1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::script::{Script,Builder};
11 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
12 use bitcoin::util::sighash;
13 use bitcoin::consensus::encode;
15 use bitcoin::hashes::Hash;
16 use bitcoin::hashes::sha256::Hash as Sha256;
17 use bitcoin::hashes::sha256d::Hash as Sha256d;
18 use bitcoin::hash_types::{Txid, BlockHash};
20 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
21 use bitcoin::secp256k1::{PublicKey,SecretKey};
22 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
23 use bitcoin::secp256k1;
25 use crate::ln::{PaymentPreimage, PaymentHash};
26 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
28 use crate::ln::msgs::DecodeError;
29 use crate::ln::script::{self, ShutdownScript};
30 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
31 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
32 use crate::ln::chan_utils;
33 use crate::ln::onion_utils::HTLCFailReason;
34 use crate::chain::BestBlock;
35 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
36 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
37 use crate::chain::transaction::{OutPoint, TransactionData};
38 use crate::sign::{WriteableEcdsaChannelSigner, EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
39 use crate::events::ClosureReason;
40 use crate::routing::gossip::NodeId;
41 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
42 use crate::util::logger::Logger;
43 use crate::util::errors::APIError;
44 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
45 use crate::util::scid_utils::scid_from_parts;
48 use crate::prelude::*;
49 use core::{cmp,mem,fmt};
51 #[cfg(any(test, fuzzing, debug_assertions))]
52 use crate::sync::Mutex;
53 use bitcoin::hashes::hex::ToHex;
56 pub struct ChannelValueStat {
57 pub value_to_self_msat: u64,
58 pub channel_value_msat: u64,
59 pub channel_reserve_msat: u64,
60 pub pending_outbound_htlcs_amount_msat: u64,
61 pub pending_inbound_htlcs_amount_msat: u64,
62 pub holding_cell_outbound_amount_msat: u64,
63 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
64 pub counterparty_dust_limit_msat: u64,
67 pub struct AvailableBalances {
68 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
69 pub balance_msat: u64,
70 /// Total amount available for our counterparty to send to us.
71 pub inbound_capacity_msat: u64,
72 /// Total amount available for us to send to our counterparty.
73 pub outbound_capacity_msat: u64,
74 /// The maximum value we can assign to the next outbound HTLC
75 pub next_outbound_htlc_limit_msat: u64,
76 /// The minimum value we can assign to the next outbound HTLC
77 pub next_outbound_htlc_minimum_msat: u64,
80 #[derive(Debug, Clone, Copy, PartialEq)]
82 // Inbound states mirroring InboundHTLCState
84 AwaitingRemoteRevokeToAnnounce,
85 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
86 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
87 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
88 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
89 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
91 // Outbound state can only be `LocalAnnounced` or `Committed`
95 enum InboundHTLCRemovalReason {
96 FailRelay(msgs::OnionErrorPacket),
97 FailMalformed(([u8; 32], u16)),
98 Fulfill(PaymentPreimage),
101 enum InboundHTLCState {
102 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
103 /// update_add_htlc message for this HTLC.
104 RemoteAnnounced(PendingHTLCStatus),
105 /// Included in a received commitment_signed message (implying we've
106 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
107 /// state (see the example below). We have not yet included this HTLC in a
108 /// commitment_signed message because we are waiting on the remote's
109 /// aforementioned state revocation. One reason this missing remote RAA
110 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
111 /// is because every time we create a new "state", i.e. every time we sign a
112 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
113 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
114 /// sent provided the per_commitment_point for our current commitment tx.
115 /// The other reason we should not send a commitment_signed without their RAA
116 /// is because their RAA serves to ACK our previous commitment_signed.
118 /// Here's an example of how an HTLC could come to be in this state:
119 /// remote --> update_add_htlc(prev_htlc) --> local
120 /// remote --> commitment_signed(prev_htlc) --> local
121 /// remote <-- revoke_and_ack <-- local
122 /// remote <-- commitment_signed(prev_htlc) <-- local
123 /// [note that here, the remote does not respond with a RAA]
124 /// remote --> update_add_htlc(this_htlc) --> local
125 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
126 /// Now `this_htlc` will be assigned this state. It's unable to be officially
127 /// accepted, i.e. included in a commitment_signed, because we're missing the
128 /// RAA that provides our next per_commitment_point. The per_commitment_point
129 /// is used to derive commitment keys, which are used to construct the
130 /// signatures in a commitment_signed message.
131 /// Implies AwaitingRemoteRevoke.
133 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
134 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
135 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
136 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
137 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
138 /// channel (before it can then get forwarded and/or removed).
139 /// Implies AwaitingRemoteRevoke.
140 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
142 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
143 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
145 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
146 /// commitment transaction without it as otherwise we'll have to force-close the channel to
147 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
148 /// anyway). That said, ChannelMonitor does this for us (see
149 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
150 /// our own local state before then, once we're sure that the next commitment_signed and
151 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
152 LocalRemoved(InboundHTLCRemovalReason),
155 struct InboundHTLCOutput {
159 payment_hash: PaymentHash,
160 state: InboundHTLCState,
163 enum OutboundHTLCState {
164 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
165 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
166 /// we will promote to Committed (note that they may not accept it until the next time we
167 /// revoke, but we don't really care about that:
168 /// * they've revoked, so worst case we can announce an old state and get our (option on)
169 /// money back (though we won't), and,
170 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
171 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
172 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
173 /// we'll never get out of sync).
174 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
175 /// OutboundHTLCOutput's size just for a temporary bit
176 LocalAnnounced(Box<msgs::OnionPacket>),
178 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
179 /// the change (though they'll need to revoke before we fail the payment).
180 RemoteRemoved(OutboundHTLCOutcome),
181 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
182 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
183 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
184 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
185 /// remote revoke_and_ack on a previous state before we can do so.
186 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
187 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
188 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
189 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
190 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
191 /// revoke_and_ack to drop completely.
192 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
196 enum OutboundHTLCOutcome {
197 /// LDK version 0.0.105+ will always fill in the preimage here.
198 Success(Option<PaymentPreimage>),
199 Failure(HTLCFailReason),
202 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
203 fn from(o: Option<HTLCFailReason>) -> Self {
205 None => OutboundHTLCOutcome::Success(None),
206 Some(r) => OutboundHTLCOutcome::Failure(r)
211 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
212 fn into(self) -> Option<&'a HTLCFailReason> {
214 OutboundHTLCOutcome::Success(_) => None,
215 OutboundHTLCOutcome::Failure(ref r) => Some(r)
220 struct OutboundHTLCOutput {
224 payment_hash: PaymentHash,
225 state: OutboundHTLCState,
227 skimmed_fee_msat: Option<u64>,
230 /// See AwaitingRemoteRevoke ChannelState for more info
231 enum HTLCUpdateAwaitingACK {
232 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
236 payment_hash: PaymentHash,
238 onion_routing_packet: msgs::OnionPacket,
239 // The extra fee we're skimming off the top of this HTLC.
240 skimmed_fee_msat: Option<u64>,
243 payment_preimage: PaymentPreimage,
248 err_packet: msgs::OnionErrorPacket,
252 /// There are a few "states" and then a number of flags which can be applied:
253 /// We first move through init with OurInitSent -> TheirInitSent -> FundingCreated -> FundingSent.
254 /// TheirChannelReady and OurChannelReady then get set on FundingSent, and when both are set we
255 /// move on to ChannelReady.
256 /// Note that PeerDisconnected can be set on both ChannelReady and FundingSent.
257 /// ChannelReady can then get all remaining flags set on it, until we finish shutdown, then we
258 /// move on to ShutdownComplete, at which point most calls into this channel are disallowed.
260 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
261 OurInitSent = 1 << 0,
262 /// Implies we have received their open_channel/accept_channel message
263 TheirInitSent = 1 << 1,
264 /// We have sent funding_created and are awaiting a funding_signed to advance to FundingSent.
265 /// Note that this is nonsense for an inbound channel as we immediately generate funding_signed
266 /// upon receipt of funding_created, so simply skip this state.
268 /// Set when we have received/sent funding_created and funding_signed and are thus now waiting
269 /// on the funding transaction to confirm. The ChannelReady flags are set to indicate when we
270 /// and our counterparty consider the funding transaction confirmed.
272 /// Flag which can be set on FundingSent to indicate they sent us a channel_ready message.
273 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
274 TheirChannelReady = 1 << 4,
275 /// Flag which can be set on FundingSent to indicate we sent them a channel_ready message.
276 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
277 OurChannelReady = 1 << 5,
279 /// Flag which is set on ChannelReady and FundingSent indicating remote side is considered
280 /// "disconnected" and no updates are allowed until after we've done a channel_reestablish
282 PeerDisconnected = 1 << 7,
283 /// Flag which is set on ChannelReady, FundingCreated, and FundingSent indicating the user has
284 /// told us a ChannelMonitor update is pending async persistence somewhere and we should pause
285 /// sending any outbound messages until they've managed to finish.
286 MonitorUpdateInProgress = 1 << 8,
287 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
288 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
289 /// messages as then we will be unable to determine which HTLCs they included in their
290 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
292 /// Flag is set on ChannelReady.
293 AwaitingRemoteRevoke = 1 << 9,
294 /// Flag which is set on ChannelReady or FundingSent after receiving a shutdown message from
295 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
296 /// to respond with our own shutdown message when possible.
297 RemoteShutdownSent = 1 << 10,
298 /// Flag which is set on ChannelReady or FundingSent after sending a shutdown message. At this
299 /// point, we may not add any new HTLCs to the channel.
300 LocalShutdownSent = 1 << 11,
301 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
302 /// to drop us, but we store this anyway.
303 ShutdownComplete = 4096,
305 const BOTH_SIDES_SHUTDOWN_MASK: u32 = ChannelState::LocalShutdownSent as u32 | ChannelState::RemoteShutdownSent as u32;
306 const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32;
308 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
310 pub const DEFAULT_MAX_HTLCS: u16 = 50;
312 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
313 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
314 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
315 if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
319 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
321 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
323 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
325 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
326 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
327 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
328 /// `holder_max_htlc_value_in_flight_msat`.
329 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
331 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
332 /// `option_support_large_channel` (aka wumbo channels) is not supported.
334 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
336 /// Total bitcoin supply in satoshis.
337 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
339 /// The maximum network dust limit for standard script formats. This currently represents the
340 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
341 /// transaction non-standard and thus refuses to relay it.
342 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
343 /// implementations use this value for their dust limit today.
344 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
346 /// The maximum channel dust limit we will accept from our counterparty.
347 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
349 /// The dust limit is used for both the commitment transaction outputs as well as the closing
350 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
351 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
352 /// In order to avoid having to concern ourselves with standardness during the closing process, we
353 /// simply require our counterparty to use a dust limit which will leave any segwit output
355 /// See <https://github.com/lightning/bolts/issues/905> for more details.
356 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
358 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
359 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
361 /// Used to return a simple Error back to ChannelManager. Will get converted to a
362 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
363 /// channel_id in ChannelManager.
