1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::script::{Script,Builder};
11 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
12 use bitcoin::util::sighash;
13 use bitcoin::consensus::encode;
15 use bitcoin::hashes::Hash;
16 use bitcoin::hashes::sha256::Hash as Sha256;
17 use bitcoin::hashes::sha256d::Hash as Sha256d;
18 use bitcoin::hash_types::{Txid, BlockHash};
20 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
21 use bitcoin::secp256k1::{PublicKey,SecretKey};
22 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
23 use bitcoin::secp256k1;
25 use crate::ln::{ChannelId, PaymentPreimage, PaymentHash};
26 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
28 use crate::ln::msgs::DecodeError;
29 use crate::ln::script::{self, ShutdownScript};
30 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
31 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
32 use crate::ln::chan_utils;
33 use crate::ln::onion_utils::HTLCFailReason;
34 use crate::chain::BestBlock;
35 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
36 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
37 use crate::chain::transaction::{OutPoint, TransactionData};
38 use crate::sign::{EcdsaChannelSigner, WriteableEcdsaChannelSigner, EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
39 use crate::events::ClosureReason;
40 use crate::routing::gossip::NodeId;
41 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
42 use crate::util::logger::Logger;
43 use crate::util::errors::APIError;
44 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
45 use crate::util::scid_utils::scid_from_parts;
48 use crate::prelude::*;
49 use core::{cmp,mem,fmt};
51 #[cfg(any(test, fuzzing, debug_assertions))]
52 use crate::sync::Mutex;
53 use bitcoin::hashes::hex::ToHex;
54 use crate::sign::type_resolver::ChannelSignerType;
57 pub struct ChannelValueStat {
58 pub value_to_self_msat: u64,
59 pub channel_value_msat: u64,
60 pub channel_reserve_msat: u64,
61 pub pending_outbound_htlcs_amount_msat: u64,
62 pub pending_inbound_htlcs_amount_msat: u64,
63 pub holding_cell_outbound_amount_msat: u64,
64 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
65 pub counterparty_dust_limit_msat: u64,
68 pub struct AvailableBalances {
69 /// Total amount available for our counterparty to send to us.
70 pub inbound_capacity_msat: u64,
71 /// Total amount available for us to send to our counterparty.
72 pub outbound_capacity_msat: u64,
73 /// The maximum value we can assign to the next outbound HTLC
74 pub next_outbound_htlc_limit_msat: u64,
75 /// The minimum value we can assign to the next outbound HTLC
76 pub next_outbound_htlc_minimum_msat: u64,
79 #[derive(Debug, Clone, Copy, PartialEq)]
81 // Inbound states mirroring InboundHTLCState
83 AwaitingRemoteRevokeToAnnounce,
84 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
85 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
86 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
87 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
88 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
90 // Outbound state can only be `LocalAnnounced` or `Committed`
94 enum InboundHTLCRemovalReason {
95 FailRelay(msgs::OnionErrorPacket),
96 FailMalformed(([u8; 32], u16)),
97 Fulfill(PaymentPreimage),
100 enum InboundHTLCState {
101 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
102 /// update_add_htlc message for this HTLC.
103 RemoteAnnounced(PendingHTLCStatus),
104 /// Included in a received commitment_signed message (implying we've
105 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
106 /// state (see the example below). We have not yet included this HTLC in a
107 /// commitment_signed message because we are waiting on the remote's
108 /// aforementioned state revocation. One reason this missing remote RAA
109 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
110 /// is because every time we create a new "state", i.e. every time we sign a
111 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
112 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
113 /// sent provided the per_commitment_point for our current commitment tx.
114 /// The other reason we should not send a commitment_signed without their RAA
115 /// is because their RAA serves to ACK our previous commitment_signed.
117 /// Here's an example of how an HTLC could come to be in this state:
118 /// remote --> update_add_htlc(prev_htlc) --> local
119 /// remote --> commitment_signed(prev_htlc) --> local
120 /// remote <-- revoke_and_ack <-- local
121 /// remote <-- commitment_signed(prev_htlc) <-- local
122 /// [note that here, the remote does not respond with a RAA]
123 /// remote --> update_add_htlc(this_htlc) --> local
124 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
125 /// Now `this_htlc` will be assigned this state. It's unable to be officially
126 /// accepted, i.e. included in a commitment_signed, because we're missing the
127 /// RAA that provides our next per_commitment_point. The per_commitment_point
128 /// is used to derive commitment keys, which are used to construct the
129 /// signatures in a commitment_signed message.
130 /// Implies AwaitingRemoteRevoke.
132 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
133 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
134 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
135 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
136 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
137 /// channel (before it can then get forwarded and/or removed).
138 /// Implies AwaitingRemoteRevoke.
139 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
141 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
142 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
144 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
145 /// commitment transaction without it as otherwise we'll have to force-close the channel to
146 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
147 /// anyway). That said, ChannelMonitor does this for us (see
148 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
149 /// our own local state before then, once we're sure that the next commitment_signed and
150 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
151 LocalRemoved(InboundHTLCRemovalReason),
154 struct InboundHTLCOutput {
158 payment_hash: PaymentHash,
159 state: InboundHTLCState,
162 enum OutboundHTLCState {
163 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
164 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
165 /// we will promote to Committed (note that they may not accept it until the next time we
166 /// revoke, but we don't really care about that:
167 /// * they've revoked, so worst case we can announce an old state and get our (option on)
168 /// money back (though we won't), and,
169 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
170 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
171 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
172 /// we'll never get out of sync).
173 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
174 /// OutboundHTLCOutput's size just for a temporary bit
175 LocalAnnounced(Box<msgs::OnionPacket>),
177 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
178 /// the change (though they'll need to revoke before we fail the payment).
179 RemoteRemoved(OutboundHTLCOutcome),
180 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
181 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
182 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
183 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
184 /// remote revoke_and_ack on a previous state before we can do so.
185 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
186 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
187 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
188 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
189 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
190 /// revoke_and_ack to drop completely.
191 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
195 enum OutboundHTLCOutcome {
196 /// LDK version 0.0.105+ will always fill in the preimage here.
197 Success(Option<PaymentPreimage>),
198 Failure(HTLCFailReason),
201 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
202 fn from(o: Option<HTLCFailReason>) -> Self {
204 None => OutboundHTLCOutcome::Success(None),
205 Some(r) => OutboundHTLCOutcome::Failure(r)
210 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
211 fn into(self) -> Option<&'a HTLCFailReason> {
213 OutboundHTLCOutcome::Success(_) => None,
214 OutboundHTLCOutcome::Failure(ref r) => Some(r)
219 struct OutboundHTLCOutput {
223 payment_hash: PaymentHash,
224 state: OutboundHTLCState,
226 skimmed_fee_msat: Option<u64>,
229 /// See AwaitingRemoteRevoke ChannelState for more info
230 enum HTLCUpdateAwaitingACK {
231 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
235 payment_hash: PaymentHash,
237 onion_routing_packet: msgs::OnionPacket,
238 // The extra fee we're skimming off the top of this HTLC.
239 skimmed_fee_msat: Option<u64>,
242 payment_preimage: PaymentPreimage,
247 err_packet: msgs::OnionErrorPacket,
251 /// There are a few "states" and then a number of flags which can be applied:
252 /// We first move through init with `OurInitSent` -> `TheirInitSent` -> `FundingCreated` -> `FundingSent`.
253 /// `TheirChannelReady` and `OurChannelReady` then get set on `FundingSent`, and when both are set we
254 /// move on to `ChannelReady`.
255 /// Note that `PeerDisconnected` can be set on both `ChannelReady` and `FundingSent`.
256 /// `ChannelReady` can then get all remaining flags set on it, until we finish shutdown, then we
257 /// move on to `ShutdownComplete`, at which point most calls into this channel are disallowed.
259 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
260 OurInitSent = 1 << 0,
261 /// Implies we have received their `open_channel`/`accept_channel` message
262 TheirInitSent = 1 << 1,
263 /// We have sent `funding_created` and are awaiting a `funding_signed` to advance to `FundingSent`.
264 /// Note that this is nonsense for an inbound channel as we immediately generate `funding_signed`
265 /// upon receipt of `funding_created`, so simply skip this state.
267 /// Set when we have received/sent `funding_created` and `funding_signed` and are thus now waiting
268 /// on the funding transaction to confirm. The `ChannelReady` flags are set to indicate when we
269 /// and our counterparty consider the funding transaction confirmed.
271 /// Flag which can be set on `FundingSent` to indicate they sent us a `channel_ready` message.
272 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
273 TheirChannelReady = 1 << 4,
274 /// Flag which can be set on `FundingSent` to indicate we sent them a `channel_ready` message.
275 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
276 OurChannelReady = 1 << 5,
278 /// Flag which is set on `ChannelReady` and `FundingSent` indicating remote side is considered
279 /// "disconnected" and no updates are allowed until after we've done a `channel_reestablish`
281 PeerDisconnected = 1 << 7,
282 /// Flag which is set on `ChannelReady`, FundingCreated, and `FundingSent` indicating the user has
283 /// told us a `ChannelMonitor` update is pending async persistence somewhere and we should pause
284 /// sending any outbound messages until they've managed to finish.
285 MonitorUpdateInProgress = 1 << 8,
286 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
287 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
288 /// messages as then we will be unable to determine which HTLCs they included in their
289 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
291 /// Flag is set on `ChannelReady`.
292 AwaitingRemoteRevoke = 1 << 9,
293 /// Flag which is set on `ChannelReady` or `FundingSent` after receiving a shutdown message from
294 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
295 /// to respond with our own shutdown message when possible.
296 RemoteShutdownSent = 1 << 10,
297 /// Flag which is set on `ChannelReady` or `FundingSent` after sending a shutdown message. At this
298 /// point, we may not add any new HTLCs to the channel.
299 LocalShutdownSent = 1 << 11,
300 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
301 /// to drop us, but we store this anyway.
302 ShutdownComplete = 4096,
304 const BOTH_SIDES_SHUTDOWN_MASK: u32 = ChannelState::LocalShutdownSent as u32 | ChannelState::RemoteShutdownSent as u32;
305 const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32;
307 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
309 pub const DEFAULT_MAX_HTLCS: u16 = 50;
311 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
312 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
313 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
314 if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
318 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
320 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
322 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
324 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
325 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
326 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
327 /// `holder_max_htlc_value_in_flight_msat`.
328 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
330 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
331 /// `option_support_large_channel` (aka wumbo channels) is not supported.
333 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
335 /// Total bitcoin supply in satoshis.
336 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
338 /// The maximum network dust limit for standard script formats. This currently represents the
339 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
340 /// transaction non-standard and thus refuses to relay it.
341 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
342 /// implementations use this value for their dust limit today.
343 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
345 /// The maximum channel dust limit we will accept from our counterparty.
346 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
348 /// The dust limit is used for both the commitment transaction outputs as well as the closing
349 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
350 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
351 /// In order to avoid having to concern ourselves with standardness during the closing process, we
352 /// simply require our counterparty to use a dust limit which will leave any segwit output
354 /// See <https://github.com/lightning/bolts/issues/905> for more details.
355 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
357 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
358 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
360 /// Used to return a simple Error back to ChannelManager. Will get converted to a
361 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
362 /// channel_id in ChannelManager.
363 pub(super) enum ChannelError {
369 impl fmt::Debug for ChannelError {
370 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
372 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
373 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
374 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
379 impl fmt::Display for ChannelError {
380 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
382 &ChannelError::Ignore(ref e) => write!(f, "{}", e),
383 &ChannelError::Warn(ref e) => write!(f, "{}", e),
384 &ChannelError::Close(ref e) => write!(f, "{}", e),
389 macro_rules! secp_check {
390 ($res: expr, $err: expr) => {
393 Err(_) => return Err(ChannelError::Close($err)),
398 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
399 /// our counterparty or not. However, we don't want to announce updates right away to avoid
400 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
401 /// our channel_update message and track the current state here.
402 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
403 #[derive(Clone, Copy, PartialEq)]
404 pub(super) enum ChannelUpdateStatus {
405 /// We've announced the channel as enabled and are connected to our peer.
407 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
409 /// Our channel is live again, but we haven't announced the channel as enabled yet.
411 /// We've announced the channel as disabled.
415 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
417 pub enum AnnouncementSigsState {
418 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
419 /// we sent the last `AnnouncementSignatures`.
421 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
422 /// This state never appears on disk - instead we write `NotSent`.
424 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
425 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
426 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
427 /// they send back a `RevokeAndACK`.
428 /// This state never appears on disk - instead we write `NotSent`.
430 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
431 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
435 /// An enum indicating whether the local or remote side offered a given HTLC.
441 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
444 pending_htlcs_value_msat: u64,
445 on_counterparty_tx_dust_exposure_msat: u64,
446 on_holder_tx_dust_exposure_msat: u64,
447 holding_cell_msat: u64,
448 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
451 /// An enum gathering stats on commitment transaction, either local or remote.
452 struct CommitmentStats<'a> {
453 tx: CommitmentTransaction, // the transaction info
454 feerate_per_kw: u32, // the feerate included to build the transaction
455 total_fee_sat: u64, // the total fee included in the transaction
456 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
457 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
458 local_balance_msat: u64, // local balance before fees but considering dust limits
459 remote_balance_msat: u64, // remote balance before fees but considering dust limits
460 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
463 /// Used when calculating whether we or the remote can afford an additional HTLC.
464 struct HTLCCandidate {
466 origin: HTLCInitiator,
470 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
478 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
480 enum UpdateFulfillFetch {
482 monitor_update: ChannelMonitorUpdate,
483 htlc_value_msat: u64,
484 msg: Option<msgs::UpdateFulfillHTLC>,
489 /// The return type of get_update_fulfill_htlc_and_commit.
490 pub enum UpdateFulfillCommitFetch {
491 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
492 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
493 /// previously placed in the holding cell (and has since been removed).
495 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
496 monitor_update: ChannelMonitorUpdate,
497 /// The value of the HTLC which was claimed, in msat.
498 htlc_value_msat: u64,
500 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
501 /// or has been forgotten (presumably previously claimed).
505 /// The return value of `monitor_updating_restored`
506 pub(super) struct MonitorRestoreUpdates {
507 pub raa: Option<msgs::RevokeAndACK>,
508 pub commitment_update: Option<msgs::CommitmentUpdate>,
509 pub order: RAACommitmentOrder,
510 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
511 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
512 pub finalized_claimed_htlcs: Vec<HTLCSource>,
513 pub funding_broadcastable: Option<Transaction>,
514 pub channel_ready: Option<msgs::ChannelReady>,
515 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
518 /// The return value of `signer_maybe_unblocked`
519 pub(super) struct SignerResumeUpdates {
520 pub commitment_update: Option<msgs::CommitmentUpdate>,
521 pub funding_signed: Option<msgs::FundingSigned>,
522 pub funding_created: Option<msgs::FundingCreated>,
525 /// The return value of `channel_reestablish`
526 pub(super) struct ReestablishResponses {
527 pub channel_ready: Option<msgs::ChannelReady>,
528 pub raa: Option<msgs::RevokeAndACK>,
529 pub commitment_update: Option<msgs::CommitmentUpdate>,
530 pub order: RAACommitmentOrder,
531 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
532 pub shutdown_msg: Option<msgs::Shutdown>,
535 /// The return type of `force_shutdown`
537 /// Contains a (counterparty_node_id, funding_txo, [`ChannelMonitorUpdate`]) tuple
538 /// followed by a list of HTLCs to fail back in the form of the (source, payment hash, and this
539 /// channel's counterparty_node_id and channel_id).
540 pub(crate) type ShutdownResult = (
541 Option<(PublicKey, OutPoint, ChannelMonitorUpdate)>,
542 Vec<(HTLCSource, PaymentHash, PublicKey, ChannelId)>
545 /// If the majority of the channels funds are to the fundee and the initiator holds only just
546 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
547 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
548 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
549 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
550 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
551 /// by this multiple without hitting this case, before sending.
552 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
553 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
554 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
555 /// leave the channel less usable as we hold a bigger reserve.
556 #[cfg(any(fuzzing, test))]
557 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
558 #[cfg(not(any(fuzzing, test)))]
559 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
561 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
562 /// channel creation on an inbound channel, we simply force-close and move on.
563 /// This constant is the one suggested in BOLT 2.
564 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
566 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
567 /// not have enough balance value remaining to cover the onchain cost of this new
568 /// HTLC weight. If this happens, our counterparty fails the reception of our
569 /// commitment_signed including this new HTLC due to infringement on the channel
571 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
572 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
573 /// leads to a channel force-close. Ultimately, this is an issue coming from the
574 /// design of LN state machines, allowing asynchronous updates.
575 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
577 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
578 /// commitment transaction fees, with at least this many HTLCs present on the commitment
579 /// transaction (not counting the value of the HTLCs themselves).
580 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
582 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
583 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
584 /// ChannelUpdate prompted by the config update. This value was determined as follows:
586 /// * The expected interval between ticks (1 minute).
587 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
588 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
589 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
590 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
592 /// The number of ticks that may elapse while we're waiting for a response to a
593 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
596 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
597 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
599 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
600 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
601 /// exceeding this age limit will be force-closed and purged from memory.
602 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
604 /// Number of blocks needed for an output from a coinbase transaction to be spendable.
605 pub(crate) const COINBASE_MATURITY: u32 = 100;
607 struct PendingChannelMonitorUpdate {
608 update: ChannelMonitorUpdate,
611 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
612 (0, update, required),
615 /// Contains all state common to unfunded inbound/outbound channels.
616 pub(super) struct UnfundedChannelContext {
617 /// A counter tracking how many ticks have elapsed since this unfunded channel was
618 /// created. If this unfunded channel reaches peer has yet to respond after reaching
619 /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
621 /// This is so that we don't keep channels around that haven't progressed to a funded state
622 /// in a timely manner.
623 unfunded_channel_age_ticks: usize,
626 impl UnfundedChannelContext {
627 /// Determines whether we should force-close and purge this unfunded channel from memory due to it
628 /// having reached the unfunded channel age limit.
630 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
631 pub fn should_expire_unfunded_channel(&mut self) -> bool {
632 self.unfunded_channel_age_ticks += 1;
633 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
637 /// Contains everything about the channel including state, and various flags.
638 pub(super) struct ChannelContext<SP: Deref> where SP::Target: SignerProvider {
639 config: LegacyChannelConfig,
641 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
642 // constructed using it. The second element in the tuple corresponds to the number of ticks that
643 // have elapsed since the update occurred.
644 prev_config: Option<(ChannelConfig, usize)>,
646 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
650 /// The current channel ID.
651 channel_id: ChannelId,
652 /// The temporary channel ID used during channel setup. Value kept even after transitioning to a final channel ID.
653 /// Will be `None` for channels created prior to 0.0.115.
654 temporary_channel_id: Option<ChannelId>,
657 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
658 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
660 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
661 // Note that a number of our tests were written prior to the behavior here which retransmits
662 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
664 #[cfg(any(test, feature = "_test_utils"))]
665 pub(crate) announcement_sigs_state: AnnouncementSigsState,
666 #[cfg(not(any(test, feature = "_test_utils")))]
667 announcement_sigs_state: AnnouncementSigsState,
669 secp_ctx: Secp256k1<secp256k1::All>,
670 channel_value_satoshis: u64,
672 latest_monitor_update_id: u64,
674 holder_signer: ChannelSignerType<<SP::Target as SignerProvider>::Signer>,
675 shutdown_scriptpubkey: Option<ShutdownScript>,
676 destination_script: Script,
678 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
679 // generation start at 0 and count up...this simplifies some parts of implementation at the
680 // cost of others, but should really just be changed.
682 cur_holder_commitment_transaction_number: u64,
683 cur_counterparty_commitment_transaction_number: u64,
684 value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
685 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
686 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
687 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
689 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
690 /// need to ensure we resend them in the order we originally generated them. Note that because
691 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
692 /// sufficient to simply set this to the opposite of any message we are generating as we
693 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
694 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
696 resend_order: RAACommitmentOrder,
698 monitor_pending_channel_ready: bool,
699 monitor_pending_revoke_and_ack: bool,
700 monitor_pending_commitment_signed: bool,
702 // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
703 // responsible for some of the HTLCs here or not - we don't know whether the update in question
704 // completed or not. We currently ignore these fields entirely when force-closing a channel,
705 // but need to handle this somehow or we run the risk of losing HTLCs!
706 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
707 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
708 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
710 /// If we went to send a commitment update (ie some messages then [`msgs::CommitmentSigned`])
711 /// but our signer (initially) refused to give us a signature, we should retry at some point in
712 /// the future when the signer indicates it may have a signature for us.
714 /// This flag is set in such a case. Note that we don't need to persist this as we'll end up
715 /// setting it again as a side-effect of [`Channel::channel_reestablish`].
716 signer_pending_commitment_update: bool,
717 /// Similar to [`Self::signer_pending_commitment_update`] but we're waiting to send either a
718 /// [`msgs::FundingCreated`] or [`msgs::FundingSigned`] depending on if this channel is
719 /// outbound or inbound.
720 signer_pending_funding: bool,
722 // pending_update_fee is filled when sending and receiving update_fee.
724 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
725 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
726 // generating new commitment transactions with exactly the same criteria as inbound/outbound
727 // HTLCs with similar state.
728 pending_update_fee: Option<(u32, FeeUpdateState)>,
729 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
730 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
731 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
732 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
733 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
734 holding_cell_update_fee: Option<u32>,
735 next_holder_htlc_id: u64,
736 next_counterparty_htlc_id: u64,
739 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
740 /// when the channel is updated in ways which may impact the `channel_update` message or when a
741 /// new block is received, ensuring it's always at least moderately close to the current real
743 update_time_counter: u32,
745 #[cfg(debug_assertions)]
746 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
747 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
748 #[cfg(debug_assertions)]
749 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
750 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
752 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
753 target_closing_feerate_sats_per_kw: Option<u32>,
755 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
756 /// update, we need to delay processing it until later. We do that here by simply storing the
757 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
758 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
760 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
761 /// transaction. These are set once we reach `closing_negotiation_ready`.
763 pub(crate) closing_fee_limits: Option<(u64, u64)>,
765 closing_fee_limits: Option<(u64, u64)>,
767 /// The hash of the block in which the funding transaction was included.
768 funding_tx_confirmed_in: Option<BlockHash>,
769 funding_tx_confirmation_height: u32,
770 short_channel_id: Option<u64>,
771 /// Either the height at which this channel was created or the height at which it was last
772 /// serialized if it was serialized by versions prior to 0.0.103.
773 /// We use this to close if funding is never broadcasted.
774 channel_creation_height: u32,
776 counterparty_dust_limit_satoshis: u64,
779 pub(super) holder_dust_limit_satoshis: u64,
781 holder_dust_limit_satoshis: u64,
784 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
786 counterparty_max_htlc_value_in_flight_msat: u64,
789 pub(super) holder_max_htlc_value_in_flight_msat: u64,
791 holder_max_htlc_value_in_flight_msat: u64,
793 /// minimum channel reserve for self to maintain - set by them.
794 counterparty_selected_channel_reserve_satoshis: Option<u64>,
797 pub(super) holder_selected_channel_reserve_satoshis: u64,
799 holder_selected_channel_reserve_satoshis: u64,
801 counterparty_htlc_minimum_msat: u64,
802 holder_htlc_minimum_msat: u64,
804 pub counterparty_max_accepted_htlcs: u16,
806 counterparty_max_accepted_htlcs: u16,
807 holder_max_accepted_htlcs: u16,
808 minimum_depth: Option<u32>,
810 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
812 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
813 funding_transaction: Option<Transaction>,
815 counterparty_cur_commitment_point: Option<PublicKey>,
816 counterparty_prev_commitment_point: Option<PublicKey>,
817 counterparty_node_id: PublicKey,
819 counterparty_shutdown_scriptpubkey: Option<Script>,
821 commitment_secrets: CounterpartyCommitmentSecrets,
823 channel_update_status: ChannelUpdateStatus,
824 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
825 /// not complete within a single timer tick (one minute), we should force-close the channel.
826 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
828 /// Note that this field is reset to false on deserialization to give us a chance to connect to
829 /// our peer and start the closing_signed negotiation fresh.
830 closing_signed_in_flight: bool,
832 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
833 /// This can be used to rebroadcast the channel_announcement message later.
834 announcement_sigs: Option<(Signature, Signature)>,
836 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
837 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
838 // be, by comparing the cached values to the fee of the tranaction generated by
839 // `build_commitment_transaction`.
840 #[cfg(any(test, fuzzing))]
841 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
842 #[cfg(any(test, fuzzing))]
843 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
845 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
846 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
847 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
848 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
849 /// message until we receive a channel_reestablish.
851 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
852 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
854 /// An option set when we wish to track how many ticks have elapsed while waiting for a response
855 /// from our counterparty after sending a message. If the peer has yet to respond after reaching
856 /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
857 /// unblock the state machine.
859 /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
860 /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
861 /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
863 /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
864 /// [`msgs::RevokeAndACK`] message from the counterparty.
865 sent_message_awaiting_response: Option<usize>,
867 #[cfg(any(test, fuzzing))]
868 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
869 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
870 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
871 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
872 // is fine, but as a sanity check in our failure to generate the second claim, we check here
873 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
874 historical_inbound_htlc_fulfills: HashSet<u64>,
876 /// This channel's type, as negotiated during channel open
877 channel_type: ChannelTypeFeatures,
879 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
880 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
881 // the channel's funding UTXO.
883 // We also use this when sending our peer a channel_update that isn't to be broadcasted
884 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
885 // associated channel mapping.
887 // We only bother storing the most recent SCID alias at any time, though our counterparty has
888 // to store all of them.
889 latest_inbound_scid_alias: Option<u64>,
891 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
892 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
893 // don't currently support node id aliases and eventually privacy should be provided with
894 // blinded paths instead of simple scid+node_id aliases.
895 outbound_scid_alias: u64,
897 // We track whether we already emitted a `ChannelPending` event.
898 channel_pending_event_emitted: bool,
900 // We track whether we already emitted a `ChannelReady` event.
901 channel_ready_event_emitted: bool,
903 /// The unique identifier used to re-derive the private key material for the channel through
904 /// [`SignerProvider::derive_channel_signer`].
905 channel_keys_id: [u8; 32],
907 /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
908 /// store it here and only release it to the `ChannelManager` once it asks for it.
909 blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
912 impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
913 /// Allowed in any state (including after shutdown)
914 pub fn get_update_time_counter(&self) -> u32 {
915 self.update_time_counter
918 pub fn get_latest_monitor_update_id(&self) -> u64 {
919 self.latest_monitor_update_id
922 pub fn should_announce(&self) -> bool {
923 self.config.announced_channel
926 pub fn is_outbound(&self) -> bool {
927 self.channel_transaction_parameters.is_outbound_from_holder
930 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
931 /// Allowed in any state (including after shutdown)
932 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
933 self.config.options.forwarding_fee_base_msat
936 /// Returns true if we've ever received a message from the remote end for this Channel
937 pub fn have_received_message(&self) -> bool {
938 self.channel_state > (ChannelState::OurInitSent as u32)
941 /// Returns true if this channel is fully established and not known to be closing.
