_id.write(writer)?;
6169 (self.monitor_pending_failures.len() as u64).write(writer)?;
6170 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.monitor_pending_failures.iter() {
6171 htlc_source.write(writer)?;
6172 payment_hash.write(writer)?;
6173 fail_reason.write(writer)?;
6176 if self.is_outbound() {
6177 self.pending_update_fee.map(|(a, _)| a).write(writer)?;
6178 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.pending_update_fee {
6179 Some(feerate).write(writer)?;
6181 // As for inbound HTLCs, if the update was only announced and never committed in a
6182 // commitment_signed, drop it.
6183 None::<u32>.write(writer)?;
6185 self.holding_cell_update_fee.write(writer)?;
6187 self.next_holder_htlc_id.write(writer)?;
6188 (self.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
6189 self.update_time_counter.write(writer)?;
6190 self.feerate_per_kw.write(writer)?;
6192 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6193 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6194 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6195 // consider the stale state on reload.
6198 self.funding_tx_confirmed_in.write(writer)?;
6199 self.funding_tx_confirmation_height.write(writer)?;
6200 self.short_channel_id.write(writer)?;
6202 self.counterparty_dust_limit_satoshis.write(writer)?;
6203 self.holder_dust_limit_satoshis.write(writer)?;
6204 self.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
6206 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6207 self.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
6209 self.counterparty_htlc_minimum_msat.write(writer)?;
6210 self.holder_htlc_minimum_msat.write(writer)?;
6211 self.counterparty_max_accepted_htlcs.write(writer)?;
6213 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6214 self.minimum_depth.unwrap_or(0).write(writer)?;
6216 match &self.counterparty_forwarding_info {
6219 info.fee_base_msat.write(writer)?;
6220 info.fee_proportional_millionths.write(writer)?;
6221 info.cltv_expiry_delta.write(writer)?;
6223 None => 0u8.write(writer)?
6226 self.channel_transaction_parameters.write(writer)?;
6227 self.funding_transaction.write(writer)?;
6229 self.counterparty_cur_commitment_point.write(writer)?;
6230 self.counterparty_prev_commitment_point.write(writer)?;
6231 self.counterparty_node_id.write(writer)?;
6233 self.counterparty_shutdown_scriptpubkey.write(writer)?;
6235 self.commitment_secrets.write(writer)?;
6237 self.channel_update_status.write(writer)?;
6239 #[cfg(any(test, fuzzing))]
6240 (self.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
6241 #[cfg(any(test, fuzzing))]
6242 for htlc in self.historical_inbound_htlc_fulfills.iter() {
6243 htlc.write(writer)?;
6246 // If the channel type is something other than only-static-remote-key, then we need to have
6247 // older clients fail to deserialize this channel at all. If the type is
6248 // only-static-remote-key, we simply consider it "default" and don't write the channel type
6250 let chan_type = if self.channel_type != ChannelTypeFeatures::only_static_remote_key() {
6251 Some(&self.channel_type) } else { None };
6253 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
6254 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
6255 // a different percentage of the channel value then 10%, which older versions of LDK used
6256 // to set it to before the percentage was made configurable.
6257 let serialized_holder_selected_reserve =
6258 if self.holder_selected_channel_reserve_satoshis != Self::get_legacy_default_holder_selected_channel_reserve_satoshis(self.channel_value_satoshis)
6259 { Some(self.holder_selected_channel_reserve_satoshis) } else { None };
6261 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
6262 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
6263 let serialized_holder_htlc_max_in_flight =
6264 if self.holder_max_htlc_value_in_flight_msat != Self::get_holder_max_htlc_value_in_flight_msat(self.channel_value_satoshis, &old_max_in_flight_percent_config)
6265 { Some(self.holder_max_htlc_value_in_flight_msat) } else { None };
6267 let channel_ready_event_emitted = Some(self.channel_ready_event_emitted);
6269 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6270 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
6271 // we write the high bytes as an option here.
6272 let user_id_high_opt = Some((self.user_id >> 64) as u64);
6274 write_tlv_fields!(writer, {
6275 (0, self.announcement_sigs, option),
6276 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
6277 // default value instead of being Option<>al. Thus, to maintain compatibility we write
6278 // them twice, once with their original default values above, and once as an option
6279 // here. On the read side, old versions will simply ignore the odd-type entries here,
6280 // and new versions map the default values to None and allow the TLV entries here to
6282 (1, self.minimum_depth, option),
6283 (2, chan_type, option),
6284 (3, self.counterparty_selected_channel_reserve_satoshis, option),
6285 (4, serialized_holder_selected_reserve, option),
6286 (5, self.config, required),
6287 (6, serialized_holder_htlc_max_in_flight, option),
6288 (7, self.shutdown_scriptpubkey, option),
6289 (9, self.target_closing_feerate_sats_per_kw, option),
6290 (11, self.monitor_pending_finalized_fulfills, vec_type),
6291 (13, self.channel_creation_height, required),
6292 (15, preimages, vec_type),
6293 (17, self.announcement_sigs_state, required),
6294 (19, self.latest_inbound_scid_alias, option),
6295 (21, self.outbound_scid_alias, required),
6296 (23, channel_ready_event_emitted, option),
6297 (25, user_id_high_opt, option),
6304 const MAX_ALLOC_SIZE: usize = 64*1024;
6305 impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInterface>::Signer>
6306 where K::Target: KeysInterface {
6307 fn read<R : io::Read>(reader: &mut R, args: (&'a K, u32)) -> Result<Self, DecodeError> {
6308 let (keys_source, serialized_height) = args;
6309 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
6311 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6312 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
6313 // the low bytes now and the high bytes later.
6314 let user_id_low: u64 = Readable::read(reader)?;
6316 let mut config = Some(LegacyChannelConfig::default());
6318 // Read the old serialization of the ChannelConfig from version 0.0.98.