364 pub(super) enum ChannelError {
370 impl fmt::Debug for ChannelError {
371 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
373 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
374 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
375 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
380 impl fmt::Display for ChannelError {
381 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
383 &ChannelError::Ignore(ref e) => write!(f, "{}", e),
384 &ChannelError::Warn(ref e) => write!(f, "{}", e),
385 &ChannelError::Close(ref e) => write!(f, "{}", e),
390 macro_rules! secp_check {
391 ($res: expr, $err: expr) => {
394 Err(_) => return Err(ChannelError::Close($err)),
399 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
400 /// our counterparty or not. However, we don't want to announce updates right away to avoid
401 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
402 /// our channel_update message and track the current state here.
403 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
404 #[derive(Clone, Copy, PartialEq)]
405 pub(super) enum ChannelUpdateStatus {
406 /// We've announced the channel as enabled and are connected to our peer.
408 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
410 /// Our channel is live again, but we haven't announced the channel as enabled yet.
412 /// We've announced the channel as disabled.
416 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
418 pub enum AnnouncementSigsState {
419 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
420 /// we sent the last `AnnouncementSignatures`.
422 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
423 /// This state never appears on disk - instead we write `NotSent`.
425 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
426 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
427 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
428 /// they send back a `RevokeAndACK`.
429 /// This state never appears on disk - instead we write `NotSent`.
431 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
432 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
436 /// An enum indicating whether the local or remote side offered a given HTLC.
442 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
445 pending_htlcs_value_msat: u64,
446 on_counterparty_tx_dust_exposure_msat: u64,
447 on_holder_tx_dust_exposure_msat: u64,
448 holding_cell_msat: u64,
449 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
452 /// An enum gathering stats on commitment transaction, either local or remote.
453 struct CommitmentStats<'a> {
454 tx: CommitmentTransaction, // the transaction info
455 feerate_per_kw: u32, // the feerate included to build the transaction
456 total_fee_sat: u64, // the total fee included in the transaction
457 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
458 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
459 local_balance_msat: u64, // local balance before fees but considering dust limits
460 remote_balance_msat: u64, // remote balance before fees but considering dust limits
461 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
464 /// Used when calculating whether we or the remote can afford an additional HTLC.
465 struct HTLCCandidate {
467 origin: HTLCInitiator,
471 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
479 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
481 enum UpdateFulfillFetch {
483 monitor_update: ChannelMonitorUpdate,
484 htlc_value_msat: u64,
485 msg: Option<msgs::UpdateFulfillHTLC>,
490 /// The return type of get_update_fulfill_htlc_and_commit.
491 pub enum UpdateFulfillCommitFetch {
492 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
493 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
494 /// previously placed in the holding cell (and has since been removed).
496 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
497 monitor_update: ChannelMonitorUpdate,
498 /// The value of the HTLC which was claimed, in msat.
499 htlc_value_msat: u64,
501 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
502 /// or has been forgotten (presumably previously claimed).
506 /// The return value of `monitor_updating_restored`
507 pub(super) struct MonitorRestoreUpdates {
508 pub raa: Option<msgs::RevokeAndACK>,
509 pub commitment_update: Option<msgs::CommitmentUpdate>,
510 pub order: RAACommitmentOrder,
511 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
512 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
513 pub finalized_claimed_htlcs: Vec<HTLCSource>,
514 pub funding_broadcastable: Option<Transaction>,
515 pub channel_ready: Option<msgs::ChannelReady>,
516 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
519 /// The return value of `channel_reestablish`
520 pub(super) struct ReestablishResponses {
521 pub channel_ready: Option<msgs::ChannelReady>,
522 pub raa: Option<msgs::RevokeAndACK>,
523 pub commitment_update: Option<msgs::CommitmentUpdate>,
524 pub order: RAACommitmentOrder,
525 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
526 pub shutdown_msg: Option<msgs::Shutdown>,
529 /// The return type of `force_shutdown`
531 /// Contains a (counterparty_node_id, funding_txo, [`ChannelMonitorUpdate`]) tuple
532 /// followed by a list of HTLCs to fail back in the form of the (source, payment hash, and this
533 /// channel's counterparty_node_id and channel_id).
534 pub(crate) type ShutdownResult = (
535 Option<(PublicKey, OutPoint, ChannelMonitorUpdate)>,
536 Vec<(HTLCSource, PaymentHash, PublicKey, [u8; 32])>
539 /// If the majority of the channels funds are to the fundee and the initiator holds only just
540 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
541 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
542 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
543 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
544 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
545 /// by this multiple without hitting this case, before sending.
546 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
547 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
548 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
549 /// leave the channel less usable as we hold a bigger reserve.
550 #[cfg(any(fuzzing, test))]
551 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
552 #[cfg(not(any(fuzzing, test)))]
553 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
555 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
556 /// channel creation on an inbound channel, we simply force-close and move on.
557 /// This constant is the one suggested in BOLT 2.
558 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
560 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
561 /// not have enough balance value remaining to cover the onchain cost of this new
562 /// HTLC weight. If this happens, our counterparty fails the reception of our
563 /// commitment_signed including this new HTLC due to infringement on the channel
565 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
566 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
567 /// leads to a channel force-close. Ultimately, this is an issue coming from the
568 /// design of LN state machines, allowing asynchronous updates.
569 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
571 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
572 /// commitment transaction fees, with at least this many HTLCs present on the commitment
573 /// transaction (not counting the value of the HTLCs themselves).
574 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
576 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
577 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
578 /// ChannelUpdate prompted by the config update. This value was determined as follows:
580 /// * The expected interval between ticks (1 minute).
581 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
582 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
583 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
584 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
586 /// The number of ticks that may elapse while we're waiting for a response to a
587 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
590 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
591 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
593 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
594 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
595 /// exceeding this age limit will be force-closed and purged from memory.
596 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
598 struct PendingChannelMonitorUpdate {
599 update: ChannelMonitorUpdate,
602 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
603 (0, update, required),
606 /// Contains all state common to unfunded inbound/outbound channels.
607 pub(super) struct UnfundedChannelContext {
608 /// A counter tracking how many ticks have elapsed since this unfunded channel was
609 /// created. If this unfunded channel reaches peer has yet to respond after reaching
610 /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
612 /// This is so that we don't keep channels around that haven't progressed to a funded state
613 /// in a timely manner.
614 unfunded_channel_age_ticks: usize,
617 impl UnfundedChannelContext {
618 /// Determines whether we should force-close and purge this unfunded channel from memory due to it
619 /// having reached the unfunded channel age limit.
621 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
622 pub fn should_expire_unfunded_channel(&mut self) -> bool {
623 self.unfunded_channel_age_ticks += 1;
624 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
628 /// Contains everything about the channel including state, and various flags.
629 pub(super) struct ChannelContext<Signer: ChannelSigner> {
630 config: LegacyChannelConfig,
632 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
633 // constructed using it. The second element in the tuple corresponds to the number of ticks that
634 // have elapsed since the update occurred.
635 prev_config: Option<(ChannelConfig, usize)>,
637 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
641 channel_id: [u8; 32],
642 temporary_channel_id: Option<[u8; 32]>, // Will be `None` for channels created prior to 0.0.115.
645 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
646 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
648 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
649 // Note that a number of our tests were written prior to the behavior here which retransmits
650 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
652 #[cfg(any(test, feature = "_test_utils"))]
653 pub(crate) announcement_sigs_state: AnnouncementSigsState,
654 #[cfg(not(any(test, feature = "_test_utils")))]
655 announcement_sigs_state: AnnouncementSigsState,
657 secp_ctx: Secp256k1<secp256k1::All>,
658 channel_value_satoshis: u64,
660 latest_monitor_update_id: u64,
662 holder_signer: Signer,
663 shutdown_scriptpubkey: Option<ShutdownScript>,
664 destination_script: Script,
666 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
667 // generation start at 0 and count up...this simplifies some parts of implementation at the
668 // cost of others, but should really just be changed.
670 cur_holder_commitment_transaction_number: u64,
671 cur_counterparty_commitment_transaction_number: u64,
672 value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
673 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
674 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
675 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
677 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
678 /// need to ensure we resend them in the order we originally generated them. Note that because
679 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
680 /// sufficient to simply set this to the opposite of any message we are generating as we
681 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
682 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
684 resend_order: RAACommitmentOrder,
686 monitor_pending_channel_ready: bool,
687 monitor_pending_revoke_and_ack: bool,
688 monitor_pending_commitment_signed: bool,
690 // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
691 // responsible for some of the HTLCs here or not - we don't know whether the update in question
692 // completed or not. We currently ignore these fields entirely when force-closing a channel,
693 // but need to handle this somehow or we run the risk of losing HTLCs!
694 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
695 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
696 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
698 // pending_update_fee is filled when sending and receiving update_fee.
700 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
701 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
702 // generating new commitment transactions with exactly the same criteria as inbound/outbound
703 // HTLCs with similar state.
704 pending_update_fee: Option<(u32, FeeUpdateState)>,
705 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
706 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
707 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
708 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
709 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
710 holding_cell_update_fee: Option<u32>,
711 next_holder_htlc_id: u64,
712 next_counterparty_htlc_id: u64,
715 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
716 /// when the channel is updated in ways which may impact the `channel_update` message or when a
717 /// new block is received, ensuring it's always at least moderately close to the current real
719 update_time_counter: u32,
721 #[cfg(debug_assertions)]
722 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
723 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
724 #[cfg(debug_assertions)]
725 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
726 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
728 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
729 target_closing_feerate_sats_per_kw: Option<u32>,
731 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
732 /// update, we need to delay processing it until later. We do that here by simply storing the
733 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
734 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
736 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
737 /// transaction. These are set once we reach `closing_negotiation_ready`.
739 pub(crate) closing_fee_limits: Option<(u64, u64)>,
741 closing_fee_limits: Option<(u64, u64)>,
743 /// Flag that ensures that `accept_inbound_channel` must be called before `funding_created`
744 /// is executed successfully. The reason for this flag is that when the
745 /// `UserConfig::manually_accept_inbound_channels` config flag is set to true, inbound channels
746 /// are required to be manually accepted by the node operator before the `msgs::AcceptChannel`
747 /// message is created and sent out. During the manual accept process, `accept_inbound_channel`
748 /// is called by `ChannelManager::accept_inbound_channel`.
750 /// The flag counteracts that a counterparty node could theoretically send a
751 /// `msgs::FundingCreated` message before the node operator has manually accepted an inbound
752 /// channel request made by the counterparty node. That would execute `funding_created` before
753 /// `accept_inbound_channel`, and `funding_created` should therefore not execute successfully.
754 inbound_awaiting_accept: bool,
756 /// The hash of the block in which the funding transaction was included.
757 funding_tx_confirmed_in: Option<BlockHash>,
758 funding_tx_confirmation_height: u32,
759 short_channel_id: Option<u64>,
760 /// Either the height at which this channel was created or the height at which it was last
761 /// serialized if it was serialized by versions prior to 0.0.103.
762 /// We use this to close if funding is never broadcasted.
763 channel_creation_height: u32,
765 counterparty_dust_limit_satoshis: u64,
768 pub(super) holder_dust_limit_satoshis: u64,
770 holder_dust_limit_satoshis: u64,
773 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
775 counterparty_max_htlc_value_in_flight_msat: u64,
778 pub(super) holder_max_htlc_value_in_flight_msat: u64,
780 holder_max_htlc_value_in_flight_msat: u64,
782 /// minimum channel reserve for self to maintain - set by them.