942 /// Allowed in any state (including after shutdown)
943 pub fn is_usable(&self) -> bool {
944 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
945 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
948 /// shutdown state returns the state of the channel in its various stages of shutdown
949 pub fn shutdown_state(&self) -> ChannelShutdownState {
950 if self.channel_state & (ChannelState::ShutdownComplete as u32) != 0 {
951 return ChannelShutdownState::ShutdownComplete;
953 if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 && self.channel_state & (ChannelState::RemoteShutdownSent as u32) == 0 {
954 return ChannelShutdownState::ShutdownInitiated;
956 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && !self.closing_negotiation_ready() {
957 return ChannelShutdownState::ResolvingHTLCs;
959 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && self.closing_negotiation_ready() {
960 return ChannelShutdownState::NegotiatingClosingFee;
962 return ChannelShutdownState::NotShuttingDown;
965 fn closing_negotiation_ready(&self) -> bool {
966 self.pending_inbound_htlcs.is_empty() &&
967 self.pending_outbound_htlcs.is_empty() &&
968 self.pending_update_fee.is_none() &&
970 (BOTH_SIDES_SHUTDOWN_MASK |
971 ChannelState::AwaitingRemoteRevoke as u32 |
972 ChannelState::PeerDisconnected as u32 |
973 ChannelState::MonitorUpdateInProgress as u32) == BOTH_SIDES_SHUTDOWN_MASK
976 /// Returns true if this channel is currently available for use. This is a superset of
977 /// is_usable() and considers things like the channel being temporarily disabled.
978 /// Allowed in any state (including after shutdown)
979 pub fn is_live(&self) -> bool {
980 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
985 pub fn channel_id(&self) -> ChannelId {
989 // Return the `temporary_channel_id` used during channel establishment.
991 // Will return `None` for channels created prior to LDK version 0.0.115.
992 pub fn temporary_channel_id(&self) -> Option<ChannelId> {
993 self.temporary_channel_id
996 pub fn minimum_depth(&self) -> Option<u32> {
1000 /// Gets the "user_id" value passed into the construction of this channel. It has no special
1001 /// meaning and exists only to allow users to have a persistent identifier of a channel.
1002 pub fn get_user_id(&self) -> u128 {
1006 /// Gets the channel's type
1007 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
1011 /// Gets the channel's `short_channel_id`.
1013 /// Will return `None` if the channel hasn't been confirmed yet.
1014 pub fn get_short_channel_id(&self) -> Option<u64> {
1015 self.short_channel_id
1018 /// Allowed in any state (including after shutdown)
1019 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
1020 self.latest_inbound_scid_alias
1023 /// Allowed in any state (including after shutdown)
1024 pub fn outbound_scid_alias(&self) -> u64 {
1025 self.outbound_scid_alias
1028 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
1029 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases
1030 /// or prior to any channel actions during `Channel` initialization.
1031 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
1032 debug_assert_eq!(self.outbound_scid_alias, 0);
1033 self.outbound_scid_alias = outbound_scid_alias;
1036 /// Returns the funding_txo we either got from our peer, or were given by
1037 /// get_funding_created.
1038 pub fn get_funding_txo(&self) -> Option<OutPoint> {
1039 self.channel_transaction_parameters.funding_outpoint
1042 /// Returns the block hash in which our funding transaction was confirmed.
1043 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
1044 self.funding_tx_confirmed_in
1047 /// Returns the current number of confirmations on the funding transaction.
1048 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
1049 if self.funding_tx_confirmation_height == 0 {
1050 // We either haven't seen any confirmation yet, or observed a reorg.
1054 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
1057 fn get_holder_selected_contest_delay(&self) -> u16 {
1058 self.channel_transaction_parameters.holder_selected_contest_delay
1061 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
1062 &self.channel_transaction_parameters.holder_pubkeys
1065 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
1066 self.channel_transaction_parameters.counterparty_parameters
1067 .as_ref().map(|params| params.selected_contest_delay)
1070 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
1071 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
1074 /// Allowed in any state (including after shutdown)
1075 pub fn get_counterparty_node_id(&self) -> PublicKey {
1076 self.counterparty_node_id
1079 /// Allowed in any state (including after shutdown)
1080 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
1081 self.holder_htlc_minimum_msat
1084 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1085 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
1086 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
1089 /// Allowed in any state (including after shutdown)
1090 pub fn get_announced_htlc_max_msat(&self) -> u64 {
1092 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
1093 // to use full capacity. This is an effort to reduce routing failures, because in many cases
1094 // channel might have been used to route very small values (either by honest users or as DoS).
1095 self.channel_value_satoshis * 1000 * 9 / 10,
1097 self.counterparty_max_htlc_value_in_flight_msat
1101 /// Allowed in any state (including after shutdown)
1102 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
1103 self.counterparty_htlc_minimum_msat
1106 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1107 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
1108 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
1111 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
1112 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
1113 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
1115 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
1116 party_max_htlc_value_in_flight_msat
1121 pub fn get_value_satoshis(&self) -> u64 {
1122 self.channel_value_satoshis
1125 pub fn get_fee_proportional_millionths(&self) -> u32 {
1126 self.config.options.forwarding_fee_proportional_millionths
1129 pub fn get_cltv_expiry_delta(&self) -> u16 {
1130 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
1133 pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
1134 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
1135 where F::Target: FeeEstimator
1137 match self.config.options.max_dust_htlc_exposure {
1138 MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
1139 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
1140 ConfirmationTarget::HighPriority);
1141 feerate_per_kw as u64 * multiplier
1143 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
1147 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
1148 pub fn prev_config(&self) -> Option<ChannelConfig> {
1149 self.prev_config.map(|prev_config| prev_config.0)
1152 // Checks whether we should emit a `ChannelPending` event.
1153 pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
1154 self.is_funding_initiated() && !self.channel_pending_event_emitted
1157 // Returns whether we already emitted a `ChannelPending` event.
1158 pub(crate) fn channel_pending_event_emitted(&self) -> bool {
1159 self.channel_pending_event_emitted
1162 // Remembers that we already emitted a `ChannelPending` event.
1163 pub(crate) fn set_channel_pending_event_emitted(&mut self) {
1164 self.channel_pending_event_emitted = true;
1167 // Checks whether we should emit a `ChannelReady` event.
1168 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
1169 self.is_usable() && !self.channel_ready_event_emitted
1172 // Remembers that we already emitted a `ChannelReady` event.
1173 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
1174 self.channel_ready_event_emitted = true;
1177 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
1178 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
1179 /// no longer be considered when forwarding HTLCs.
1180 pub fn maybe_expire_prev_config(&mut self) {
1181 if self.prev_config.is_none() {
1184 let prev_config = self.prev_config.as_mut().unwrap();
1186 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
1187 self.prev_config = None;
1191 /// Returns the current [`ChannelConfig`] applied to the channel.
1192 pub fn config(&self) -> ChannelConfig {
1196 /// Updates the channel's config. A bool is returned indicating whether the config update
1197 /// applied resulted in a new ChannelUpdate message.
1198 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
1199 let did_channel_update =
1200 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
1201 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
1202 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
1203 if did_channel_update {
1204 self.prev_config = Some((self.config.options, 0));
1205 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
1206 // policy change to propagate throughout the network.
1207 self.update_time_counter += 1;
1209 self.config.options = *config;
1213 /// Returns true if funding_created was sent/received.
1214 pub fn is_funding_initiated(&self) -> bool {
1215 self.channel_state >= ChannelState::FundingSent as u32
1218 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1219 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1220 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1221 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1222 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1224 /// @local is used only to convert relevant internal structures which refer to remote vs local
1225 /// to decide value of outputs and direction of HTLCs.
1226 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1227 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1228 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1229 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1230 /// which peer generated this transaction and "to whom" this transaction flows.
1232 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1233 where L::Target: Logger
1235 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1236 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1237 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1239 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1240 let mut remote_htlc_total_msat = 0;
1241 let mut local_htlc_total_msat = 0;
1242 let mut value_to_self_msat_offset = 0;
1244 let mut feerate_per_kw = self.feerate_per_kw;
1245 if let Some((feerate, update_state)) = self.pending_update_fee {
1246 if match update_state {
1247 // Note that these match the inclusion criteria when scanning
1248 // pending_inbound_htlcs below.
1249 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1250 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1251 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1253 feerate_per_kw = feerate;
1257 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1258 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1259 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1261 if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1263 macro_rules! get_htlc_in_commitment {
1264 ($htlc: expr, $offered: expr) => {
1265 HTLCOutputInCommitment {
1267 amount_msat: $htlc.amount_msat,
1268 cltv_expiry: $htlc.cltv_expiry,
1269 payment_hash: $htlc.payment_hash,
1270 transaction_output_index: None
1275 macro_rules! add_htlc_output {
1276 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1277 if $outbound == local { // "offered HTLC output"
1278 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1279 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1282 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
1284 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1285 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1286 included_non_dust_htlcs.push((htlc_in_tx, $source));
1288 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1289 included_dust_htlcs.push((htlc_in_tx, $source));
1292 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1293 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1296 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
1298 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1299 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1300 included_non_dust_htlcs.push((htlc_in_tx, $source));
1302 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
1303 included_dust_htlcs.push((htlc_in_tx, $source));
1309 for ref htlc in self.pending_inbound_htlcs.iter() {
1310 let (include, state_name) = match htlc.state {
1311 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1312 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1313 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1314 InboundHTLCState::Committed => (true, "Committed"),
1315 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1319 add_htlc_output!(htlc, false, None, state_name);
1320 remote_htlc_total_msat += htlc.amount_msat;
1322 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1324 &InboundHTLCState::LocalRemoved(ref reason) => {
1325 if generated_by_local {
1326 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1327 value_to_self_msat_offset += htlc.amount_msat as i64;
1336 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1338 for ref htlc in self.pending_outbound_htlcs.iter() {
1339 let (include, state_name) = match htlc.state {
1340 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1341 OutboundHTLCState::Committed => (true, "Committed"),
1342 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1343 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1344 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1347 let preimage_opt = match htlc.state {
1348 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1349 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1350 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1354 if let Some(preimage) = preimage_opt {
1355 preimages.push(preimage);
1359 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1360 local_htlc_total_msat += htlc.amount_msat;
1362 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
1364 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1365 value_to_self_msat_offset -= htlc.amount_msat as i64;
1367 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1368 if !generated_by_local {
1369 value_to_self_msat_offset -= htlc.amount_msat as i64;
1377 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1378 assert!(value_to_self_msat >= 0);
1379 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1380 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1381 // "violate" their reserve value by couting those against it. Thus, we have to convert
1382 // everything to i64 before subtracting as otherwise we can overflow.
1383 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1384 assert!(value_to_remote_msat >= 0);
1386 #[cfg(debug_assertions)]
1388 // Make sure that the to_self/to_remote is always either past the appropriate
1389 // channel_reserve *or* it is making progress towards it.
1390 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1391 self.holder_max_commitment_tx_output.lock().unwrap()
1393 self.counterparty_max_commitment_tx_output.lock().unwrap()
1395 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1396 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1397 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1398 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1401 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
1402 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1403 let (value_to_self, value_to_remote) = if self.is_outbound() {
1404 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1406 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1409 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1410 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1411 let (funding_pubkey_a, funding_pubkey_b) = if local {
1412 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1414 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1417 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1418 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1423 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1424 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1429 let num_nondust_htlcs = included_non_dust_htlcs.len();
1431 let channel_parameters =
1432 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1433 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1434 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1441 &mut included_non_dust_htlcs,
1444 let mut htlcs_included = included_non_dust_htlcs;
1445 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1446 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1447 htlcs_included.append(&mut included_dust_htlcs);
1449 // For the stats, trimmed-to-0 the value in msats accordingly
1450 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1451 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1459 local_balance_msat: value_to_self_msat as u64,
1460 remote_balance_msat: value_to_remote_msat as u64,
1466 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1467 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1468 /// our counterparty!)
1469 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1470 /// TODO Some magic rust shit to compile-time check this?
1471 fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
1472 let per_commitment_point = self.holder_signer.as_ref().get_per_commitment_point(commitment_number, &self.secp_ctx);
1473 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1474 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1475 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1477 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
1481 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1482 /// will sign and send to our counterparty.
1483 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
1484 fn build_remote_transaction_keys(&self) -> TxCreationKeys {
1485 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1486 //may see payments to it!
1487 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1488 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1489 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1491 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
1494 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1495 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1496 /// Panics if called before accept_channel/InboundV1Channel::new
1497 pub fn get_funding_redeemscript(&self) -> Script {
1498 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1501 fn counterparty_funding_pubkey(&self) -> &PublicKey {
1502 &self.get_counterparty_pubkeys().funding_pubkey
1505 pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
1509 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
1510 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
1511 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
1512 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
1513 // more dust balance if the feerate increases when we have several HTLCs pending
1514 // which are near the dust limit.
1515 let mut feerate_per_kw = self.feerate_per_kw;
1516 // If there's a pending update fee, use it to ensure we aren't under-estimating
1517 // potential feerate updates coming soon.
1518 if let Some((feerate, _)) = self.pending_update_fee {
1519 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1521 if let Some(feerate) = outbound_feerate_update {
1522 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1524 cmp::max(2530, feerate_per_kw * 1250 / 1000)
1527 /// Get forwarding information for the counterparty.
1528 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
1529 self.counterparty_forwarding_info.clone()
1532 /// Returns a HTLCStats about inbound pending htlcs
1533 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1535 let mut stats = HTLCStats {
1536 pending_htlcs: context.pending_inbound_htlcs.len() as u32,
1537 pending_htlcs_value_msat: 0,
1538 on_counterparty_tx_dust_exposure_msat: 0,
1539 on_holder_tx_dust_exposure_msat: 0,
1540 holding_cell_msat: 0,
1541 on_holder_tx_holding_cell_htlcs_count: 0,
1544 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1547 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1548 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1549 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1551 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1552 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1553 for ref htlc in context.pending_inbound_htlcs.iter() {
1554 stats.pending_htlcs_value_msat += htlc.amount_msat;
1555 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
1556 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1558 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
1559 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1565 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
1566 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1568 let mut stats = HTLCStats {
1569 pending_htlcs: context.pending_outbound_htlcs.len() as u32,
1570 pending_htlcs_value_msat: 0,
1571 on_counterparty_tx_dust_exposure_msat: 0,
1572 on_holder_tx_dust_exposure_msat: 0,
1573 holding_cell_msat: 0,
1574 on_holder_tx_holding_cell_htlcs_count: 0,
1577 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1580 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1581 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1582 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1584 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1585 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1586 for ref htlc in context.pending_outbound_htlcs.iter() {
1587 stats.pending_htlcs_value_msat += htlc.amount_msat;
1588 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
1589 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1591 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
1592 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1596 for update in context.holding_cell_htlc_updates.iter() {
1597 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
1598 stats.pending_htlcs += 1;
1599 stats.pending_htlcs_value_msat += amount_msat;
1600 stats.holding_cell_msat += amount_msat;
1601 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
1602 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
1604 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
1605 stats.on_holder_tx_dust_exposure_msat += amount_msat;
1607 stats.on_holder_tx_holding_cell_htlcs_count += 1;
1614 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
1615 /// Doesn't bother handling the
1616 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
1617 /// corner case properly.
1618 pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
1619 -> AvailableBalances
1620 where F::Target: FeeEstimator
1622 let context = &self;
1623 // Note that we have to handle overflow due to the above case.
1624 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
1625 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
1627 let outbound_capacity_msat = context.value_to_self_msat
1628 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
1630 context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
1632 let mut available_capacity_msat = outbound_capacity_msat;
1634 if context.is_outbound() {
1635 // We should mind channel commit tx fee when computing how much of the available capacity
1636 // can be used in the next htlc. Mirrors the logic in send_htlc.
1638 // The fee depends on whether the amount we will be sending is above dust or not,
1639 // and the answer will in turn change the amount itself — making it a circular
1641 // This complicates the computation around dust-values, up to the one-htlc-value.
1642 let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
1643 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1644 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
1647 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
1648 let max_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
1649 let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
1650 let min_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
1652 // We will first subtract the fee as if we were above-dust. Then, if the resulting
1653 // value ends up being below dust, we have this fee available again. In that case,
1654 // match the value to right-below-dust.
1655 let mut capacity_minus_commitment_fee_msat: i64 = (available_capacity_msat as i64) - (max_reserved_commit_tx_fee_msat as i64);
1656 if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
1657 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
1658 debug_assert!(one_htlc_difference_msat != 0);
1659 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
1660 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
1661 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
1663 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
1666 // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
1667 // sending a new HTLC won't reduce their balance below our reserve threshold.
1668 let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
1669 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1670 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
1673 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
1674 let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
1676 let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
1677 let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
1678 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
1680 if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat {
1681 // If another HTLC's fee would reduce the remote's balance below the reserve limit
1682 // we've selected for them, we can only send dust HTLCs.
1683 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
1687 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
1689 // If we get close to our maximum dust exposure, we end up in a situation where we can send
1690 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
1691 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
1692 // send above the dust limit (as the router can always overpay to meet the dust limit).
1693 let mut remaining_msat_below_dust_exposure_limit = None;
1694 let mut dust_exposure_dust_limit_msat = 0;
1695 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
1697 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1698 (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
1700 let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
1701 (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1702 context.holder_dust_limit_satoshis + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1704 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
1705 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1706 remaining_msat_below_dust_exposure_limit =
1707 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
1708 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
1711 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
1712 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1713 remaining_msat_below_dust_exposure_limit = Some(cmp::min(
1714 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
1715 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
1716 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
1719 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
1720 if available_capacity_msat < dust_exposure_dust_limit_msat {
1721 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
1723 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
1727 available_capacity_msat = cmp::min(available_capacity_msat,
1728 context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
1730 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
1731 available_capacity_msat = 0;
1735 inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
1736 - context.value_to_self_msat as i64
1737 - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
1738 - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
1740 outbound_capacity_msat,
1741 next_outbound_htlc_limit_msat: available_capacity_msat,
1742 next_outbound_htlc_minimum_msat,
1746 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
1747 let context = &self;
1748 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
1751 /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
1752 /// number of pending HTLCs that are on track to be in our next commitment tx.
1754 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1755 /// `fee_spike_buffer_htlc` is `Some`.
1757 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1758 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1760 /// Dust HTLCs are excluded.
1761 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1762 let context = &self;
1763 assert!(context.is_outbound());
1765 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1768 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1769 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1771 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1772 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1774 let mut addl_htlcs = 0;
1775 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1777 HTLCInitiator::LocalOffered => {
1778 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1782 HTLCInitiator::RemoteOffered => {
1783 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1789 let mut included_htlcs = 0;
1790 for ref htlc in context.pending_inbound_htlcs.iter() {
1791 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
1794 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
1795 // transaction including this HTLC if it times out before they RAA.
1796 included_htlcs += 1;
1799 for ref htlc in context.pending_outbound_htlcs.iter() {
1800 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
1804 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
1805 OutboundHTLCState::Committed => included_htlcs += 1,
1806 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1807 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
1808 // transaction won't be generated until they send us their next RAA, which will mean
1809 // dropping any HTLCs in this state.
1814 for htlc in context.holding_cell_htlc_updates.iter() {
1816 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
1817 if amount_msat / 1000 < real_dust_limit_timeout_sat {
1822 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
1823 // ack we're guaranteed to never include them in commitment txs anymore.
1827 let num_htlcs = included_htlcs + addl_htlcs;
1828 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1829 #[cfg(any(test, fuzzing))]
1832 if fee_spike_buffer_htlc.is_some() {
1833 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1835 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
1836 + context.holding_cell_htlc_updates.len();
1837 let commitment_tx_info = CommitmentTxInfoCached {
1839 total_pending_htlcs,
1840 next_holder_htlc_id: match htlc.origin {
1841 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1842 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1844 next_counterparty_htlc_id: match htlc.origin {
1845 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1846 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1848 feerate: context.feerate_per_kw,
1850 *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1855 /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
1856 /// pending HTLCs that are on track to be in their next commitment tx
1858 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1859 /// `fee_spike_buffer_htlc` is `Some`.
1861 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1862 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1864 /// Dust HTLCs are excluded.
1865 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1866 let context = &self;
1867 assert!(!context.is_outbound());
1869 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1872 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1873 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1875 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1876 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1878 let mut addl_htlcs = 0;
1879 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1881 HTLCInitiator::LocalOffered => {
1882 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1886 HTLCInitiator::RemoteOffered => {
1887 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1893 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
1894 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
1895 // committed outbound HTLCs, see below.
1896 let mut included_htlcs = 0;
1897 for ref htlc in context.pending_inbound_htlcs.iter() {
1898 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
1901 included_htlcs += 1;
1904 for ref htlc in context.pending_outbound_htlcs.iter() {
1905 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
1908 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
1909 // i.e. if they've responded to us with an RAA after announcement.
1911 OutboundHTLCState::Committed => included_htlcs += 1,
1912 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1913 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
1918 let num_htlcs = included_htlcs + addl_htlcs;
1919 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1920 #[cfg(any(test, fuzzing))]
1923 if fee_spike_buffer_htlc.is_some() {
1924 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1926 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
1927 let commitment_tx_info = CommitmentTxInfoCached {
1929 total_pending_htlcs,
1930 next_holder_htlc_id: match htlc.origin {
1931 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1932 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1934 next_counterparty_htlc_id: match htlc.origin {
1935 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1936 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1938 feerate: context.feerate_per_kw,
1940 *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1945 /// Returns transaction if there is pending funding transaction that is yet to broadcast
1946 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
1947 if self.channel_state & (ChannelState::FundingCreated as u32) != 0 {
1948 self.funding_transaction.clone()
1954 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
1955 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
1956 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
1957 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
1958 /// immediately (others we will have to allow to time out).
1959 pub fn force_shutdown(&mut self, should_broadcast: bool) -> ShutdownResult {
1960 // Note that we MUST only generate a monitor update that indicates force-closure - we're
1961 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
1962 // being fully configured in some cases. Thus, its likely any monitor events we generate will
1963 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
1964 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
1966 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
1967 // return them to fail the payment.
1968 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
1969 let counterparty_node_id = self.get_counterparty_node_id();
1970 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
1972 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
1973 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
1978 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
1979 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
1980 // returning a channel monitor update here would imply a channel monitor update before
1981 // we even registered the channel monitor to begin with, which is invalid.
1982 // Thus, if we aren't actually at a point where we could conceivably broadcast the
1983 // funding transaction, don't return a funding txo (which prevents providing the
1984 // monitor update to the user, even if we return one).
1985 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
1986 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
1987 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
1988 Some((self.get_counterparty_node_id(), funding_txo, ChannelMonitorUpdate {
1989 update_id: self.latest_monitor_update_id,
1990 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
1995 self.channel_state = ChannelState::ShutdownComplete as u32;
1996 self.update_time_counter += 1;
1997 (monitor_update, dropped_outbound_htlcs)
2001 // Internal utility functions for channels
2003 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
2004 /// `channel_value_satoshis` in msat, set through
2005 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
2007 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
2009 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
2010 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
2011 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
2013 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
2016 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
2018 channel_value_satoshis * 10 * configured_percent
2021 /// Returns a minimum channel reserve value the remote needs to maintain,
2022 /// required by us according to the configured or default
2023 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
2025 /// Guaranteed to return a value no larger than channel_value_satoshis
2027 /// This is used both for outbound and inbound channels and has lower bound
2028 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
2029 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
2030 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
2031 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
2034 /// This is for legacy reasons, present for forward-compatibility.
2035 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
2036 /// from storage. Hence, we use this function to not persist default values of
2037 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
2038 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
2039 let (q, _) = channel_value_satoshis.overflowing_div(100);
2040 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
2043 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2044 // Note that num_htlcs should not include dust HTLCs.
2046 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2047 feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2050 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2051 // Note that num_htlcs should not include dust HTLCs.
2052 fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2053 // Note that we need to divide before multiplying to round properly,
2054 // since the lowest denomination of bitcoin on-chain is the satoshi.
2055 (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2058 // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
2059 // has been completed, and then turn into a Channel to get compiler-time enforcement of things like
2060 // calling channel_id() before we're set up or things like get_funding_signed on an
2063 // Holder designates channel data owned for the benefit of the user client.
2064 // Counterparty designates channel data owned by the another channel participant entity.
2065 pub(super) struct Channel<SP: Deref> where SP::Target: SignerProvider {
2066 pub context: ChannelContext<SP>,
2069 #[cfg(any(test, fuzzing))]
2070 struct CommitmentTxInfoCached {
2072 total_pending_htlcs: usize,
2073 next_holder_htlc_id: u64,
2074 next_counterparty_htlc_id: u64,
2078 impl<SP: Deref> Channel<SP> where
2079 SP::Target: SignerProvider,
2080 <SP::Target as SignerProvider>::Signer: WriteableEcdsaChannelSigner
2082 fn check_remote_fee<F: Deref, L: Deref>(
2083 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
2084 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
2085 ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
2087 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
2088 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
2089 // We generally don't care too much if they set the feerate to something very high, but it
2090 // could result in the channel being useless due to everything being dust. This doesn't
2091 // apply to channels supporting anchor outputs since HTLC transactions are pre-signed with a
2092 // zero fee, so their fee is no longer considered to determine dust limits.
2093 if !channel_type.supports_anchors_zero_fee_htlc_tx() {
2094 let upper_limit = cmp::max(250 * 25,
2095 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
2096 if feerate_per_kw as u64 > upper_limit {
2097 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
2101 // We can afford to use a lower bound with anchors than previously since we can now bump
2102 // fees when broadcasting our commitment. However, we must still make sure we meet the
2103 // minimum mempool feerate, until package relay is deployed, such that we can ensure the
2104 // commitment transaction propagates throughout node mempools on its own.
2105 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
2106 ConfirmationTarget::MempoolMinimum
2108 ConfirmationTarget::Background
2110 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
2111 // Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
2112 // occasional issues with feerate disagreements between an initiator that wants a feerate
2113 // of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
2114 // sat/kw before the comparison here.
2115 if feerate_per_kw + 250 < lower_limit {
2116 if let Some(cur_feerate) = cur_feerate_per_kw {
2117 if feerate_per_kw > cur_feerate {
2119 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
2120 cur_feerate, feerate_per_kw);
2124 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {} (- 250)", feerate_per_kw, lower_limit)));
2130 fn get_closing_scriptpubkey(&self) -> Script {
2131 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
2132 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
2133 // outside of those situations will fail.
2134 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
2138 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
2143 1 + // script length (0)
2147 )*4 + // * 4 for non-witness parts
2148 2 + // witness marker and flag
2149 1 + // witness element count
2150 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
2151 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
2152 2*(1 + 71); // two signatures + sighash type flags
2153 if let Some(spk) = a_scriptpubkey {
2154 ret += ((8+1) + // output values and script length
2155 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2157 if let Some(spk) = b_scriptpubkey {
2158 ret += ((8+1) + // output values and script length
2159 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2165 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
2166 assert!(self.context.pending_inbound_htlcs.is_empty());
2167 assert!(self.context.pending_outbound_htlcs.is_empty());
2168 assert!(self.context.pending_update_fee.is_none());
2170 let mut total_fee_satoshis = proposed_total_fee_satoshis;
2171 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
2172 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
2174 if value_to_holder < 0 {
2175 assert!(self.context.is_outbound());
2176 total_fee_satoshis += (-value_to_holder) as u64;
2177 } else if value_to_counterparty < 0 {
2178 assert!(!self.context.is_outbound());
2179 total_fee_satoshis += (-value_to_counterparty) as u64;
2182 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
2183 value_to_counterparty = 0;
2186 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
2187 value_to_holder = 0;
2190 assert!(self.context.shutdown_scriptpubkey.is_some());
2191 let holder_shutdown_script = self.get_closing_scriptpubkey();
2192 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
2193 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
2195 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
2196 (closing_transaction, total_fee_satoshis)
2199 fn funding_outpoint(&self) -> OutPoint {
2200 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
2203 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
2206 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
2207 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
2209 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
2211 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
2212 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
2213 where L::Target: Logger {
2214 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
2215 // (see equivalent if condition there).