6319 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
6320 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
6321 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
6322 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
6324 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
6325 let mut _val: u64 = Readable::read(reader)?;
6328 let channel_id = Readable::read(reader)?;
6329 let channel_state = Readable::read(reader)?;
6330 let channel_value_satoshis = Readable::read(reader)?;
6332 let latest_monitor_update_id = Readable::read(reader)?;
6334 let keys_len: u32 = Readable::read(reader)?;
6335 let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
6336 while keys_data.len() != keys_len as usize {
6337 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6338 let mut data = [0; 1024];
6339 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
6340 reader.read_exact(read_slice)?;
6341 keys_data.extend_from_slice(read_slice);
6343 let holder_signer = keys_source.read_chan_signer(&keys_data)?;
6345 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
6346 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
6347 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
6350 let destination_script = Readable::read(reader)?;
6352 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
6353 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
6354 let value_to_self_msat = Readable::read(reader)?;
6356 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
6357 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
6358 for _ in 0..pending_inbound_htlc_count {
6359 pending_inbound_htlcs.push(InboundHTLCOutput {
6360 htlc_id: Readable::read(reader)?,
6361 amount_msat: Readable::read(reader)?,
6362 cltv_expiry: Readable::read(reader)?,
6363 payment_hash: Readable::read(reader)?,
6364 state: match <u8 as Readable>::read(reader)? {
6365 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
6366 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
6367 3 => InboundHTLCState::Committed,
6368 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
6369 _ => return Err(DecodeError::InvalidValue),
6374 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
6375 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
6376 for _ in 0..pending_outbound_htlc_count {
6377 pending_outbound_htlcs.push(OutboundHTLCOutput {
6378 htlc_id: Readable::read(reader)?,
6379 amount_msat: Readable::read(reader)?,
6380 cltv_expiry: Readable::read(reader)?,
6381 payment_hash: Readable::read(reader)?,
6382 source: Readable::read(reader)?,
6383 state: match <u8 as Readable>::read(reader)? {
6384 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
6385 1 => OutboundHTLCState::Committed,
6387 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6388 OutboundHTLCState::RemoteRemoved(option.into())
6391 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6392 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
6395 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6396 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
6398 _ => return Err(DecodeError::InvalidValue),
6403 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
6404 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, OUR_MAX_HTLCS as usize*2));
6405 for _ in 0..holding_cell_htlc_update_count {
6406 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
6407 0 => HTLCUpdateAwaitingACK::AddHTLC {
6408 amount_msat: Readable::read(reader)?,
6409 cltv_expiry: Readable::read(reader)?,
6410 payment_hash: Readable::read(reader)?,
6411 source: Readable::read(reader)?,
6412 onion_routing_packet: Readable::read(reader)?,
6414 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
6415 payment_preimage: Readable::read(reader)?,
6416 htlc_id: Readable::read(reader)?,
6418 2 => HTLCUpdateAwaitingACK::FailHTLC {
6419 htlc_id: Readable::read(reader)?,
6420 err_packet: Readable::read(reader)?,
6422 _ => return Err(DecodeError::InvalidValue),
6426 let resend_order = match <u8 as Readable>::read(reader)? {
6427 0 => RAACommitmentOrder::CommitmentFirst,
6428 1 => RAACommitmentOrder::RevokeAndACKFirst,
6429 _ => return Err(DecodeError::InvalidValue),
6432 let monitor_pending_channel_ready = Readable::read(reader)?;
6433 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
6434 let monitor_pending_commitment_signed = Readable::read(reader)?;
6436 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
6437 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, OUR_MAX_HTLCS as usize));
6438 for _ in 0..monitor_pending_forwards_count {
6439 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
6442 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
6443 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, OUR_MAX_HTLCS as usize));
6444 for _ in 0..monitor_pending_failures_count {
6445 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
6448 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
6450 let holding_cell_update_fee = Readable::read(reader)?;
6452 let next_holder_htlc_id = Readable::read(reader)?;
6453 let next_counterparty_htlc_id = Readable::read(reader)?;
6454 let update_time_counter = Readable::read(reader)?;
6455 let feerate_per_kw = Readable::read(reader)?;
6457 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6458 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6459 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6460 // consider the stale state on reload.
6461 match <u8 as Readable>::read(reader)? {
6464 let _: u32 = Readable::read(reader)?;
6465 let _: u64 = Readable::read(reader)?;
6466 let _: Signature = Readable::read(reader)?;
6468 _ => return Err(DecodeError::InvalidValue),
6471 let funding_tx_confirmed_in = Readable::read(reader)?;
6472 let funding_tx_confirmation_height = Readable::read(reader)?;
6473 let short_channel_id = Readable::read(reader)?;
6475 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
6476 let holder_dust_limit_satoshis = Readable::read(reader)?;
6477 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
6478 let mut counterparty_selected_channel_reserve_satoshis = None;
6480 // Read the old serialization from version 0.0.98.
6481 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
6483 // Read the 8 bytes of backwards-compatibility data.
6484 let _dummy: u64 = Readable::read(reader)?;
6486 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
6487 let holder_htlc_minimum_msat = Readable::read(reader)?;
6488 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
6490 let mut minimum_depth = None;
6492 // Read the old serialization from version 0.0.98.
6493 minimum_depth = Some(Readable::read(reader)?);
6495 // Read the 4 bytes of backwards-compatibility data.
6496 let _dummy: u32 = Readable::read(reader)?;
6499 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
6501 1 => Some(CounterpartyForwardingInfo {
6502 fee_base_msat: Readable::read(reader)?,
6503 fee_proportional_millionths: Readable::read(reader)?,
6504 cltv_expiry_delta: Readable::read(reader)?,
6506 _ => return Err(DecodeError::InvalidValue),
6509 let channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
6510 let funding_transaction = Readable::read(reader)?;
6512 let counterparty_cur_commitment_point = Readable::read(reader)?;
6514 let counterparty_prev_commitment_point = Readable::read(reader)?;
6515 let counterparty_node_id = Readable::read(reader)?;
6517 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
6518 let commitment_secrets = Readable::read(reader)?;
6520 let channel_update_status = Readable::read(reader)?;
6522 #[cfg(any(test, fuzzing))]
6523 let mut historical_inbound_htlc_fulfills = HashSet::new();
6524 #[cfg(any(test, fuzzing))]
6526 let htlc_fulfills_len: u64 = Readable::read(reader)?;
6527 for _ in 0..htlc_fulfills_len {
6528 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
6532 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
6533 Some((feerate, if channel_parameters.is_outbound_from_holder {
6534 FeeUpdateState::Outbound
6536 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
6542 let mut announcement_sigs = None;
6543 let mut target_closing_feerate_sats_per_kw = None;
6544 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
6545 let mut holder_selected_channel_reserve_satoshis = Some(Self::get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
6546 let mut holder_max_htlc_value_in_flight_msat = Some(Self::get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
6547 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
6548 // only, so we default to that if none was written.
6549 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
6550 let mut channel_creation_height = Some(serialized_height);
6551 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
6553 // If we read an old Channel, for simplicity we just treat it as "we never sent an
6554 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
6555 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
6556 let mut latest_inbound_scid_alias = None;
6557 let mut outbound_scid_alias = None;
6558 let mut channel_ready_event_emitted = None;
6560 let mut user_id_high_opt: Option<u64> = None;
6562 read_tlv_fields!(reader, {
6563 (0, announcement_sigs, option),
6564 (1, minimum_depth, option),
6565 (2, channel_type, option),
6566 (3, counterparty_selected_channel_reserve_satoshis, option),
6567 (4, holder_selected_channel_reserve_satoshis, option),
6568 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
6569 (6, holder_max_htlc_value_in_flight_msat, option),
6570 (7, shutdown_scriptpubkey, option),
6571 (9, target_closing_feerate_sats_per_kw, option),
6572 (11, monitor_pending_finalized_fulfills, vec_type),
6573 (13, channel_creation_height, option),
6574 (15, preimages_opt, vec_type),
6575 (17, announcement_sigs_state, option),
6576 (19, latest_inbound_scid_alias, option),
6577 (21, outbound_scid_alias, option),
6578 (23, channel_ready_event_emitted, option),
6579 (25, user_id_high_opt, option),
6582 if let Some(preimages) = preimages_opt {
6583 let mut iter = preimages.into_iter();
6584 for htlc in pending_outbound_htlcs.iter_mut() {
6586 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
6587 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
6589 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
6590 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
6595 // We expect all preimages to be consumed above
6596 if iter.next().is_some() {
6597 return Err(DecodeError::InvalidValue);
6601 let chan_features = channel_type.as_ref().unwrap();
6602 if chan_features.supports_unknown_bits() || chan_features.requires_unknown_bits() {
6603 // If the channel was written by a new version and negotiated with features we don't
6604 // understand yet, refuse to read it.