783 counterparty_selected_channel_reserve_satoshis: Option<u64>,
786 pub(super) holder_selected_channel_reserve_satoshis: u64,
788 holder_selected_channel_reserve_satoshis: u64,
790 counterparty_htlc_minimum_msat: u64,
791 holder_htlc_minimum_msat: u64,
793 pub counterparty_max_accepted_htlcs: u16,
795 counterparty_max_accepted_htlcs: u16,
796 holder_max_accepted_htlcs: u16,
797 minimum_depth: Option<u32>,
799 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
801 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
802 funding_transaction: Option<Transaction>,
804 counterparty_cur_commitment_point: Option<PublicKey>,
805 counterparty_prev_commitment_point: Option<PublicKey>,
806 counterparty_node_id: PublicKey,
808 counterparty_shutdown_scriptpubkey: Option<Script>,
810 commitment_secrets: CounterpartyCommitmentSecrets,
812 channel_update_status: ChannelUpdateStatus,
813 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
814 /// not complete within a single timer tick (one minute), we should force-close the channel.
815 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
817 /// Note that this field is reset to false on deserialization to give us a chance to connect to
818 /// our peer and start the closing_signed negotiation fresh.
819 closing_signed_in_flight: bool,
821 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
822 /// This can be used to rebroadcast the channel_announcement message later.
823 announcement_sigs: Option<(Signature, Signature)>,
825 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
826 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
827 // be, by comparing the cached values to the fee of the tranaction generated by
828 // `build_commitment_transaction`.
829 #[cfg(any(test, fuzzing))]
830 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
831 #[cfg(any(test, fuzzing))]
832 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
834 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
835 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
836 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
837 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
838 /// message until we receive a channel_reestablish.
840 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
841 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
843 /// An option set when we wish to track how many ticks have elapsed while waiting for a response
844 /// from our counterparty after sending a message. If the peer has yet to respond after reaching
845 /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
846 /// unblock the state machine.
848 /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
849 /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
850 /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
852 /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
853 /// [`msgs::RevokeAndACK`] message from the counterparty.
854 sent_message_awaiting_response: Option<usize>,
856 #[cfg(any(test, fuzzing))]
857 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
858 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
859 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
860 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
861 // is fine, but as a sanity check in our failure to generate the second claim, we check here
862 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
863 historical_inbound_htlc_fulfills: HashSet<u64>,
865 /// This channel's type, as negotiated during channel open
866 channel_type: ChannelTypeFeatures,
868 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
869 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
870 // the channel's funding UTXO.
872 // We also use this when sending our peer a channel_update that isn't to be broadcasted
873 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
874 // associated channel mapping.
876 // We only bother storing the most recent SCID alias at any time, though our counterparty has
877 // to store all of them.
878 latest_inbound_scid_alias: Option<u64>,
880 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
881 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
882 // don't currently support node id aliases and eventually privacy should be provided with
883 // blinded paths instead of simple scid+node_id aliases.
884 outbound_scid_alias: u64,
886 // We track whether we already emitted a `ChannelPending` event.
887 channel_pending_event_emitted: bool,
889 // We track whether we already emitted a `ChannelReady` event.
890 channel_ready_event_emitted: bool,
892 /// The unique identifier used to re-derive the private key material for the channel through
893 /// [`SignerProvider::derive_channel_signer`].
894 channel_keys_id: [u8; 32],
896 /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
897 /// store it here and only release it to the `ChannelManager` once it asks for it.
898 blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
901 impl<Signer: ChannelSigner> ChannelContext<Signer> {
902 /// Allowed in any state (including after shutdown)
903 pub fn get_update_time_counter(&self) -> u32 {
904 self.update_time_counter
907 pub fn get_latest_monitor_update_id(&self) -> u64 {
908 self.latest_monitor_update_id
911 pub fn should_announce(&self) -> bool {
912 self.config.announced_channel
915 pub fn is_outbound(&self) -> bool {
916 self.channel_transaction_parameters.is_outbound_from_holder
919 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
920 /// Allowed in any state (including after shutdown)
921 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
922 self.config.options.forwarding_fee_base_msat
925 /// Returns true if we've ever received a message from the remote end for this Channel
926 pub fn have_received_message(&self) -> bool {
927 self.channel_state > (ChannelState::OurInitSent as u32)
930 /// Returns true if this channel is fully established and not known to be closing.
931 /// Allowed in any state (including after shutdown)
932 pub fn is_usable(&self) -> bool {
933 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
934 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
937 /// shutdown state returns the state of the channel in its various stages of shutdown
938 pub fn shutdown_state(&self) -> ChannelShutdownState {
939 if self.channel_state & (ChannelState::ShutdownComplete as u32) != 0 {
940 return ChannelShutdownState::ShutdownComplete;
942 if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 && self.channel_state & (ChannelState::RemoteShutdownSent as u32) == 0 {
943 return ChannelShutdownState::ShutdownInitiated;
945 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && !self.closing_negotiation_ready() {
946 return ChannelShutdownState::ResolvingHTLCs;
948 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && self.closing_negotiation_ready() {
949 return ChannelShutdownState::NegotiatingClosingFee;
951 return ChannelShutdownState::NotShuttingDown;
954 fn closing_negotiation_ready(&self) -> bool {
955 self.pending_inbound_htlcs.is_empty() &&
956 self.pending_outbound_htlcs.is_empty() &&
957 self.pending_update_fee.is_none() &&
959 (BOTH_SIDES_SHUTDOWN_MASK |
960 ChannelState::AwaitingRemoteRevoke as u32 |
961 ChannelState::PeerDisconnected as u32 |
962 ChannelState::MonitorUpdateInProgress as u32) == BOTH_SIDES_SHUTDOWN_MASK
965 /// Returns true if this channel is currently available for use. This is a superset of
966 /// is_usable() and considers things like the channel being temporarily disabled.
967 /// Allowed in any state (including after shutdown)
968 pub fn is_live(&self) -> bool {
969 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
974 pub fn channel_id(&self) -> [u8; 32] {
978 // Return the `temporary_channel_id` used during channel establishment.
980 // Will return `None` for channels created prior to LDK version 0.0.115.
981 pub fn temporary_channel_id(&self) -> Option<[u8; 32]> {
982 self.temporary_channel_id
985 pub fn minimum_depth(&self) -> Option<u32> {
989 /// Gets the "user_id" value passed into the construction of this channel. It has no special
990 /// meaning and exists only to allow users to have a persistent identifier of a channel.
991 pub fn get_user_id(&self) -> u128 {
995 /// Gets the channel's type
996 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
1000 /// Gets the channel's `short_channel_id`.
1002 /// Will return `None` if the channel hasn't been confirmed yet.
1003 pub fn get_short_channel_id(&self) -> Option<u64> {
1004 self.short_channel_id
1007 /// Allowed in any state (including after shutdown)
1008 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
1009 self.latest_inbound_scid_alias
1012 /// Allowed in any state (including after shutdown)
1013 pub fn outbound_scid_alias(&self) -> u64 {
1014 self.outbound_scid_alias
1017 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
1018 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases.
1019 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
1020 assert_eq!(self.outbound_scid_alias, 0);
1021 self.outbound_scid_alias = outbound_scid_alias;
1024 /// Returns the funding_txo we either got from our peer, or were given by
1025 /// get_funding_created.
1026 pub fn get_funding_txo(&self) -> Option<OutPoint> {
1027 self.channel_transaction_parameters.funding_outpoint
1030 /// Returns the block hash in which our funding transaction was confirmed.
1031 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
1032 self.funding_tx_confirmed_in
1035 /// Returns the current number of confirmations on the funding transaction.
1036 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
1037 if self.funding_tx_confirmation_height == 0 {
1038 // We either haven't seen any confirmation yet, or observed a reorg.
1042 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
1045 fn get_holder_selected_contest_delay(&self) -> u16 {
1046 self.channel_transaction_parameters.holder_selected_contest_delay
1049 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
1050 &self.channel_transaction_parameters.holder_pubkeys
1053 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
1054 self.channel_transaction_parameters.counterparty_parameters
1055 .as_ref().map(|params| params.selected_contest_delay)
1058 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
1059 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
1062 /// Allowed in any state (including after shutdown)
1063 pub fn get_counterparty_node_id(&self) -> PublicKey {
1064 self.counterparty_node_id
1067 /// Allowed in any state (including after shutdown)
1068 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
1069 self.holder_htlc_minimum_msat
1072 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1073 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
1074 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
1077 /// Allowed in any state (including after shutdown)
1078 pub fn get_announced_htlc_max_msat(&self) -> u64 {
1080 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
1081 // to use full capacity. This is an effort to reduce routing failures, because in many cases
1082 // channel might have been used to route very small values (either by honest users or as DoS).
1083 self.channel_value_satoshis * 1000 * 9 / 10,
1085 self.counterparty_max_htlc_value_in_flight_msat
1089 /// Allowed in any state (including after shutdown)
1090 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
1091 self.counterparty_htlc_minimum_msat
1094 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1095 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
1096 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
1099 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
1100 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
1101 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
1103 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
1104 party_max_htlc_value_in_flight_msat
1109 pub fn get_value_satoshis(&self) -> u64 {
1110 self.channel_value_satoshis
1113 pub fn get_fee_proportional_millionths(&self) -> u32 {
1114 self.config.options.forwarding_fee_proportional_millionths
1117 pub fn get_cltv_expiry_delta(&self) -> u16 {
1118 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
1121 pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
1122 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
1123 where F::Target: FeeEstimator
1125 match self.config.options.max_dust_htlc_exposure {
1126 MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
1127 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
1128 ConfirmationTarget::HighPriority);
1129 feerate_per_kw as u64 * multiplier
1131 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
1135 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
1136 pub fn prev_config(&self) -> Option<ChannelConfig> {
1137 self.prev_config.map(|prev_config| prev_config.0)
1140 // Checks whether we should emit a `ChannelPending` event.
1141 pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
1142 self.is_funding_initiated() && !self.channel_pending_event_emitted
1145 // Returns whether we already emitted a `ChannelPending` event.
1146 pub(crate) fn channel_pending_event_emitted(&self) -> bool {
1147 self.channel_pending_event_emitted
1150 // Remembers that we already emitted a `ChannelPending` event.
1151 pub(crate) fn set_channel_pending_event_emitted(&mut self) {
1152 self.channel_pending_event_emitted = true;
1155 // Checks whether we should emit a `ChannelReady` event.
1156 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
1157 self.is_usable() && !self.channel_ready_event_emitted
1160 // Remembers that we already emitted a `ChannelReady` event.
1161 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
1162 self.channel_ready_event_emitted = true;
1165 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
1166 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
1167 /// no longer be considered when forwarding HTLCs.
1168 pub fn maybe_expire_prev_config(&mut self) {
1169 if self.prev_config.is_none() {
1172 let prev_config = self.prev_config.as_mut().unwrap();
1174 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
1175 self.prev_config = None;
1179 /// Returns the current [`ChannelConfig`] applied to the channel.
1180 pub fn config(&self) -> ChannelConfig {
1184 /// Updates the channel's config. A bool is returned indicating whether the config update
1185 /// applied resulted in a new ChannelUpdate message.
1186 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
1187 let did_channel_update =
1188 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
1189 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
1190 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
1191 if did_channel_update {
1192 self.prev_config = Some((self.config.options, 0));
1193 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
1194 // policy change to propagate throughout the network.
1195 self.update_time_counter += 1;
1197 self.config.options = *config;
1201 /// Returns true if funding_created was sent/received.