2216 assert!(self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
2217 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
2218 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
2219 self.context.latest_monitor_update_id = mon_update_id;
2220 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
2221 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
2225 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
2226 // Either ChannelReady got set (which means it won't be unset) or there is no way any
2227 // caller thought we could have something claimed (cause we wouldn't have accepted in an
2228 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
2230 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2231 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
2233 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2235 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2236 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2237 // these, but for now we just have to treat them as normal.
2239 let mut pending_idx = core::usize::MAX;
2240 let mut htlc_value_msat = 0;
2241 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2242 if htlc.htlc_id == htlc_id_arg {
2243 debug_assert_eq!(htlc.payment_hash, PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner()));
2244 log_debug!(logger, "Claiming inbound HTLC id {} with payment hash {} with preimage {}",
2245 htlc.htlc_id, htlc.payment_hash, payment_preimage_arg);
2247 InboundHTLCState::Committed => {},
2248 InboundHTLCState::LocalRemoved(ref reason) => {
2249 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2251 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", &htlc.payment_hash, &self.context.channel_id());
2252 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2254 return UpdateFulfillFetch::DuplicateClaim {};
2257 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2258 // Don't return in release mode here so that we can update channel_monitor
2262 htlc_value_msat = htlc.amount_msat;
2266 if pending_idx == core::usize::MAX {
2267 #[cfg(any(test, fuzzing))]
2268 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
2269 // this is simply a duplicate claim, not previously failed and we lost funds.
2270 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2271 return UpdateFulfillFetch::DuplicateClaim {};
2274 // Now update local state:
2276 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
2277 // can claim it even if the channel hits the chain before we see their next commitment.
2278 self.context.latest_monitor_update_id += 1;
2279 let monitor_update = ChannelMonitorUpdate {
2280 update_id: self.context.latest_monitor_update_id,
2281 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
2282 payment_preimage: payment_preimage_arg.clone(),
2286 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2287 // Note that this condition is the same as the assertion in
2288 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
2289 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
2290 // do not not get into this branch.
2291 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2292 match pending_update {
2293 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2294 if htlc_id_arg == htlc_id {
2295 // Make sure we don't leave latest_monitor_update_id incremented here:
2296 self.context.latest_monitor_update_id -= 1;
2297 #[cfg(any(test, fuzzing))]
2298 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2299 return UpdateFulfillFetch::DuplicateClaim {};
2302 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2303 if htlc_id_arg == htlc_id {
2304 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", &self.context.channel_id());
2305 // TODO: We may actually be able to switch to a fulfill here, though its
2306 // rare enough it may not be worth the complexity burden.
2307 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2308 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2314 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", &self.context.channel_id(), self.context.channel_state);
2315 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
2316 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
2318 #[cfg(any(test, fuzzing))]
2319 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2320 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2322 #[cfg(any(test, fuzzing))]
2323 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2326 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2327 if let InboundHTLCState::Committed = htlc.state {
2329 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2330 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2332 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", &htlc.payment_hash, &self.context.channel_id);
2333 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
2336 UpdateFulfillFetch::NewClaim {
2339 msg: Some(msgs::UpdateFulfillHTLC {
2340 channel_id: self.context.channel_id(),
2341 htlc_id: htlc_id_arg,
2342 payment_preimage: payment_preimage_arg,
2347 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
2348 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
2349 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
2350 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
2351 // Even if we aren't supposed to let new monitor updates with commitment state
2352 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
2353 // matter what. Sadly, to push a new monitor update which flies before others
2354 // already queued, we have to insert it into the pending queue and update the
2355 // update_ids of all the following monitors.
2356 if release_cs_monitor && msg.is_some() {
2357 let mut additional_update = self.build_commitment_no_status_check(logger);
2358 // build_commitment_no_status_check may bump latest_monitor_id but we want them
2359 // to be strictly increasing by one, so decrement it here.
2360 self.context.latest_monitor_update_id = monitor_update.update_id;
2361 monitor_update.updates.append(&mut additional_update.updates);
2363 let new_mon_id = self.context.blocked_monitor_updates.get(0)
2364 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
2365 monitor_update.update_id = new_mon_id;
2366 for held_update in self.context.blocked_monitor_updates.iter_mut() {
2367 held_update.update.update_id += 1;
2370 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
2371 let update = self.build_commitment_no_status_check(logger);
2372 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
2378 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
2379 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
2381 UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
2385 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2386 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2387 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2388 /// before we fail backwards.
2390 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2391 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2392 /// [`ChannelError::Ignore`].
2393 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
2394 -> Result<(), ChannelError> where L::Target: Logger {
2395 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
2396 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
2399 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2400 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2401 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2402 /// before we fail backwards.
2404 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2405 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2406 /// [`ChannelError::Ignore`].
2407 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
2408 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
2409 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2410 panic!("Was asked to fail an HTLC when channel was not in an operational state");
2412 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2414 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2415 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2416 // these, but for now we just have to treat them as normal.
2418 let mut pending_idx = core::usize::MAX;
2419 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2420 if htlc.htlc_id == htlc_id_arg {
2422 InboundHTLCState::Committed => {},
2423 InboundHTLCState::LocalRemoved(ref reason) => {
2424 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2426 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2431 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2432 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
2438 if pending_idx == core::usize::MAX {
2439 #[cfg(any(test, fuzzing))]
2440 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2441 // is simply a duplicate fail, not previously failed and we failed-back too early.
2442 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2446 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2447 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2448 force_holding_cell = true;
2451 // Now update local state:
2452 if force_holding_cell {
2453 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2454 match pending_update {
2455 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2456 if htlc_id_arg == htlc_id {
2457 #[cfg(any(test, fuzzing))]
2458 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2462 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2463 if htlc_id_arg == htlc_id {
2464 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2465 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2471 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, &self.context.channel_id());
2472 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2473 htlc_id: htlc_id_arg,
2479 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, &self.context.channel_id());
2481 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2482 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2485 Ok(Some(msgs::UpdateFailHTLC {
2486 channel_id: self.context.channel_id(),
2487 htlc_id: htlc_id_arg,
2492 // Message handlers:
2494 /// Handles a funding_signed message from the remote end.
2495 /// If this call is successful, broadcast the funding transaction (and not before!)
2496 pub fn funding_signed<L: Deref>(
2497 &mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
2498 ) -> Result<ChannelMonitor<<SP::Target as SignerProvider>::Signer>, ChannelError>
2502 if !self.context.is_outbound() {
2503 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2505 if self.context.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2506 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2508 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2509 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2510 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2511 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2514 let funding_script = self.context.get_funding_redeemscript();
2516 let counterparty_keys = self.context.build_remote_transaction_keys();
2517 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2518 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2519 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2521 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2522 &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2524 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2525 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2527 let trusted_tx = initial_commitment_tx.trust();
2528 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2529 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2530 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2531 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
2532 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2536 let holder_commitment_tx = HolderCommitmentTransaction::new(
2537 initial_commitment_tx,
2540 &self.context.get_holder_pubkeys().funding_pubkey,
2541 self.context.counterparty_funding_pubkey()
2544 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new())
2545 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2548 let funding_redeemscript = self.context.get_funding_redeemscript();
2549 let funding_txo = self.context.get_funding_txo().unwrap();
2550 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2551 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
2552 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2553 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
2554 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
2555 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
2556 shutdown_script, self.context.get_holder_selected_contest_delay(),
2557 &self.context.destination_script, (funding_txo, funding_txo_script),
2558 &self.context.channel_transaction_parameters,
2559 funding_redeemscript.clone(), self.context.channel_value_satoshis,
2561 holder_commitment_tx, best_block, self.context.counterparty_node_id);
2563 channel_monitor.provide_initial_counterparty_commitment_tx(
2564 counterparty_initial_bitcoin_tx.txid, Vec::new(),
2565 self.context.cur_counterparty_commitment_transaction_number,
2566 self.context.counterparty_cur_commitment_point.unwrap(),
2567 counterparty_initial_commitment_tx.feerate_per_kw(),
2568 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
2569 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
2571 assert_eq!(self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2572 self.context.channel_state = ChannelState::FundingSent as u32;
2573 self.context.cur_holder_commitment_transaction_number -= 1;
2574 self.context.cur_counterparty_commitment_transaction_number -= 1;
2576 log_info!(logger, "Received funding_signed from peer for channel {}", &self.context.channel_id());
2578 let need_channel_ready = self.check_get_channel_ready(0).is_some();
2579 self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
2583 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2584 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2586 pub fn channel_ready<NS: Deref, L: Deref>(
2587 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, genesis_block_hash: BlockHash,
2588 user_config: &UserConfig, best_block: &BestBlock, logger: &L
2589 ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
2591 NS::Target: NodeSigner,
2594 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2595 self.context.workaround_lnd_bug_4006 = Some(msg.clone());
2596 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2599 if let Some(scid_alias) = msg.short_channel_id_alias {
2600 if Some(scid_alias) != self.context.short_channel_id {
2601 // The scid alias provided can be used to route payments *from* our counterparty,
2602 // i.e. can be used for inbound payments and provided in invoices, but is not used
2603 // when routing outbound payments.
2604 self.context.latest_inbound_scid_alias = Some(scid_alias);
2608 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
2610 if non_shutdown_state == ChannelState::FundingSent as u32 {
2611 self.context.channel_state |= ChannelState::TheirChannelReady as u32;
2612 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2613 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
2614 self.context.update_time_counter += 1;
2615 } else if self.context.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2616 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2617 (self.context.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2618 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2620 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2621 // required, or they're sending a fresh SCID alias.
2622 let expected_point =
2623 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2624 // If they haven't ever sent an updated point, the point they send should match
2626 self.context.counterparty_cur_commitment_point
2627 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
2628 // If we've advanced the commitment number once, the second commitment point is
2629 // at `counterparty_prev_commitment_point`, which is not yet revoked.
2630 debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
2631 self.context.counterparty_prev_commitment_point
2633 // If they have sent updated points, channel_ready is always supposed to match
2634 // their "first" point, which we re-derive here.
2635 Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
2636 &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2637 ).expect("We already advanced, so previous secret keys should have been validated already")))
2639 if expected_point != Some(msg.next_per_commitment_point) {
2640 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2644 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2647 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
2648 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2650 log_info!(logger, "Received channel_ready from peer for channel {}", &self.context.channel_id());
2652 Ok(self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger))
2655 pub fn update_add_htlc<F, FE: Deref, L: Deref>(
2656 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
2657 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
2658 ) -> Result<(), ChannelError>
2659 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
2660 FE::Target: FeeEstimator, L::Target: Logger,
2662 // We can't accept HTLCs sent after we've sent a shutdown.
2663 let local_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2664 if local_sent_shutdown {
2665 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2667 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2668 let remote_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2669 if remote_sent_shutdown {
2670 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2672 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2673 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2675 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
2676 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2678 if msg.amount_msat == 0 {
2679 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2681 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
2682 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
2685 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
2686 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
2687 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
2688 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
2690 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
2691 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
2693 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2694 // the reserve_satoshis we told them to always have as direct payment so that they lose
2695 // something if we punish them for broadcasting an old state).
2696 // Note that we don't really care about having a small/no to_remote output in our local
2697 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2698 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2699 // present in the next commitment transaction we send them (at least for fulfilled ones,
2700 // failed ones won't modify value_to_self).
2701 // Note that we will send HTLCs which another instance of rust-lightning would think
2702 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2703 // Channel state once they will not be present in the next received commitment
2705 let mut removed_outbound_total_msat = 0;
2706 for ref htlc in self.context.pending_outbound_htlcs.iter() {
2707 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2708 removed_outbound_total_msat += htlc.amount_msat;
2709 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2710 removed_outbound_total_msat += htlc.amount_msat;
2714 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
2715 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2718 let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
2719 (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
2720 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
2722 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
2723 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2724 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2725 if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2726 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2727 on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2728 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2732 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
2733 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2734 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2735 if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2736 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2737 on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2738 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2742 let pending_value_to_self_msat =
2743 self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2744 let pending_remote_value_msat =
2745 self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2746 if pending_remote_value_msat < msg.amount_msat {
2747 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2750 // Check that the remote can afford to pay for this HTLC on-chain at the current
2751 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2752 let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
2753 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2754 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2756 if pending_remote_value_msat - msg.amount_msat < remote_commit_tx_fee_msat {
2757 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2760 if pending_remote_value_msat - msg.amount_msat - remote_commit_tx_fee_msat < self.context.holder_selected_channel_reserve_satoshis * 1000 {
2761 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2764 if !self.context.is_outbound() {
2765 // `2 *` and `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2766 // the spec because in the spec, the fee spike buffer requirement doesn't exist on the
2767 // receiver's side, only on the sender's.
2768 // Note that when we eventually remove support for fee updates and switch to anchor output
2769 // fees, we will drop the `2 *`, since we no longer be as sensitive to fee spikes. But, keep
2770 // the extra htlc when calculating the next remote commitment transaction fee as we should
2771 // still be able to afford adding this HTLC plus one more future HTLC, regardless of being
2772 // sensitive to fee spikes.
2773 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2774 let remote_fee_cost_incl_stuck_buffer_msat = 2 * self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2775 if pending_remote_value_msat - msg.amount_msat - self.context.holder_selected_channel_reserve_satoshis * 1000 < remote_fee_cost_incl_stuck_buffer_msat {
2776 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2777 // the HTLC, i.e. its status is already set to failing.
2778 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", &self.context.channel_id());
2779 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2782 // Check that they won't violate our local required channel reserve by adding this HTLC.
2783 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2784 let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
2785 if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat {
2786 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2789 if self.context.next_counterparty_htlc_id != msg.htlc_id {
2790 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
2792 if msg.cltv_expiry >= 500000000 {
2793 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2796 if self.context.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2797 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2798 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2802 // Now update local state:
2803 self.context.next_counterparty_htlc_id += 1;
2804 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
2805 htlc_id: msg.htlc_id,
2806 amount_msat: msg.amount_msat,
2807 payment_hash: msg.payment_hash,
2808 cltv_expiry: msg.cltv_expiry,
2809 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2814 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2816 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2817 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2818 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
2819 if htlc.htlc_id == htlc_id {
2820 let outcome = match check_preimage {
2821 None => fail_reason.into(),
2822 Some(payment_preimage) => {
2823 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2824 if payment_hash != htlc.payment_hash {
2825 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2827 OutboundHTLCOutcome::Success(Some(payment_preimage))
2831 OutboundHTLCState::LocalAnnounced(_) =>
2832 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2833 OutboundHTLCState::Committed => {
2834 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2836 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2837 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2842 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2845 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2846 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2847 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2849 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2850 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2853 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2856 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2857 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2858 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2860 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2861 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2864 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2868 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2869 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2870 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2872 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2873 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2876 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2880 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
2881 where L::Target: Logger
2883 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2884 return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
2886 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2887 return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
2889 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
2890 return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
2893 let funding_script = self.context.get_funding_redeemscript();
2895 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2897 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
2898 let commitment_txid = {
2899 let trusted_tx = commitment_stats.tx.trust();
2900 let bitcoin_tx = trusted_tx.built_transaction();
2901 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2903 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
2904 log_bytes!(msg.signature.serialize_compact()[..]),
2905 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
2906 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), &self.context.channel_id());
2907 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
2908 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
2912 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
2914 // If our counterparty updated the channel fee in this commitment transaction, check that
2915 // they can actually afford the new fee now.
2916 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
2917 update_state == FeeUpdateState::RemoteAnnounced
2920 debug_assert!(!self.context.is_outbound());
2921 let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
2922 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
2923 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
2926 #[cfg(any(test, fuzzing))]
2928 if self.context.is_outbound() {
2929 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
2930 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
2931 if let Some(info) = projected_commit_tx_info {
2932 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
2933 + self.context.holding_cell_htlc_updates.len();
2934 if info.total_pending_htlcs == total_pending_htlcs
2935 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
2936 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
2937 && info.feerate == self.context.feerate_per_kw {
2938 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
2944 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
2945 return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
2948 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
2949 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
2950 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
2951 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
2952 // backwards compatibility, we never use it in production. To provide test coverage, here,
2953 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
2954 #[allow(unused_assignments, unused_mut)]
2955 let mut separate_nondust_htlc_sources = false;
2956 #[cfg(all(feature = "std", any(test, fuzzing)))] {
2957 use core::hash::{BuildHasher, Hasher};
2958 // Get a random value using the only std API to do so - the DefaultHasher
2959 let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
2960 separate_nondust_htlc_sources = rand_val % 2 == 0;
2963 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
2964 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
2965 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
2966 if let Some(_) = htlc.transaction_output_index {
2967 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
2968 self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
2969 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
2971 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
2972 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
2973 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
2974 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
2975 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
2976 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), &self.context.channel_id());
2977 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
2978 return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
2980 if !separate_nondust_htlc_sources {
2981 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
2984 htlcs_and_sigs.push((htlc, None, source_opt.take()));
2986 if separate_nondust_htlc_sources {
2987 if let Some(source) = source_opt.take() {
2988 nondust_htlc_sources.push(source);
2991 debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
2994 let holder_commitment_tx = HolderCommitmentTransaction::new(
2995 commitment_stats.tx,
2997 msg.htlc_signatures.clone(),
2998 &self.context.get_holder_pubkeys().funding_pubkey,
2999 self.context.counterparty_funding_pubkey()
3002 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
3003 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
3005 // Update state now that we've passed all the can-fail calls...
3006 let mut need_commitment = false;
3007 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
3008 if *update_state == FeeUpdateState::RemoteAnnounced {
3009 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
3010 need_commitment = true;
3014 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
3015 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3016 Some(forward_info.clone())
3018 if let Some(forward_info) = new_forward {
3019 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3020 &htlc.payment_hash, &self.context.channel_id);
3021 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3022 need_commitment = true;
3025 let mut claimed_htlcs = Vec::new();
3026 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3027 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3028 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3029 &htlc.payment_hash, &self.context.channel_id);
3030 // Grab the preimage, if it exists, instead of cloning
3031 let mut reason = OutboundHTLCOutcome::Success(None);
3032 mem::swap(outcome, &mut reason);
3033 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
3034 // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
3035 // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
3036 // have a `Success(None)` reason. In this case we could forget some HTLC
3037 // claims, but such an upgrade is unlikely and including claimed HTLCs here
3038 // fixes a bug which the user was exposed to on 0.0.104 when they started the
3040 claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
3042 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3043 need_commitment = true;
3047 self.context.latest_monitor_update_id += 1;
3048 let mut monitor_update = ChannelMonitorUpdate {
3049 update_id: self.context.latest_monitor_update_id,
3050 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3051 commitment_tx: holder_commitment_tx,
3052 htlc_outputs: htlcs_and_sigs,
3054 nondust_htlc_sources,
3058 self.context.cur_holder_commitment_transaction_number -= 1;
3059 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3060 // build_commitment_no_status_check() next which will reset this to RAAFirst.
3061 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
3063 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3064 // In case we initially failed monitor updating without requiring a response, we need
3065 // to make sure the RAA gets sent first.
3066 self.context.monitor_pending_revoke_and_ack = true;
3067 if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3068 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3069 // the corresponding HTLC status updates so that
3070 // get_last_commitment_update_for_send includes the right HTLCs.
3071 self.context.monitor_pending_commitment_signed = true;
3072 let mut additional_update = self.build_commitment_no_status_check(logger);
3073 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3074 // strictly increasing by one, so decrement it here.
3075 self.context.latest_monitor_update_id = monitor_update.update_id;
3076 monitor_update.updates.append(&mut additional_update.updates);
3078 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3079 &self.context.channel_id);
3080 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3083 let need_commitment_signed = if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3084 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3085 // we'll send one right away when we get the revoke_and_ack when we
3086 // free_holding_cell_htlcs().
3087 let mut additional_update = self.build_commitment_no_status_check(logger);
3088 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3089 // strictly increasing by one, so decrement it here.
3090 self.context.latest_monitor_update_id = monitor_update.update_id;
3091 monitor_update.updates.append(&mut additional_update.updates);
3095 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3096 &self.context.channel_id(), if need_commitment_signed { " our own commitment_signed and" } else { "" });
3097 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
3098 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3101 /// Public version of the below, checking relevant preconditions first.
3102 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3103 /// returns `(None, Vec::new())`.
3104 pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
3105 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3106 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3107 where F::Target: FeeEstimator, L::Target: Logger
3109 if self.context.channel_state >= ChannelState::ChannelReady as u32 &&
3110 (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3111 self.free_holding_cell_htlcs(fee_estimator, logger)
3112 } else { (None, Vec::new()) }
3115 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3116 /// for our counterparty.
3117 fn free_holding_cell_htlcs<F: Deref, L: Deref>(
3118 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3119 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3120 where F::Target: FeeEstimator, L::Target: Logger
3122 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3123 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
3124 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
3125 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, &self.context.channel_id());
3127 let mut monitor_update = ChannelMonitorUpdate {
3128 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
3129 updates: Vec::new(),
3132 let mut htlc_updates = Vec::new();
3133 mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
3134 let mut update_add_count = 0;
3135 let mut update_fulfill_count = 0;
3136 let mut update_fail_count = 0;
3137 let mut htlcs_to_fail = Vec::new();
3138 for htlc_update in htlc_updates.drain(..) {
3139 // Note that this *can* fail, though it should be due to rather-rare conditions on
3140 // fee races with adding too many outputs which push our total payments just over
3141 // the limit. In case it's less rare than I anticipate, we may want to revisit
3142 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3143 // to rebalance channels.
3144 match &htlc_update {
3145 &HTLCUpdateAwaitingACK::AddHTLC {
3146 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
3147 skimmed_fee_msat, ..
3149 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(),
3150 onion_routing_packet.clone(), false, skimmed_fee_msat, fee_estimator, logger)
3152 Ok(_) => update_add_count += 1,
3155 ChannelError::Ignore(ref msg) => {
3156 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}", &payment_hash, msg, &self.context.channel_id());
3157 // If we fail to send here, then this HTLC should
3158 // be failed backwards. Failing to send here
3159 // indicates that this HTLC may keep being put back
3160 // into the holding cell without ever being
3161 // successfully forwarded/failed/fulfilled, causing
3162 // our counterparty to eventually close on us.
3163 htlcs_to_fail.push((source.clone(), *payment_hash));
3166 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3172 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3173 // If an HTLC claim was previously added to the holding cell (via
3174 // `get_update_fulfill_htlc`, then generating the claim message itself must
3175 // not fail - any in between attempts to claim the HTLC will have resulted
3176 // in it hitting the holding cell again and we cannot change the state of a
3177 // holding cell HTLC from fulfill to anything else.
3178 let mut additional_monitor_update =
3179 if let UpdateFulfillFetch::NewClaim { monitor_update, .. } =
3180 self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger)
3181 { monitor_update } else { unreachable!() };
3182 update_fulfill_count += 1;
3183 monitor_update.updates.append(&mut additional_monitor_update.updates);
3185 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3186 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3187 Ok(update_fail_msg_option) => {
3188 // If an HTLC failure was previously added to the holding cell (via
3189 // `queue_fail_htlc`) then generating the fail message itself must
3190 // not fail - we should never end up in a state where we double-fail
3191 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3192 // for a full revocation before failing.
3193 debug_assert!(update_fail_msg_option.is_some());
3194 update_fail_count += 1;
3197 if let ChannelError::Ignore(_) = e {}
3199 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3206 if update_add_count == 0 && update_fulfill_count == 0 && update_fail_count == 0 && self.context.holding_cell_update_fee.is_none() {
3207 return (None, htlcs_to_fail);
3209 let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
3210 self.send_update_fee(feerate, false, fee_estimator, logger)
3215 let mut additional_update = self.build_commitment_no_status_check(logger);
3216 // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3217 // but we want them to be strictly increasing by one, so reset it here.
3218 self.context.latest_monitor_update_id = monitor_update.update_id;
3219 monitor_update.updates.append(&mut additional_update.updates);
3221 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3222 &self.context.channel_id(), if update_fee.is_some() { "a fee update, " } else { "" },
3223 update_add_count, update_fulfill_count, update_fail_count);
3225 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
3226 (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
3232 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3233 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3234 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3235 /// generating an appropriate error *after* the channel state has been updated based on the
3236 /// revoke_and_ack message.
3237 pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
3238 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L, hold_mon_update: bool,
3239 ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
3240 where F::Target: FeeEstimator, L::Target: Logger,
3242 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3243 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3245 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3246 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3248 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3249 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3252 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3254 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
3255 if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
3256 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3260 if self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3261 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3262 // haven't given them a new commitment transaction to broadcast). We should probably
3263 // take advantage of this by updating our channel monitor, sending them an error, and
3264 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3265 // lot of work, and there's some chance this is all a misunderstanding anyway.
3266 // We have to do *something*, though, since our signer may get mad at us for otherwise
3267 // jumping a remote commitment number, so best to just force-close and move on.
3268 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3271 #[cfg(any(test, fuzzing))]
3273 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3274 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3277 match &self.context.holder_signer {
3278 ChannelSignerType::Ecdsa(ecdsa) => {
3279 ecdsa.validate_counterparty_revocation(
3280 self.context.cur_counterparty_commitment_transaction_number + 1,
3282 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3286 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3287 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3288 self.context.latest_monitor_update_id += 1;
3289 let mut monitor_update = ChannelMonitorUpdate {
3290 update_id: self.context.latest_monitor_update_id,
3291 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3292 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
3293 secret: msg.per_commitment_secret,
3297 // Update state now that we've passed all the can-fail calls...
3298 // (note that we may still fail to generate the new commitment_signed message, but that's
3299 // OK, we step the channel here and *then* if the new generation fails we can fail the
3300 // channel based on that, but stepping stuff here should be safe either way.
3301 self.context.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3302 self.context.sent_message_awaiting_response = None;
3303 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
3304 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3305 self.context.cur_counterparty_commitment_transaction_number -= 1;
3307 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3308 self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3311 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", &self.context.channel_id());
3312 let mut to_forward_infos = Vec::new();
3313 let mut revoked_htlcs = Vec::new();
3314 let mut finalized_claimed_htlcs = Vec::new();
3315 let mut update_fail_htlcs = Vec::new();
3316 let mut update_fail_malformed_htlcs = Vec::new();
3317 let mut require_commitment = false;
3318 let mut value_to_self_msat_diff: i64 = 0;
3321 // Take references explicitly so that we can hold multiple references to self.context.