6605 return Err(DecodeError::UnknownRequiredFeature);
6608 if channel_parameters.opt_anchors.is_some() {
6609 // Relax this check when ChannelTypeFeatures supports anchors.
6610 return Err(DecodeError::InvalidValue);
6613 let mut secp_ctx = Secp256k1::new();
6614 secp_ctx.seeded_randomize(&keys_source.get_secure_random_bytes());
6616 // `user_id` used to be a single u64 value. In order to remain backwards
6617 // compatible with versions prior to 0.0.113, the u128 is serialized as two
6618 // separate u64 values.
6619 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
6624 config: config.unwrap(),
6628 // Note that we don't care about serializing handshake limits as we only ever serialize
6629 // channel data after the handshake has completed.
6630 inbound_handshake_limits_override: None,
6634 announcement_sigs_state: announcement_sigs_state.unwrap(),
6636 channel_value_satoshis,
6638 latest_monitor_update_id,
6641 shutdown_scriptpubkey,
6644 cur_holder_commitment_transaction_number,
6645 cur_counterparty_commitment_transaction_number,
6648 pending_inbound_htlcs,
6649 pending_outbound_htlcs,
6650 holding_cell_htlc_updates,
6654 monitor_pending_channel_ready,
6655 monitor_pending_revoke_and_ack,
6656 monitor_pending_commitment_signed,
6657 monitor_pending_forwards,
6658 monitor_pending_failures,
6659 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
6662 holding_cell_update_fee,
6663 next_holder_htlc_id,
6664 next_counterparty_htlc_id,
6665 update_time_counter,
6668 #[cfg(debug_assertions)]
6669 holder_max_commitment_tx_output: Mutex::new((0, 0)),
6670 #[cfg(debug_assertions)]
6671 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
6673 last_sent_closing_fee: None,
6674 pending_counterparty_closing_signed: None,
6675 closing_fee_limits: None,
6676 target_closing_feerate_sats_per_kw,
6678 inbound_awaiting_accept: false,
6680 funding_tx_confirmed_in,
6681 funding_tx_confirmation_height,
6683 channel_creation_height: channel_creation_height.unwrap(),
6685 counterparty_dust_limit_satoshis,
6686 holder_dust_limit_satoshis,
6687 counterparty_max_htlc_value_in_flight_msat,
6688 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
6689 counterparty_selected_channel_reserve_satoshis,
6690 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
6691 counterparty_htlc_minimum_msat,
6692 holder_htlc_minimum_msat,
6693 counterparty_max_accepted_htlcs,
6696 counterparty_forwarding_info,
6698 channel_transaction_parameters: channel_parameters,
6699 funding_transaction,
6701 counterparty_cur_commitment_point,
6702 counterparty_prev_commitment_point,
6703 counterparty_node_id,
6705 counterparty_shutdown_scriptpubkey,
6709 channel_update_status,
6710 closing_signed_in_flight: false,
6714 #[cfg(any(test, fuzzing))]
6715 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6716 #[cfg(any(test, fuzzing))]
6717 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6719 workaround_lnd_bug_4006: None,
6721 latest_inbound_scid_alias,
6722 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
6723 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
6725 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
6727 #[cfg(any(test, fuzzing))]
6728 historical_inbound_htlc_fulfills,
6730 channel_type: channel_type.unwrap(),
6738 use bitcoin::blockdata::script::{Script, Builder};
6739 use bitcoin::blockdata::transaction::{Transaction, TxOut};
6740 use bitcoin::blockdata::constants::genesis_block;
6741 use bitcoin::blockdata::opcodes;
6742 use bitcoin::network::constants::Network;
6744 use crate::ln::PaymentHash;
6745 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
6746 use crate::ln::channel::{Channel, InboundHTLCOutput, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator};
6747 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
6748 use crate::ln::features::ChannelTypeFeatures;
6749 use crate::ln::msgs::{ChannelUpdate, DataLossProtect, DecodeError, OptionalField, UnsignedChannelUpdate, MAX_VALUE_MSAT};
6750 use crate::ln::script::ShutdownScript;
6751 use crate::ln::chan_utils;
6752 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
6753 use crate::chain::BestBlock;
6754 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
6755 use crate::chain::keysinterface::{InMemorySigner, Recipient, KeyMaterial, KeysInterface};
6756 use crate::chain::transaction::OutPoint;
6757 use crate::util::config::UserConfig;
6758 use crate::util::enforcing_trait_impls::EnforcingSigner;
6759 use crate::util::errors::APIError;
6760 use crate::util::test_utils;
6761 use crate::util::test_utils::OnGetShutdownScriptpubkey;
6762 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature, Scalar};
6763 use bitcoin::secp256k1::ffi::Signature as FFISignature;
6764 use bitcoin::secp256k1::{SecretKey,PublicKey};
6765 use bitcoin::secp256k1::ecdh::SharedSecret;
6766 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
6767 use bitcoin::hashes::sha256::Hash as Sha256;
6768 use bitcoin::hashes::Hash;
6769 use bitcoin::hash_types::WPubkeyHash;
6770 use bitcoin::bech32::u5;
6771 use bitcoin::PackedLockTime;
6772 use bitcoin::util::address::WitnessVersion;
6773 use crate::prelude::*;
6775 struct TestFeeEstimator {
6778 impl FeeEstimator for TestFeeEstimator {
6779 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
6785 fn test_max_funding_satoshis_no_wumbo() {
6786 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
6787 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
6788 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
6792 fn test_no_fee_check_overflow() {
6793 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
6794 // arithmetic, causing a panic with debug assertions enabled.
6795 let fee_est = TestFeeEstimator { fee_est: 42 };
6796 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
6797 assert!(Channel::<InMemorySigner>::check_remote_fee(&bounded_fee_estimator,
6798 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
6802 signer: InMemorySigner,
6804 impl KeysInterface for Keys {
6805 type Signer = InMemorySigner;
6807 fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { panic!(); }
6808 fn ecdh(&self, _recipient: Recipient, _other_key: &PublicKey, _tweak: Option<&Scalar>) -> Result<SharedSecret, ()> { panic!(); }
6809 fn get_inbound_payment_key_material(&self) -> KeyMaterial { panic!(); }
6810 fn get_destination_script(&self) -> Script {
6811 let secp_ctx = Secp256k1::signing_only();
6812 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
6813 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
6814 Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script()
6817 fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {
6818 let secp_ctx = Secp256k1::signing_only();
6819 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
6820 ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key))
6823 fn get_channel_signer(&self, _inbound: bool, _channel_value_satoshis: u64) -> InMemorySigner {
6826 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
6827 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
6828 fn sign_invoice(&self, _hrp_bytes: &[u8], _invoice_data: &[u5], _recipient: Recipient) -> Result<RecoverableSignature, ()> { panic!(); }
6831 #[cfg(not(feature = "grind_signatures"))]
6832 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
6833 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
6837 fn upfront_shutdown_script_incompatibility() {
6838 let features = channelmanager::provided_init_features().clear_shutdown_anysegwit();
6839 let non_v0_segwit_shutdown_script =
6840 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
6842 let seed = [42; 32];
6843 let network = Network::Testnet;
6844 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6845 keys_provider.expect(OnGetShutdownScriptpubkey {
6846 returns: non_v0_segwit_shutdown_script.clone(),
6849 let secp_ctx = Secp256k1::new();
6850 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6851 let config = UserConfig::default();
6852 match Channel::<EnforcingSigner>::new_outbound(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
6853 Err(APIError::IncompatibleShutdownScript { script }) => {
6854 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
6856 Err(e) => panic!("Unexpected error: {:?}", e),
6857 Ok(_) => panic!("Expected error"),
6861 // Check that, during channel creation, we use the same feerate in the open channel message
6862 // as we do in the Channel object creation itself.