1202 pub fn is_funding_initiated(&self) -> bool {
1203 self.channel_state >= ChannelState::FundingSent as u32
1206 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1207 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1208 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1209 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1210 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1212 /// @local is used only to convert relevant internal structures which refer to remote vs local
1213 /// to decide value of outputs and direction of HTLCs.
1214 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1215 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1216 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1217 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1218 /// which peer generated this transaction and "to whom" this transaction flows.
1220 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1221 where L::Target: Logger
1223 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1224 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1225 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1227 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1228 let mut remote_htlc_total_msat = 0;
1229 let mut local_htlc_total_msat = 0;
1230 let mut value_to_self_msat_offset = 0;
1232 let mut feerate_per_kw = self.feerate_per_kw;
1233 if let Some((feerate, update_state)) = self.pending_update_fee {
1234 if match update_state {
1235 // Note that these match the inclusion criteria when scanning
1236 // pending_inbound_htlcs below.
1237 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1238 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1239 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1241 feerate_per_kw = feerate;
1245 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1246 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1247 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1248 log_bytes!(self.channel_id), if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1250 macro_rules! get_htlc_in_commitment {
1251 ($htlc: expr, $offered: expr) => {
1252 HTLCOutputInCommitment {
1254 amount_msat: $htlc.amount_msat,
1255 cltv_expiry: $htlc.cltv_expiry,
1256 payment_hash: $htlc.payment_hash,
1257 transaction_output_index: None
1262 macro_rules! add_htlc_output {
1263 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1264 if $outbound == local { // "offered HTLC output"
1265 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1266 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1269 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
1271 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1272 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1273 included_non_dust_htlcs.push((htlc_in_tx, $source));
1275 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1276 included_dust_htlcs.push((htlc_in_tx, $source));
1279 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1280 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1283 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
1285 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1286 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1287 included_non_dust_htlcs.push((htlc_in_tx, $source));
1289 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1290 included_dust_htlcs.push((htlc_in_tx, $source));
1296 for ref htlc in self.pending_inbound_htlcs.iter() {
1297 let (include, state_name) = match htlc.state {
1298 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1299 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1300 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1301 InboundHTLCState::Committed => (true, "Committed"),
1302 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1306 add_htlc_output!(htlc, false, None, state_name);
1307 remote_htlc_total_msat += htlc.amount_msat;
1309 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1311 &InboundHTLCState::LocalRemoved(ref reason) => {
1312 if generated_by_local {
1313 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1314 value_to_self_msat_offset += htlc.amount_msat as i64;
1323 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1325 for ref htlc in self.pending_outbound_htlcs.iter() {
1326 let (include, state_name) = match htlc.state {
1327 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1328 OutboundHTLCState::Committed => (true, "Committed"),
1329 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1330 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1331 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1334 let preimage_opt = match htlc.state {
1335 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1336 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1337 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1341 if let Some(preimage) = preimage_opt {
1342 preimages.push(preimage);
1346 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1347 local_htlc_total_msat += htlc.amount_msat;
1349 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1351 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1352 value_to_self_msat_offset -= htlc.amount_msat as i64;
1354 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1355 if !generated_by_local {
1356 value_to_self_msat_offset -= htlc.amount_msat as i64;
1364 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1365 assert!(value_to_self_msat >= 0);
1366 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1367 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1368 // "violate" their reserve value by couting those against it. Thus, we have to convert
1369 // everything to i64 before subtracting as otherwise we can overflow.
1370 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1371 assert!(value_to_remote_msat >= 0);
1373 #[cfg(debug_assertions)]
1375 // Make sure that the to_self/to_remote is always either past the appropriate
1376 // channel_reserve *or* it is making progress towards it.
1377 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1378 self.holder_max_commitment_tx_output.lock().unwrap()
1380 self.counterparty_max_commitment_tx_output.lock().unwrap()
1382 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1383 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1384 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1385 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1388 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
1389 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1390 let (value_to_self, value_to_remote) = if self.is_outbound() {
1391 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1393 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1396 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1397 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1398 let (funding_pubkey_a, funding_pubkey_b) = if local {
1399 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1401 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1404 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1405 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1410 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1411 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1416 let num_nondust_htlcs = included_non_dust_htlcs.len();
1418 let channel_parameters =
1419 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1420 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1421 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1428 &mut included_non_dust_htlcs,
1431 let mut htlcs_included = included_non_dust_htlcs;
1432 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1433 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1434 htlcs_included.append(&mut included_dust_htlcs);
1436 // For the stats, trimmed-to-0 the value in msats accordingly
1437 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1438 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1446 local_balance_msat: value_to_self_msat as u64,
1447 remote_balance_msat: value_to_remote_msat as u64,
1453 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1454 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1455 /// our counterparty!)
1456 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1457 /// TODO Some magic rust shit to compile-time check this?
1458 fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
1459 let per_commitment_point = self.holder_signer.get_per_commitment_point(commitment_number, &self.secp_ctx);
1460 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1461 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1462 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1464 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
1468 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1469 /// will sign and send to our counterparty.
1470 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
1471 fn build_remote_transaction_keys(&self) -> TxCreationKeys {
1472 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1473 //may see payments to it!
1474 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1475 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1476 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1478 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
1481 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1482 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1483 /// Panics if called before accept_channel/InboundV1Channel::new
1484 pub fn get_funding_redeemscript(&self) -> Script {
1485 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1488 fn counterparty_funding_pubkey(&self) -> &PublicKey {
1489 &self.get_counterparty_pubkeys().funding_pubkey
1492 pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
1496 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
1497 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
1498 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
1499 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
1500 // more dust balance if the feerate increases when we have several HTLCs pending
1501 // which are near the dust limit.
1502 let mut feerate_per_kw = self.feerate_per_kw;
1503 // If there's a pending update fee, use it to ensure we aren't under-estimating
1504 // potential feerate updates coming soon.
1505 if let Some((feerate, _)) = self.pending_update_fee {
1506 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1508 if let Some(feerate) = outbound_feerate_update {
1509 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1511 cmp::max(2530, feerate_per_kw * 1250 / 1000)
1514 /// Get forwarding information for the counterparty.
1515 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
1516 self.counterparty_forwarding_info.clone()
1519 /// Returns a HTLCStats about inbound pending htlcs
1520 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1522 let mut stats = HTLCStats {
1523 pending_htlcs: context.pending_inbound_htlcs.len() as u32,
1524 pending_htlcs_value_msat: 0,
1525 on_counterparty_tx_dust_exposure_msat: 0,
1526 on_holder_tx_dust_exposure_msat: 0,
1527 holding_cell_msat: 0,
1528 on_holder_tx_holding_cell_htlcs_count: 0,
1531 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1534 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1535 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1536 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1538 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1539 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1540 for ref htlc in context.pending_inbound_htlcs.iter() {
1541 stats.pending_htlcs_value_msat += htlc.amount_msat;
1542 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
1543 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1545 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
1546 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1552 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
1553 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1555 let mut stats = HTLCStats {
1556 pending_htlcs: context.pending_outbound_htlcs.len() as u32,
1557 pending_htlcs_value_msat: 0,
1558 on_counterparty_tx_dust_exposure_msat: 0,
1559 on_holder_tx_dust_exposure_msat: 0,
1560 holding_cell_msat: 0,
1561 on_holder_tx_holding_cell_htlcs_count: 0,
1564 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1567 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1568 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1569 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1571 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1572 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1573 for ref htlc in context.pending_outbound_htlcs.iter() {
1574 stats.pending_htlcs_value_msat += htlc.amount_msat;
1575 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
1576 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1578 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
1579 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1583 for update in context.holding_cell_htlc_updates.iter() {
1584 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
1585 stats.pending_htlcs += 1;
1586 stats.pending_htlcs_value_msat += amount_msat;
1587 stats.holding_cell_msat += amount_msat;
1588 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
1589 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
1591 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
1592 stats.on_holder_tx_dust_exposure_msat += amount_msat;
1594 stats.on_holder_tx_holding_cell_htlcs_count += 1;
1601 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
1602 /// Doesn't bother handling the
1603 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
1604 /// corner case properly.
1605 pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
1606 -> AvailableBalances
1607 where F::Target: FeeEstimator
1609 let context = &self;
1610 // Note that we have to handle overflow due to the above case.
1611 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
1612 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
1614 let mut balance_msat = context.value_to_self_msat;
1615 for ref htlc in context.pending_inbound_htlcs.iter() {
1616 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
1617 balance_msat += htlc.amount_msat;
1620 balance_msat -= outbound_stats.pending_htlcs_value_msat;
1622 let outbound_capacity_msat = context.value_to_self_msat
1623 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
1625 context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
1627 let mut available_capacity_msat = outbound_capacity_msat;
1629 if context.is_outbound() {
1630 // We should mind channel commit tx fee when computing how much of the available capacity
1631 // can be used in the next htlc. Mirrors the logic in send_htlc.
1633 // The fee depends on whether the amount we will be sending is above dust or not,
1634 // and the answer will in turn change the amount itself — making it a circular
1636 // This complicates the computation around dust-values, up to the one-htlc-value.
1637 let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
1638 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1639 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
1642 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
1643 let max_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
1644 let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
1645 let min_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
1647 // We will first subtract the fee as if we were above-dust. Then, if the resulting
1648 // value ends up being below dust, we have this fee available again. In that case,
1649 // match the value to right-below-dust.
1650 let mut capacity_minus_commitment_fee_msat: i64 = (available_capacity_msat as i64) - (max_reserved_commit_tx_fee_msat as i64);
1651 if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
1652 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
1653 debug_assert!(one_htlc_difference_msat != 0);
1654 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
1655 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
1656 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
1658 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
1661 // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
1662 // sending a new HTLC won't reduce their balance below our reserve threshold.
1663 let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
1664 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1665 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
1668 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
1669 let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
1671 let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
1672 let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
1673 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
1675 if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat {
1676 // If another HTLC's fee would reduce the remote's balance below the reserve limit
1677 // we've selected for them, we can only send dust HTLCs.
1678 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
1682 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
1684 // If we get close to our maximum dust exposure, we end up in a situation where we can send
1685 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
1686 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
1687 // send above the dust limit (as the router can always overpay to meet the dust limit).
1688 let mut remaining_msat_below_dust_exposure_limit = None;
1689 let mut dust_exposure_dust_limit_msat = 0;
1690 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
1692 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1693 (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
1695 let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
1696 (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1697 context.holder_dust_limit_satoshis + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1699 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
1700 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1701 remaining_msat_below_dust_exposure_limit =
1702 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
1703 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
1706 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
1707 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1708 remaining_msat_below_dust_exposure_limit = Some(cmp::min(
1709 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
1710 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
1711 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
1714 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
1715 if available_capacity_msat < dust_exposure_dust_limit_msat {
1716 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
1718 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
1722 available_capacity_msat = cmp::min(available_capacity_msat,
1723 context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
1725 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
1726 available_capacity_msat = 0;
1730 inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
1731 - context.value_to_self_msat as i64
1732 - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
1733 - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
1735 outbound_capacity_msat,
1736 next_outbound_htlc_limit_msat: available_capacity_msat,
1737 next_outbound_htlc_minimum_msat,
1742 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
1743 let context = &self;
1744 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
1747 /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
1748 /// number of pending HTLCs that are on track to be in our next commitment tx.
1750 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1751 /// `fee_spike_buffer_htlc` is `Some`.