3322 let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
3323 let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
3325 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3326 pending_inbound_htlcs.retain(|htlc| {
3327 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3328 log_trace!(logger, " ...removing inbound LocalRemoved {}", &htlc.payment_hash);
3329 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3330 value_to_self_msat_diff += htlc.amount_msat as i64;
3335 pending_outbound_htlcs.retain(|htlc| {
3336 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3337 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", &htlc.payment_hash);
3338 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3339 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3341 finalized_claimed_htlcs.push(htlc.source.clone());
3342 // They fulfilled, so we sent them money
3343 value_to_self_msat_diff -= htlc.amount_msat as i64;
3348 for htlc in pending_inbound_htlcs.iter_mut() {
3349 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3351 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3355 let mut state = InboundHTLCState::Committed;
3356 mem::swap(&mut state, &mut htlc.state);
3358 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3359 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
3360 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3361 require_commitment = true;
3362 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3363 match forward_info {
3364 PendingHTLCStatus::Fail(fail_msg) => {
3365 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", &htlc.payment_hash);
3366 require_commitment = true;
3368 HTLCFailureMsg::Relay(msg) => {
3369 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3370 update_fail_htlcs.push(msg)
3372 HTLCFailureMsg::Malformed(msg) => {
3373 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3374 update_fail_malformed_htlcs.push(msg)
3378 PendingHTLCStatus::Forward(forward_info) => {
3379 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", &htlc.payment_hash);
3380 to_forward_infos.push((forward_info, htlc.htlc_id));
3381 htlc.state = InboundHTLCState::Committed;
3387 for htlc in pending_outbound_htlcs.iter_mut() {
3388 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3389 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", &htlc.payment_hash);
3390 htlc.state = OutboundHTLCState::Committed;
3392 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3393 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
3394 // Grab the preimage, if it exists, instead of cloning
3395 let mut reason = OutboundHTLCOutcome::Success(None);
3396 mem::swap(outcome, &mut reason);
3397 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3398 require_commitment = true;
3402 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3404 if let Some((feerate, update_state)) = self.context.pending_update_fee {
3405 match update_state {
3406 FeeUpdateState::Outbound => {
3407 debug_assert!(self.context.is_outbound());
3408 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3409 self.context.feerate_per_kw = feerate;
3410 self.context.pending_update_fee = None;
3412 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
3413 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3414 debug_assert!(!self.context.is_outbound());
3415 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3416 require_commitment = true;
3417 self.context.feerate_per_kw = feerate;
3418 self.context.pending_update_fee = None;
3423 let release_monitor = self.context.blocked_monitor_updates.is_empty() && !hold_mon_update;
3424 let release_state_str =
3425 if hold_mon_update { "Holding" } else if release_monitor { "Releasing" } else { "Blocked" };
3426 macro_rules! return_with_htlcs_to_fail {
3427 ($htlcs_to_fail: expr) => {
3428 if !release_monitor {
3429 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
3430 update: monitor_update,
3432 return Ok(($htlcs_to_fail, None));
3434 return Ok(($htlcs_to_fail, Some(monitor_update)));
3439 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3440 // We can't actually generate a new commitment transaction (incl by freeing holding
3441 // cells) while we can't update the monitor, so we just return what we have.
3442 if require_commitment {
3443 self.context.monitor_pending_commitment_signed = true;
3444 // When the monitor updating is restored we'll call
3445 // get_last_commitment_update_for_send(), which does not update state, but we're
3446 // definitely now awaiting a remote revoke before we can step forward any more, so
3448 let mut additional_update = self.build_commitment_no_status_check(logger);
3449 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3450 // strictly increasing by one, so decrement it here.
3451 self.context.latest_monitor_update_id = monitor_update.update_id;
3452 monitor_update.updates.append(&mut additional_update.updates);
3454 self.context.monitor_pending_forwards.append(&mut to_forward_infos);
3455 self.context.monitor_pending_failures.append(&mut revoked_htlcs);
3456 self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3457 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", &self.context.channel_id());
3458 return_with_htlcs_to_fail!(Vec::new());
3461 match self.free_holding_cell_htlcs(fee_estimator, logger) {
3462 (Some(mut additional_update), htlcs_to_fail) => {
3463 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3464 // strictly increasing by one, so decrement it here.
3465 self.context.latest_monitor_update_id = monitor_update.update_id;
3466 monitor_update.updates.append(&mut additional_update.updates);
3468 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with holding cell HTLCs freed. {} monitor update.",
3469 &self.context.channel_id(), release_state_str);
3471 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3472 return_with_htlcs_to_fail!(htlcs_to_fail);
3474 (None, htlcs_to_fail) => {
3475 if require_commitment {
3476 let mut additional_update = self.build_commitment_no_status_check(logger);
3478 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3479 // strictly increasing by one, so decrement it here.
3480 self.context.latest_monitor_update_id = monitor_update.update_id;
3481 monitor_update.updates.append(&mut additional_update.updates);
3483 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed. {} monitor update.",
3484 &self.context.channel_id(),
3485 update_fail_htlcs.len() + update_fail_malformed_htlcs.len(),
3488 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3489 return_with_htlcs_to_fail!(htlcs_to_fail);
3491 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary. {} monitor update.",
3492 &self.context.channel_id(), release_state_str);
3494 self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3495 return_with_htlcs_to_fail!(htlcs_to_fail);
3501 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3502 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3503 /// commitment update.
3504 pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
3505 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
3506 where F::Target: FeeEstimator, L::Target: Logger
3508 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
3509 assert!(msg_opt.is_none(), "We forced holding cell?");
3512 /// Adds a pending update to this channel. See the doc for send_htlc for
3513 /// further details on the optionness of the return value.
3514 /// If our balance is too low to cover the cost of the next commitment transaction at the
3515 /// new feerate, the update is cancelled.
3517 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3518 /// [`Channel`] if `force_holding_cell` is false.
3519 fn send_update_fee<F: Deref, L: Deref>(
3520 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
3521 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3522 ) -> Option<msgs::UpdateFee>
3523 where F::Target: FeeEstimator, L::Target: Logger
3525 if !self.context.is_outbound() {
3526 panic!("Cannot send fee from inbound channel");
3528 if !self.context.is_usable() {
3529 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3531 if !self.context.is_live() {
3532 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3535 // Before proposing a feerate update, check that we can actually afford the new fee.
3536 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3537 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3538 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3539 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3540 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
3541 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3542 if holder_balance_msat < buffer_fee_msat + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3543 //TODO: auto-close after a number of failures?
3544 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3548 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3549 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3550 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3551 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3552 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3553 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3556 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3557 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3561 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3562 force_holding_cell = true;
3565 if force_holding_cell {
3566 self.context.holding_cell_update_fee = Some(feerate_per_kw);
3570 debug_assert!(self.context.pending_update_fee.is_none());
3571 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3573 Some(msgs::UpdateFee {
3574 channel_id: self.context.channel_id,
3579 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3580 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3582 /// No further message handling calls may be made until a channel_reestablish dance has
3584 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) where L::Target: Logger {
3585 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
3586 if self.context.channel_state < ChannelState::FundingSent as u32 {
3587 self.context.channel_state = ChannelState::ShutdownComplete as u32;
3591 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3592 // While the below code should be idempotent, it's simpler to just return early, as
3593 // redundant disconnect events can fire, though they should be rare.
3597 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3598 self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
3601 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3602 // will be retransmitted.
3603 self.context.last_sent_closing_fee = None;
3604 self.context.pending_counterparty_closing_signed = None;
3605 self.context.closing_fee_limits = None;
3607 let mut inbound_drop_count = 0;
3608 self.context.pending_inbound_htlcs.retain(|htlc| {
3610 InboundHTLCState::RemoteAnnounced(_) => {
3611 // They sent us an update_add_htlc but we never got the commitment_signed.
3612 // We'll tell them what commitment_signed we're expecting next and they'll drop
3613 // this HTLC accordingly
3614 inbound_drop_count += 1;
3617 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3618 // We received a commitment_signed updating this HTLC and (at least hopefully)
3619 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3620 // in response to it yet, so don't touch it.
3623 InboundHTLCState::Committed => true,
3624 InboundHTLCState::LocalRemoved(_) => {
3625 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3626 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3627 // (that we missed). Keep this around for now and if they tell us they missed
3628 // the commitment_signed we can re-transmit the update then.
3633 self.context.next_counterparty_htlc_id -= inbound_drop_count;
3635 if let Some((_, update_state)) = self.context.pending_update_fee {
3636 if update_state == FeeUpdateState::RemoteAnnounced {
3637 debug_assert!(!self.context.is_outbound());
3638 self.context.pending_update_fee = None;
3642 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3643 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3644 // They sent us an update to remove this but haven't yet sent the corresponding
3645 // commitment_signed, we need to move it back to Committed and they can re-send
3646 // the update upon reconnection.
3647 htlc.state = OutboundHTLCState::Committed;
3651 self.context.sent_message_awaiting_response = None;
3653 self.context.channel_state |= ChannelState::PeerDisconnected as u32;
3654 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, &self.context.channel_id());
3657 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3658 /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
3659 /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
3660 /// update completes (potentially immediately).
3661 /// The messages which were generated with the monitor update must *not* have been sent to the
3662 /// remote end, and must instead have been dropped. They will be regenerated when
3663 /// [`Self::monitor_updating_restored`] is called.
3665 /// [`ChannelManager`]: super::channelmanager::ChannelManager
3666 /// [`chain::Watch`]: crate::chain::Watch
3667 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3668 fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3669 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3670 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3671 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3673 self.context.monitor_pending_revoke_and_ack |= resend_raa;
3674 self.context.monitor_pending_commitment_signed |= resend_commitment;
3675 self.context.monitor_pending_channel_ready |= resend_channel_ready;
3676 self.context.monitor_pending_forwards.append(&mut pending_forwards);
3677 self.context.monitor_pending_failures.append(&mut pending_fails);
3678 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3679 self.context.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3682 /// Indicates that the latest ChannelMonitor update has been committed by the client
3683 /// successfully and we should restore normal operation. Returns messages which should be sent
3684 /// to the remote side.
3685 pub fn monitor_updating_restored<L: Deref, NS: Deref>(
3686 &mut self, logger: &L, node_signer: &NS, genesis_block_hash: BlockHash,
3687 user_config: &UserConfig, best_block_height: u32
3688 ) -> MonitorRestoreUpdates
3691 NS::Target: NodeSigner
3693 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3694 self.context.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3696 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3697 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3698 // first received the funding_signed.
3699 let mut funding_broadcastable =
3700 if self.context.is_outbound() && self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 {
3701 self.context.funding_transaction.take()
3703 // That said, if the funding transaction is already confirmed (ie we're active with a
3704 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3705 if self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.context.minimum_depth != Some(0) {
3706 funding_broadcastable = None;
3709 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3710 // (and we assume the user never directly broadcasts the funding transaction and waits for
3711 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3712 // * an inbound channel that failed to persist the monitor on funding_created and we got
3713 // the funding transaction confirmed before the monitor was persisted, or
3714 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3715 let channel_ready = if self.context.monitor_pending_channel_ready {
3716 assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
3717 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3718 self.context.monitor_pending_channel_ready = false;
3719 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3720 Some(msgs::ChannelReady {
3721 channel_id: self.context.channel_id(),
3722 next_per_commitment_point,
3723 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3727 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block_height, logger);
3729 let mut accepted_htlcs = Vec::new();
3730 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
3731 let mut failed_htlcs = Vec::new();
3732 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
3733 let mut finalized_claimed_htlcs = Vec::new();
3734 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
3736 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3737 self.context.monitor_pending_revoke_and_ack = false;
3738 self.context.monitor_pending_commitment_signed = false;
3739 return MonitorRestoreUpdates {
3740 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3741 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3745 let raa = if self.context.monitor_pending_revoke_and_ack {
3746 Some(self.get_last_revoke_and_ack())
3748 let commitment_update = if self.context.monitor_pending_commitment_signed {
3749 self.get_last_commitment_update_for_send(logger).ok()
3751 if commitment_update.is_some() {
3752 self.mark_awaiting_response();
3755 self.context.monitor_pending_revoke_and_ack = false;
3756 self.context.monitor_pending_commitment_signed = false;
3757 let order = self.context.resend_order.clone();
3758 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3759 &self.context.channel_id(), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3760 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3761 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3762 MonitorRestoreUpdates {
3763 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3767 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3768 where F::Target: FeeEstimator, L::Target: Logger
3770 if self.context.is_outbound() {
3771 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3773 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3774 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3776 Channel::<SP>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
3777 let feerate_over_dust_buffer = msg.feerate_per_kw > self.context.get_dust_buffer_feerate(None);
3779 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3780 self.context.update_time_counter += 1;
3781 // If the feerate has increased over the previous dust buffer (note that
3782 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3783 // won't be pushed over our dust exposure limit by the feerate increase.
3784 if feerate_over_dust_buffer {
3785 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
3786 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
3787 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3788 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3789 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3790 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3791 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3792 msg.feerate_per_kw, holder_tx_dust_exposure)));
3794 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3795 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3796 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3802 /// Indicates that the signer may have some signatures for us, so we should retry if we're
3804 pub fn signer_maybe_unblocked<L: Deref>(&mut self, logger: &L) -> SignerResumeUpdates where L::Target: Logger {
3805 let commitment_update = if self.context.signer_pending_commitment_update {
3808 let funding_signed = None;
3809 let funding_created = None;
3810 SignerResumeUpdates {
3817 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3818 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3819 let per_commitment_secret = self.context.holder_signer.as_ref().release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
3820 msgs::RevokeAndACK {
3821 channel_id: self.context.channel_id,
3822 per_commitment_secret,
3823 next_per_commitment_point,
3825 next_local_nonce: None,
3829 /// Gets the last commitment update for immediate sending to our peer.
3830 fn get_last_commitment_update_for_send<L: Deref>(&mut self, logger: &L) -> Result<msgs::CommitmentUpdate, ()> where L::Target: Logger {
3831 let mut update_add_htlcs = Vec::new();
3832 let mut update_fulfill_htlcs = Vec::new();
3833 let mut update_fail_htlcs = Vec::new();
3834 let mut update_fail_malformed_htlcs = Vec::new();
3836 for htlc in self.context.pending_outbound_htlcs.iter() {
3837 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3838 update_add_htlcs.push(msgs::UpdateAddHTLC {
3839 channel_id: self.context.channel_id(),
3840 htlc_id: htlc.htlc_id,
3841 amount_msat: htlc.amount_msat,
3842 payment_hash: htlc.payment_hash,
3843 cltv_expiry: htlc.cltv_expiry,
3844 onion_routing_packet: (**onion_packet).clone(),
3845 skimmed_fee_msat: htlc.skimmed_fee_msat,
3850 for htlc in self.context.pending_inbound_htlcs.iter() {
3851 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3853 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3854 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3855 channel_id: self.context.channel_id(),
3856 htlc_id: htlc.htlc_id,
3857 reason: err_packet.clone()
3860 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3861 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3862 channel_id: self.context.channel_id(),
3863 htlc_id: htlc.htlc_id,
3864 sha256_of_onion: sha256_of_onion.clone(),
3865 failure_code: failure_code.clone(),
3868 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
3869 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
3870 channel_id: self.context.channel_id(),
3871 htlc_id: htlc.htlc_id,
3872 payment_preimage: payment_preimage.clone(),
3879 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
3880 Some(msgs::UpdateFee {
3881 channel_id: self.context.channel_id(),
3882 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
3886 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
3887 &self.context.channel_id(), if update_fee.is_some() { " update_fee," } else { "" },
3888 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
3889 let commitment_signed = if let Ok(update) = self.send_commitment_no_state_update(logger).map(|(cu, _)| cu) {
3890 self.context.signer_pending_commitment_update = false;
3893 self.context.signer_pending_commitment_update = true;
3896 Ok(msgs::CommitmentUpdate {
3897 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
3902 /// Gets the `Shutdown` message we should send our peer on reconnect, if any.
3903 pub fn get_outbound_shutdown(&self) -> Option<msgs::Shutdown> {
3904 if self.context.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
3905 assert!(self.context.shutdown_scriptpubkey.is_some());
3906 Some(msgs::Shutdown {
3907 channel_id: self.context.channel_id,
3908 scriptpubkey: self.get_closing_scriptpubkey(),
3913 /// May panic if some calls other than message-handling calls (which will all Err immediately)
3914 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
3916 /// Some links printed in log lines are included here to check them during build (when run with
3917 /// `cargo doc --document-private-items`):
3918 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
3919 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
3920 pub fn channel_reestablish<L: Deref, NS: Deref>(
3921 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
3922 genesis_block_hash: BlockHash, user_config: &UserConfig, best_block: &BestBlock
3923 ) -> Result<ReestablishResponses, ChannelError>
3926 NS::Target: NodeSigner
3928 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
3929 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
3930 // almost certainly indicates we are going to end up out-of-sync in some way, so we
3931 // just close here instead of trying to recover.
3932 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
3935 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
3936 msg.next_local_commitment_number == 0 {
3937 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish (usually an lnd node with lost state asking us to force-close for them)".to_owned()));
3940 if msg.next_remote_commitment_number > 0 {
3941 let expected_point = self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
3942 let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
3943 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
3944 if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
3945 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
3947 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
3948 macro_rules! log_and_panic {
3949 ($err_msg: expr) => {
3950 log_error!(logger, $err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
3951 panic!($err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
3954 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
3955 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
3956 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
3957 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
3958 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
3959 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
3960 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
3961 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
3965 // Before we change the state of the channel, we check if the peer is sending a very old
3966 // commitment transaction number, if yes we send a warning message.
3967 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
3968 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
3970 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
3974 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
3975 // remaining cases either succeed or ErrorMessage-fail).
3976 self.context.channel_state &= !(ChannelState::PeerDisconnected as u32);
3977 self.context.sent_message_awaiting_response = None;
3979 let shutdown_msg = self.get_outbound_shutdown();
3981 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger);
3983 if self.context.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
3984 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
3985 if self.context.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
3986 self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3987 if msg.next_remote_commitment_number != 0 {
3988 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
3990 // Short circuit the whole handler as there is nothing we can resend them
3991 return Ok(ReestablishResponses {
3992 channel_ready: None,
3993 raa: None, commitment_update: None,
3994 order: RAACommitmentOrder::CommitmentFirst,
3995 shutdown_msg, announcement_sigs,
3999 // We have OurChannelReady set!
4000 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4001 return Ok(ReestablishResponses {
4002 channel_ready: Some(msgs::ChannelReady {
4003 channel_id: self.context.channel_id(),
4004 next_per_commitment_point,
4005 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4007 raa: None, commitment_update: None,
4008 order: RAACommitmentOrder::CommitmentFirst,
4009 shutdown_msg, announcement_sigs,
4013 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
4014 // Remote isn't waiting on any RevokeAndACK from us!
4015 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
4017 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.context.cur_holder_commitment_transaction_number {
4018 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4019 self.context.monitor_pending_revoke_and_ack = true;
4022 Some(self.get_last_revoke_and_ack())
4025 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
4028 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
4029 // revoke_and_ack, not on sending commitment_signed, so we add one if have
4030 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
4031 // the corresponding revoke_and_ack back yet.
4032 let is_awaiting_remote_revoke = self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 != 0;
4033 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
4034 self.mark_awaiting_response();
4036 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
4038 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
4039 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
4040 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
4041 Some(msgs::ChannelReady {
4042 channel_id: self.context.channel_id(),
4043 next_per_commitment_point,
4044 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4048 if msg.next_local_commitment_number == next_counterparty_commitment_number {
4049 if required_revoke.is_some() {
4050 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
4052 log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
4055 Ok(ReestablishResponses {
4056 channel_ready, shutdown_msg, announcement_sigs,
4057 raa: required_revoke,
4058 commitment_update: None,
4059 order: self.context.resend_order.clone(),
4061 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
4062 if required_revoke.is_some() {
4063 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
4065 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", &self.context.channel_id());
4068 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4069 self.context.monitor_pending_commitment_signed = true;
4070 Ok(ReestablishResponses {
4071 channel_ready, shutdown_msg, announcement_sigs,
4072 commitment_update: None, raa: None,
4073 order: self.context.resend_order.clone(),
4076 Ok(ReestablishResponses {
4077 channel_ready, shutdown_msg, announcement_sigs,
4078 raa: required_revoke,
4079 commitment_update: self.get_last_commitment_update_for_send(logger).ok(),
4080 order: self.context.resend_order.clone(),
4084 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4088 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4089 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4090 /// at which point they will be recalculated.
4091 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4093 where F::Target: FeeEstimator
4095 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
4097 // Propose a range from our current Background feerate to our Normal feerate plus our
4098 // force_close_avoidance_max_fee_satoshis.
4099 // If we fail to come to consensus, we'll have to force-close.
4100 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
4101 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
4102 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
4104 // The spec requires that (when the channel does not have anchors) we only send absolute
4105 // channel fees no greater than the absolute channel fee on the current commitment
4106 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4107 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4108 // some force-closure by old nodes, but we wanted to close the channel anyway.
4110 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
4111 let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
4112 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4113 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4116 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4117 // below our dust limit, causing the output to disappear. We don't bother handling this
4118 // case, however, as this should only happen if a channel is closed before any (material)
4119 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4120 // come to consensus with our counterparty on appropriate fees, however it should be a
4121 // relatively rare case. We can revisit this later, though note that in order to determine
4122 // if the funders' output is dust we have to know the absolute fee we're going to use.
4123 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4124 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4125 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
4126 // We always add force_close_avoidance_max_fee_satoshis to our normal
4127 // feerate-calculated fee, but allow the max to be overridden if we're using a
4128 // target feerate-calculated fee.
4129 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
4130 proposed_max_feerate as u64 * tx_weight / 1000)
4132 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
4135 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4136 self.context.closing_fee_limits.clone().unwrap()
4139 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4140 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4141 /// this point if we're the funder we should send the initial closing_signed, and in any case
4142 /// shutdown should complete within a reasonable timeframe.
4143 fn closing_negotiation_ready(&self) -> bool {
4144 self.context.closing_negotiation_ready()
4147 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4148 /// an Err if no progress is being made and the channel should be force-closed instead.
4149 /// Should be called on a one-minute timer.
4150 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4151 if self.closing_negotiation_ready() {
4152 if self.context.closing_signed_in_flight {
4153 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4155 self.context.closing_signed_in_flight = true;
4161 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4162 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4163 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4164 where F::Target: FeeEstimator, L::Target: Logger
4166 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4167 return Ok((None, None));
4170 if !self.context.is_outbound() {
4171 if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
4172 return self.closing_signed(fee_estimator, &msg);
4174 return Ok((None, None));
4177 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4179 assert!(self.context.shutdown_scriptpubkey.is_some());
4180 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4181 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4182 our_min_fee, our_max_fee, total_fee_satoshis);
4184 match &self.context.holder_signer {
4185 ChannelSignerType::Ecdsa(ecdsa) => {
4187 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4188 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4190 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4191 Ok((Some(msgs::ClosingSigned {
4192 channel_id: self.context.channel_id,
4193 fee_satoshis: total_fee_satoshis,
4195 fee_range: Some(msgs::ClosingSignedFeeRange {
4196 min_fee_satoshis: our_min_fee,
4197 max_fee_satoshis: our_max_fee,
4204 // Marks a channel as waiting for a response from the counterparty. If it's not received
4205 // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
4207 fn mark_awaiting_response(&mut self) {
4208 self.context.sent_message_awaiting_response = Some(0);
4211 /// Determines whether we should disconnect the counterparty due to not receiving a response
4212 /// within our expected timeframe.
4214 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
4215 pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
4216 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
4219 // Don't disconnect when we're not waiting on a response.
4222 *ticks_elapsed += 1;
4223 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
4227 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
4228 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4230 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4231 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4233 if self.context.channel_state < ChannelState::FundingSent as u32 {
4234 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4235 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4236 // can do that via error message without getting a connection fail anyway...
4237 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4239 for htlc in self.context.pending_inbound_htlcs.iter() {
4240 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4241 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4244 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
4246 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4247 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4250 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
4251 if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
4252 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4255 self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4258 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4259 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4260 // any further commitment updates after we set LocalShutdownSent.
4261 let send_shutdown = (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4263 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
4266 assert!(send_shutdown);
4267 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
4268 Ok(scriptpubkey) => scriptpubkey,
4269 Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
4271 if !shutdown_scriptpubkey.is_compatible(their_features) {
4272 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4274 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4279 // From here on out, we may not fail!
4281 self.context.channel_state |= ChannelState::RemoteShutdownSent as u32;
4282 self.context.update_time_counter += 1;
4284 let monitor_update = if update_shutdown_script {
4285 self.context.latest_monitor_update_id += 1;
4286 let monitor_update = ChannelMonitorUpdate {
4287 update_id: self.context.latest_monitor_update_id,
4288 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4289 scriptpubkey: self.get_closing_scriptpubkey(),
4292 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
4293 self.push_ret_blockable_mon_update(monitor_update)
4295 let shutdown = if send_shutdown {
4296 Some(msgs::Shutdown {
4297 channel_id: self.context.channel_id,
4298 scriptpubkey: self.get_closing_scriptpubkey(),
4302 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4303 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4304 // cell HTLCs and return them to fail the payment.
4305 self.context.holding_cell_update_fee = None;
4306 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
4307 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4309 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4310 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4317 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
4318 self.context.update_time_counter += 1;
4320 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4323 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4324 let mut tx = closing_tx.trust().built_transaction().clone();
4326 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4328 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
4329 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
4330 let mut holder_sig = sig.serialize_der().to_vec();
4331 holder_sig.push(EcdsaSighashType::All as u8);
4332 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4333 cp_sig.push(EcdsaSighashType::All as u8);
4334 if funding_key[..] < counterparty_funding_key[..] {
4335 tx.input[0].witness.push(holder_sig);
4336 tx.input[0].witness.push(cp_sig);
4338 tx.input[0].witness.push(cp_sig);
4339 tx.input[0].witness.push(holder_sig);
4342 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
4346 pub fn closing_signed<F: Deref>(
4347 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4348 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4349 where F::Target: FeeEstimator
4351 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4352 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4354 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4355 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4357 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
4358 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4360 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4361 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4364 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
4365 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4368 if self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4369 self.context.pending_counterparty_closing_signed = Some(msg.clone());
4370 return Ok((None, None));
4373 let funding_redeemscript = self.context.get_funding_redeemscript();
4374 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4375 if used_total_fee != msg.fee_satoshis {
4376 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4378 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4380 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
4383 // The remote end may have decided to revoke their output due to inconsistent dust
4384 // limits, so check for that case by re-checking the signature here.
4385 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4386 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4387 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4391 for outp in closing_tx.trust().built_transaction().output.iter() {
4392 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4393 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4397 assert!(self.context.shutdown_scriptpubkey.is_some());
4398 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
4399 if last_fee == msg.fee_satoshis {
4400 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4401 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4402 self.context.update_time_counter += 1;
4403 return Ok((None, Some(tx)));
4407 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4409 macro_rules! propose_fee {
4410 ($new_fee: expr) => {
4411 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4412 (closing_tx, $new_fee)
4414 self.build_closing_transaction($new_fee, false)
4417 return match &self.context.holder_signer {
4418 ChannelSignerType::Ecdsa(ecdsa) => {
4420 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4421 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4423 let signed_tx = if $new_fee == msg.fee_satoshis {
4424 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4425 self.context.update_time_counter += 1;
4426 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4430 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
4431 Ok((Some(msgs::ClosingSigned {
4432 channel_id: self.context.channel_id,
4433 fee_satoshis: used_fee,
4435 fee_range: Some(msgs::ClosingSignedFeeRange {
4436 min_fee_satoshis: our_min_fee,
4437 max_fee_satoshis: our_max_fee,
4445 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4446 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4447 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4449 if max_fee_satoshis < our_min_fee {
4450 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4452 if min_fee_satoshis > our_max_fee {
4453 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4456 if !self.context.is_outbound() {
4457 // They have to pay, so pick the highest fee in the overlapping range.
4458 // We should never set an upper bound aside from their full balance
4459 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
4460 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4462 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4463 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4464 msg.fee_satoshis, our_min_fee, our_max_fee)));
4466 // The proposed fee is in our acceptable range, accept it and broadcast!