6864 fn test_open_channel_msg_fee() {
6865 let original_fee = 253;
6866 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
6867 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
6868 let secp_ctx = Secp256k1::new();
6869 let seed = [42; 32];
6870 let network = Network::Testnet;
6871 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6873 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6874 let config = UserConfig::default();
6875 let node_a_chan = Channel::<EnforcingSigner>::new_outbound(&bounded_fee_estimator, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6877 // Now change the fee so we can check that the fee in the open_channel message is the
6878 // same as the old fee.
6879 fee_est.fee_est = 500;
6880 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
6881 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
6885 fn test_holder_vs_counterparty_dust_limit() {
6886 // Test that when calculating the local and remote commitment transaction fees, the correct
6887 // dust limits are used.
6888 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
6889 let secp_ctx = Secp256k1::new();
6890 let seed = [42; 32];
6891 let network = Network::Testnet;
6892 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6893 let logger = test_utils::TestLogger::new();
6895 // Go through the flow of opening a channel between two nodes, making sure
6896 // they have different dust limits.
6898 // Create Node A's channel pointing to Node B's pubkey
6899 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6900 let config = UserConfig::default();
6901 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6903 // Create Node B's channel by receiving Node A's open_channel message
6904 // Make sure A's dust limit is as we expect.
6905 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
6906 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
6907 let mut node_b_chan = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
6909 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
6910 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
6911 accept_channel_msg.dust_limit_satoshis = 546;
6912 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features()).unwrap();
6913 node_a_chan.holder_dust_limit_satoshis = 1560;
6915 // Put some inbound and outbound HTLCs in A's channel.
6916 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
6917 node_a_chan.pending_inbound_htlcs.push(InboundHTLCOutput {
6919 amount_msat: htlc_amount_msat,
6920 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
6921 cltv_expiry: 300000000,
6922 state: InboundHTLCState::Committed,
6925 node_a_chan.pending_outbound_htlcs.push(OutboundHTLCOutput {
6927 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
6928 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
6929 cltv_expiry: 200000000,
6930 state: OutboundHTLCState::Committed,
6931 source: HTLCSource::OutboundRoute {
6933 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
6934 first_hop_htlc_msat: 548,
6935 payment_id: PaymentId([42; 32]),
6936 payment_secret: None,
6937 payment_params: None,
6941 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
6942 // the dust limit check.
6943 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
6944 let local_commit_tx_fee = node_a_chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6945 let local_commit_fee_0_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(node_a_chan.feerate_per_kw, 0, node_a_chan.opt_anchors());
6946 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
6948 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
6949 // of the HTLCs are seen to be above the dust limit.
6950 node_a_chan.channel_transaction_parameters.is_outbound_from_holder = false;
6951 let remote_commit_fee_3_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(node_a_chan.feerate_per_kw, 3, node_a_chan.opt_anchors());
6952 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
6953 let remote_commit_tx_fee = node_a_chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
6954 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
6958 fn test_timeout_vs_success_htlc_dust_limit() {
6959 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
6960 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
6961 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
6962 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
6963 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
6964 let secp_ctx = Secp256k1::new();
6965 let seed = [42; 32];
6966 let network = Network::Testnet;
6967 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6969 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6970 let config = UserConfig::default();
6971 let mut chan = Channel::<EnforcingSigner>::new_outbound(&fee_est, &&keys_provider, node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6973 let commitment_tx_fee_0_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(chan.feerate_per_kw, 0, chan.opt_anchors());
6974 let commitment_tx_fee_1_htlc = Channel::<EnforcingSigner>::commit_tx_fee_msat(chan.feerate_per_kw, 1, chan.opt_anchors());
6976 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
6977 // counted as dust when it shouldn't be.
6978 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.opt_anchors()) / 1000) + chan.holder_dust_limit_satoshis + 1) * 1000;
6979 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
6980 let commitment_tx_fee = chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6981 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
6983 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
6984 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.opt_anchors()) / 1000) + chan.holder_dust_limit_satoshis - 1) * 1000;
6985 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
6986 let commitment_tx_fee = chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6987 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
6989 chan.channel_transaction_parameters.is_outbound_from_holder = false;
6991 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
6992 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.opt_anchors()) / 1000) + chan.counterparty_dust_limit_satoshis + 1) * 1000;
6993 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
6994 let commitment_tx_fee = chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
6995 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
6997 // If swapped: this HTLC would be counted as dust when it shouldn't be.
6998 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.opt_anchors()) / 1000) + chan.counterparty_dust_limit_satoshis - 1) * 1000;
6999 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7000 let commitment_tx_fee = chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7001 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7005 fn channel_reestablish_no_updates() {
7006 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7007 let logger = test_utils::TestLogger::new();
7008 let secp_ctx = Secp256k1::new();
7009 let seed = [42; 32];
7010 let network = Network::Testnet;
7011 let best_block = BestBlock::from_genesis(network);
7012 let chain_hash = best_block.block_hash();
7013 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7015 // Go through the flow of opening a channel between two nodes.
7017 // Create Node A's channel pointing to Node B's pubkey
7018 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7019 let config = UserConfig::default();
7020 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
7022 // Create Node B's channel by receiving Node A's open_channel message
7023 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
7024 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7025 let mut node_b_chan = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7027 // Node B --> Node A: accept channel
7028 let accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7029 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features()).unwrap();
7031 // Node A --> Node B: funding created
7032 let output_script = node_a_chan.get_funding_redeemscript();
7033 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7034 value: 10000000, script_pubkey: output_script.clone(),
7036 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7037 let funding_created_msg = node_a_chan.get_outbound_funding_created(tx.clone(), funding_outpoint, &&logger).unwrap();
7038 let (funding_signed_msg, _, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&logger).unwrap();
7040 // Node B --> Node A: funding signed
7041 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&logger);
7043 // Now disconnect the two nodes and check that the commitment point in
7044 // Node B's channel_reestablish message is sane.