1753 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1754 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1756 /// Dust HTLCs are excluded.
1757 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1758 let context = &self;
1759 assert!(context.is_outbound());
1761 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1764 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1765 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1767 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1768 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1770 let mut addl_htlcs = 0;
1771 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1773 HTLCInitiator::LocalOffered => {
1774 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1778 HTLCInitiator::RemoteOffered => {
1779 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1785 let mut included_htlcs = 0;
1786 for ref htlc in context.pending_inbound_htlcs.iter() {
1787 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
1790 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
1791 // transaction including this HTLC if it times out before they RAA.
1792 included_htlcs += 1;
1795 for ref htlc in context.pending_outbound_htlcs.iter() {
1796 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
1800 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
1801 OutboundHTLCState::Committed => included_htlcs += 1,
1802 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1803 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
1804 // transaction won't be generated until they send us their next RAA, which will mean
1805 // dropping any HTLCs in this state.
1810 for htlc in context.holding_cell_htlc_updates.iter() {
1812 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
1813 if amount_msat / 1000 < real_dust_limit_timeout_sat {
1818 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
1819 // ack we're guaranteed to never include them in commitment txs anymore.
1823 let num_htlcs = included_htlcs + addl_htlcs;
1824 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1825 #[cfg(any(test, fuzzing))]
1828 if fee_spike_buffer_htlc.is_some() {
1829 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1831 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
1832 + context.holding_cell_htlc_updates.len();
1833 let commitment_tx_info = CommitmentTxInfoCached {
1835 total_pending_htlcs,
1836 next_holder_htlc_id: match htlc.origin {
1837 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1838 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1840 next_counterparty_htlc_id: match htlc.origin {
1841 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1842 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1844 feerate: context.feerate_per_kw,
1846 *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1851 /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
1852 /// pending HTLCs that are on track to be in their next commitment tx
1854 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1855 /// `fee_spike_buffer_htlc` is `Some`.
1857 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1858 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1860 /// Dust HTLCs are excluded.
1861 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1862 let context = &self;
1863 assert!(!context.is_outbound());
1865 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1868 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1869 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1871 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1872 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1874 let mut addl_htlcs = 0;
1875 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1877 HTLCInitiator::LocalOffered => {
1878 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1882 HTLCInitiator::RemoteOffered => {
1883 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1889 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
1890 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
1891 // committed outbound HTLCs, see below.
1892 let mut included_htlcs = 0;
1893 for ref htlc in context.pending_inbound_htlcs.iter() {
1894 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
1897 included_htlcs += 1;
1900 for ref htlc in context.pending_outbound_htlcs.iter() {
1901 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
1904 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
1905 // i.e. if they've responded to us with an RAA after announcement.
1907 OutboundHTLCState::Committed => included_htlcs += 1,
1908 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1909 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
1914 let num_htlcs = included_htlcs + addl_htlcs;
1915 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1916 #[cfg(any(test, fuzzing))]
1919 if fee_spike_buffer_htlc.is_some() {
1920 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1922 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
1923 let commitment_tx_info = CommitmentTxInfoCached {
1925 total_pending_htlcs,
1926 next_holder_htlc_id: match htlc.origin {
1927 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1928 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1930 next_counterparty_htlc_id: match htlc.origin {
1931 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1932 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1934 feerate: context.feerate_per_kw,
1936 *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1941 /// Returns transaction if there is pending funding transaction that is yet to broadcast
1942 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
1943 if self.channel_state & (ChannelState::FundingCreated as u32) != 0 {
1944 self.funding_transaction.clone()
1950 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
1951 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
1952 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
1953 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
1954 /// immediately (others we will have to allow to time out).
1955 pub fn force_shutdown(&mut self, should_broadcast: bool) -> ShutdownResult {
1956 // Note that we MUST only generate a monitor update that indicates force-closure - we're
1957 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
1958 // being fully configured in some cases. Thus, its likely any monitor events we generate will
1959 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
1960 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
1962 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
1963 // return them to fail the payment.
1964 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
1965 let counterparty_node_id = self.get_counterparty_node_id();
1966 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
1968 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
1969 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
1974 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
1975 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
1976 // returning a channel monitor update here would imply a channel monitor update before
1977 // we even registered the channel monitor to begin with, which is invalid.
1978 // Thus, if we aren't actually at a point where we could conceivably broadcast the
1979 // funding transaction, don't return a funding txo (which prevents providing the
1980 // monitor update to the user, even if we return one).
1981 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
1982 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
1983 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
1984 Some((self.get_counterparty_node_id(), funding_txo, ChannelMonitorUpdate {
1985 update_id: self.latest_monitor_update_id,
1986 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
1991 self.channel_state = ChannelState::ShutdownComplete as u32;
1992 self.update_time_counter += 1;
1993 (monitor_update, dropped_outbound_htlcs)
1997 // Internal utility functions for channels
1999 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
2000 /// `channel_value_satoshis` in msat, set through
2001 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
2003 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
2005 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
2006 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
2007 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
2009 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
2012 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
2014 channel_value_satoshis * 10 * configured_percent
2017 /// Returns a minimum channel reserve value the remote needs to maintain,
2018 /// required by us according to the configured or default
2019 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
2021 /// Guaranteed to return a value no larger than channel_value_satoshis
2023 /// This is used both for outbound and inbound channels and has lower bound
2024 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
2025 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
2026 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
2027 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
2030 /// This is for legacy reasons, present for forward-compatibility.
2031 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
2032 /// from storage. Hence, we use this function to not persist default values of
2033 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
2034 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
2035 let (q, _) = channel_value_satoshis.overflowing_div(100);
2036 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
2039 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2040 // Note that num_htlcs should not include dust HTLCs.
2042 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2043 feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2046 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2047 // Note that num_htlcs should not include dust HTLCs.
2048 fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2049 // Note that we need to divide before multiplying to round properly,
2050 // since the lowest denomination of bitcoin on-chain is the satoshi.
2051 (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2054 // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
2055 // has been completed, and then turn into a Channel to get compiler-time enforcement of things like
2056 // calling channel_id() before we're set up or things like get_funding_signed on an
2059 // Holder designates channel data owned for the benefit of the user client.
2060 // Counterparty designates channel data owned by the another channel participant entity.
2061 pub(super) struct Channel<Signer: ChannelSigner> {
2062 pub context: ChannelContext<Signer>,
2065 #[cfg(any(test, fuzzing))]
2066 struct CommitmentTxInfoCached {
2068 total_pending_htlcs: usize,
2069 next_holder_htlc_id: u64,
2070 next_counterparty_htlc_id: u64,
2074 impl<Signer: WriteableEcdsaChannelSigner> Channel<Signer> {
2075 fn check_remote_fee<F: Deref, L: Deref>(
2076 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
2077 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
2078 ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
2080 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
2081 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
2082 // We generally don't care too much if they set the feerate to something very high, but it
2083 // could result in the channel being useless due to everything being dust. This doesn't
2084 // apply to channels supporting anchor outputs since HTLC transactions are pre-signed with a
2085 // zero fee, so their fee is no longer considered to determine dust limits.
2086 if !channel_type.supports_anchors_zero_fee_htlc_tx() {
2087 let upper_limit = cmp::max(250 * 25,
2088 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
2089 if feerate_per_kw as u64 > upper_limit {
2090 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
2094 // We can afford to use a lower bound with anchors than previously since we can now bump
2095 // fees when broadcasting our commitment. However, we must still make sure we meet the
2096 // minimum mempool feerate, until package relay is deployed, such that we can ensure the
2097 // commitment transaction propagates throughout node mempools on its own.
2098 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
2099 ConfirmationTarget::MempoolMinimum
2101 ConfirmationTarget::Background
2103 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
2104 // Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
2105 // occasional issues with feerate disagreements between an initiator that wants a feerate
2106 // of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
2107 // sat/kw before the comparison here.
2108 if feerate_per_kw + 250 < lower_limit {
2109 if let Some(cur_feerate) = cur_feerate_per_kw {
2110 if feerate_per_kw > cur_feerate {
2112 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
2113 cur_feerate, feerate_per_kw);
2117 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {} (- 250)", feerate_per_kw, lower_limit)));
2123 fn get_closing_scriptpubkey(&self) -> Script {
2124 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
2125 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
2126 // outside of those situations will fail.
2127 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
2131 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
2136 1 + // script length (0)
2140 )*4 + // * 4 for non-witness parts
2141 2 + // witness marker and flag
2142 1 + // witness element count
2143 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
2144 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
2145 2*(1 + 71); // two signatures + sighash type flags
2146 if let Some(spk) = a_scriptpubkey {
2147 ret += ((8+1) + // output values and script length
2148 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2150 if let Some(spk) = b_scriptpubkey {
2151 ret += ((8+1) + // output values and script length
2152 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2158 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
2159 assert!(self.context.pending_inbound_htlcs.is_empty());
2160 assert!(self.context.pending_outbound_htlcs.is_empty());
2161 assert!(self.context.pending_update_fee.is_none());
2163 let mut total_fee_satoshis = proposed_total_fee_satoshis;
2164 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
2165 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
2167 if value_to_holder < 0 {
2168 assert!(self.context.is_outbound());
2169 total_fee_satoshis += (-value_to_holder) as u64;
2170 } else if value_to_counterparty < 0 {
2171 assert!(!self.context.is_outbound());
2172 total_fee_satoshis += (-value_to_counterparty) as u64;
2175 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
2176 value_to_counterparty = 0;
2179 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
2180 value_to_holder = 0;
2183 assert!(self.context.shutdown_scriptpubkey.is_some());
2184 let holder_shutdown_script = self.get_closing_scriptpubkey();
2185 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
2186 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
2188 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
2189 (closing_transaction, total_fee_satoshis)
2192 fn funding_outpoint(&self) -> OutPoint {
2193 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
2196 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
2199 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
2200 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
2202 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
2204 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
2205 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
2206 where L::Target: Logger {
2207 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
2208 // (see equivalent if condition there).
2209 assert!(self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
2210 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
2211 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
2212 self.context.latest_monitor_update_id = mon_update_id;
2213 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
2214 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
2218 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
2219 // Either ChannelReady got set (which means it won't be unset) or there is no way any
2220 // caller thought we could have something claimed (cause we wouldn't have accepted in an
2221 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
2223 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2224 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
2226 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2228 let payment_hash_calc = PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner());
2230 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2231 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2232 // these, but for now we just have to treat them as normal.
2234 let mut pending_idx = core::usize::MAX;
2235 let mut htlc_value_msat = 0;
2236 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2237 if htlc.htlc_id == htlc_id_arg {
2238 assert_eq!(htlc.payment_hash, payment_hash_calc);
2240 InboundHTLCState::Committed => {},
2241 InboundHTLCState::LocalRemoved(ref reason) => {
2242 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2244 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id()));
2245 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2247 return UpdateFulfillFetch::DuplicateClaim {};
2250 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2251 // Don't return in release mode here so that we can update channel_monitor
2255 htlc_value_msat = htlc.amount_msat;
2259 if pending_idx == core::usize::MAX {
2260 #[cfg(any(test, fuzzing))]
2261 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
2262 // this is simply a duplicate claim, not previously failed and we lost funds.
2263 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2264 return UpdateFulfillFetch::DuplicateClaim {};
2267 // Now update local state:
2269 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
2270 // can claim it even if the channel hits the chain before we see their next commitment.