4467 propose_fee!(msg.fee_satoshis);
4470 // Old fee style negotiation. We don't bother to enforce whether they are complying
4471 // with the "making progress" requirements, we just comply and hope for the best.
4472 if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
4473 if msg.fee_satoshis > last_fee {
4474 if msg.fee_satoshis < our_max_fee {
4475 propose_fee!(msg.fee_satoshis);
4476 } else if last_fee < our_max_fee {
4477 propose_fee!(our_max_fee);
4479 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4482 if msg.fee_satoshis > our_min_fee {
4483 propose_fee!(msg.fee_satoshis);
4484 } else if last_fee > our_min_fee {
4485 propose_fee!(our_min_fee);
4487 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4491 if msg.fee_satoshis < our_min_fee {
4492 propose_fee!(our_min_fee);
4493 } else if msg.fee_satoshis > our_max_fee {
4494 propose_fee!(our_max_fee);
4496 propose_fee!(msg.fee_satoshis);
4502 fn internal_htlc_satisfies_config(
4503 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4504 ) -> Result<(), (&'static str, u16)> {
4505 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4506 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4507 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4508 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4510 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4511 0x1000 | 12, // fee_insufficient
4514 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4516 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4517 0x1000 | 13, // incorrect_cltv_expiry
4523 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4524 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4525 /// unsuccessful, falls back to the previous one if one exists.
4526 pub fn htlc_satisfies_config(
4527 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4528 ) -> Result<(), (&'static str, u16)> {
4529 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
4531 if let Some(prev_config) = self.context.prev_config() {
4532 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4539 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4540 self.context.cur_holder_commitment_transaction_number + 1
4543 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4544 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4547 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4548 self.context.cur_counterparty_commitment_transaction_number + 2
4552 pub fn get_signer(&self) -> &ChannelSignerType<<SP::Target as SignerProvider>::Signer> {
4553 &self.context.holder_signer
4557 pub fn get_value_stat(&self) -> ChannelValueStat {
4559 value_to_self_msat: self.context.value_to_self_msat,
4560 channel_value_msat: self.context.channel_value_satoshis * 1000,
4561 channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4562 pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4563 pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4564 holding_cell_outbound_amount_msat: {
4566 for h in self.context.holding_cell_htlc_updates.iter() {
4568 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4576 counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
4577 counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
4581 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4582 /// Allowed in any state (including after shutdown)
4583 pub fn is_awaiting_monitor_update(&self) -> bool {
4584 (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4587 /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
4588 pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
4589 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
4590 self.context.blocked_monitor_updates[0].update.update_id - 1
4593 /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
4594 /// further blocked monitor update exists after the next.
4595 pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
4596 if self.context.blocked_monitor_updates.is_empty() { return None; }
4597 Some((self.context.blocked_monitor_updates.remove(0).update,
4598 !self.context.blocked_monitor_updates.is_empty()))
4601 /// Pushes a new monitor update into our monitor update queue, returning it if it should be
4602 /// immediately given to the user for persisting or `None` if it should be held as blocked.
4603 fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
4604 -> Option<ChannelMonitorUpdate> {
4605 let release_monitor = self.context.blocked_monitor_updates.is_empty();
4606 if !release_monitor {
4607 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4616 pub fn blocked_monitor_updates_pending(&self) -> usize {
4617 self.context.blocked_monitor_updates.len()
4620 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4621 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4622 /// transaction. If the channel is inbound, this implies simply that the channel has not
4624 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4625 if !self.is_awaiting_monitor_update() { return false; }
4626 if self.context.channel_state &
4627 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4628 == ChannelState::FundingSent as u32 {
4629 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4630 // FundingSent set, though our peer could have sent their channel_ready.
4631 debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
4634 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4635 self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4636 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4637 // waiting for the initial monitor persistence. Thus, we check if our commitment
4638 // transaction numbers have both been iterated only exactly once (for the
4639 // funding_signed), and we're awaiting monitor update.
4641 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4642 // only way to get an awaiting-monitor-update state during initial funding is if the
4643 // initial monitor persistence is still pending).
4645 // Because deciding we're awaiting initial broadcast spuriously could result in
4646 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4647 // we hard-assert here, even in production builds.
4648 if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
4649 assert!(self.context.monitor_pending_channel_ready);
4650 assert_eq!(self.context.latest_monitor_update_id, 0);
4656 /// Returns true if our channel_ready has been sent
4657 pub fn is_our_channel_ready(&self) -> bool {
4658 (self.context.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.context.channel_state >= ChannelState::ChannelReady as u32
4661 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4662 pub fn received_shutdown(&self) -> bool {
4663 (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4666 /// Returns true if we either initiated or agreed to shut down the channel.
4667 pub fn sent_shutdown(&self) -> bool {
4668 (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4671 /// Returns true if this channel is fully shut down. True here implies that no further actions
4672 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4673 /// will be handled appropriately by the chain monitor.
4674 pub fn is_shutdown(&self) -> bool {
4675 if (self.context.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4676 assert!(self.context.channel_state == ChannelState::ShutdownComplete as u32);
4681 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4682 self.context.channel_update_status
4685 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4686 self.context.update_time_counter += 1;
4687 self.context.channel_update_status = status;
4690 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4692 // * always when a new block/transactions are confirmed with the new height
4693 // * when funding is signed with a height of 0
4694 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
4698 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4699 if funding_tx_confirmations <= 0 {
4700 self.context.funding_tx_confirmation_height = 0;
4703 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
4707 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4708 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4709 self.context.channel_state |= ChannelState::OurChannelReady as u32;
4711 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4712 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
4713 self.context.update_time_counter += 1;
4715 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4716 // We got a reorg but not enough to trigger a force close, just ignore.
4719 if self.context.funding_tx_confirmation_height != 0 && self.context.channel_state < ChannelState::ChannelReady as u32 {
4720 // We should never see a funding transaction on-chain until we've received
4721 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4722 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4723 // however, may do this and we shouldn't treat it as a bug.
4724 #[cfg(not(fuzzing))]
4725 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4726 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4727 self.context.channel_state);
4729 // We got a reorg but not enough to trigger a force close, just ignore.
4733 if need_commitment_update {
4734 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4735 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4736 let next_per_commitment_point =
4737 self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
4738 return Some(msgs::ChannelReady {
4739 channel_id: self.context.channel_id,
4740 next_per_commitment_point,
4741 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4745 self.context.monitor_pending_channel_ready = true;
4751 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4752 /// In the first case, we store the confirmation height and calculating the short channel id.
4753 /// In the second, we simply return an Err indicating we need to be force-closed now.
4754 pub fn transactions_confirmed<NS: Deref, L: Deref>(
4755 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
4756 genesis_block_hash: BlockHash, node_signer: &NS, user_config: &UserConfig, logger: &L
4757 ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4759 NS::Target: NodeSigner,
4762 if let Some(funding_txo) = self.context.get_funding_txo() {
4763 for &(index_in_block, tx) in txdata.iter() {
4764 // Check if the transaction is the expected funding transaction, and if it is,
4765 // check that it pays the right amount to the right script.
4766 if self.context.funding_tx_confirmation_height == 0 {
4767 if tx.txid() == funding_txo.txid {
4768 let txo_idx = funding_txo.index as usize;
4769 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
4770 tx.output[txo_idx].value != self.context.channel_value_satoshis {
4771 if self.context.is_outbound() {
4772 // If we generated the funding transaction and it doesn't match what it
4773 // should, the client is really broken and we should just panic and
4774 // tell them off. That said, because hash collisions happen with high
4775 // probability in fuzzing mode, if we're fuzzing we just close the
4776 // channel and move on.
4777 #[cfg(not(fuzzing))]
4778 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4780 self.context.update_time_counter += 1;
4781 let err_reason = "funding tx had wrong script/value or output index";
4782 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4784 if self.context.is_outbound() {
4785 if !tx.is_coin_base() {
4786 for input in tx.input.iter() {
4787 if input.witness.is_empty() {
4788 // We generated a malleable funding transaction, implying we've
4789 // just exposed ourselves to funds loss to our counterparty.
4790 #[cfg(not(fuzzing))]
4791 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4796 self.context.funding_tx_confirmation_height = height;
4797 self.context.funding_tx_confirmed_in = Some(*block_hash);
4798 self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4799 Ok(scid) => Some(scid),
4800 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4803 // If this is a coinbase transaction and not a 0-conf channel
4804 // we should update our min_depth to 100 to handle coinbase maturity
4805 if tx.is_coin_base() &&
4806 self.context.minimum_depth.unwrap_or(0) > 0 &&
4807 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
4808 self.context.minimum_depth = Some(COINBASE_MATURITY);
4811 // If we allow 1-conf funding, we may need to check for channel_ready here and
4812 // send it immediately instead of waiting for a best_block_updated call (which
4813 // may have already happened for this block).
4814 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4815 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
4816 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger);
4817 return Ok((Some(channel_ready), announcement_sigs));
4820 for inp in tx.input.iter() {
4821 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
4822 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, &self.context.channel_id());
4823 return Err(ClosureReason::CommitmentTxConfirmed);
4831 /// When a new block is connected, we check the height of the block against outbound holding
4832 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
4833 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
4834 /// handled by the ChannelMonitor.
4836 /// If we return Err, the channel may have been closed, at which point the standard
4837 /// requirements apply - no calls may be made except those explicitly stated to be allowed
4840 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
4842 pub fn best_block_updated<NS: Deref, L: Deref>(
4843 &mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash,
4844 node_signer: &NS, user_config: &UserConfig, logger: &L
4845 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4847 NS::Target: NodeSigner,
4850 self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_signer, user_config)), logger)
4853 fn do_best_block_updated<NS: Deref, L: Deref>(
4854 &mut self, height: u32, highest_header_time: u32,
4855 genesis_node_signer: Option<(BlockHash, &NS, &UserConfig)>, logger: &L
4856 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4858 NS::Target: NodeSigner,
4861 let mut timed_out_htlcs = Vec::new();
4862 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
4863 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
4865 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
4866 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4868 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
4869 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
4870 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
4878 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
4880 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4881 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4882 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4884 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
4885 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
4888 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4889 if non_shutdown_state >= ChannelState::ChannelReady as u32 ||
4890 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
4891 let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4892 if self.context.funding_tx_confirmation_height == 0 {
4893 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
4894 // zero if it has been reorged out, however in either case, our state flags
4895 // indicate we've already sent a channel_ready
4896 funding_tx_confirmations = 0;
4899 // If we've sent channel_ready (or have both sent and received channel_ready), and
4900 // the funding transaction has become unconfirmed,
4901 // close the channel and hope we can get the latest state on chain (because presumably
4902 // the funding transaction is at least still in the mempool of most nodes).
4904 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
4905 // 0-conf channel, but not doing so may lead to the
4906 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
4908 if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
4909 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
4910 self.context.minimum_depth.unwrap(), funding_tx_confirmations);
4911 return Err(ClosureReason::ProcessingError { err: err_reason });
4913 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
4914 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
4915 log_info!(logger, "Closing channel {} due to funding timeout", &self.context.channel_id);
4916 // If funding_tx_confirmed_in is unset, the channel must not be active
4917 assert!(non_shutdown_state <= ChannelState::ChannelReady as u32);
4918 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
4919 return Err(ClosureReason::FundingTimedOut);
4922 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4923 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4925 Ok((None, timed_out_htlcs, announcement_sigs))
4928 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
4929 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
4930 /// before the channel has reached channel_ready and we can just wait for more blocks.
4931 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
4932 if self.context.funding_tx_confirmation_height != 0 {
4933 // We handle the funding disconnection by calling best_block_updated with a height one
4934 // below where our funding was connected, implying a reorg back to conf_height - 1.
4935 let reorg_height = self.context.funding_tx_confirmation_height - 1;
4936 // We use the time field to bump the current time we set on channel updates if its
4937 // larger. If we don't know that time has moved forward, we can just set it to the last
4938 // time we saw and it will be ignored.
4939 let best_time = self.context.update_time_counter;
4940 match self.do_best_block_updated(reorg_height, best_time, None::<(BlockHash, &&NodeSigner, &UserConfig)>, logger) {
4941 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
4942 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
4943 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
4944 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
4950 // We never learned about the funding confirmation anyway, just ignore
4955 // Methods to get unprompted messages to send to the remote end (or where we already returned
4956 // something in the handler for the message that prompted this message):
4958 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
4959 /// announceable and available for use (have exchanged [`ChannelReady`] messages in both
4960 /// directions). Should be used for both broadcasted announcements and in response to an
4961 /// AnnouncementSignatures message from the remote peer.
4963 /// Will only fail if we're not in a state where channel_announcement may be sent (including
4966 /// This will only return ChannelError::Ignore upon failure.
4968 /// [`ChannelReady`]: crate::ln::msgs::ChannelReady
4969 fn get_channel_announcement<NS: Deref>(
4970 &self, node_signer: &NS, chain_hash: BlockHash, user_config: &UserConfig,
4971 ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
4972 if !self.context.config.announced_channel {
4973 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
4975 if !self.context.is_usable() {
4976 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
4979 let short_channel_id = self.context.get_short_channel_id()
4980 .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
4981 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
4982 .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
4983 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
4984 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
4986 let msg = msgs::UnsignedChannelAnnouncement {
4987 features: channelmanager::provided_channel_features(&user_config),
4990 node_id_1: if were_node_one { node_id } else { counterparty_node_id },
4991 node_id_2: if were_node_one { counterparty_node_id } else { node_id },
4992 bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
4993 bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
4994 excess_data: Vec::new(),
5000 fn get_announcement_sigs<NS: Deref, L: Deref>(
5001 &mut self, node_signer: &NS, genesis_block_hash: BlockHash, user_config: &UserConfig,
5002 best_block_height: u32, logger: &L
5003 ) -> Option<msgs::AnnouncementSignatures>
5005 NS::Target: NodeSigner,
5008 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5012 if !self.context.is_usable() {
5016 if self.context.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
5017 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
5021 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
5025 log_trace!(logger, "Creating an announcement_signatures message for channel {}", &self.context.channel_id());
5026 let announcement = match self.get_channel_announcement(node_signer, genesis_block_hash, user_config) {
5029 log_trace!(logger, "{:?}", e);
5033 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
5035 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
5040 match &self.context.holder_signer {
5041 ChannelSignerType::Ecdsa(ecdsa) => {
5042 let our_bitcoin_sig = match ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
5044 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
5049 let short_channel_id = match self.context.get_short_channel_id() {
5051 None => return None,
5054 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
5056 Some(msgs::AnnouncementSignatures {
5057 channel_id: self.context.channel_id(),
5059 node_signature: our_node_sig,
5060 bitcoin_signature: our_bitcoin_sig,
5066 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
5068 fn sign_channel_announcement<NS: Deref>(
5069 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
5070 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5071 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
5072 let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
5073 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
5074 let were_node_one = announcement.node_id_1 == our_node_key;
5076 let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
5077 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
5078 match &self.context.holder_signer {
5079 ChannelSignerType::Ecdsa(ecdsa) => {
5080 let our_bitcoin_sig = ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
5081 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
5082 Ok(msgs::ChannelAnnouncement {
5083 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
5084 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
5085 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
5086 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
5087 contents: announcement,
5092 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5096 /// Processes an incoming announcement_signatures message, providing a fully-signed
5097 /// channel_announcement message which we can broadcast and storing our counterparty's
5098 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5099 pub fn announcement_signatures<NS: Deref>(
5100 &mut self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32,
5101 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
5102 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5103 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
5105 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5107 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
5108 return Err(ChannelError::Close(format!(
5109 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5110 &announcement, self.context.get_counterparty_node_id())));
5112 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
5113 return Err(ChannelError::Close(format!(
5114 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5115 &announcement, self.context.counterparty_funding_pubkey())));
5118 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5119 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5120 return Err(ChannelError::Ignore(
5121 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5124 self.sign_channel_announcement(node_signer, announcement)
5127 /// Gets a signed channel_announcement for this channel, if we previously received an
5128 /// announcement_signatures from our counterparty.
5129 pub fn get_signed_channel_announcement<NS: Deref>(
5130 &self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32, user_config: &UserConfig
5131 ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
5132 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5135 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5137 Err(_) => return None,
5139 match self.sign_channel_announcement(node_signer, announcement) {
5140 Ok(res) => Some(res),
5145 /// May panic if called on a channel that wasn't immediately-previously
5146 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5147 pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5148 assert_eq!(self.context.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5149 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5150 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5151 // current to_remote balances. However, it no longer has any use, and thus is now simply
5152 // set to a dummy (but valid, as required by the spec) public key.
5153 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5154 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5155 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5156 let mut pk = [2; 33]; pk[1] = 0xff;
5157 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5158 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5159 let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
5160 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), &self.context.channel_id());
5163 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", &self.context.channel_id());
5166 self.mark_awaiting_response();
5167 msgs::ChannelReestablish {
5168 channel_id: self.context.channel_id(),
5169 // The protocol has two different commitment number concepts - the "commitment
5170 // transaction number", which starts from 0 and counts up, and the "revocation key
5171 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5172 // commitment transaction numbers by the index which will be used to reveal the
5173 // revocation key for that commitment transaction, which means we have to convert them
5174 // to protocol-level commitment numbers here...
5176 // next_local_commitment_number is the next commitment_signed number we expect to
5177 // receive (indicating if they need to resend one that we missed).
5178 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
5179 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5180 // receive, however we track it by the next commitment number for a remote transaction
5181 // (which is one further, as they always revoke previous commitment transaction, not
5182 // the one we send) so we have to decrement by 1. Note that if
5183 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5184 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5186 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
5187 your_last_per_commitment_secret: remote_last_secret,
5188 my_current_per_commitment_point: dummy_pubkey,
5189 // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
5190 // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
5191 // txid of that interactive transaction, else we MUST NOT set it.
5192 next_funding_txid: None,
5197 // Send stuff to our remote peers:
5199 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5200 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5201 /// commitment update.
5203 /// `Err`s will only be [`ChannelError::Ignore`].
5204 pub fn queue_add_htlc<F: Deref, L: Deref>(
5205 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5206 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5207 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5208 ) -> Result<(), ChannelError>
5209 where F::Target: FeeEstimator, L::Target: Logger
5212 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
5213 skimmed_fee_msat, fee_estimator, logger)
5214 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5216 if let ChannelError::Ignore(_) = err { /* fine */ }
5217 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5222 /// Adds a pending outbound HTLC to this channel, note that you probably want
5223 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5225 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5227 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5228 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5230 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5231 /// we may not yet have sent the previous commitment update messages and will need to
5232 /// regenerate them.
5234 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5235 /// on this [`Channel`] if `force_holding_cell` is false.
5237 /// `Err`s will only be [`ChannelError::Ignore`].
5238 fn send_htlc<F: Deref, L: Deref>(
5239 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5240 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
5241 skimmed_fee_msat: Option<u64>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5242 ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
5243 where F::Target: FeeEstimator, L::Target: Logger
5245 if (self.context.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5246 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5248 let channel_total_msat = self.context.channel_value_satoshis * 1000;
5249 if amount_msat > channel_total_msat {
5250 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5253 if amount_msat == 0 {
5254 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5257 let available_balances = self.context.get_available_balances(fee_estimator);
5258 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
5259 return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
5260 available_balances.next_outbound_htlc_minimum_msat)));
5263 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
5264 return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
5265 available_balances.next_outbound_htlc_limit_msat)));
5268 if (self.context.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5269 // Note that this should never really happen, if we're !is_live() on receipt of an
5270 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5271 // the user to send directly into a !is_live() channel. However, if we
5272 // disconnected during the time the previous hop was doing the commitment dance we may
5273 // end up getting here after the forwarding delay. In any case, returning an
5274 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5275 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5278 let need_holding_cell = (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
5279 log_debug!(logger, "Pushing new outbound HTLC with hash {} for {} msat {}",
5280 payment_hash, amount_msat,
5281 if force_holding_cell { "into holding cell" }
5282 else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
5283 else { "to peer" });
5285 if need_holding_cell {
5286 force_holding_cell = true;
5289 // Now update local state:
5290 if force_holding_cell {
5291 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5296 onion_routing_packet,
5302 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
5303 htlc_id: self.context.next_holder_htlc_id,
5305 payment_hash: payment_hash.clone(),
5307 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5312 let res = msgs::UpdateAddHTLC {
5313 channel_id: self.context.channel_id,
5314 htlc_id: self.context.next_holder_htlc_id,
5318 onion_routing_packet,
5321 self.context.next_holder_htlc_id += 1;
5326 fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
5327 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5328 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5329 // fail to generate this, we still are at least at a position where upgrading their status
5331 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
5332 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5333 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5335 if let Some(state) = new_state {
5336 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
5340 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5341 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5342 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
5343 // Grab the preimage, if it exists, instead of cloning
5344 let mut reason = OutboundHTLCOutcome::Success(None);
5345 mem::swap(outcome, &mut reason);
5346 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5349 if let Some((feerate, update_state)) = self.context.pending_update_fee {
5350 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5351 debug_assert!(!self.context.is_outbound());
5352 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5353 self.context.feerate_per_kw = feerate;
5354 self.context.pending_update_fee = None;
5357 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5359 let (mut htlcs_ref, counterparty_commitment_tx) =
5360 self.build_commitment_no_state_update(logger);
5361 let counterparty_commitment_txid = counterparty_commitment_tx.trust().txid();
5362 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5363 htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5365 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5366 self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
5369 self.context.latest_monitor_update_id += 1;
5370 let monitor_update = ChannelMonitorUpdate {
5371 update_id: self.context.latest_monitor_update_id,
5372 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5373 commitment_txid: counterparty_commitment_txid,
5374 htlc_outputs: htlcs.clone(),
5375 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
5376 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap(),
5377 feerate_per_kw: Some(counterparty_commitment_tx.feerate_per_kw()),
5378 to_broadcaster_value_sat: Some(counterparty_commitment_tx.to_broadcaster_value_sat()),
5379 to_countersignatory_value_sat: Some(counterparty_commitment_tx.to_countersignatory_value_sat()),
5382 self.context.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5386 fn build_commitment_no_state_update<L: Deref>(&self, logger: &L)
5387 -> (Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>, CommitmentTransaction)
5388 where L::Target: Logger
5390 let counterparty_keys = self.context.build_remote_transaction_keys();
5391 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5392 let counterparty_commitment_tx = commitment_stats.tx;
5394 #[cfg(any(test, fuzzing))]
5396 if !self.context.is_outbound() {
5397 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5398 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5399 if let Some(info) = projected_commit_tx_info {
5400 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
5401 if info.total_pending_htlcs == total_pending_htlcs
5402 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
5403 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
5404 && info.feerate == self.context.feerate_per_kw {
5405 let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
5406 assert_eq!(actual_fee, info.fee);
5412 (commitment_stats.htlcs_included, counterparty_commitment_tx)
5415 /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
5416 /// generation when we shouldn't change HTLC/channel state.
5417 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5418 // Get the fee tests from `build_commitment_no_state_update`
5419 #[cfg(any(test, fuzzing))]
5420 self.build_commitment_no_state_update(logger);
5422 let counterparty_keys = self.context.build_remote_transaction_keys();
5423 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5424 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5426 match &self.context.holder_signer {
5427 ChannelSignerType::Ecdsa(ecdsa) => {
5428 let (signature, htlc_signatures);
5431 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5432 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5436 let res = ecdsa.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.context.secp_ctx)
5437 .map_err(|_| ChannelError::Ignore("Failed to get signatures for new commitment_signed".to_owned()))?;
5439 htlc_signatures = res.1;
5441 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5442 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5443 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
5444 log_bytes!(signature.serialize_compact()[..]), &self.context.channel_id());
5446 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5447 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5448 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5449 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
5450 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5451 log_bytes!(htlc_sig.serialize_compact()[..]), &self.context.channel_id());
5455 Ok((msgs::CommitmentSigned {
5456 channel_id: self.context.channel_id,
5460 partial_signature_with_nonce: None,
5461 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5466 /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
5467 /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
5469 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5470 /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
5471 pub fn send_htlc_and_commit<F: Deref, L: Deref>(
5472 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
5473 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5474 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5475 ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
5476 where F::Target: FeeEstimator, L::Target: Logger
5478 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
5479 onion_routing_packet, false, skimmed_fee_msat, fee_estimator, logger);
5480 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
5483 let monitor_update = self.build_commitment_no_status_check(logger);
5484 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
5485 Ok(self.push_ret_blockable_mon_update(monitor_update))
5491 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<(), ChannelError> {
5492 if msg.contents.htlc_minimum_msat >= self.context.channel_value_satoshis * 1000 {
5493 return Err(ChannelError::Close("Minimum htlc value is greater than channel value".to_string()));
5495 self.context.counterparty_forwarding_info = Some(CounterpartyForwardingInfo {
5496 fee_base_msat: msg.contents.fee_base_msat,
5497 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5498 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5504 /// Begins the shutdown process, getting a message for the remote peer and returning all
5505 /// holding cell HTLCs for payment failure.
5507 /// May jump to the channel being fully shutdown (see [`Self::is_shutdown`]) in which case no
5508 /// [`ChannelMonitorUpdate`] will be returned).
5509 pub fn get_shutdown(&mut self, signer_provider: &SP, their_features: &InitFeatures,
5510 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
5511 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5513 for htlc in self.context.pending_outbound_htlcs.iter() {
5514 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5515 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5518 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5519 if (self.context.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5520 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5522 else if (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5523 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5526 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
5527 return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
5529 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
5530 if self.context.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5531 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5534 // If we haven't funded the channel yet, we don't need to bother ensuring the shutdown
5535 // script is set, we just force-close and call it a day.
5536 let mut chan_closed = false;
5537 if self.context.channel_state < ChannelState::FundingSent as u32 {
5541 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5543 None if !chan_closed => {
5544 // use override shutdown script if provided
5545 let shutdown_scriptpubkey = match override_shutdown_script {
5546 Some(script) => script,
5548 // otherwise, use the shutdown scriptpubkey provided by the signer
5549 match signer_provider.get_shutdown_scriptpubkey() {
5550 Ok(scriptpubkey) => scriptpubkey,
5551 Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
5555 if !shutdown_scriptpubkey.is_compatible(their_features) {
5556 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5558 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5564 // From here on out, we may not fail!
5565 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5566 if self.context.channel_state < ChannelState::FundingSent as u32 {
5567 self.context.channel_state = ChannelState::ShutdownComplete as u32;
5569 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
5571 self.context.update_time_counter += 1;
5573 let monitor_update = if update_shutdown_script {
5574 self.context.latest_monitor_update_id += 1;
5575 let monitor_update = ChannelMonitorUpdate {
5576 update_id: self.context.latest_monitor_update_id,
5577 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5578 scriptpubkey: self.get_closing_scriptpubkey(),
5581 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5582 self.push_ret_blockable_mon_update(monitor_update)
5584 let shutdown = msgs::Shutdown {
5585 channel_id: self.context.channel_id,
5586 scriptpubkey: self.get_closing_scriptpubkey(),
5589 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5590 // our shutdown until we've committed all of the pending changes.