7045 node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7046 let msg = node_b_chan.get_channel_reestablish(&&logger);
7047 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7048 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7049 match msg.data_loss_protect {
7050 OptionalField::Present(DataLossProtect { your_last_per_commitment_secret, .. }) => {
7051 assert_eq!(your_last_per_commitment_secret, [0; 32]);
7056 // Check that the commitment point in Node A's channel_reestablish message
7058 node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7059 let msg = node_a_chan.get_channel_reestablish(&&logger);
7060 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7061 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7062 match msg.data_loss_protect {
7063 OptionalField::Present(DataLossProtect { your_last_per_commitment_secret, .. }) => {
7064 assert_eq!(your_last_per_commitment_secret, [0; 32]);
7071 fn test_configured_holder_max_htlc_value_in_flight() {
7072 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7073 let logger = test_utils::TestLogger::new();
7074 let secp_ctx = Secp256k1::new();
7075 let seed = [42; 32];
7076 let network = Network::Testnet;
7077 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7078 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7079 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7081 let mut config_2_percent = UserConfig::default();
7082 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
7083 let mut config_99_percent = UserConfig::default();
7084 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
7085 let mut config_0_percent = UserConfig::default();
7086 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
7087 let mut config_101_percent = UserConfig::default();
7088 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
7090 // Test that `new_outbound` creates a channel with the correct value for
7091 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7092 // which is set to the lower bound + 1 (2%) of the `channel_value`.
7093 let chan_1 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
7094 let chan_1_value_msat = chan_1.channel_value_satoshis * 1000;
7095 assert_eq!(chan_1.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
7097 // Test with the upper bound - 1 of valid values (99%).
7098 let chan_2 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
7099 let chan_2_value_msat = chan_2.channel_value_satoshis * 1000;
7100 assert_eq!(chan_2.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
7102 let chan_1_open_channel_msg = chan_1.get_open_channel(genesis_block(network).header.block_hash());
7104 // Test that `new_from_req` creates a channel with the correct value for
7105 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7106 // which is set to the lower bound - 1 (2%) of the `channel_value`.
7107 let chan_3 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, 42).unwrap();
7108 let chan_3_value_msat = chan_3.channel_value_satoshis * 1000;
7109 assert_eq!(chan_3.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
7111 // Test with the upper bound - 1 of valid values (99%).
7112 let chan_4 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, 42).unwrap();
7113 let chan_4_value_msat = chan_4.channel_value_satoshis * 1000;
7114 assert_eq!(chan_4.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
7116 // Test that `new_outbound` uses the lower bound of the configurable percentage values (1%)
7117 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7118 let chan_5 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
7119 let chan_5_value_msat = chan_5.channel_value_satoshis * 1000;
7120 assert_eq!(chan_5.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
7122 // Test that `new_outbound` uses the upper bound of the configurable percentage values
7123 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7125 let chan_6 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
7126 let chan_6_value_msat = chan_6.channel_value_satoshis * 1000;
7127 assert_eq!(chan_6.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
7129 // Test that `new_from_req` uses the lower bound of the configurable percentage values (1%)
7130 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7131 let chan_7 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, 42).unwrap();
7132 let chan_7_value_msat = chan_7.channel_value_satoshis * 1000;
7133 assert_eq!(chan_7.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
7135 // Test that `new_from_req` uses the upper bound of the configurable percentage values
7136 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7138 let chan_8 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, 42).unwrap();
7139 let chan_8_value_msat = chan_8.channel_value_satoshis * 1000;
7140 assert_eq!(chan_8.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
7144 fn test_configured_holder_selected_channel_reserve_satoshis() {
7146 // Test that `new_outbound` and `new_from_req` create a channel with the correct
7147 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
7148 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
7150 // Test with valid but unreasonably high channel reserves
7151 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
7152 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
7153 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
7155 // Test with calculated channel reserve less than lower bound
7156 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
7157 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
7159 // Test with invalid channel reserves since sum of both is greater than or equal
7161 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
7162 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
7165 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
7166 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
7167 let logger = test_utils::TestLogger::new();
7168 let secp_ctx = Secp256k1::new();
7169 let seed = [42; 32];
7170 let network = Network::Testnet;
7171 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7172 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7173 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7176 let mut outbound_node_config = UserConfig::default();
7177 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7178 let chan = Channel::<EnforcingSigner>::new_outbound(&&fee_est, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
7180 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
7181 assert_eq!(chan.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
7183 let chan_open_channel_msg = chan.get_open_channel(genesis_block(network).header.block_hash());
7184 let mut inbound_node_config = UserConfig::default();
7185 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7187 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
7188 let chan_inbound_node = Channel::<EnforcingSigner>::new_from_req(&&fee_est, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42).unwrap();
7190 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
7192 assert_eq!(chan_inbound_node.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
7193 assert_eq!(chan_inbound_node.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
7195 // Channel Negotiations failed
7196 let result = Channel::<EnforcingSigner>::new_from_req(&&fee_est, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42);
7197 assert!(result.is_err());
7202 fn channel_update() {
7203 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7204 let secp_ctx = Secp256k1::new();
7205 let seed = [42; 32];
7206 let network = Network::Testnet;
7207 let chain_hash = genesis_block(network).header.block_hash();
7208 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7210 // Create a channel.
7211 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7212 let config = UserConfig::default();
7213 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
7214 assert!(node_a_chan.counterparty_forwarding_info.is_none());
7215 assert_eq!(node_a_chan.holder_htlc_minimum_msat, 1); // the default
7216 assert!(node_a_chan.counterparty_forwarding_info().is_none());
7218 // Make sure that receiving a channel update will update the Channel as expected.
7219 let update = ChannelUpdate {
7220 contents: UnsignedChannelUpdate {
7222 short_channel_id: 0,
7225 cltv_expiry_delta: 100,
7226 htlc_minimum_msat: 5,
7227 htlc_maximum_msat: MAX_VALUE_MSAT,
7229 fee_proportional_millionths: 11,
7230 excess_data: Vec::new(),
7232 signature: Signature::from(unsafe { FFISignature::new() })
7234 node_a_chan.channel_update(&update).unwrap();
7236 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
7237 // change our official htlc_minimum_msat.