2271 self.context.latest_monitor_update_id += 1;
2272 let monitor_update = ChannelMonitorUpdate {
2273 update_id: self.context.latest_monitor_update_id,
2274 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
2275 payment_preimage: payment_preimage_arg.clone(),
2279 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2280 // Note that this condition is the same as the assertion in
2281 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
2282 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
2283 // do not not get into this branch.
2284 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2285 match pending_update {
2286 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2287 if htlc_id_arg == htlc_id {
2288 // Make sure we don't leave latest_monitor_update_id incremented here:
2289 self.context.latest_monitor_update_id -= 1;
2290 #[cfg(any(test, fuzzing))]
2291 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2292 return UpdateFulfillFetch::DuplicateClaim {};
2295 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2296 if htlc_id_arg == htlc_id {
2297 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", log_bytes!(self.context.channel_id()));
2298 // TODO: We may actually be able to switch to a fulfill here, though its
2299 // rare enough it may not be worth the complexity burden.
2300 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2301 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2307 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", log_bytes!(self.context.channel_id()), self.context.channel_state);
2308 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
2309 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
2311 #[cfg(any(test, fuzzing))]
2312 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2313 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2315 #[cfg(any(test, fuzzing))]
2316 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2319 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2320 if let InboundHTLCState::Committed = htlc.state {
2322 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2323 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2325 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
2326 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
2329 UpdateFulfillFetch::NewClaim {
2332 msg: Some(msgs::UpdateFulfillHTLC {
2333 channel_id: self.context.channel_id(),
2334 htlc_id: htlc_id_arg,
2335 payment_preimage: payment_preimage_arg,
2340 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
2341 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
2342 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
2343 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
2344 // Even if we aren't supposed to let new monitor updates with commitment state
2345 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
2346 // matter what. Sadly, to push a new monitor update which flies before others
2347 // already queued, we have to insert it into the pending queue and update the
2348 // update_ids of all the following monitors.
2349 if release_cs_monitor && msg.is_some() {
2350 let mut additional_update = self.build_commitment_no_status_check(logger);
2351 // build_commitment_no_status_check may bump latest_monitor_id but we want them
2352 // to be strictly increasing by one, so decrement it here.
2353 self.context.latest_monitor_update_id = monitor_update.update_id;
2354 monitor_update.updates.append(&mut additional_update.updates);
2356 let new_mon_id = self.context.blocked_monitor_updates.get(0)
2357 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
2358 monitor_update.update_id = new_mon_id;
2359 for held_update in self.context.blocked_monitor_updates.iter_mut() {
2360 held_update.update.update_id += 1;
2363 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
2364 let update = self.build_commitment_no_status_check(logger);
2365 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
2371 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
2372 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
2374 UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
2378 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2379 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2380 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2381 /// before we fail backwards.
2383 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2384 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2385 /// [`ChannelError::Ignore`].
2386 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
2387 -> Result<(), ChannelError> where L::Target: Logger {
2388 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
2389 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
2392 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2393 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2394 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2395 /// before we fail backwards.
2397 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2398 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2399 /// [`ChannelError::Ignore`].
2400 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
2401 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
2402 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2403 panic!("Was asked to fail an HTLC when channel was not in an operational state");
2405 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2407 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2408 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2409 // these, but for now we just have to treat them as normal.
2411 let mut pending_idx = core::usize::MAX;
2412 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2413 if htlc.htlc_id == htlc_id_arg {
2415 InboundHTLCState::Committed => {},
2416 InboundHTLCState::LocalRemoved(ref reason) => {
2417 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2419 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2424 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2425 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
2431 if pending_idx == core::usize::MAX {
2432 #[cfg(any(test, fuzzing))]
2433 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2434 // is simply a duplicate fail, not previously failed and we failed-back too early.
2435 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2439 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2440 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2441 force_holding_cell = true;
2444 // Now update local state:
2445 if force_holding_cell {
2446 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2447 match pending_update {
2448 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2449 if htlc_id_arg == htlc_id {
2450 #[cfg(any(test, fuzzing))]
2451 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2455 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2456 if htlc_id_arg == htlc_id {
2457 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2458 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2464 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, log_bytes!(self.context.channel_id()));
2465 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2466 htlc_id: htlc_id_arg,
2472 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, log_bytes!(self.context.channel_id()));
2474 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2475 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2478 Ok(Some(msgs::UpdateFailHTLC {
2479 channel_id: self.context.channel_id(),
2480 htlc_id: htlc_id_arg,
2485 // Message handlers:
2487 /// Handles a funding_signed message from the remote end.
2488 /// If this call is successful, broadcast the funding transaction (and not before!)
2489 pub fn funding_signed<SP: Deref, L: Deref>(
2490 &mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
2491 ) -> Result<ChannelMonitor<Signer>, ChannelError>
2493 SP::Target: SignerProvider<Signer = Signer>,
2496 if !self.context.is_outbound() {
2497 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2499 if self.context.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2500 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2502 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2503 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2504 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2505 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2508 let funding_script = self.context.get_funding_redeemscript();
2510 let counterparty_keys = self.context.build_remote_transaction_keys();
2511 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2512 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2513 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2515 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2516 log_bytes!(self.context.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2518 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2519 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2521 let trusted_tx = initial_commitment_tx.trust();
2522 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2523 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2524 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2525 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
2526 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2530 let holder_commitment_tx = HolderCommitmentTransaction::new(
2531 initial_commitment_tx,
2534 &self.context.get_holder_pubkeys().funding_pubkey,
2535 self.context.counterparty_funding_pubkey()
2538 self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2539 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2542 let funding_redeemscript = self.context.get_funding_redeemscript();
2543 let funding_txo = self.context.get_funding_txo().unwrap();
2544 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2545 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
2546 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2547 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
2548 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
2549 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
2550 shutdown_script, self.context.get_holder_selected_contest_delay(),
2551 &self.context.destination_script, (funding_txo, funding_txo_script),
2552 &self.context.channel_transaction_parameters,
2553 funding_redeemscript.clone(), self.context.channel_value_satoshis,
2555 holder_commitment_tx, best_block, self.context.counterparty_node_id);
2557 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_bitcoin_tx.txid, Vec::new(), self.context.cur_counterparty_commitment_transaction_number, self.context.counterparty_cur_commitment_point.unwrap(), logger);
2559 assert_eq!(self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2560 self.context.channel_state = ChannelState::FundingSent as u32;
2561 self.context.cur_holder_commitment_transaction_number -= 1;
2562 self.context.cur_counterparty_commitment_transaction_number -= 1;
2564 log_info!(logger, "Received funding_signed from peer for channel {}", log_bytes!(self.context.channel_id()));
2566 let need_channel_ready = self.check_get_channel_ready(0).is_some();
2567 self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
2571 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2572 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2574 pub fn channel_ready<NS: Deref, L: Deref>(
2575 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, genesis_block_hash: BlockHash,
2576 user_config: &UserConfig, best_block: &BestBlock, logger: &L
2577 ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
2579 NS::Target: NodeSigner,
2582 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2583 self.context.workaround_lnd_bug_4006 = Some(msg.clone());
2584 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2587 if let Some(scid_alias) = msg.short_channel_id_alias {
2588 if Some(scid_alias) != self.context.short_channel_id {
2589 // The scid alias provided can be used to route payments *from* our counterparty,
2590 // i.e. can be used for inbound payments and provided in invoices, but is not used
2591 // when routing outbound payments.
2592 self.context.latest_inbound_scid_alias = Some(scid_alias);
2596 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
2598 if non_shutdown_state == ChannelState::FundingSent as u32 {
2599 self.context.channel_state |= ChannelState::TheirChannelReady as u32;
2600 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2601 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
2602 self.context.update_time_counter += 1;
2603 } else if self.context.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2604 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2605 (self.context.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2606 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2608 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2609 // required, or they're sending a fresh SCID alias.
2610 let expected_point =
2611 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2612 // If they haven't ever sent an updated point, the point they send should match
2614 self.context.counterparty_cur_commitment_point
2615 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
2616 // If we've advanced the commitment number once, the second commitment point is
2617 // at `counterparty_prev_commitment_point`, which is not yet revoked.
2618 debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
2619 self.context.counterparty_prev_commitment_point
2621 // If they have sent updated points, channel_ready is always supposed to match
2622 // their "first" point, which we re-derive here.
2623 Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
2624 &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2625 ).expect("We already advanced, so previous secret keys should have been validated already")))
2627 if expected_point != Some(msg.next_per_commitment_point) {
2628 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2632 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2635 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
2636 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2638 log_info!(logger, "Received channel_ready from peer for channel {}", log_bytes!(self.context.channel_id()));
2640 Ok(self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger))
2643 pub fn update_add_htlc<F, FE: Deref, L: Deref>(
2644 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
2645 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
2646 ) -> Result<(), ChannelError>
2647 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
2648 FE::Target: FeeEstimator, L::Target: Logger,
2650 // We can't accept HTLCs sent after we've sent a shutdown.
2651 let local_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2652 if local_sent_shutdown {
2653 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2655 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2656 let remote_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2657 if remote_sent_shutdown {
2658 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2660 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2661 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2663 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
2664 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2666 if msg.amount_msat == 0 {
2667 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2669 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
2670 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
2673 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
2674 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
2675 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
2676 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
2678 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
2679 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
2681 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2682 // the reserve_satoshis we told them to always have as direct payment so that they lose
2683 // something if we punish them for broadcasting an old state).
2684 // Note that we don't really care about having a small/no to_remote output in our local
2685 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2686 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2687 // present in the next commitment transaction we send them (at least for fulfilled ones,
2688 // failed ones won't modify value_to_self).
2689 // Note that we will send HTLCs which another instance of rust-lightning would think
2690 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2691 // Channel state once they will not be present in the next received commitment
2693 let mut removed_outbound_total_msat = 0;
2694 for ref htlc in self.context.pending_outbound_htlcs.iter() {
2695 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2696 removed_outbound_total_msat += htlc.amount_msat;
2697 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2698 removed_outbound_total_msat += htlc.amount_msat;
2702 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
2703 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2706 let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
2707 (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
2708 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
2710 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
2711 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2712 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2713 if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2714 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2715 on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2716 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2720 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
2721 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2722 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2723 if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2724 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2725 on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2726 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2730 let pending_value_to_self_msat =
2731 self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2732 let pending_remote_value_msat =
2733 self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2734 if pending_remote_value_msat < msg.amount_msat {
2735 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2738 // Check that the remote can afford to pay for this HTLC on-chain at the current
2739 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2740 let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
2741 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2742 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2744 if pending_remote_value_msat - msg.amount_msat < remote_commit_tx_fee_msat {
2745 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2748 if pending_remote_value_msat - msg.amount_msat - remote_commit_tx_fee_msat < self.context.holder_selected_channel_reserve_satoshis * 1000 {
2749 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2752 if !self.context.is_outbound() {
2753 // `2 *` and `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2754 // the spec because in the spec, the fee spike buffer requirement doesn't exist on the
2755 // receiver's side, only on the sender's.
2756 // Note that when we eventually remove support for fee updates and switch to anchor output
2757 // fees, we will drop the `2 *`, since we no longer be as sensitive to fee spikes. But, keep
2758 // the extra htlc when calculating the next remote commitment transaction fee as we should
2759 // still be able to afford adding this HTLC plus one more future HTLC, regardless of being
2760 // sensitive to fee spikes.