5591 self.context.holding_cell_update_fee = None;
5592 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5593 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5595 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5596 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5603 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
5604 "we can't both complete shutdown and return a monitor update");
5606 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5609 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
5610 self.context.holding_cell_htlc_updates.iter()
5611 .flat_map(|htlc_update| {
5613 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
5614 => Some((source, payment_hash)),
5618 .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
5622 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
5623 pub(super) struct OutboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
5624 pub context: ChannelContext<SP>,
5625 pub unfunded_context: UnfundedChannelContext,
5628 impl<SP: Deref> OutboundV1Channel<SP> where SP::Target: SignerProvider {
5629 pub fn new<ES: Deref, F: Deref>(
5630 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
5631 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
5632 outbound_scid_alias: u64
5633 ) -> Result<OutboundV1Channel<SP>, APIError>
5634 where ES::Target: EntropySource,
5635 F::Target: FeeEstimator
5637 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
5638 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
5639 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
5640 let pubkeys = holder_signer.pubkeys().clone();
5642 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
5643 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
5645 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
5646 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
5648 let channel_value_msat = channel_value_satoshis * 1000;
5649 if push_msat > channel_value_msat {
5650 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
5652 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
5653 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
5655 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
5656 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5657 // Protocol level safety check in place, although it should never happen because
5658 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
5659 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
5662 let channel_type = Self::get_initial_channel_type(&config, their_features);
5663 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
5665 let commitment_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
5666 ConfirmationTarget::MempoolMinimum
5668 ConfirmationTarget::Normal
5670 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
5672 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
5673 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
5674 if value_to_self_msat < commitment_tx_fee {
5675 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
5678 let mut secp_ctx = Secp256k1::new();
5679 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
5681 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
5682 match signer_provider.get_shutdown_scriptpubkey() {
5683 Ok(scriptpubkey) => Some(scriptpubkey),
5684 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
5688 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
5689 if !shutdown_scriptpubkey.is_compatible(&their_features) {
5690 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5694 let destination_script = match signer_provider.get_destination_script() {
5695 Ok(script) => script,
5696 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
5699 let temporary_channel_id = ChannelId::temporary_from_entropy_source(entropy_source);
5702 context: ChannelContext {
5705 config: LegacyChannelConfig {
5706 options: config.channel_config.clone(),
5707 announced_channel: config.channel_handshake_config.announced_channel,
5708 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
5713 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
5715 channel_id: temporary_channel_id,
5716 temporary_channel_id: Some(temporary_channel_id),
5717 channel_state: ChannelState::OurInitSent as u32,
5718 announcement_sigs_state: AnnouncementSigsState::NotSent,
5720 channel_value_satoshis,
5722 latest_monitor_update_id: 0,
5724 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
5725 shutdown_scriptpubkey,
5728 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5729 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5732 pending_inbound_htlcs: Vec::new(),
5733 pending_outbound_htlcs: Vec::new(),
5734 holding_cell_htlc_updates: Vec::new(),
5735 pending_update_fee: None,
5736 holding_cell_update_fee: None,
5737 next_holder_htlc_id: 0,
5738 next_counterparty_htlc_id: 0,
5739 update_time_counter: 1,
5741 resend_order: RAACommitmentOrder::CommitmentFirst,
5743 monitor_pending_channel_ready: false,
5744 monitor_pending_revoke_and_ack: false,
5745 monitor_pending_commitment_signed: false,
5746 monitor_pending_forwards: Vec::new(),
5747 monitor_pending_failures: Vec::new(),
5748 monitor_pending_finalized_fulfills: Vec::new(),
5750 signer_pending_commitment_update: false,
5751 signer_pending_funding: false,
5753 #[cfg(debug_assertions)]
5754 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5755 #[cfg(debug_assertions)]
5756 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5758 last_sent_closing_fee: None,
5759 pending_counterparty_closing_signed: None,
5760 closing_fee_limits: None,
5761 target_closing_feerate_sats_per_kw: None,
5763 funding_tx_confirmed_in: None,
5764 funding_tx_confirmation_height: 0,
5765 short_channel_id: None,
5766 channel_creation_height: current_chain_height,
5768 feerate_per_kw: commitment_feerate,
5769 counterparty_dust_limit_satoshis: 0,
5770 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
5771 counterparty_max_htlc_value_in_flight_msat: 0,
5772 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
5773 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
5774 holder_selected_channel_reserve_satoshis,
5775 counterparty_htlc_minimum_msat: 0,
5776 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
5777 counterparty_max_accepted_htlcs: 0,
5778 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
5779 minimum_depth: None, // Filled in in accept_channel
5781 counterparty_forwarding_info: None,
5783 channel_transaction_parameters: ChannelTransactionParameters {
5784 holder_pubkeys: pubkeys,
5785 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
5786 is_outbound_from_holder: true,
5787 counterparty_parameters: None,
5788 funding_outpoint: None,
5789 channel_type_features: channel_type.clone()
5791 funding_transaction: None,
5793 counterparty_cur_commitment_point: None,
5794 counterparty_prev_commitment_point: None,
5795 counterparty_node_id,
5797 counterparty_shutdown_scriptpubkey: None,
5799 commitment_secrets: CounterpartyCommitmentSecrets::new(),
5801 channel_update_status: ChannelUpdateStatus::Enabled,
5802 closing_signed_in_flight: false,
5804 announcement_sigs: None,
5806 #[cfg(any(test, fuzzing))]
5807 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
5808 #[cfg(any(test, fuzzing))]
5809 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
5811 workaround_lnd_bug_4006: None,
5812 sent_message_awaiting_response: None,
5814 latest_inbound_scid_alias: None,
5815 outbound_scid_alias,
5817 channel_pending_event_emitted: false,
5818 channel_ready_event_emitted: false,
5820 #[cfg(any(test, fuzzing))]
5821 historical_inbound_htlc_fulfills: HashSet::new(),
5826 blocked_monitor_updates: Vec::new(),
5828 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
5832 fn get_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ()> where L::Target: Logger {
5833 let counterparty_keys = self.context.build_remote_transaction_keys();
5834 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
5835 match &self.context.holder_signer {
5836 // TODO (taproot|arik): move match into calling method for Taproot
5837 ChannelSignerType::Ecdsa(ecdsa) => {
5838 ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
5839 .map(|(sig, _)| sig)
5844 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
5845 /// a funding_created message for the remote peer.
5846 /// Panics if called at some time other than immediately after initial handshake, if called twice,
5847 /// or if called on an inbound channel.
5848 /// Note that channel_id changes during this call!
5849 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
5850 /// If an Err is returned, it is a ChannelError::Close.
5851 pub fn get_funding_created<L: Deref>(mut self, funding_transaction: Transaction, funding_txo: OutPoint, logger: &L)
5852 -> Result<(Channel<SP>, Option<msgs::FundingCreated>), (Self, ChannelError)> where L::Target: Logger {
5853 if !self.context.is_outbound() {
5854 panic!("Tried to create outbound funding_created message on an inbound channel!");
5856 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
5857 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
5859 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
5860 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
5861 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5862 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
5865 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
5866 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
5868 let temporary_channel_id = self.context.channel_id;
5870 // Now that we're past error-generating stuff, update our local state:
5872 self.context.channel_state = ChannelState::FundingCreated as u32;
5873 self.context.channel_id = funding_txo.to_channel_id();
5875 // If the funding transaction is a coinbase transaction, we need to set the minimum depth to 100.
5876 // We can skip this if it is a zero-conf channel.
5877 if funding_transaction.is_coin_base() &&
5878 self.context.minimum_depth.unwrap_or(0) > 0 &&
5879 self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
5880 self.context.minimum_depth = Some(COINBASE_MATURITY);
5883 self.context.funding_transaction = Some(funding_transaction);
5885 let funding_created = if let Ok(signature) = self.get_funding_created_signature(logger) {
5886 Some(msgs::FundingCreated {
5887 temporary_channel_id,
5888 funding_txid: funding_txo.txid,
5889 funding_output_index: funding_txo.index,
5892 partial_signature_with_nonce: None,
5894 next_local_nonce: None,
5897 self.context.signer_pending_funding = true;
5901 let channel = Channel {
5902 context: self.context,
5905 Ok((channel, funding_created))
5908 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
5909 // The default channel type (ie the first one we try) depends on whether the channel is
5910 // public - if it is, we just go with `only_static_remotekey` as it's the only option
5911 // available. If it's private, we first try `scid_privacy` as it provides better privacy
5912 // with no other changes, and fall back to `only_static_remotekey`.
5913 let mut ret = ChannelTypeFeatures::only_static_remote_key();
5914 if !config.channel_handshake_config.announced_channel &&
5915 config.channel_handshake_config.negotiate_scid_privacy &&
5916 their_features.supports_scid_privacy() {
5917 ret.set_scid_privacy_required();
5920 // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
5921 // set it now. If they don't understand it, we'll fall back to our default of
5922 // `only_static_remotekey`.
5923 if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
5924 their_features.supports_anchors_zero_fee_htlc_tx() {
5925 ret.set_anchors_zero_fee_htlc_tx_required();
5931 /// If we receive an error message, it may only be a rejection of the channel type we tried,
5932 /// not of our ability to open any channel at all. Thus, on error, we should first call this
5933 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
5934 pub(crate) fn maybe_handle_error_without_close<F: Deref>(
5935 &mut self, chain_hash: BlockHash, fee_estimator: &LowerBoundedFeeEstimator<F>
5936 ) -> Result<msgs::OpenChannel, ()>
5938 F::Target: FeeEstimator
5940 if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
5941 if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
5942 // We've exhausted our options
5945 // We support opening a few different types of channels. Try removing our additional
5946 // features one by one until we've either arrived at our default or the counterparty has
5949 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
5950 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
5951 // checks whether the counterparty supports every feature, this would only happen if the
5952 // counterparty is advertising the feature, but rejecting channels proposing the feature for
5954 if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
5955 self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
5956 self.context.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
5957 assert!(!self.context.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
5958 } else if self.context.channel_type.supports_scid_privacy() {
5959 self.context.channel_type.clear_scid_privacy();
5961 self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
5963 self.context.channel_transaction_parameters.channel_type_features = self.context.channel_type.clone();
5964 Ok(self.get_open_channel(chain_hash))
5967 pub fn get_open_channel(&self, chain_hash: BlockHash) -> msgs::OpenChannel {
5968 if !self.context.is_outbound() {
5969 panic!("Tried to open a channel for an inbound channel?");
5971 if self.context.channel_state != ChannelState::OurInitSent as u32 {
5972 panic!("Cannot generate an open_channel after we've moved forward");
5975 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5976 panic!("Tried to send an open_channel for a channel that has already advanced");
5979 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5980 let keys = self.context.get_holder_pubkeys();
5984 temporary_channel_id: self.context.channel_id,
5985 funding_satoshis: self.context.channel_value_satoshis,
5986 push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
5987 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
5988 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
5989 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
5990 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
5991 feerate_per_kw: self.context.feerate_per_kw as u32,
5992 to_self_delay: self.context.get_holder_selected_contest_delay(),
5993 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
5994 funding_pubkey: keys.funding_pubkey,
5995 revocation_basepoint: keys.revocation_basepoint,
5996 payment_point: keys.payment_point,
5997 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5998 htlc_basepoint: keys.htlc_basepoint,
5999 first_per_commitment_point,
6000 channel_flags: if self.context.config.announced_channel {1} else {0},
6001 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6002 Some(script) => script.clone().into_inner(),
6003 None => Builder::new().into_script(),
6005 channel_type: Some(self.context.channel_type.clone()),
6010 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
6011 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
6013 // Check sanity of message fields:
6014 if !self.context.is_outbound() {
6015 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
6017 if self.context.channel_state != ChannelState::OurInitSent as u32 {
6018 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
6020 if msg.dust_limit_satoshis > 21000000 * 100000000 {
6021 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
6023 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
6024 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
6026 if msg.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
6027 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
6029 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
6030 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
6031 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
6033 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
6034 if msg.htlc_minimum_msat >= full_channel_value_msat {
6035 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6037 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6038 if msg.to_self_delay > max_delay_acceptable {
6039 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
6041 if msg.max_accepted_htlcs < 1 {
6042 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6044 if msg.max_accepted_htlcs > MAX_HTLCS {
6045 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6048 // Now check against optional parameters as set by config...
6049 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
6050 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
6052 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
6053 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
6055 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
6056 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
6058 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
6059 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
6061 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6062 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6064 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6065 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6067 if msg.minimum_depth > peer_limits.max_minimum_depth {
6068 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
6071 if let Some(ty) = &msg.channel_type {
6072 if *ty != self.context.channel_type {
6073 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
6075 } else if their_features.supports_channel_type() {
6076 // Assume they've accepted the channel type as they said they understand it.
6078 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6079 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6080 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6082 self.context.channel_type = channel_type.clone();
6083 self.context.channel_transaction_parameters.channel_type_features = channel_type;
6086 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6087 match &msg.shutdown_scriptpubkey {
6088 &Some(ref script) => {
6089 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6090 if script.len() == 0 {
6093 if !script::is_bolt2_compliant(&script, their_features) {
6094 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
6096 Some(script.clone())
6099 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6101 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6106 self.context.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
6107 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
6108 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
6109 self.context.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
6110 self.context.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
6112 if peer_limits.trust_own_funding_0conf {
6113 self.context.minimum_depth = Some(msg.minimum_depth);
6115 self.context.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
6118 let counterparty_pubkeys = ChannelPublicKeys {
6119 funding_pubkey: msg.funding_pubkey,
6120 revocation_basepoint: msg.revocation_basepoint,
6121 payment_point: msg.payment_point,
6122 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6123 htlc_basepoint: msg.htlc_basepoint
6126 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
6127 selected_contest_delay: msg.to_self_delay,
6128 pubkeys: counterparty_pubkeys,
6131 self.context.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
6132 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
6134 self.context.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
6135 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
6141 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
6142 pub(super) struct InboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
6143 pub context: ChannelContext<SP>,
6144 pub unfunded_context: UnfundedChannelContext,
6147 impl<SP: Deref> InboundV1Channel<SP> where SP::Target: SignerProvider {
6148 /// Creates a new channel from a remote sides' request for one.
6149 /// Assumes chain_hash has already been checked and corresponds with what we expect!
6150 pub fn new<ES: Deref, F: Deref, L: Deref>(
6151 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
6152 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
6153 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
6154 current_chain_height: u32, logger: &L, is_0conf: bool,
6155 ) -> Result<InboundV1Channel<SP>, ChannelError>
6156 where ES::Target: EntropySource,
6157 F::Target: FeeEstimator,
6160 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
6162 // First check the channel type is known, failing before we do anything else if we don't
6163 // support this channel type.
6164 let channel_type = if let Some(channel_type) = &msg.channel_type {
6165 if channel_type.supports_any_optional_bits() {
6166 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
6169 // We only support the channel types defined by the `ChannelManager` in
6170 // `provided_channel_type_features`. The channel type must always support
6171 // `static_remote_key`.
6172 if !channel_type.requires_static_remote_key() {
6173 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
6175 // Make sure we support all of the features behind the channel type.
6176 if !channel_type.is_subset(our_supported_features) {
6177 return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
6179 if channel_type.requires_scid_privacy() && announced_channel {
6180 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
6182 channel_type.clone()
6184 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6185 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6186 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6191 let channel_keys_id = signer_provider.generate_channel_keys_id(true, msg.funding_satoshis, user_id);
6192 let holder_signer = signer_provider.derive_channel_signer(msg.funding_satoshis, channel_keys_id);
6193 let pubkeys = holder_signer.pubkeys().clone();
6194 let counterparty_pubkeys = ChannelPublicKeys {
6195 funding_pubkey: msg.funding_pubkey,
6196 revocation_basepoint: msg.revocation_basepoint,
6197 payment_point: msg.payment_point,
6198 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6199 htlc_basepoint: msg.htlc_basepoint
6202 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
6203 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
6206 // Check sanity of message fields:
6207 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
6208 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
6210 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
6211 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
6213 if msg.channel_reserve_satoshis > msg.funding_satoshis {
6214 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
6216 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
6217 if msg.push_msat > full_channel_value_msat {
6218 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
6220 if msg.dust_limit_satoshis > msg.funding_satoshis {
6221 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
6223 if msg.htlc_minimum_msat >= full_channel_value_msat {
6224 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6226 Channel::<SP>::check_remote_fee(&channel_type, fee_estimator, msg.feerate_per_kw, None, logger)?;
6228 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6229 if msg.to_self_delay > max_counterparty_selected_contest_delay {
6230 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
6232 if msg.max_accepted_htlcs < 1 {
6233 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6235 if msg.max_accepted_htlcs > MAX_HTLCS {
6236 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6239 // Now check against optional parameters as set by config...
6240 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
6241 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
6243 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
6244 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
6246 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
6247 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
6249 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
6250 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
6252 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
6253 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
6255 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6256 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6258 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6259 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6262 // Convert things into internal flags and prep our state:
6264 if config.channel_handshake_limits.force_announced_channel_preference {
6265 if config.channel_handshake_config.announced_channel != announced_channel {
6266 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
6270 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
6271 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6272 // Protocol level safety check in place, although it should never happen because
6273 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
6274 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6276 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
6277 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
6279 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6280 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
6281 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
6283 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
6284 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
6287 // check if the funder's amount for the initial commitment tx is sufficient
6288 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
6289 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
6290 let commitment_tx_fee = commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
6291 if funders_amount_msat / 1000 < commitment_tx_fee {
6292 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", funders_amount_msat / 1000, commitment_tx_fee)));
6295 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee;
6296 // While it's reasonable for us to not meet the channel reserve initially (if they don't
6297 // want to push much to us), our counterparty should always have more than our reserve.
6298 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
6299 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
6302 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6303 match &msg.shutdown_scriptpubkey {
6304 &Some(ref script) => {
6305 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6306 if script.len() == 0 {
6309 if !script::is_bolt2_compliant(&script, their_features) {
6310 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
6312 Some(script.clone())
6315 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6317 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6322 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
6323 match signer_provider.get_shutdown_scriptpubkey() {
6324 Ok(scriptpubkey) => Some(scriptpubkey),
6325 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
6329 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
6330 if !shutdown_scriptpubkey.is_compatible(&their_features) {
6331 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
6335 let destination_script = match signer_provider.get_destination_script() {
6336 Ok(script) => script,
6337 Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
6340 let mut secp_ctx = Secp256k1::new();
6341 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
6343 let minimum_depth = if is_0conf {
6346 Some(cmp::max(config.channel_handshake_config.minimum_depth, 1))
6350 context: ChannelContext {
6353 config: LegacyChannelConfig {
6354 options: config.channel_config.clone(),
6356 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
6361 inbound_handshake_limits_override: None,
6363 temporary_channel_id: Some(msg.temporary_channel_id),
6364 channel_id: msg.temporary_channel_id,
6365 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
6366 announcement_sigs_state: AnnouncementSigsState::NotSent,
6369 latest_monitor_update_id: 0,
6371 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
6372 shutdown_scriptpubkey,
6375 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6376 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6377 value_to_self_msat: msg.push_msat,
6379 pending_inbound_htlcs: Vec::new(),
6380 pending_outbound_htlcs: Vec::new(),
6381 holding_cell_htlc_updates: Vec::new(),
6382 pending_update_fee: None,
6383 holding_cell_update_fee: None,
6384 next_holder_htlc_id: 0,
6385 next_counterparty_htlc_id: 0,
6386 update_time_counter: 1,
6388 resend_order: RAACommitmentOrder::CommitmentFirst,
6390 monitor_pending_channel_ready: false,
6391 monitor_pending_revoke_and_ack: false,
6392 monitor_pending_commitment_signed: false,
6393 monitor_pending_forwards: Vec::new(),
6394 monitor_pending_failures: Vec::new(),
6395 monitor_pending_finalized_fulfills: Vec::new(),
6397 signer_pending_commitment_update: false,
6398 signer_pending_funding: false,
6400 #[cfg(debug_assertions)]
6401 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6402 #[cfg(debug_assertions)]
6403 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6405 last_sent_closing_fee: None,
6406 pending_counterparty_closing_signed: None,
6407 closing_fee_limits: None,
6408 target_closing_feerate_sats_per_kw: None,
6410 funding_tx_confirmed_in: None,
6411 funding_tx_confirmation_height: 0,
6412 short_channel_id: None,
6413 channel_creation_height: current_chain_height,
6415 feerate_per_kw: msg.feerate_per_kw,
6416 channel_value_satoshis: msg.funding_satoshis,
6417 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
6418 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
6419 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
6420 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
6421 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
6422 holder_selected_channel_reserve_satoshis,
6423 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
6424 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
6425 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
6426 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
6429 counterparty_forwarding_info: None,
6431 channel_transaction_parameters: ChannelTransactionParameters {
6432 holder_pubkeys: pubkeys,
6433 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
6434 is_outbound_from_holder: false,
6435 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
6436 selected_contest_delay: msg.to_self_delay,
6437 pubkeys: counterparty_pubkeys,
6439 funding_outpoint: None,
6440 channel_type_features: channel_type.clone()
6442 funding_transaction: None,
6444 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
6445 counterparty_prev_commitment_point: None,
6446 counterparty_node_id,
6448 counterparty_shutdown_scriptpubkey,
6450 commitment_secrets: CounterpartyCommitmentSecrets::new(),
6452 channel_update_status: ChannelUpdateStatus::Enabled,
6453 closing_signed_in_flight: false,
6455 announcement_sigs: None,
6457 #[cfg(any(test, fuzzing))]
6458 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6459 #[cfg(any(test, fuzzing))]
6460 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6462 workaround_lnd_bug_4006: None,
6463 sent_message_awaiting_response: None,
6465 latest_inbound_scid_alias: None,
6466 outbound_scid_alias: 0,
6468 channel_pending_event_emitted: false,
6469 channel_ready_event_emitted: false,
6471 #[cfg(any(test, fuzzing))]
6472 historical_inbound_htlc_fulfills: HashSet::new(),
6477 blocked_monitor_updates: Vec::new(),
6479 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6485 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
6486 /// should be sent back to the counterparty node.
6488 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6489 pub fn accept_inbound_channel(&mut self) -> msgs::AcceptChannel {
6490 if self.context.is_outbound() {
6491 panic!("Tried to send accept_channel for an outbound channel?");
6493 if self.context.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
6494 panic!("Tried to send accept_channel after channel had moved forward");
6496 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6497 panic!("Tried to send an accept_channel for a channel that has already advanced");
6500 self.generate_accept_channel_message()
6503 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
6504 /// inbound channel. If the intention is to accept an inbound channel, use
6505 /// [`InboundV1Channel::accept_inbound_channel`] instead.
6507 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6508 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
6509 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6510 let keys = self.context.get_holder_pubkeys();
6512 msgs::AcceptChannel {
6513 temporary_channel_id: self.context.channel_id,
6514 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6515 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6516 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6517 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6518 minimum_depth: self.context.minimum_depth.unwrap(),
6519 to_self_delay: self.context.get_holder_selected_contest_delay(),
6520 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6521 funding_pubkey: keys.funding_pubkey,
6522 revocation_basepoint: keys.revocation_basepoint,
6523 payment_point: keys.payment_point,
6524 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6525 htlc_basepoint: keys.htlc_basepoint,
6526 first_per_commitment_point,
6527 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6528 Some(script) => script.clone().into_inner(),
6529 None => Builder::new().into_script(),
6531 channel_type: Some(self.context.channel_type.clone()),
6533 next_local_nonce: None,
6537 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
6538 /// inbound channel without accepting it.
6540 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6542 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
6543 self.generate_accept_channel_message()
6546 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(CommitmentTransaction, CommitmentTransaction, Option<Signature>), ChannelError> where L::Target: Logger {
6547 let funding_script = self.context.get_funding_redeemscript();
6549 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
6550 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
6552 let trusted_tx = initial_commitment_tx.trust();
6553 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
6554 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
6555 // They sign the holder commitment transaction...
6556 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
6557 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
6558 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
6559 encode::serialize_hex(&funding_script), &self.context.channel_id());
6560 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
6563 let counterparty_keys = self.context.build_remote_transaction_keys();
6564 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
6566 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
6567 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
6568 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
6569 &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
6571 match &self.context.holder_signer {
6572 // TODO (arik): move match into calling method for Taproot
6573 ChannelSignerType::Ecdsa(ecdsa) => {
6574 let counterparty_signature = ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
6575 .map(|(sig, _)| sig).ok();
6577 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
6578 Ok((counterparty_initial_commitment_tx, initial_commitment_tx, counterparty_signature))
6583 pub fn funding_created<L: Deref>(
6584 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
6585 ) -> Result<(Channel<SP>, Option<msgs::FundingSigned>, ChannelMonitor<<SP::Target as SignerProvider>::Signer>), (Self, ChannelError)>
6589 if self.context.is_outbound() {
6590 return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
6592 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6593 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
6594 // remember the channel, so it's safe to just send an error_message here and drop the
6596 return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
6598 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6599 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6600 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6601 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6604 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
6605 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6606 // This is an externally observable change before we finish all our checks. In particular
6607 // funding_created_signature may fail.
6608 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
6610 let (counterparty_initial_commitment_tx, initial_commitment_tx, sig_opt) = match self.funding_created_signature(&msg.signature, logger) {
6612 Err(ChannelError::Close(e)) => {
6613 self.context.channel_transaction_parameters.funding_outpoint = None;
6614 return Err((self, ChannelError::Close(e)));
6617 // The only error we know how to handle is ChannelError::Close, so we fall over here
6618 // to make sure we don't continue with an inconsistent state.
6619 panic!("unexpected error type from funding_created_signature {:?}", e);
6623 let holder_commitment_tx = HolderCommitmentTransaction::new(
6624 initial_commitment_tx,
6627 &self.context.get_holder_pubkeys().funding_pubkey,
6628 self.context.counterparty_funding_pubkey()
6631 if let Err(_) = self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
6632 return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
6635 // Now that we're past error-generating stuff, update our local state:
6637 let funding_redeemscript = self.context.get_funding_redeemscript();
6638 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
6639 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
6640 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
6641 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
6642 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6643 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
6644 shutdown_script, self.context.get_holder_selected_contest_delay(),
6645 &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
6646 &self.context.channel_transaction_parameters,
6647 funding_redeemscript.clone(), self.context.channel_value_satoshis,
6649 holder_commitment_tx, best_block, self.context.counterparty_node_id);
6651 channel_monitor.provide_initial_counterparty_commitment_tx(
6652 counterparty_initial_commitment_tx.trust().txid(), Vec::new(),
6653 self.context.cur_counterparty_commitment_transaction_number,
6654 self.context.counterparty_cur_commitment_point.unwrap(), self.context.feerate_per_kw,
6655 counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
6656 counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
6658 self.context.channel_state = ChannelState::FundingSent as u32;
6659 self.context.channel_id = funding_txo.to_channel_id();
6660 self.context.cur_counterparty_commitment_transaction_number -= 1;
6661 self.context.cur_holder_commitment_transaction_number -= 1;
6663 log_info!(logger, "Generated funding_signed for peer for channel {}", &self.context.channel_id());
6665 // Promote the channel to a full-fledged one now that we have updated the state and have a
6666 // `ChannelMonitor`.
6667 let mut channel = Channel {
6668 context: self.context,
6670 let channel_id = channel.context.channel_id.clone();
6671 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
6672 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
6674 let funding_signed = if let Some(signature) = sig_opt {
6675 Some(msgs::FundingSigned {
6679 partial_signature_with_nonce: None,
6682 channel.context.signer_pending_funding = true;
6686 Ok((channel, funding_signed, channel_monitor))
6690 const SERIALIZATION_VERSION: u8 = 3;
6691 const MIN_SERIALIZATION_VERSION: u8 = 2;
6693 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
6699 impl Writeable for ChannelUpdateStatus {
6700 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6701 // We only care about writing out the current state as it was announced, ie only either
6702 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
6703 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
6705 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
6706 ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
6707 ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
6708 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
6714 impl Readable for ChannelUpdateStatus {
6715 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6716 Ok(match <u8 as Readable>::read(reader)? {
6717 0 => ChannelUpdateStatus::Enabled,
6718 1 => ChannelUpdateStatus::Disabled,
6719 _ => return Err(DecodeError::InvalidValue),
6724 impl Writeable for AnnouncementSigsState {
6725 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6726 // We only care about writing out the current state as if we had just disconnected, at
6727 // which point we always set anything but AnnouncementSigsReceived to NotSent.