7238 assert_eq!(node_a_chan.holder_htlc_minimum_msat, 1);
7239 match node_a_chan.counterparty_forwarding_info() {
7241 assert_eq!(info.cltv_expiry_delta, 100);
7242 assert_eq!(info.fee_base_msat, 110);
7243 assert_eq!(info.fee_proportional_millionths, 11);
7245 None => panic!("expected counterparty forwarding info to be Some")
7249 #[cfg(not(feature = "grind_signatures"))]
7251 fn outbound_commitment_test() {
7252 use bitcoin::util::sighash;
7253 use bitcoin::consensus::encode::serialize;
7254 use bitcoin::blockdata::transaction::EcdsaSighashType;
7255 use bitcoin::hashes::hex::FromHex;
7256 use bitcoin::hash_types::Txid;
7257 use bitcoin::secp256k1::Message;
7258 use crate::chain::keysinterface::BaseSign;
7259 use crate::ln::PaymentPreimage;
7260 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
7261 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
7262 use crate::util::logger::Logger;
7263 use crate::sync::Arc;
7265 // Test vectors from BOLT 3 Appendices C and F (anchors):
7266 let feeest = TestFeeEstimator{fee_est: 15000};
7267 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
7268 let secp_ctx = Secp256k1::new();
7270 let mut signer = InMemorySigner::new(
7272 SecretKey::from_slice(&hex::decode("4242424242424242424242424242424242424242424242424242424242424242").unwrap()[..]).unwrap(),
7273 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
7274 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7275 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
7276 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
7277 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
7279 // These aren't set in the test vectors:
7280 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
7285 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
7286 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
7287 let keys_provider = Keys { signer: signer.clone() };
7289 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7290 let mut config = UserConfig::default();
7291 config.channel_handshake_config.announced_channel = false;
7292 let mut chan = Channel::<InMemorySigner>::new_outbound(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(), 10_000_000, 100000, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
7293 chan.holder_dust_limit_satoshis = 546;
7294 chan.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
7296 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
7298 let counterparty_pubkeys = ChannelPublicKeys {
7299 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
7300 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
7301 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
7302 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
7303 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
7305 chan.channel_transaction_parameters.counterparty_parameters = Some(
7306 CounterpartyChannelTransactionParameters {
7307 pubkeys: counterparty_pubkeys.clone(),
7308 selected_contest_delay: 144
7310 chan.channel_transaction_parameters.funding_outpoint = Some(funding_info);
7311 signer.ready_channel(&chan.channel_transaction_parameters);
7313 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
7314 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
7316 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
7317 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
7319 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
7320 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
7322 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
7323 // derived from a commitment_seed, so instead we copy it here and call
7324 // build_commitment_transaction.
7325 let delayed_payment_base = &chan.holder_signer.pubkeys().delayed_payment_basepoint;
7326 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
7327 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
7328 let htlc_basepoint = &chan.holder_signer.pubkeys().htlc_basepoint;
7329 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint).unwrap();
7331 macro_rules! test_commitment {
7332 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
7333 chan.channel_transaction_parameters.opt_anchors = None;
7334 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, false, $($remain)*);
7338 macro_rules! test_commitment_with_anchors {
7339 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
7340 chan.channel_transaction_parameters.opt_anchors = Some(());
7341 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, true, $($remain)*);
7345 macro_rules! test_commitment_common {
7346 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
7347 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
7349 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
7350 let mut commitment_stats = chan.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
7352 let htlcs = commitment_stats.htlcs_included.drain(..)
7353 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
7355 (commitment_stats.tx, htlcs)
7357 let trusted_tx = commitment_tx.trust();
7358 let unsigned_tx = trusted_tx.built_transaction();
7359 let redeemscript = chan.get_funding_redeemscript();
7360 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
7361 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.channel_value_satoshis);
7362 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
7363 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
7365 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
7366 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
7367 let mut counterparty_htlc_sigs = Vec::new();
7368 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
7370 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
7371 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
7372 counterparty_htlc_sigs.push(remote_signature);
7374 assert_eq!(htlcs.len(), per_htlc.len());
7376 let holder_commitment_tx = HolderCommitmentTransaction::new(
7377 commitment_tx.clone(),
7378 counterparty_signature,
7379 counterparty_htlc_sigs,
7380 &chan.holder_signer.pubkeys().funding_pubkey,
7381 chan.counterparty_funding_pubkey()
7383 let (holder_sig, htlc_sigs) = signer.sign_holder_commitment_and_htlcs(&holder_commitment_tx, &secp_ctx).unwrap();
7384 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
7386 let funding_redeemscript = chan.get_funding_redeemscript();
7387 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
7388 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
7390 // ((htlc, counterparty_sig), (index, holder_sig))
7391 let mut htlc_sig_iter = holder_commitment_tx.htlcs().iter().zip(&holder_commitment_tx.counterparty_htlc_sigs).zip(htlc_sigs.iter().enumerate());
7394 log_trace!(logger, "verifying htlc {}", $htlc_idx);
7395 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
7397 let ref htlc = htlcs[$htlc_idx];
7398 let htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.feerate_per_kw,
7399 chan.get_counterparty_selected_contest_delay().unwrap(),
7400 &htlc, $opt_anchors, false, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
7401 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
7402 let htlc_sighashtype = if $opt_anchors { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
7403 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
7404 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
7406 let mut preimage: Option<PaymentPreimage> = None;
7409 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
7410 if out == htlc.payment_hash {
7411 preimage = Some(PaymentPreimage([i; 32]));
7415 assert!(preimage.is_some());
7418 let htlc_sig = htlc_sig_iter.next().unwrap();
7419 let num_anchors = if $opt_anchors { 2 } else { 0 };
7420 assert_eq!((htlc_sig.0).0.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
7422 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
7423 assert_eq!(signature, *(htlc_sig.1).1, "htlc sig");
7424 let index = (htlc_sig.1).0;
7425 let channel_parameters = chan.channel_transaction_parameters.as_holder_broadcastable();
7426 let trusted_tx = holder_commitment_tx.trust();
7427 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))));
7428 assert_eq!(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))[..],
7429 hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
7431 assert!(htlc_sig_iter.next().is_none());
7435 // simple commitment tx with no HTLCs
7436 chan.value_to_self_msat = 7000000000;
7438 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
7439 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
7440 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7442 // anchors: simple commitment tx with no HTLCs
7443 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
7444 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
7445 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7447 chan.pending_inbound_htlcs.push({
7448 let mut out = InboundHTLCOutput{
7450 amount_msat: 1000000,
7452 payment_hash: PaymentHash([0; 32]),
7453 state: InboundHTLCState::Committed,
7455 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
7458 chan.pending_inbound_htlcs.push({
7459 let mut out = InboundHTLCOutput{
7461 amount_msat: 2000000,
7463 payment_hash: PaymentHash([0; 32]),
7464 state: InboundHTLCState::Committed,
7466 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
7469 chan.pending_outbound_htlcs.push({
7470 let mut out = OutboundHTLCOutput{
7472 amount_msat: 2000000,
7474 payment_hash: PaymentHash([0; 32]),
7475 state: OutboundHTLCState::Committed,
7476 source: HTLCSource::dummy(),
7478 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
7481 chan.pending_outbound_htlcs.push({
7482 let mut out = OutboundHTLCOutput{
7484 amount_msat: 3000000,
7486 payment_hash: PaymentHash([0; 32]),
7487 state: OutboundHTLCState::Committed,
7488 source: HTLCSource::dummy(),
7490 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
7493 chan.pending_inbound_htlcs.push({
7494 let mut out = InboundHTLCOutput{
7496 amount_msat: 4000000,
7498 payment_hash: PaymentHash([0; 32]),
7499 state: InboundHTLCState::Committed,
7501 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
7505 // commitment tx with all five HTLCs untrimmed (minimum feerate)
7506 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7507 chan.feerate_per_kw = 0;
7509 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
7510 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
7511 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7514 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
7515 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
7516 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
7519 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
7520 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
7521 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7524 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
7525 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
7526 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7529 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
7530 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
7531 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7534 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