2761 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2762 let remote_fee_cost_incl_stuck_buffer_msat = 2 * self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2763 if pending_remote_value_msat - msg.amount_msat - self.context.holder_selected_channel_reserve_satoshis * 1000 < remote_fee_cost_incl_stuck_buffer_msat {
2764 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2765 // the HTLC, i.e. its status is already set to failing.
2766 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", log_bytes!(self.context.channel_id()));
2767 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2770 // Check that they won't violate our local required channel reserve by adding this HTLC.
2771 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2772 let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
2773 if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat {
2774 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2777 if self.context.next_counterparty_htlc_id != msg.htlc_id {
2778 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
2780 if msg.cltv_expiry >= 500000000 {
2781 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2784 if self.context.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2785 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2786 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2790 // Now update local state:
2791 self.context.next_counterparty_htlc_id += 1;
2792 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
2793 htlc_id: msg.htlc_id,
2794 amount_msat: msg.amount_msat,
2795 payment_hash: msg.payment_hash,
2796 cltv_expiry: msg.cltv_expiry,
2797 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2802 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2804 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2805 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2806 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
2807 if htlc.htlc_id == htlc_id {
2808 let outcome = match check_preimage {
2809 None => fail_reason.into(),
2810 Some(payment_preimage) => {
2811 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2812 if payment_hash != htlc.payment_hash {
2813 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2815 OutboundHTLCOutcome::Success(Some(payment_preimage))
2819 OutboundHTLCState::LocalAnnounced(_) =>
2820 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2821 OutboundHTLCState::Committed => {
2822 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2824 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2825 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2830 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2833 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2834 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2835 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2837 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2838 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2841 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2844 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2845 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2846 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2848 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2849 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2852 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2856 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2857 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2858 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2860 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2861 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2864 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2868 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
2869 where L::Target: Logger
2871 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2872 return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
2874 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2875 return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
2877 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
2878 return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
2881 let funding_script = self.context.get_funding_redeemscript();
2883 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2885 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
2886 let commitment_txid = {
2887 let trusted_tx = commitment_stats.tx.trust();
2888 let bitcoin_tx = trusted_tx.built_transaction();
2889 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2891 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
2892 log_bytes!(msg.signature.serialize_compact()[..]),
2893 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
2894 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.context.channel_id()));
2895 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
2896 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
2900 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
2902 // If our counterparty updated the channel fee in this commitment transaction, check that
2903 // they can actually afford the new fee now.
2904 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
2905 update_state == FeeUpdateState::RemoteAnnounced
2908 debug_assert!(!self.context.is_outbound());
2909 let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
2910 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
2911 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
2914 #[cfg(any(test, fuzzing))]
2916 if self.context.is_outbound() {
2917 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
2918 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
2919 if let Some(info) = projected_commit_tx_info {
2920 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
2921 + self.context.holding_cell_htlc_updates.len();
2922 if info.total_pending_htlcs == total_pending_htlcs
2923 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
2924 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
2925 && info.feerate == self.context.feerate_per_kw {
2926 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
2932 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
2933 return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
2936 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
2937 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
2938 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
2939 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
2940 // backwards compatibility, we never use it in production. To provide test coverage, here,
2941 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
2942 #[allow(unused_assignments, unused_mut)]
2943 let mut separate_nondust_htlc_sources = false;
2944 #[cfg(all(feature = "std", any(test, fuzzing)))] {
2945 use core::hash::{BuildHasher, Hasher};
2946 // Get a random value using the only std API to do so - the DefaultHasher
2947 let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
2948 separate_nondust_htlc_sources = rand_val % 2 == 0;
2951 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
2952 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
2953 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
2954 if let Some(_) = htlc.transaction_output_index {
2955 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
2956 self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
2957 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
2959 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
2960 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
2961 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
2962 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
2963 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
2964 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.context.channel_id()));
2965 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
2966 return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
2968 if !separate_nondust_htlc_sources {
2969 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
2972 htlcs_and_sigs.push((htlc, None, source_opt.take()));
2974 if separate_nondust_htlc_sources {
2975 if let Some(source) = source_opt.take() {
2976 nondust_htlc_sources.push(source);
2979 debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
2982 let holder_commitment_tx = HolderCommitmentTransaction::new(
2983 commitment_stats.tx,
2985 msg.htlc_signatures.clone(),
2986 &self.context.get_holder_pubkeys().funding_pubkey,
2987 self.context.counterparty_funding_pubkey()
2990 self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
2991 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2993 // Update state now that we've passed all the can-fail calls...
2994 let mut need_commitment = false;
2995 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
2996 if *update_state == FeeUpdateState::RemoteAnnounced {
2997 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
2998 need_commitment = true;
3002 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
3003 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3004 Some(forward_info.clone())
3006 if let Some(forward_info) = new_forward {
3007 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3008 log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
3009 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3010 need_commitment = true;
3013 let mut claimed_htlcs = Vec::new();
3014 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3015 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3016 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3017 log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
3018 // Grab the preimage, if it exists, instead of cloning
3019 let mut reason = OutboundHTLCOutcome::Success(None);
3020 mem::swap(outcome, &mut reason);
3021 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
3022 // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
3023 // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
3024 // have a `Success(None)` reason. In this case we could forget some HTLC
3025 // claims, but such an upgrade is unlikely and including claimed HTLCs here
3026 // fixes a bug which the user was exposed to on 0.0.104 when they started the
3028 claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
3030 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3031 need_commitment = true;
3035 self.context.latest_monitor_update_id += 1;
3036 let mut monitor_update = ChannelMonitorUpdate {
3037 update_id: self.context.latest_monitor_update_id,
3038 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3039 commitment_tx: holder_commitment_tx,
3040 htlc_outputs: htlcs_and_sigs,
3042 nondust_htlc_sources,
3046 self.context.cur_holder_commitment_transaction_number -= 1;
3047 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3048 // build_commitment_no_status_check() next which will reset this to RAAFirst.
3049 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
3051 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3052 // In case we initially failed monitor updating without requiring a response, we need
3053 // to make sure the RAA gets sent first.
3054 self.context.monitor_pending_revoke_and_ack = true;
3055 if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3056 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3057 // the corresponding HTLC status updates so that get_last_commitment_update
3058 // includes the right HTLCs.
3059 self.context.monitor_pending_commitment_signed = true;
3060 let mut additional_update = self.build_commitment_no_status_check(logger);
3061 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3062 // strictly increasing by one, so decrement it here.
3063 self.context.latest_monitor_update_id = monitor_update.update_id;
3064 monitor_update.updates.append(&mut additional_update.updates);
3066 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3067 log_bytes!(self.context.channel_id));
3068 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3071 let need_commitment_signed = if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3072 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3073 // we'll send one right away when we get the revoke_and_ack when we
3074 // free_holding_cell_htlcs().
3075 let mut additional_update = self.build_commitment_no_status_check(logger);
3076 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3077 // strictly increasing by one, so decrement it here.
3078 self.context.latest_monitor_update_id = monitor_update.update_id;
3079 monitor_update.updates.append(&mut additional_update.updates);
3083 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3084 log_bytes!(self.context.channel_id()), if need_commitment_signed { " our own commitment_signed and" } else { "" });
3085 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
3086 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3089 /// Public version of the below, checking relevant preconditions first.
3090 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3091 /// returns `(None, Vec::new())`.
3092 pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
3093 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3094 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3095 where F::Target: FeeEstimator, L::Target: Logger
3097 if self.context.channel_state >= ChannelState::ChannelReady as u32 &&
3098 (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3099 self.free_holding_cell_htlcs(fee_estimator, logger)
3100 } else { (None, Vec::new()) }
3103 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3104 /// for our counterparty.
3105 fn free_holding_cell_htlcs<F: Deref, L: Deref>(
3106 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3107 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3108 where F::Target: FeeEstimator, L::Target: Logger
3110 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3111 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
3112 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
3113 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, log_bytes!(self.context.channel_id()));
3115 let mut monitor_update = ChannelMonitorUpdate {
3116 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
3117 updates: Vec::new(),
3120 let mut htlc_updates = Vec::new();
3121 mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
3122 let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
3123 let mut update_fulfill_htlcs = Vec::with_capacity(htlc_updates.len());
3124 let mut update_fail_htlcs = Vec::with_capacity(htlc_updates.len());
3125 let mut htlcs_to_fail = Vec::new();
3126 for htlc_update in htlc_updates.drain(..) {
3127 // Note that this *can* fail, though it should be due to rather-rare conditions on
3128 // fee races with adding too many outputs which push our total payments just over
3129 // the limit. In case it's less rare than I anticipate, we may want to revisit
3130 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3131 // to rebalance channels.
3132 match &htlc_update {
3133 &HTLCUpdateAwaitingACK::AddHTLC {
3134 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
3135 skimmed_fee_msat, ..
3137 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(),
3138 onion_routing_packet.clone(), false, skimmed_fee_msat, fee_estimator, logger)
3140 Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()),
3143 ChannelError::Ignore(ref msg) => {
3144 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}",
3145 log_bytes!(payment_hash.0), msg, log_bytes!(self.context.channel_id()));
3146 // If we fail to send here, then this HTLC should
3147 // be failed backwards. Failing to send here
3148 // indicates that this HTLC may keep being put back
3149 // into the holding cell without ever being
3150 // successfully forwarded/failed/fulfilled, causing
3151 // our counterparty to eventually close on us.
3152 htlcs_to_fail.push((source.clone(), *payment_hash));
3155 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3161 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3162 // If an HTLC claim was previously added to the holding cell (via
3163 // `get_update_fulfill_htlc`, then generating the claim message itself must
3164 // not fail - any in between attempts to claim the HTLC will have resulted
3165 // in it hitting the holding cell again and we cannot change the state of a
3166 // holding cell HTLC from fulfill to anything else.
3167 let (update_fulfill_msg_option, mut additional_monitor_update) =
3168 if let UpdateFulfillFetch::NewClaim { msg, monitor_update, .. } = self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger) {
3169 (msg, monitor_update)
3170 } else { unreachable!() };
3171 update_fulfill_htlcs.push(update_fulfill_msg_option.unwrap());
3172 monitor_update.updates.append(&mut additional_monitor_update.updates);
3174 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3175 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3176 Ok(update_fail_msg_option) => {
3177 // If an HTLC failure was previously added to the holding cell (via
3178 // `queue_fail_htlc`) then generating the fail message itself must
3179 // not fail - we should never end up in a state where we double-fail
3180 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3181 // for a full revocation before failing.
3182 update_fail_htlcs.push(update_fail_msg_option.unwrap())
3185 if let ChannelError::Ignore(_) = e {}
3187 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3194 if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.context.holding_cell_update_fee.is_none() {
3195 return (None, htlcs_to_fail);
3197 let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
3198 self.send_update_fee(feerate, false, fee_estimator, logger)
3203 let mut additional_update = self.build_commitment_no_status_check(logger);
3204 // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3205 // but we want them to be strictly increasing by one, so reset it here.
3206 self.context.latest_monitor_update_id = monitor_update.update_id;
3207 monitor_update.updates.append(&mut additional_update.updates);
3209 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3210 log_bytes!(self.context.channel_id()), if update_fee.is_some() { "a fee update, " } else { "" },
3211 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len());
3213 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
3214 (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
3220 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3221 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3222 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3223 /// generating an appropriate error *after* the channel state has been updated based on the
3224 /// revoke_and_ack message.