6729 AnnouncementSigsState::NotSent => 0u8.write(writer),
6730 AnnouncementSigsState::MessageSent => 0u8.write(writer),
6731 AnnouncementSigsState::Committed => 0u8.write(writer),
6732 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6737 impl Readable for AnnouncementSigsState {
6738 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6739 Ok(match <u8 as Readable>::read(reader)? {
6740 0 => AnnouncementSigsState::NotSent,
6741 1 => AnnouncementSigsState::PeerReceived,
6742 _ => return Err(DecodeError::InvalidValue),
6747 impl<SP: Deref> Writeable for Channel<SP> where SP::Target: SignerProvider {
6748 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6749 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6752 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6754 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6755 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6756 // the low bytes now and the optional high bytes later.
6757 let user_id_low = self.context.user_id as u64;
6758 user_id_low.write(writer)?;
6760 // Version 1 deserializers expected to read parts of the config object here. Version 2
6761 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6762 // `minimum_depth` we simply write dummy values here.
6763 writer.write_all(&[0; 8])?;
6765 self.context.channel_id.write(writer)?;
6766 (self.context.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6767 self.context.channel_value_satoshis.write(writer)?;
6769 self.context.latest_monitor_update_id.write(writer)?;
6771 let mut key_data = VecWriter(Vec::new());
6772 // TODO (taproot|arik): Introduce serialization distinction for non-ECDSA signers.
6773 self.context.holder_signer.as_ecdsa().expect("Only ECDSA signers may be serialized").write(&mut key_data)?;
6774 assert!(key_data.0.len() < core::usize::MAX);
6775 assert!(key_data.0.len() < core::u32::MAX as usize);
6776 (key_data.0.len() as u32).write(writer)?;
6777 writer.write_all(&key_data.0[..])?;
6779 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6780 // deserialized from that format.
6781 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6782 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6783 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6785 self.context.destination_script.write(writer)?;
6787 self.context.cur_holder_commitment_transaction_number.write(writer)?;
6788 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
6789 self.context.value_to_self_msat.write(writer)?;
6791 let mut dropped_inbound_htlcs = 0;
6792 for htlc in self.context.pending_inbound_htlcs.iter() {
6793 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6794 dropped_inbound_htlcs += 1;
6797 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6798 for htlc in self.context.pending_inbound_htlcs.iter() {
6799 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6802 htlc.htlc_id.write(writer)?;
6803 htlc.amount_msat.write(writer)?;
6804 htlc.cltv_expiry.write(writer)?;
6805 htlc.payment_hash.write(writer)?;
6807 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6808 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6810 htlc_state.write(writer)?;
6812 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6814 htlc_state.write(writer)?;
6816 &InboundHTLCState::Committed => {
6819 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6821 removal_reason.write(writer)?;
6826 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6827 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
6829 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
6830 for (idx, htlc) in self.context.pending_outbound_htlcs.iter().enumerate() {
6831 htlc.htlc_id.write(writer)?;
6832 htlc.amount_msat.write(writer)?;
6833 htlc.cltv_expiry.write(writer)?;
6834 htlc.payment_hash.write(writer)?;
6835 htlc.source.write(writer)?;
6837 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6839 onion_packet.write(writer)?;
6841 &OutboundHTLCState::Committed => {
6844 &OutboundHTLCState::RemoteRemoved(_) => {
6845 // Treat this as a Committed because we haven't received the CS - they'll
6846 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6849 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6851 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6852 preimages.push(preimage);
6854 let reason: Option<&HTLCFailReason> = outcome.into();
6855 reason.write(writer)?;
6857 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6859 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6860 preimages.push(preimage);
6862 let reason: Option<&HTLCFailReason> = outcome.into();
6863 reason.write(writer)?;
6866 if let Some(skimmed_fee) = htlc.skimmed_fee_msat {
6867 if pending_outbound_skimmed_fees.is_empty() {
6868 for _ in 0..idx { pending_outbound_skimmed_fees.push(None); }
6870 pending_outbound_skimmed_fees.push(Some(skimmed_fee));
6871 } else if !pending_outbound_skimmed_fees.is_empty() {
6872 pending_outbound_skimmed_fees.push(None);
6876 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
6877 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
6878 for (idx, update) in self.context.holding_cell_htlc_updates.iter().enumerate() {
6880 &HTLCUpdateAwaitingACK::AddHTLC {
6881 ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
6885 amount_msat.write(writer)?;
6886 cltv_expiry.write(writer)?;
6887 payment_hash.write(writer)?;
6888 source.write(writer)?;
6889 onion_routing_packet.write(writer)?;
6891 if let Some(skimmed_fee) = skimmed_fee_msat {
6892 if holding_cell_skimmed_fees.is_empty() {
6893 for _ in 0..idx { holding_cell_skimmed_fees.push(None); }
6895 holding_cell_skimmed_fees.push(Some(skimmed_fee));
6896 } else if !holding_cell_skimmed_fees.is_empty() { holding_cell_skimmed_fees.push(None); }
6898 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
6900 payment_preimage.write(writer)?;
6901 htlc_id.write(writer)?;
6903 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
6905 htlc_id.write(writer)?;
6906 err_packet.write(writer)?;
6911 match self.context.resend_order {
6912 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
6913 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
6916 self.context.monitor_pending_channel_ready.write(writer)?;
6917 self.context.monitor_pending_revoke_and_ack.write(writer)?;
6918 self.context.monitor_pending_commitment_signed.write(writer)?;
6920 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
6921 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
6922 pending_forward.write(writer)?;
6923 htlc_id.write(writer)?;
6926 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
6927 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
6928 htlc_source.write(writer)?;
6929 payment_hash.write(writer)?;
6930 fail_reason.write(writer)?;
6933 if self.context.is_outbound() {
6934 self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
6935 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
6936 Some(feerate).write(writer)?;
6938 // As for inbound HTLCs, if the update was only announced and never committed in a
6939 // commitment_signed, drop it.
6940 None::<u32>.write(writer)?;
6942 self.context.holding_cell_update_fee.write(writer)?;
6944 self.context.next_holder_htlc_id.write(writer)?;
6945 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
6946 self.context.update_time_counter.write(writer)?;
6947 self.context.feerate_per_kw.write(writer)?;
6949 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6950 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6951 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6952 // consider the stale state on reload.
6955 self.context.funding_tx_confirmed_in.write(writer)?;
6956 self.context.funding_tx_confirmation_height.write(writer)?;
6957 self.context.short_channel_id.write(writer)?;
6959 self.context.counterparty_dust_limit_satoshis.write(writer)?;
6960 self.context.holder_dust_limit_satoshis.write(writer)?;
6961 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
6963 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6964 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
6966 self.context.counterparty_htlc_minimum_msat.write(writer)?;
6967 self.context.holder_htlc_minimum_msat.write(writer)?;
6968 self.context.counterparty_max_accepted_htlcs.write(writer)?;
6970 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6971 self.context.minimum_depth.unwrap_or(0).write(writer)?;
6973 match &self.context.counterparty_forwarding_info {
6976 info.fee_base_msat.write(writer)?;
6977 info.fee_proportional_millionths.write(writer)?;
6978 info.cltv_expiry_delta.write(writer)?;
6980 None => 0u8.write(writer)?
6983 self.context.channel_transaction_parameters.write(writer)?;
6984 self.context.funding_transaction.write(writer)?;
6986 self.context.counterparty_cur_commitment_point.write(writer)?;
6987 self.context.counterparty_prev_commitment_point.write(writer)?;
6988 self.context.counterparty_node_id.write(writer)?;
6990 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
6992 self.context.commitment_secrets.write(writer)?;
6994 self.context.channel_update_status.write(writer)?;
6996 #[cfg(any(test, fuzzing))]
6997 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
6998 #[cfg(any(test, fuzzing))]
6999 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
7000 htlc.write(writer)?;
7003 // If the channel type is something other than only-static-remote-key, then we need to have
7004 // older clients fail to deserialize this channel at all. If the type is
7005 // only-static-remote-key, we simply consider it "default" and don't write the channel type
7007 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
7008 Some(&self.context.channel_type) } else { None };
7010 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
7011 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
7012 // a different percentage of the channel value then 10%, which older versions of LDK used
7013 // to set it to before the percentage was made configurable.
7014 let serialized_holder_selected_reserve =
7015 if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
7016 { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
7018 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
7019 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
7020 let serialized_holder_htlc_max_in_flight =
7021 if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
7022 { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
7024 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
7025 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
7027 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7028 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
7029 // we write the high bytes as an option here.
7030 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
7032 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
7034 write_tlv_fields!(writer, {
7035 (0, self.context.announcement_sigs, option),
7036 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
7037 // default value instead of being Option<>al. Thus, to maintain compatibility we write
7038 // them twice, once with their original default values above, and once as an option
7039 // here. On the read side, old versions will simply ignore the odd-type entries here,
7040 // and new versions map the default values to None and allow the TLV entries here to
7042 (1, self.context.minimum_depth, option),
7043 (2, chan_type, option),
7044 (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
7045 (4, serialized_holder_selected_reserve, option),
7046 (5, self.context.config, required),
7047 (6, serialized_holder_htlc_max_in_flight, option),
7048 (7, self.context.shutdown_scriptpubkey, option),
7049 (8, self.context.blocked_monitor_updates, optional_vec),
7050 (9, self.context.target_closing_feerate_sats_per_kw, option),
7051 (11, self.context.monitor_pending_finalized_fulfills, required_vec),
7052 (13, self.context.channel_creation_height, required),
7053 (15, preimages, required_vec),
7054 (17, self.context.announcement_sigs_state, required),
7055 (19, self.context.latest_inbound_scid_alias, option),
7056 (21, self.context.outbound_scid_alias, required),
7057 (23, channel_ready_event_emitted, option),
7058 (25, user_id_high_opt, option),
7059 (27, self.context.channel_keys_id, required),
7060 (28, holder_max_accepted_htlcs, option),
7061 (29, self.context.temporary_channel_id, option),
7062 (31, channel_pending_event_emitted, option),
7063 (35, pending_outbound_skimmed_fees, optional_vec),
7064 (37, holding_cell_skimmed_fees, optional_vec),
7071 const MAX_ALLOC_SIZE: usize = 64*1024;
7072 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<SP>
7074 ES::Target: EntropySource,
7075 SP::Target: SignerProvider
7077 fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
7078 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
7079 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
7081 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
7082 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
7083 // the low bytes now and the high bytes later.
7084 let user_id_low: u64 = Readable::read(reader)?;
7086 let mut config = Some(LegacyChannelConfig::default());
7088 // Read the old serialization of the ChannelConfig from version 0.0.98.
7089 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
7090 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
7091 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
7092 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
7094 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
7095 let mut _val: u64 = Readable::read(reader)?;
7098 let channel_id = Readable::read(reader)?;
7099 let channel_state = Readable::read(reader)?;
7100 let channel_value_satoshis = Readable::read(reader)?;
7102 let latest_monitor_update_id = Readable::read(reader)?;
7104 let mut keys_data = None;
7106 // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
7107 // the `channel_keys_id` TLV is present below.
7108 let keys_len: u32 = Readable::read(reader)?;
7109 keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
7110 while keys_data.as_ref().unwrap().len() != keys_len as usize {
7111 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
7112 let mut data = [0; 1024];
7113 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
7114 reader.read_exact(read_slice)?;
7115 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
7119 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
7120 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
7121 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
7124 let destination_script = Readable::read(reader)?;
7126 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
7127 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
7128 let value_to_self_msat = Readable::read(reader)?;
7130 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
7132 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7133 for _ in 0..pending_inbound_htlc_count {
7134 pending_inbound_htlcs.push(InboundHTLCOutput {
7135 htlc_id: Readable::read(reader)?,
7136 amount_msat: Readable::read(reader)?,
7137 cltv_expiry: Readable::read(reader)?,
7138 payment_hash: Readable::read(reader)?,
7139 state: match <u8 as Readable>::read(reader)? {
7140 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
7141 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
7142 3 => InboundHTLCState::Committed,
7143 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
7144 _ => return Err(DecodeError::InvalidValue),
7149 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
7150 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7151 for _ in 0..pending_outbound_htlc_count {
7152 pending_outbound_htlcs.push(OutboundHTLCOutput {
7153 htlc_id: Readable::read(reader)?,
7154 amount_msat: Readable::read(reader)?,
7155 cltv_expiry: Readable::read(reader)?,
7156 payment_hash: Readable::read(reader)?,
7157 source: Readable::read(reader)?,
7158 state: match <u8 as Readable>::read(reader)? {
7159 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
7160 1 => OutboundHTLCState::Committed,
7162 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7163 OutboundHTLCState::RemoteRemoved(option.into())
7166 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7167 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
7170 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7171 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
7173 _ => return Err(DecodeError::InvalidValue),
7175 skimmed_fee_msat: None,
7179 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
7180 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
7181 for _ in 0..holding_cell_htlc_update_count {
7182 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
7183 0 => HTLCUpdateAwaitingACK::AddHTLC {
7184 amount_msat: Readable::read(reader)?,
7185 cltv_expiry: Readable::read(reader)?,
7186 payment_hash: Readable::read(reader)?,
7187 source: Readable::read(reader)?,
7188 onion_routing_packet: Readable::read(reader)?,
7189 skimmed_fee_msat: None,
7191 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
7192 payment_preimage: Readable::read(reader)?,
7193 htlc_id: Readable::read(reader)?,
7195 2 => HTLCUpdateAwaitingACK::FailHTLC {
7196 htlc_id: Readable::read(reader)?,
7197 err_packet: Readable::read(reader)?,
7199 _ => return Err(DecodeError::InvalidValue),
7203 let resend_order = match <u8 as Readable>::read(reader)? {
7204 0 => RAACommitmentOrder::CommitmentFirst,
7205 1 => RAACommitmentOrder::RevokeAndACKFirst,
7206 _ => return Err(DecodeError::InvalidValue),
7209 let monitor_pending_channel_ready = Readable::read(reader)?;
7210 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
7211 let monitor_pending_commitment_signed = Readable::read(reader)?;
7213 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
7214 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
7215 for _ in 0..monitor_pending_forwards_count {
7216 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
7219 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
7220 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
7221 for _ in 0..monitor_pending_failures_count {
7222 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
7225 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
7227 let holding_cell_update_fee = Readable::read(reader)?;
7229 let next_holder_htlc_id = Readable::read(reader)?;
7230 let next_counterparty_htlc_id = Readable::read(reader)?;
7231 let update_time_counter = Readable::read(reader)?;
7232 let feerate_per_kw = Readable::read(reader)?;
7234 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7235 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7236 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7237 // consider the stale state on reload.
7238 match <u8 as Readable>::read(reader)? {
7241 let _: u32 = Readable::read(reader)?;
7242 let _: u64 = Readable::read(reader)?;
7243 let _: Signature = Readable::read(reader)?;
7245 _ => return Err(DecodeError::InvalidValue),
7248 let funding_tx_confirmed_in = Readable::read(reader)?;
7249 let funding_tx_confirmation_height = Readable::read(reader)?;
7250 let short_channel_id = Readable::read(reader)?;
7252 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
7253 let holder_dust_limit_satoshis = Readable::read(reader)?;
7254 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
7255 let mut counterparty_selected_channel_reserve_satoshis = None;
7257 // Read the old serialization from version 0.0.98.
7258 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
7260 // Read the 8 bytes of backwards-compatibility data.
7261 let _dummy: u64 = Readable::read(reader)?;
7263 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
7264 let holder_htlc_minimum_msat = Readable::read(reader)?;
7265 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
7267 let mut minimum_depth = None;
7269 // Read the old serialization from version 0.0.98.
7270 minimum_depth = Some(Readable::read(reader)?);
7272 // Read the 4 bytes of backwards-compatibility data.
7273 let _dummy: u32 = Readable::read(reader)?;
7276 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
7278 1 => Some(CounterpartyForwardingInfo {
7279 fee_base_msat: Readable::read(reader)?,
7280 fee_proportional_millionths: Readable::read(reader)?,
7281 cltv_expiry_delta: Readable::read(reader)?,
7283 _ => return Err(DecodeError::InvalidValue),
7286 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
7287 let funding_transaction = Readable::read(reader)?;
7289 let counterparty_cur_commitment_point = Readable::read(reader)?;
7291 let counterparty_prev_commitment_point = Readable::read(reader)?;
7292 let counterparty_node_id = Readable::read(reader)?;
7294 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
7295 let commitment_secrets = Readable::read(reader)?;
7297 let channel_update_status = Readable::read(reader)?;
7299 #[cfg(any(test, fuzzing))]
7300 let mut historical_inbound_htlc_fulfills = HashSet::new();
7301 #[cfg(any(test, fuzzing))]
7303 let htlc_fulfills_len: u64 = Readable::read(reader)?;
7304 for _ in 0..htlc_fulfills_len {
7305 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
7309 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
7310 Some((feerate, if channel_parameters.is_outbound_from_holder {
7311 FeeUpdateState::Outbound
7313 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
7319 let mut announcement_sigs = None;
7320 let mut target_closing_feerate_sats_per_kw = None;
7321 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
7322 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
7323 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
7324 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
7325 // only, so we default to that if none was written.
7326 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
7327 let mut channel_creation_height = Some(serialized_height);
7328 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
7330 // If we read an old Channel, for simplicity we just treat it as "we never sent an
7331 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
7332 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
7333 let mut latest_inbound_scid_alias = None;
7334 let mut outbound_scid_alias = None;
7335 let mut channel_pending_event_emitted = None;
7336 let mut channel_ready_event_emitted = None;
7338 let mut user_id_high_opt: Option<u64> = None;
7339 let mut channel_keys_id: Option<[u8; 32]> = None;
7340 let mut temporary_channel_id: Option<ChannelId> = None;
7341 let mut holder_max_accepted_htlcs: Option<u16> = None;
7343 let mut blocked_monitor_updates = Some(Vec::new());
7345 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7346 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7348 read_tlv_fields!(reader, {
7349 (0, announcement_sigs, option),
7350 (1, minimum_depth, option),
7351 (2, channel_type, option),
7352 (3, counterparty_selected_channel_reserve_satoshis, option),
7353 (4, holder_selected_channel_reserve_satoshis, option),
7354 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
7355 (6, holder_max_htlc_value_in_flight_msat, option),
7356 (7, shutdown_scriptpubkey, option),
7357 (8, blocked_monitor_updates, optional_vec),
7358 (9, target_closing_feerate_sats_per_kw, option),
7359 (11, monitor_pending_finalized_fulfills, optional_vec),
7360 (13, channel_creation_height, option),
7361 (15, preimages_opt, optional_vec),
7362 (17, announcement_sigs_state, option),
7363 (19, latest_inbound_scid_alias, option),
7364 (21, outbound_scid_alias, option),
7365 (23, channel_ready_event_emitted, option),
7366 (25, user_id_high_opt, option),
7367 (27, channel_keys_id, option),
7368 (28, holder_max_accepted_htlcs, option),
7369 (29, temporary_channel_id, option),
7370 (31, channel_pending_event_emitted, option),
7371 (35, pending_outbound_skimmed_fees_opt, optional_vec),
7372 (37, holding_cell_skimmed_fees_opt, optional_vec),
7375 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
7376 let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7377 // If we've gotten to the funding stage of the channel, populate the signer with its
7378 // required channel parameters.
7379 let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
7380 if non_shutdown_state >= (ChannelState::FundingCreated as u32) {
7381 holder_signer.provide_channel_parameters(&channel_parameters);
7383 (channel_keys_id, holder_signer)
7385 // `keys_data` can be `None` if we had corrupted data.
7386 let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
7387 let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
7388 (holder_signer.channel_keys_id(), holder_signer)
7391 if let Some(preimages) = preimages_opt {
7392 let mut iter = preimages.into_iter();
7393 for htlc in pending_outbound_htlcs.iter_mut() {
7395 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
7396 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7398 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
7399 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7404 // We expect all preimages to be consumed above
7405 if iter.next().is_some() {
7406 return Err(DecodeError::InvalidValue);
7410 let chan_features = channel_type.as_ref().unwrap();
7411 if !chan_features.is_subset(our_supported_features) {
7412 // If the channel was written by a new version and negotiated with features we don't
7413 // understand yet, refuse to read it.
7414 return Err(DecodeError::UnknownRequiredFeature);
7417 // ChannelTransactionParameters may have had an empty features set upon deserialization.
7418 // To account for that, we're proactively setting/overriding the field here.
7419 channel_parameters.channel_type_features = chan_features.clone();
7421 let mut secp_ctx = Secp256k1::new();
7422 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
7424 // `user_id` used to be a single u64 value. In order to remain backwards
7425 // compatible with versions prior to 0.0.113, the u128 is serialized as two
7426 // separate u64 values.
7427 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
7429 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
7431 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
7432 let mut iter = skimmed_fees.into_iter();
7433 for htlc in pending_outbound_htlcs.iter_mut() {
7434 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7436 // We expect all skimmed fees to be consumed above
7437 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7439 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
7440 let mut iter = skimmed_fees.into_iter();
7441 for htlc in holding_cell_htlc_updates.iter_mut() {
7442 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
7443 *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7446 // We expect all skimmed fees to be consumed above
7447 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7451 context: ChannelContext {
7454 config: config.unwrap(),
7458 // Note that we don't care about serializing handshake limits as we only ever serialize
7459 // channel data after the handshake has completed.
7460 inbound_handshake_limits_override: None,
7463 temporary_channel_id,
7465 announcement_sigs_state: announcement_sigs_state.unwrap(),
7467 channel_value_satoshis,
7469 latest_monitor_update_id,
7471 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
7472 shutdown_scriptpubkey,
7475 cur_holder_commitment_transaction_number,
7476 cur_counterparty_commitment_transaction_number,
7479 holder_max_accepted_htlcs,
7480 pending_inbound_htlcs,
7481 pending_outbound_htlcs,
7482 holding_cell_htlc_updates,
7486 monitor_pending_channel_ready,
7487 monitor_pending_revoke_and_ack,
7488 monitor_pending_commitment_signed,
7489 monitor_pending_forwards,
7490 monitor_pending_failures,
7491 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
7493 signer_pending_commitment_update: false,
7494 signer_pending_funding: false,
7497 holding_cell_update_fee,
7498 next_holder_htlc_id,
7499 next_counterparty_htlc_id,
7500 update_time_counter,
7503 #[cfg(debug_assertions)]
7504 holder_max_commitment_tx_output: Mutex::new((0, 0)),
7505 #[cfg(debug_assertions)]
7506 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
7508 last_sent_closing_fee: None,
7509 pending_counterparty_closing_signed: None,
7510 closing_fee_limits: None,
7511 target_closing_feerate_sats_per_kw,
7513 funding_tx_confirmed_in,
7514 funding_tx_confirmation_height,
7516 channel_creation_height: channel_creation_height.unwrap(),
7518 counterparty_dust_limit_satoshis,
7519 holder_dust_limit_satoshis,
7520 counterparty_max_htlc_value_in_flight_msat,
7521 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
7522 counterparty_selected_channel_reserve_satoshis,
7523 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
7524 counterparty_htlc_minimum_msat,
7525 holder_htlc_minimum_msat,
7526 counterparty_max_accepted_htlcs,
7529 counterparty_forwarding_info,
7531 channel_transaction_parameters: channel_parameters,
7532 funding_transaction,
7534 counterparty_cur_commitment_point,
7535 counterparty_prev_commitment_point,
7536 counterparty_node_id,
7538 counterparty_shutdown_scriptpubkey,
7542 channel_update_status,
7543 closing_signed_in_flight: false,
7547 #[cfg(any(test, fuzzing))]
7548 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
7549 #[cfg(any(test, fuzzing))]
7550 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
7552 workaround_lnd_bug_4006: None,
7553 sent_message_awaiting_response: None,
7555 latest_inbound_scid_alias,
7556 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
7557 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
7559 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
7560 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
7562 #[cfg(any(test, fuzzing))]
7563 historical_inbound_htlc_fulfills,
7565 channel_type: channel_type.unwrap(),
7568 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
7577 use bitcoin::blockdata::script::{Script, Builder};
7578 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7579 use bitcoin::blockdata::constants::genesis_block;
7580 use bitcoin::blockdata::opcodes;
7581 use bitcoin::network::constants::Network;
7583 use crate::ln::PaymentHash;
7584 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
7585 use crate::ln::channel::InitFeatures;
7586 use crate::ln::channel::{Channel, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, commit_tx_fee_msat};
7587 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
7588 use crate::ln::features::ChannelTypeFeatures;
7589 use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
7590 use crate::ln::script::ShutdownScript;
7591 use crate::ln::chan_utils;
7592 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
7593 use crate::chain::BestBlock;
7594 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
7595 use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
7596 use crate::chain::transaction::OutPoint;
7597 use crate::routing::router::Path;
7598 use crate::util::config::UserConfig;
7599 use crate::util::errors::APIError;
7600 use crate::util::test_utils;
7601 use crate::util::test_utils::{OnGetShutdownScriptpubkey, TestKeysInterface};
7602 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
7603 use bitcoin::secp256k1::ffi::Signature as FFISignature;
7604 use bitcoin::secp256k1::{SecretKey,PublicKey};
7605 use bitcoin::hashes::sha256::Hash as Sha256;
7606 use bitcoin::hashes::Hash;
7607 use bitcoin::hash_types::WPubkeyHash;
7608 use bitcoin::PackedLockTime;
7609 use bitcoin::util::address::WitnessVersion;
7610 use crate::prelude::*;
7612 struct TestFeeEstimator {
7615 impl FeeEstimator for TestFeeEstimator {
7616 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
7622 fn test_max_funding_satoshis_no_wumbo() {
7623 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
7624 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
7625 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
7629 fn test_no_fee_check_overflow() {
7630 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
7631 // arithmetic, causing a panic with debug assertions enabled.
7632 let fee_est = TestFeeEstimator { fee_est: 42 };
7633 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7634 assert!(Channel::<&TestKeysInterface>::check_remote_fee(
7635 &ChannelTypeFeatures::only_static_remote_key(), &bounded_fee_estimator,
7636 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
7640 signer: InMemorySigner,
7643 impl EntropySource for Keys {
7644 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
7647 impl SignerProvider for Keys {
7648 type Signer = InMemorySigner;
7650 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
7651 self.signer.channel_keys_id()
7654 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::Signer {
7658 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
7660 fn get_destination_script(&self) -> Result<Script, ()> {
7661 let secp_ctx = Secp256k1::signing_only();
7662 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7663 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
7664 Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script())
7667 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
7668 let secp_ctx = Secp256k1::signing_only();
7669 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7670 Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
7674 #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
7675 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
7676 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
7680 fn upfront_shutdown_script_incompatibility() {
7681 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
7682 let non_v0_segwit_shutdown_script =
7683 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
7685 let seed = [42; 32];
7686 let network = Network::Testnet;
7687 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7688 keys_provider.expect(OnGetShutdownScriptpubkey {
7689 returns: non_v0_segwit_shutdown_script.clone(),
7692 let secp_ctx = Secp256k1::new();
7693 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7694 let config = UserConfig::default();
7695 match OutboundV1Channel::<&TestKeysInterface>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
7696 Err(APIError::IncompatibleShutdownScript { script }) => {
7697 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
7699 Err(e) => panic!("Unexpected error: {:?}", e),
7700 Ok(_) => panic!("Expected error"),
7704 // Check that, during channel creation, we use the same feerate in the open channel message
7705 // as we do in the Channel object creation itself.