7535 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
7536 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7539 // commitment tx with seven outputs untrimmed (maximum feerate)
7540 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7541 chan.feerate_per_kw = 647;
7543 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
7544 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
7545 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7548 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
7549 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
7550 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
7553 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
7554 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
7555 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7558 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
7559 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
7560 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7563 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
7564 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
7565 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7568 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
7569 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
7570 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7573 // commitment tx with six outputs untrimmed (minimum feerate)
7574 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7575 chan.feerate_per_kw = 648;
7577 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
7578 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
7579 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7582 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
7583 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
7584 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7587 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
7588 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
7589 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7592 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
7593 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
7594 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7597 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
7598 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
7599 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7602 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
7603 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7604 chan.feerate_per_kw = 645;
7605 chan.holder_dust_limit_satoshis = 1001;
7607 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
7608 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
7609 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7612 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
7613 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
7614 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
7617 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
7618 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
7619 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
7622 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
7623 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
7624 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
7627 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
7628 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
7629 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7632 // commitment tx with six outputs untrimmed (maximum feerate)
7633 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7634 chan.feerate_per_kw = 2069;
7635 chan.holder_dust_limit_satoshis = 546;
7637 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
7638 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
7639 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7642 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
7643 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
7644 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7647 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
7648 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
7649 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7652 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
7653 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
7654 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7657 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
7658 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
7659 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7662 // commitment tx with five outputs untrimmed (minimum feerate)
7663 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7664 chan.feerate_per_kw = 2070;
7666 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
7667 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
7668 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7671 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
7672 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
7673 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7676 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
7677 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
7678 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7681 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
7682 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
7683 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7686 // commitment tx with five outputs untrimmed (maximum feerate)
7687 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7688 chan.feerate_per_kw = 2194;
7690 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
7691 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
7692 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7695 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
7696 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
7697 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7700 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
7701 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
7702 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7705 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
7706 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
7707 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7710 // commitment tx with four outputs untrimmed (minimum feerate)
7711 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7712 chan.feerate_per_kw = 2195;
7714 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
7715 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
7716 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7719 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
7720 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
7721 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7724 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
7725 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
7726 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7729 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
7730 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7731 chan.feerate_per_kw = 2185;
7732 chan.holder_dust_limit_satoshis = 2001;
7734 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
7735 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
7736 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7739 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
7740 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
7741 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
7744 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
7745 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
7746 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7749 // commitment tx with four outputs untrimmed (maximum feerate)
7750 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7751 chan.feerate_per_kw = 3702;
7752 chan.holder_dust_limit_satoshis = 546;
7754 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
7755 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
7756 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7759 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
7760 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
7761 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7764 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
7765 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
7766 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7769 // commitment tx with three outputs untrimmed (minimum feerate)
7770 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7771 chan.feerate_per_kw = 3703;
7773 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
7774 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
7775 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7778 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
7779 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
7780 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7783 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
7784 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7785 chan.feerate_per_kw = 3687;
7786 chan.holder_dust_limit_satoshis = 3001;
7788 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
7789 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
7790 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7793 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
7794 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
7795 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7798 // commitment tx with three outputs untrimmed (maximum feerate)
7799 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7800 chan.feerate_per_kw = 4914;
7801 chan.holder_dust_limit_satoshis = 546;
7803 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
7804 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
7805 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7808 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
7809 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
7810 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7813 // commitment tx with two outputs untrimmed (minimum feerate)
7814 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7815 chan.feerate_per_kw = 4915;
7816 chan.holder_dust_limit_satoshis = 546;
7818 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
7819 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
7820 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7822 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
7823 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7824 chan.feerate_per_kw = 4894;
7825 chan.holder_dust_limit_satoshis = 4001;
7827 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
7828 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
7829 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7831 // commitment tx with two outputs untrimmed (maximum feerate)
7832 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7833 chan.feerate_per_kw = 9651180;
7834 chan.holder_dust_limit_satoshis = 546;
7836 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
7837 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
7838 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7840 // commitment tx with one output untrimmed (minimum feerate)