7707 fn test_open_channel_msg_fee() {
7708 let original_fee = 253;
7709 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
7710 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7711 let secp_ctx = Secp256k1::new();
7712 let seed = [42; 32];
7713 let network = Network::Testnet;
7714 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7716 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7717 let config = UserConfig::default();
7718 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7720 // Now change the fee so we can check that the fee in the open_channel message is the
7721 // same as the old fee.
7722 fee_est.fee_est = 500;
7723 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7724 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
7728 fn test_holder_vs_counterparty_dust_limit() {
7729 // Test that when calculating the local and remote commitment transaction fees, the correct
7730 // dust limits are used.
7731 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7732 let secp_ctx = Secp256k1::new();
7733 let seed = [42; 32];
7734 let network = Network::Testnet;
7735 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7736 let logger = test_utils::TestLogger::new();
7737 let best_block = BestBlock::from_network(network);
7739 // Go through the flow of opening a channel between two nodes, making sure
7740 // they have different dust limits.
7742 // Create Node A's channel pointing to Node B's pubkey
7743 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7744 let config = UserConfig::default();
7745 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7747 // Create Node B's channel by receiving Node A's open_channel message
7748 // Make sure A's dust limit is as we expect.
7749 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7750 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7751 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
7753 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7754 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
7755 accept_channel_msg.dust_limit_satoshis = 546;
7756 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7757 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7759 // Node A --> Node B: funding created
7760 let output_script = node_a_chan.context.get_funding_redeemscript();
7761 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7762 value: 10000000, script_pubkey: output_script.clone(),
7764 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7765 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7766 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7768 // Node B --> Node A: funding signed
7769 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
7771 // Put some inbound and outbound HTLCs in A's channel.
7772 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
7773 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
7775 amount_msat: htlc_amount_msat,
7776 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
7777 cltv_expiry: 300000000,
7778 state: InboundHTLCState::Committed,
7781 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
7783 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
7784 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
7785 cltv_expiry: 200000000,
7786 state: OutboundHTLCState::Committed,
7787 source: HTLCSource::OutboundRoute {
7788 path: Path { hops: Vec::new(), blinded_tail: None },
7789 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7790 first_hop_htlc_msat: 548,
7791 payment_id: PaymentId([42; 32]),
7793 skimmed_fee_msat: None,
7796 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
7797 // the dust limit check.
7798 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7799 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7800 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
7801 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
7803 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
7804 // of the HTLCs are seen to be above the dust limit.
7805 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7806 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
7807 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7808 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7809 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
7813 fn test_timeout_vs_success_htlc_dust_limit() {
7814 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
7815 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
7816 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
7817 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
7818 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
7819 let secp_ctx = Secp256k1::new();
7820 let seed = [42; 32];
7821 let network = Network::Testnet;
7822 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7824 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7825 let config = UserConfig::default();
7826 let mut chan = OutboundV1Channel::<&TestKeysInterface>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7828 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
7829 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
7831 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
7832 // counted as dust when it shouldn't be.
7833 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
7834 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7835 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7836 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7838 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7839 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
7840 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7841 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7842 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7844 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7846 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7847 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
7848 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7849 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7850 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7852 // If swapped: this HTLC would be counted as dust when it shouldn't be.
7853 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
7854 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7855 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7856 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7860 fn channel_reestablish_no_updates() {
7861 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7862 let logger = test_utils::TestLogger::new();
7863 let secp_ctx = Secp256k1::new();
7864 let seed = [42; 32];
7865 let network = Network::Testnet;
7866 let best_block = BestBlock::from_network(network);
7867 let chain_hash = best_block.block_hash();
7868 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7870 // Go through the flow of opening a channel between two nodes.
7872 // Create Node A's channel pointing to Node B's pubkey
7873 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7874 let config = UserConfig::default();
7875 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7877 // Create Node B's channel by receiving Node A's open_channel message
7878 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
7879 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7880 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
7882 // Node B --> Node A: accept channel
7883 let accept_channel_msg = node_b_chan.accept_inbound_channel();
7884 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7886 // Node A --> Node B: funding created
7887 let output_script = node_a_chan.context.get_funding_redeemscript();
7888 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7889 value: 10000000, script_pubkey: output_script.clone(),
7891 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7892 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7893 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7895 // Node B --> Node A: funding signed
7896 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
7898 // Now disconnect the two nodes and check that the commitment point in
7899 // Node B's channel_reestablish message is sane.
7900 node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7901 let msg = node_b_chan.get_channel_reestablish(&&logger);
7902 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7903 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7904 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7906 // Check that the commitment point in Node A's channel_reestablish message
7908 node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7909 let msg = node_a_chan.get_channel_reestablish(&&logger);
7910 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7911 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7912 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7916 fn test_configured_holder_max_htlc_value_in_flight() {
7917 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7918 let logger = test_utils::TestLogger::new();
7919 let secp_ctx = Secp256k1::new();
7920 let seed = [42; 32];
7921 let network = Network::Testnet;
7922 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7923 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7924 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7926 let mut config_2_percent = UserConfig::default();
7927 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
7928 let mut config_99_percent = UserConfig::default();
7929 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
7930 let mut config_0_percent = UserConfig::default();
7931 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
7932 let mut config_101_percent = UserConfig::default();
7933 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
7935 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
7936 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7937 // which is set to the lower bound + 1 (2%) of the `channel_value`.
7938 let chan_1 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
7939 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
7940 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
7942 // Test with the upper bound - 1 of valid values (99%).
7943 let chan_2 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
7944 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
7945 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
7947 let chan_1_open_channel_msg = chan_1.get_open_channel(genesis_block(network).header.block_hash());
7949 // Test that `InboundV1Channel::new` creates a channel with the correct value for
7950 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7951 // which is set to the lower bound - 1 (2%) of the `channel_value`.
7952 let chan_3 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
7953 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
7954 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
7956 // Test with the upper bound - 1 of valid values (99%).
7957 let chan_4 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
7958 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
7959 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
7961 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7962 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7963 let chan_5 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
7964 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
7965 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
7967 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
7968 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7970 let chan_6 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
7971 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
7972 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
7974 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7975 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7976 let chan_7 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
7977 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
7978 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
7980 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
7981 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7983 let chan_8 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
7984 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
7985 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
7989 fn test_configured_holder_selected_channel_reserve_satoshis() {
7991 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
7992 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
7993 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
7995 // Test with valid but unreasonably high channel reserves
7996 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
7997 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
7998 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
8000 // Test with calculated channel reserve less than lower bound
8001 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
8002 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
8004 // Test with invalid channel reserves since sum of both is greater than or equal
8006 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
8007 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
8010 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
8011 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
8012 let logger = test_utils::TestLogger::new();
8013 let secp_ctx = Secp256k1::new();
8014 let seed = [42; 32];
8015 let network = Network::Testnet;
8016 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8017 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8018 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8021 let mut outbound_node_config = UserConfig::default();
8022 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8023 let chan = OutboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
8025 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
8026 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
8028 let chan_open_channel_msg = chan.get_open_channel(genesis_block(network).header.block_hash());
8029 let mut inbound_node_config = UserConfig::default();
8030 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
8032 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
8033 let chan_inbound_node = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false).unwrap();
8035 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
8037 assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
8038 assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
8040 // Channel Negotiations failed
8041 let result = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false);
8042 assert!(result.is_err());
8047 fn channel_update() {
8048 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8049 let logger = test_utils::TestLogger::new();
8050 let secp_ctx = Secp256k1::new();
8051 let seed = [42; 32];
8052 let network = Network::Testnet;
8053 let best_block = BestBlock::from_network(network);
8054 let chain_hash = genesis_block(network).header.block_hash();
8055 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8057 // Create Node A's channel pointing to Node B's pubkey
8058 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8059 let config = UserConfig::default();
8060 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8062 // Create Node B's channel by receiving Node A's open_channel message
8063 // Make sure A's dust limit is as we expect.
8064 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
8065 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8066 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
8068 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
8069 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
8070 accept_channel_msg.dust_limit_satoshis = 546;
8071 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
8072 node_a_chan.context.holder_dust_limit_satoshis = 1560;
8074 // Node A --> Node B: funding created
8075 let output_script = node_a_chan.context.get_funding_redeemscript();
8076 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
8077 value: 10000000, script_pubkey: output_script.clone(),
8079 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
8080 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
8081 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
8083 // Node B --> Node A: funding signed
8084 let _ = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger).unwrap();
8086 // Make sure that receiving a channel update will update the Channel as expected.
8087 let update = ChannelUpdate {
8088 contents: UnsignedChannelUpdate {
8090 short_channel_id: 0,
8093 cltv_expiry_delta: 100,
8094 htlc_minimum_msat: 5,
8095 htlc_maximum_msat: MAX_VALUE_MSAT,
8097 fee_proportional_millionths: 11,
8098 excess_data: Vec::new(),
8100 signature: Signature::from(unsafe { FFISignature::new() })
8102 node_a_chan.channel_update(&update).unwrap();
8104 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
8105 // change our official htlc_minimum_msat.
8106 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
8107 match node_a_chan.context.counterparty_forwarding_info() {
8109 assert_eq!(info.cltv_expiry_delta, 100);
8110 assert_eq!(info.fee_base_msat, 110);
8111 assert_eq!(info.fee_proportional_millionths, 11);
8113 None => panic!("expected counterparty forwarding info to be Some")
8117 #[cfg(feature = "_test_vectors")]
8119 fn outbound_commitment_test() {
8120 use bitcoin::util::sighash;
8121 use bitcoin::consensus::encode::serialize;
8122 use bitcoin::blockdata::transaction::EcdsaSighashType;
8123 use bitcoin::hashes::hex::FromHex;
8124 use bitcoin::hash_types::Txid;
8125 use bitcoin::secp256k1::Message;
8126 use crate::sign::EcdsaChannelSigner;
8127 use crate::ln::PaymentPreimage;
8128 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
8129 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
8130 use crate::util::logger::Logger;
8131 use crate::sync::Arc;
8133 // Test vectors from BOLT 3 Appendices C and F (anchors):
8134 let feeest = TestFeeEstimator{fee_est: 15000};
8135 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
8136 let secp_ctx = Secp256k1::new();
8138 let mut signer = InMemorySigner::new(
8140 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
8141 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
8142 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8143 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
8144 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8146 // These aren't set in the test vectors:
8147 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
8153 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
8154 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
8155 let keys_provider = Keys { signer: signer.clone() };
8157 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8158 let mut config = UserConfig::default();
8159 config.channel_handshake_config.announced_channel = false;
8160 let mut chan = OutboundV1Channel::<&Keys>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
8161 chan.context.holder_dust_limit_satoshis = 546;
8162 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
8164 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
8166 let counterparty_pubkeys = ChannelPublicKeys {
8167 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8168 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
8169 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
8170 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8171 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
8173 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
8174 CounterpartyChannelTransactionParameters {
8175 pubkeys: counterparty_pubkeys.clone(),
8176 selected_contest_delay: 144
8178 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
8179 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
8181 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
8182 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8184 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
8185 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
8187 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
8188 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8190 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
8191 // derived from a commitment_seed, so instead we copy it here and call
8192 // build_commitment_transaction.
8193 let delayed_payment_base = &chan.context.holder_signer.as_ref().pubkeys().delayed_payment_basepoint;
8194 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8195 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8196 let htlc_basepoint = &chan.context.holder_signer.as_ref().pubkeys().htlc_basepoint;
8197 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
8199 macro_rules! test_commitment {
8200 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8201 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8202 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
8206 macro_rules! test_commitment_with_anchors {
8207 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8208 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8209 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
8213 macro_rules! test_commitment_common {
8214 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
8215 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
8217 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
8218 let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
8220 let htlcs = commitment_stats.htlcs_included.drain(..)
8221 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
8223 (commitment_stats.tx, htlcs)
8225 let trusted_tx = commitment_tx.trust();
8226 let unsigned_tx = trusted_tx.built_transaction();
8227 let redeemscript = chan.context.get_funding_redeemscript();
8228 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
8229 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
8230 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
8231 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
8233 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
8234 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
8235 let mut counterparty_htlc_sigs = Vec::new();
8236 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
8238 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8239 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
8240 counterparty_htlc_sigs.push(remote_signature);
8242 assert_eq!(htlcs.len(), per_htlc.len());
8244 let holder_commitment_tx = HolderCommitmentTransaction::new(
8245 commitment_tx.clone(),
8246 counterparty_signature,
8247 counterparty_htlc_sigs,
8248 &chan.context.holder_signer.as_ref().pubkeys().funding_pubkey,
8249 chan.context.counterparty_funding_pubkey()
8251 let (holder_sig, htlc_sigs) = signer.sign_holder_commitment_and_htlcs(&holder_commitment_tx, &secp_ctx).unwrap();
8252 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
8254 let funding_redeemscript = chan.context.get_funding_redeemscript();
8255 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
8256 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
8258 // ((htlc, counterparty_sig), (index, holder_sig))
8259 let mut htlc_sig_iter = holder_commitment_tx.htlcs().iter().zip(&holder_commitment_tx.counterparty_htlc_sigs).zip(htlc_sigs.iter().enumerate());
8262 log_trace!(logger, "verifying htlc {}", $htlc_idx);
8263 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8265 let ref htlc = htlcs[$htlc_idx];
8266 let htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
8267 chan.context.get_counterparty_selected_contest_delay().unwrap(),
8268 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
8269 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
8270 let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
8271 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
8272 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
8274 let mut preimage: Option<PaymentPreimage> = None;
8277 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
8278 if out == htlc.payment_hash {
8279 preimage = Some(PaymentPreimage([i; 32]));
8283 assert!(preimage.is_some());
8286 let htlc_sig = htlc_sig_iter.next().unwrap();
8287 let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
8288 assert_eq!((htlc_sig.0).0.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
8290 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
8291 assert_eq!(signature, *(htlc_sig.1).1, "htlc sig");
8292 let index = (htlc_sig.1).0;
8293 let channel_parameters = chan.context.channel_transaction_parameters.as_holder_broadcastable();
8294 let trusted_tx = holder_commitment_tx.trust();
8295 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))));
8296 assert_eq!(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))[..],
8297 hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
8299 assert!(htlc_sig_iter.next().is_none());
8303 // anchors: simple commitment tx with no HTLCs and single anchor
8304 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
8305 "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
8306 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8308 // simple commitment tx with no HTLCs
8309 chan.context.value_to_self_msat = 7000000000;
8311 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
8312 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
8313 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8315 // anchors: simple commitment tx with no HTLCs
8316 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
8317 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
8318 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8320 chan.context.pending_inbound_htlcs.push({
8321 let mut out = InboundHTLCOutput{
8323 amount_msat: 1000000,
8325 payment_hash: PaymentHash([0; 32]),
8326 state: InboundHTLCState::Committed,
8328 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
8331 chan.context.pending_inbound_htlcs.push({
8332 let mut out = InboundHTLCOutput{
8334 amount_msat: 2000000,
8336 payment_hash: PaymentHash([0; 32]),
8337 state: InboundHTLCState::Committed,
8339 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8342 chan.context.pending_outbound_htlcs.push({
8343 let mut out = OutboundHTLCOutput{
8345 amount_msat: 2000000,
8347 payment_hash: PaymentHash([0; 32]),
8348 state: OutboundHTLCState::Committed,
8349 source: HTLCSource::dummy(),
8350 skimmed_fee_msat: None,
8352 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
8355 chan.context.pending_outbound_htlcs.push({
8356 let mut out = OutboundHTLCOutput{
8358 amount_msat: 3000000,
8360 payment_hash: PaymentHash([0; 32]),
8361 state: OutboundHTLCState::Committed,
8362 source: HTLCSource::dummy(),
8363 skimmed_fee_msat: None,
8365 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
8368 chan.context.pending_inbound_htlcs.push({
8369 let mut out = InboundHTLCOutput{
8371 amount_msat: 4000000,
8373 payment_hash: PaymentHash([0; 32]),
8374 state: InboundHTLCState::Committed,
8376 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
8380 // commitment tx with all five HTLCs untrimmed (minimum feerate)
8381 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8382 chan.context.feerate_per_kw = 0;
8384 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
8385 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
8386 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8389 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
8390 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
8391 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8394 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
8395 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
8396 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8399 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
8400 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
8401 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8404 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
8405 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
8406 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8409 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
8410 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
8411 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8414 // commitment tx with seven outputs untrimmed (maximum feerate)
8415 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8416 chan.context.feerate_per_kw = 647;
8418 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
8419 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
8420 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8423 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
8424 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
8425 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8428 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
8429 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
8430 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8433 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
8434 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
8435 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8438 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
8439 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
8440 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8443 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
8444 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
8445 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8448 // commitment tx with six outputs untrimmed (minimum feerate)
8449 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8450 chan.context.feerate_per_kw = 648;
8452 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
8453 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
8454 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8457 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
8458 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
8459 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8462 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
8463 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
8464 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8467 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
8468 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
8469 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8472 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
8473 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
8474 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8477 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
8478 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8479 chan.context.feerate_per_kw = 645;
8480 chan.context.holder_dust_limit_satoshis = 1001;
8482 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
8483 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
8484 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8487 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
8488 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
8489 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
8492 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
8493 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
8494 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8497 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
8498 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
8499 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8502 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
8503 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
8504 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8507 // commitment tx with six outputs untrimmed (maximum feerate)
8508 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8509 chan.context.feerate_per_kw = 2069;
8510 chan.context.holder_dust_limit_satoshis = 546;
8512 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
8513 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
8514 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8517 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
8518 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
8519 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8522 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
8523 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
8524 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8527 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
8528 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
8529 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8532 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
8533 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
8534 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8537 // commitment tx with five outputs untrimmed (minimum feerate)
8538 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8539 chan.context.feerate_per_kw = 2070;
8541 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
8542 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
8543 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8546 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
8547 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
8548 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8551 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
8552 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
8553 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8556 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
8557 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
8558 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8561 // commitment tx with five outputs untrimmed (maximum feerate)
8562 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8563 chan.context.feerate_per_kw = 2194;
8565 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
8566 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
8567 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8570 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
8571 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
8572 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8575 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
8576 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
8577 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8580 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
8581 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
8582 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8585 // commitment tx with four outputs untrimmed (minimum feerate)
8586 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8587 chan.context.feerate_per_kw = 2195;
8589 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
8590 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
8591 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8594 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
8595 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
8596 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8599 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
8600 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
8601 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8604 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
8605 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8606 chan.context.feerate_per_kw = 2185;
8607 chan.context.holder_dust_limit_satoshis = 2001;
8608 let cached_channel_type = chan.context.channel_type;
8609 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8611 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
8612 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
8613 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8616 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
8617 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
8618 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8621 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
8622 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
8623 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8626 // commitment tx with four outputs untrimmed (maximum feerate)
8627 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8628 chan.context.feerate_per_kw = 3702;
8629 chan.context.holder_dust_limit_satoshis = 546;
8630 chan.context.channel_type = cached_channel_type.clone();
8632 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
8633 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
8634 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8637 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
8638 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
8639 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8642 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
8643 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
8644 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8647 // commitment tx with three outputs untrimmed (minimum feerate)
8648 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8649 chan.context.feerate_per_kw = 3703;
8651 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
8652 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
8653 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8656 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
8657 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
8658 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8661 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
8662 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8663 chan.context.feerate_per_kw = 3687;
8664 chan.context.holder_dust_limit_satoshis = 3001;
8665 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8667 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
8668 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
8669 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8672 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
8673 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
8674 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8677 // commitment tx with three outputs untrimmed (maximum feerate)
8678 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8679 chan.context.feerate_per_kw = 4914;
8680 chan.context.holder_dust_limit_satoshis = 546;
8681 chan.context.channel_type = cached_channel_type.clone();
8683 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
8684 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
8685 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8688 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
8689 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
8690 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8693 // commitment tx with two outputs untrimmed (minimum feerate)
8694 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8695 chan.context.feerate_per_kw = 4915;
8696 chan.context.holder_dust_limit_satoshis = 546;
8698 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
8699 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
8700 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8702 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
8703 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8704 chan.context.feerate_per_kw = 4894;
8705 chan.context.holder_dust_limit_satoshis = 4001;
8706 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8708 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
8709 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
8710 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8712 // commitment tx with two outputs untrimmed (maximum feerate)
8713 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8714 chan.context.feerate_per_kw = 9651180;
8715 chan.context.holder_dust_limit_satoshis = 546;
8716 chan.context.channel_type = cached_channel_type.clone();
8718 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
8719 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
8720 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8722 // commitment tx with one output untrimmed (minimum feerate)
8723 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8724 chan.context.feerate_per_kw = 9651181;
8726 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8727 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8728 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8730 // anchors: commitment tx with one output untrimmed (minimum dust limit)
8731 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8732 chan.context.feerate_per_kw = 6216010;
8733 chan.context.holder_dust_limit_satoshis = 4001;
8734 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8736 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
8737 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
8738 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8740 // commitment tx with fee greater than funder amount
8741 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8742 chan.context.feerate_per_kw = 9651936;
8743 chan.context.holder_dust_limit_satoshis = 546;
8744 chan.context.channel_type = cached_channel_type;
8746 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8747 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8748 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8750 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
8751 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
8752 chan.context.feerate_per_kw = 253;
8753 chan.context.pending_inbound_htlcs.clear();
8754 chan.context.pending_inbound_htlcs.push({
8755 let mut out = InboundHTLCOutput{
8757 amount_msat: 2000000,
8759 payment_hash: PaymentHash([0; 32]),
8760 state: InboundHTLCState::Committed,
8762 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8765 chan.context.pending_outbound_htlcs.clear();
8766 chan.context.pending_outbound_htlcs.push({
8767 let mut out = OutboundHTLCOutput{
8769 amount_msat: 5000001,
8771 payment_hash: PaymentHash([0; 32]),
8772 state: OutboundHTLCState::Committed,
8773 source: HTLCSource::dummy(),
8774 skimmed_fee_msat: None,
8776 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8779 chan.context.pending_outbound_htlcs.push({
8780 let mut out = OutboundHTLCOutput{
8782 amount_msat: 5000000,
8784 payment_hash: PaymentHash([0; 32]),
8785 state: OutboundHTLCState::Committed,
8786 source: HTLCSource::dummy(),
8787 skimmed_fee_msat: None,
8789 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8793 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
8794 "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
8795 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8798 "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
8799 "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
8800 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8802 "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
8803 "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
8804 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
8806 "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
8807 "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
8808 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
8811 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8812 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
8813 "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
8814 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8817 "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
8818 "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
8819 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8821 "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
8822 "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
8823 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
8825 "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
8826 "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
8827 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
8832 fn test_per_commitment_secret_gen() {
8833 // Test vectors from BOLT 3 Appendix D:
8835 let mut seed = [0; 32];
8836 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
8837 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8838 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
8840 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
8841 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8842 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
8844 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
8845 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
8847 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
8848 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
8850 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
8851 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
8852 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
8856 fn test_key_derivation() {
8857 // Test vectors from BOLT 3 Appendix E:
8858 let secp_ctx = Secp256k1::new();
8860 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
8861 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8863 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
8864 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
8866 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8867 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
8869 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8870 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
8872 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
8873 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
8875 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8876 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
8878 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
8879 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
8883 fn test_zero_conf_channel_type_support() {
8884 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8885 let secp_ctx = Secp256k1::new();
8886 let seed = [42; 32];
8887 let network = Network::Testnet;
8888 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8889 let logger = test_utils::TestLogger::new();
8891 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8892 let config = UserConfig::default();
8893 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
8894 node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8896 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8897 channel_type_features.set_zero_conf_required();
8899 let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
8900 open_channel_msg.channel_type = Some(channel_type_features);
8901 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8902 let res = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
8903 node_b_node_id, &channelmanager::provided_channel_type_features(&config),
8904 &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false);
8905 assert!(res.is_ok());
8909 fn test_supports_anchors_zero_htlc_tx_fee() {
8910 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
8911 // resulting `channel_type`.
8912 let secp_ctx = Secp256k1::new();
8913 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8914 let network = Network::Testnet;
8915 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8916 let logger = test_utils::TestLogger::new();
8918 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8919 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8921 let mut config = UserConfig::default();
8922 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
8924 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
8925 // need to signal it.
8926 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
8927 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8928 &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
8931 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
8933 let mut expected_channel_type = ChannelTypeFeatures::empty();
8934 expected_channel_type.set_static_remote_key_required();
8935 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
8937 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
8938 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8939 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8942 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8943 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
8944 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8945 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
8946 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
8949 assert_eq!(channel_a.context.channel_type, expected_channel_type);
8950 assert_eq!(channel_b.context.channel_type, expected_channel_type);
8954 fn test_rejects_implicit_simple_anchors() {
8955 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
8956 // each side's `InitFeatures`, it is rejected.
8957 let secp_ctx = Secp256k1::new();
8958 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8959 let network = Network::Testnet;
8960 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8961 let logger = test_utils::TestLogger::new();
8963 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8964 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8966 let config = UserConfig::default();
8968 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
8969 let static_remote_key_required: u64 = 1 << 12;
8970 let simple_anchors_required: u64 = 1 << 20;
8971 let raw_init_features = static_remote_key_required | simple_anchors_required;
8972 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
8974 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
8975 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8976 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8979 // Set `channel_type` to `None` to force the implicit feature negotiation.
8980 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8981 open_channel_msg.channel_type = None;
8983 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
8984 // `static_remote_key`, it will fail the channel.
8985 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
8986 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8987 &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
8988 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
8990 assert!(channel_b.is_err());
8994 fn test_rejects_simple_anchors_channel_type() {
8995 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
8997 let secp_ctx = Secp256k1::new();
8998 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8999 let network = Network::Testnet;
9000 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
9001 let logger = test_utils::TestLogger::new();
9003 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
9004 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
9006 let config = UserConfig::default();
9008 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
9009 let static_remote_key_required: u64 = 1 << 12;
9010 let simple_anchors_required: u64 = 1 << 20;
9011 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
9012 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9013 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
9014 assert!(!simple_anchors_init.requires_unknown_bits());
9015 assert!(!simple_anchors_channel_type.requires_unknown_bits());
9017 // First, we'll try to open a channel between A and B where A requests a channel type for
9018 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
9019 // B as it's not supported by LDK.
9020 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9021 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
9022 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
9025 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
9026 open_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9028 let res = InboundV1Channel::<&TestKeysInterface>::new(
9029 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9030 &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
9031 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9033 assert!(res.is_err());
9035 // Then, we'll try to open another channel where A requests a channel type for
9036 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
9037 // original `option_anchors` feature, which should be rejected by A as it's not supported by
9039 let mut channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
9040 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
9041 10000000, 100000, 42, &config, 0, 42
9044 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
9046 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
9047 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
9048 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
9049 &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
9052 let mut accept_channel_msg = channel_b.get_accept_channel_message();
9053 accept_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
9055 let res = channel_a.accept_channel(
9056 &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
9058 assert!(res.is_err());