7841 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7842 chan.feerate_per_kw = 9651181;
7844 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
7845 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
7846 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7848 // anchors: commitment tx with one output untrimmed (minimum dust limit)
7849 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7850 chan.feerate_per_kw = 6216010;
7851 chan.holder_dust_limit_satoshis = 4001;
7853 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
7854 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
7855 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7857 // commitment tx with fee greater than funder amount
7858 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7859 chan.feerate_per_kw = 9651936;
7860 chan.holder_dust_limit_satoshis = 546;
7862 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
7863 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
7864 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7866 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
7867 chan.value_to_self_msat = 7_000_000_000 - 2_000_000;
7868 chan.feerate_per_kw = 253;
7869 chan.pending_inbound_htlcs.clear();
7870 chan.pending_inbound_htlcs.push({
7871 let mut out = InboundHTLCOutput{
7873 amount_msat: 2000000,
7875 payment_hash: PaymentHash([0; 32]),
7876 state: InboundHTLCState::Committed,
7878 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
7881 chan.pending_outbound_htlcs.clear();
7882 chan.pending_outbound_htlcs.push({
7883 let mut out = OutboundHTLCOutput{
7885 amount_msat: 5000000,
7887 payment_hash: PaymentHash([0; 32]),
7888 state: OutboundHTLCState::Committed,
7889 source: HTLCSource::dummy(),
7891 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
7894 chan.pending_outbound_htlcs.push({
7895 let mut out = OutboundHTLCOutput{
7897 amount_msat: 5000000,
7899 payment_hash: PaymentHash([0; 32]),
7900 state: OutboundHTLCState::Committed,
7901 source: HTLCSource::dummy(),
7903 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
7907 test_commitment!("30440220048705bec5288d28b3f29344b8d124853b1af423a568664d2c6f02c8ea886525022060f998a461052a2476b912db426ea2a06700953a241135c7957f2e79bc222df9",
7908 "3045022100c4f1d60b6fca9febc8b39de1a31e84c5f7c4b41c97239ef05f4350aa484c6b5e02200c5134ac8b20eb7a29d0dd4a501f6aa8fefb8489171f4cb408bd2a32324ab03f",
7909 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a79f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c4f1d60b6fca9febc8b39de1a31e84c5f7c4b41c97239ef05f4350aa484c6b5e02200c5134ac8b20eb7a29d0dd4a501f6aa8fefb8489171f4cb408bd2a32324ab03f014730440220048705bec5288d28b3f29344b8d124853b1af423a568664d2c6f02c8ea886525022060f998a461052a2476b912db426ea2a06700953a241135c7957f2e79bc222df901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7912 "304502210081cbb94121761d34c189cd4e6a281feea6f585060ad0ba2632e8d6b3c6bb8a6c02201007981bbd16539d63df2805b5568f1f5688cd2a885d04706f50db9b77ba13c6",
7913 "304502210090ed76aeb21b53236a598968abc66e2024691d07b62f53ddbeca8f93144af9c602205f873af5a0c10e62690e9aba09740550f194a9dc455ba4c1c23f6cde7704674c",
7914 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc34000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050048304502210081cbb94121761d34c189cd4e6a281feea6f585060ad0ba2632e8d6b3c6bb8a6c02201007981bbd16539d63df2805b5568f1f5688cd2a885d04706f50db9b77ba13c60148304502210090ed76aeb21b53236a598968abc66e2024691d07b62f53ddbeca8f93144af9c602205f873af5a0c10e62690e9aba09740550f194a9dc455ba4c1c23f6cde7704674c012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7916 "304402201d0f09d2bf7bc245a4f17980e1e9164290df16c70c6a2ff1592f5030d6108581022061e744a7dc151b36bf0aff7a4f1812ba90b8b03633bb979a270d19858fd960c5",
7917 "30450221009aef000d2e843a4202c1b1a2bf554abc9a7902bf49b2cb0759bc507456b7ebad02204e7c3d193ede2fd2b4cd6b39f51a920e581e35575e357e44d7b699c40ce61d39",
7918 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc3401000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402201d0f09d2bf7bc245a4f17980e1e9164290df16c70c6a2ff1592f5030d6108581022061e744a7dc151b36bf0aff7a4f1812ba90b8b03633bb979a270d19858fd960c5014830450221009aef000d2e843a4202c1b1a2bf554abc9a7902bf49b2cb0759bc507456b7ebad02204e7c3d193ede2fd2b4cd6b39f51a920e581e35575e357e44d7b699c40ce61d3901008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
7920 "30440220010bf035d5823596e50dce2076a4d9f942d8d28031c9c428b901a02b6b8140de02203250e8e4a08bc5b4ecdca4d0eedf98223e02e3ac1c0206b3a7ffdb374aa21e5f",
7921 "30440220073de0067b88e425b3018b30366bfeda0ccb703118ccd3d02ead08c0f53511d002203fac50ac0e4cf8a3af0b4b1b12e801650591f748f8ddf1e089c160f10b69e511",
7922 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc3402000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220010bf035d5823596e50dce2076a4d9f942d8d28031c9c428b901a02b6b8140de02203250e8e4a08bc5b4ecdca4d0eedf98223e02e3ac1c0206b3a7ffdb374aa21e5f014730440220073de0067b88e425b3018b30366bfeda0ccb703118ccd3d02ead08c0f53511d002203fac50ac0e4cf8a3af0b4b1b12e801650591f748f8ddf1e089c160f10b69e51101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
7925 test_commitment_with_anchors!("3045022100c592f6b80d35b4f5d1e3bc9788f51141a0065be6013bad53a1977f7c444651660220278ac06ead9016bfb8dc476f186eabace2b02793b2f308442f5b0d5f24a68948",
7926 "3045022100c37ac4fc8538677631230c4b286f36b6f54c51fb4b34ef0bd0ba219ba47452630220278e09a745454ea380f3694392ed113762c68dd209b48360f547541088be9e45",
7927 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aae9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c37ac4fc8538677631230c4b286f36b6f54c51fb4b34ef0bd0ba219ba47452630220278e09a745454ea380f3694392ed113762c68dd209b48360f547541088be9e4501483045022100c592f6b80d35b4f5d1e3bc9788f51141a0065be6013bad53a1977f7c444651660220278ac06ead9016bfb8dc476f186eabace2b02793b2f308442f5b0d5f24a6894801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7930 "3045022100de8a0649d54fd2e4fc04502c77df9b65da839bbd01854f818f129338b99564b2022009528dbb12c00e874cb2149b1dccc600c69ea5e4042ebf584984fcb029c2d1ec",
7931 "304402203e7c2622fa3ca29355d37a0ea991bfd7cdb54e6122a1d98d3229d092131f55cd022055263f7f8f32f4cd2f86da63ca106bd7badf0b19ee9833d80cd3b9216eeafd74",
7932 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe2902000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100de8a0649d54fd2e4fc04502c77df9b65da839bbd01854f818f129338b99564b2022009528dbb12c00e874cb2149b1dccc600c69ea5e4042ebf584984fcb029c2d1ec8347304402203e7c2622fa3ca29355d37a0ea991bfd7cdb54e6122a1d98d3229d092131f55cd022055263f7f8f32f4cd2f86da63ca106bd7badf0b19ee9833d80cd3b9216eeafd74012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
7934 "3045022100de6eee8474376ea316d007b33103b4543a46bdf6fda5cbd5902b28a5bc14584f022002989e7b4f7813b77acbe4babcf96d7ffbbe0bf14cba24672364f8e591479edb",
7935 "3045022100c10688346a9d84647bde7027da07f0d79c6d4129307e4c6c9aea7bdbf25ac3350220269104209793c32c47491698c4e46ebea9c3293a1e4403f9abda39f79698f6b5",
7936 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe290300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100de6eee8474376ea316d007b33103b4543a46bdf6fda5cbd5902b28a5bc14584f022002989e7b4f7813b77acbe4babcf96d7ffbbe0bf14cba24672364f8e591479edb83483045022100c10688346a9d84647bde7027da07f0d79c6d4129307e4c6c9aea7bdbf25ac3350220269104209793c32c47491698c4e46ebea9c3293a1e4403f9abda39f79698f6b501008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
7938 "3045022100fe87da8124ceecbcabb9d599c5339f40277c7c7406514fafbccbf180c7c09cf40220429c7fb6d0fd3705e931ab1219ab0432af38ae4d676008cc1964fbeb8cd35d2e",
7939 "3044022040ac769a851da31d8e4863e5f94719204f716c82a1ce6d6c52193d9a33b84bce022035df97b078ce80f20dca2109e4c6075af0b50148811452e7290e68b2680fced4",
7940 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe290400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fe87da8124ceecbcabb9d599c5339f40277c7c7406514fafbccbf180c7c09cf40220429c7fb6d0fd3705e931ab1219ab0432af38ae4d676008cc1964fbeb8cd35d2e83473044022040ac769a851da31d8e4863e5f94719204f716c82a1ce6d6c52193d9a33b84bce022035df97b078ce80f20dca2109e4c6075af0b50148811452e7290e68b2680fced401008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
7945 fn test_per_commitment_secret_gen() {
7946 // Test vectors from BOLT 3 Appendix D:
7948 let mut seed = [0; 32];
7949 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
7950 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
7951 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
7953 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
7954 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
7955 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
7957 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
7958 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
7960 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
7961 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
7963 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
7964 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
7965 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
7969 fn test_key_derivation() {
7970 // Test vectors from BOLT 3 Appendix E:
7971 let secp_ctx = Secp256k1::new();
7973 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
7974 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
7976 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
7977 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
7979 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
7980 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
7982 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).unwrap().serialize()[..],
7983 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
7985 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret).unwrap(),
7986 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
7988 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).unwrap().serialize()[..],
7989 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
7991 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret).unwrap(),
7992 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
7996 fn test_zero_conf_channel_type_support() {
7997 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7998 let secp_ctx = Secp256k1::new();
7999 let seed = [42; 32];
8000 let network = Network::Testnet;
8001 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8002 let logger = test_utils::TestLogger::new();
8004 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8005 let config = UserConfig::default();
8006 let node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider,
8007 node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
8009 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8010 channel_type_features.set_zero_conf_required();
8012 let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
8013 open_channel_msg.channel_type = Some(channel_type_features);
8014 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8015 let res = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider,
8016 node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42);
8017 assert!(res.is_ok());