3225 pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
3226 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3227 ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
3228 where F::Target: FeeEstimator, L::Target: Logger,
3230 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3231 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3233 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3234 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3236 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3237 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3240 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3242 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
3243 if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
3244 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3248 if self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3249 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3250 // haven't given them a new commitment transaction to broadcast). We should probably
3251 // take advantage of this by updating our channel monitor, sending them an error, and
3252 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3253 // lot of work, and there's some chance this is all a misunderstanding anyway.
3254 // We have to do *something*, though, since our signer may get mad at us for otherwise
3255 // jumping a remote commitment number, so best to just force-close and move on.
3256 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3259 #[cfg(any(test, fuzzing))]
3261 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3262 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3265 self.context.holder_signer.validate_counterparty_revocation(
3266 self.context.cur_counterparty_commitment_transaction_number + 1,
3268 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3270 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3271 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3272 self.context.latest_monitor_update_id += 1;
3273 let mut monitor_update = ChannelMonitorUpdate {
3274 update_id: self.context.latest_monitor_update_id,
3275 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3276 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
3277 secret: msg.per_commitment_secret,
3281 // Update state now that we've passed all the can-fail calls...
3282 // (note that we may still fail to generate the new commitment_signed message, but that's
3283 // OK, we step the channel here and *then* if the new generation fails we can fail the
3284 // channel based on that, but stepping stuff here should be safe either way.
3285 self.context.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3286 self.context.sent_message_awaiting_response = None;
3287 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
3288 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3289 self.context.cur_counterparty_commitment_transaction_number -= 1;
3291 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3292 self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3295 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", log_bytes!(self.context.channel_id()));
3296 let mut to_forward_infos = Vec::new();
3297 let mut revoked_htlcs = Vec::new();
3298 let mut finalized_claimed_htlcs = Vec::new();
3299 let mut update_fail_htlcs = Vec::new();
3300 let mut update_fail_malformed_htlcs = Vec::new();
3301 let mut require_commitment = false;
3302 let mut value_to_self_msat_diff: i64 = 0;
3305 // Take references explicitly so that we can hold multiple references to self.context.
3306 let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
3307 let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
3309 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3310 pending_inbound_htlcs.retain(|htlc| {
3311 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3312 log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0));
3313 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3314 value_to_self_msat_diff += htlc.amount_msat as i64;
3319 pending_outbound_htlcs.retain(|htlc| {
3320 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3321 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
3322 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3323 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3325 finalized_claimed_htlcs.push(htlc.source.clone());
3326 // They fulfilled, so we sent them money
3327 value_to_self_msat_diff -= htlc.amount_msat as i64;
3332 for htlc in pending_inbound_htlcs.iter_mut() {
3333 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3335 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3339 let mut state = InboundHTLCState::Committed;
3340 mem::swap(&mut state, &mut htlc.state);
3342 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3343 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3344 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3345 require_commitment = true;
3346 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3347 match forward_info {
3348 PendingHTLCStatus::Fail(fail_msg) => {
3349 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", log_bytes!(htlc.payment_hash.0));
3350 require_commitment = true;
3352 HTLCFailureMsg::Relay(msg) => {
3353 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3354 update_fail_htlcs.push(msg)
3356 HTLCFailureMsg::Malformed(msg) => {
3357 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3358 update_fail_malformed_htlcs.push(msg)
3362 PendingHTLCStatus::Forward(forward_info) => {
3363 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0));
3364 to_forward_infos.push((forward_info, htlc.htlc_id));
3365 htlc.state = InboundHTLCState::Committed;
3371 for htlc in pending_outbound_htlcs.iter_mut() {
3372 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3373 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
3374 htlc.state = OutboundHTLCState::Committed;
3376 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3377 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3378 // Grab the preimage, if it exists, instead of cloning
3379 let mut reason = OutboundHTLCOutcome::Success(None);
3380 mem::swap(outcome, &mut reason);
3381 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3382 require_commitment = true;
3386 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3388 if let Some((feerate, update_state)) = self.context.pending_update_fee {
3389 match update_state {
3390 FeeUpdateState::Outbound => {
3391 debug_assert!(self.context.is_outbound());
3392 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3393 self.context.feerate_per_kw = feerate;
3394 self.context.pending_update_fee = None;
3396 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
3397 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3398 debug_assert!(!self.context.is_outbound());
3399 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3400 require_commitment = true;
3401 self.context.feerate_per_kw = feerate;
3402 self.context.pending_update_fee = None;
3407 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3408 // We can't actually generate a new commitment transaction (incl by freeing holding
3409 // cells) while we can't update the monitor, so we just return what we have.
3410 if require_commitment {
3411 self.context.monitor_pending_commitment_signed = true;
3412 // When the monitor updating is restored we'll call get_last_commitment_update(),
3413 // which does not update state, but we're definitely now awaiting a remote revoke
3414 // before we can step forward any more, so set it here.
3415 let mut additional_update = self.build_commitment_no_status_check(logger);
3416 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3417 // strictly increasing by one, so decrement it here.
3418 self.context.latest_monitor_update_id = monitor_update.update_id;
3419 monitor_update.updates.append(&mut additional_update.updates);
3421 self.context.monitor_pending_forwards.append(&mut to_forward_infos);
3422 self.context.monitor_pending_failures.append(&mut revoked_htlcs);
3423 self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3424 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", log_bytes!(self.context.channel_id()));
3425 return Ok((Vec::new(), self.push_ret_blockable_mon_update(monitor_update)));
3428 match self.free_holding_cell_htlcs(fee_estimator, logger) {
3429 (Some(mut additional_update), htlcs_to_fail) => {
3430 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3431 // strictly increasing by one, so decrement it here.
3432 self.context.latest_monitor_update_id = monitor_update.update_id;
3433 monitor_update.updates.append(&mut additional_update.updates);
3435 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3436 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3438 (None, htlcs_to_fail) => {
3439 if require_commitment {
3440 let mut additional_update = self.build_commitment_no_status_check(logger);
3442 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3443 // strictly increasing by one, so decrement it here.
3444 self.context.latest_monitor_update_id = monitor_update.update_id;
3445 monitor_update.updates.append(&mut additional_update.updates);
3447 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed.",
3448 log_bytes!(self.context.channel_id()), update_fail_htlcs.len() + update_fail_malformed_htlcs.len());
3449 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3450 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3452 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary.", log_bytes!(self.context.channel_id()));
3453 self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3454 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3460 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3461 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3462 /// commitment update.
3463 pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
3464 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
3465 where F::Target: FeeEstimator, L::Target: Logger
3467 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
3468 assert!(msg_opt.is_none(), "We forced holding cell?");
3471 /// Adds a pending update to this channel. See the doc for send_htlc for
3472 /// further details on the optionness of the return value.
3473 /// If our balance is too low to cover the cost of the next commitment transaction at the
3474 /// new feerate, the update is cancelled.
3476 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3477 /// [`Channel`] if `force_holding_cell` is false.
3478 fn send_update_fee<F: Deref, L: Deref>(
3479 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
3480 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3481 ) -> Option<msgs::UpdateFee>
3482 where F::Target: FeeEstimator, L::Target: Logger
3484 if !self.context.is_outbound() {
3485 panic!("Cannot send fee from inbound channel");
3487 if !self.context.is_usable() {
3488 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3490 if !self.context.is_live() {
3491 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3494 // Before proposing a feerate update, check that we can actually afford the new fee.
3495 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3496 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3497 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3498 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3499 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
3500 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3501 if holder_balance_msat < buffer_fee_msat + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3502 //TODO: auto-close after a number of failures?
3503 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3507 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3508 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3509 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3510 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3511 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3512 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3515 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3516 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3520 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3521 force_holding_cell = true;
3524 if force_holding_cell {
3525 self.context.holding_cell_update_fee = Some(feerate_per_kw);
3529 debug_assert!(self.context.pending_update_fee.is_none());
3530 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3532 Some(msgs::UpdateFee {
3533 channel_id: self.context.channel_id,
3538 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3539 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3541 /// No further message handling calls may be made until a channel_reestablish dance has
3543 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) where L::Target: Logger {
3544 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
3545 if self.context.channel_state < ChannelState::FundingSent as u32 {
3546 self.context.channel_state = ChannelState::ShutdownComplete as u32;
3550 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3551 // While the below code should be idempotent, it's simpler to just return early, as
3552 // redundant disconnect events can fire, though they should be rare.
3556 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3557 self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
3560 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3561 // will be retransmitted.
3562 self.context.last_sent_closing_fee = None;
3563 self.context.pending_counterparty_closing_signed = None;
3564 self.context.closing_fee_limits = None;
3566 let mut inbound_drop_count = 0;
3567 self.context.pending_inbound_htlcs.retain(|htlc| {
3569 InboundHTLCState::RemoteAnnounced(_) => {
3570 // They sent us an update_add_htlc but we never got the commitment_signed.
3571 // We'll tell them what commitment_signed we're expecting next and they'll drop
3572 // this HTLC accordingly
3573 inbound_drop_count += 1;
3576 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3577 // We received a commitment_signed updating this HTLC and (at least hopefully)
3578 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3579 // in response to it yet, so don't touch it.
3582 InboundHTLCState::Committed => true,
3583 InboundHTLCState::LocalRemoved(_) => {
3584 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3585 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3586 // (that we missed). Keep this around for now and if they tell us they missed
3587 // the commitment_signed we can re-transmit the update then.
3592 self.context.next_counterparty_htlc_id -= inbound_drop_count;
3594 if let Some((_, update_state)) = self.context.pending_update_fee {
3595 if update_state == FeeUpdateState::RemoteAnnounced {
3596 debug_assert!(!self.context.is_outbound());
3597 self.context.pending_update_fee = None;
3601 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3602 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3603 // They sent us an update to remove this but haven't yet sent the corresponding
3604 // commitment_signed, we need to move it back to Committed and they can re-send
3605 // the update upon reconnection.
3606 htlc.state = OutboundHTLCState::Committed;
3610 self.context.sent_message_awaiting_response = None;
3612 self.context.channel_state |= ChannelState::PeerDisconnected as u32;
3613 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, log_bytes!(self.context.channel_id()));
3616 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3617 /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
3618 /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
3619 /// update completes (potentially immediately).
3620 /// The messages which were generated with the monitor update must *not* have been sent to the
3621 /// remote end, and must instead have been dropped. They will be regenerated when
3622 /// [`Self::monitor_updating_restored`] is called.
3624 /// [`ChannelManager`]: super::channelmanager::ChannelManager
3625 /// [`chain::Watch`]: crate::chain::Watch
3626 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3627 fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3628 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3629 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3630 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3632 self.context.monitor_pending_revoke_and_ack |= resend_raa;
3633 self.context.monitor_pending_commitment_signed |= resend_commitment;
3634 self.context.monitor_pending_channel_ready |= resend_channel_ready;
3635 self.context.monitor_pending_forwards.append(&mut pending_forwards);
3636 self.context.monitor_pending_failures.append(&mut pending_fails);
3637 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3638 self.context.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3641 /// Indicates that the latest ChannelMonitor update has been committed by the client
3642 /// successfully and we should restore normal operation. Returns messages which should be sent
3643 /// to the remote side.
3644 pub fn monitor_updating_restored<L: Deref, NS: Deref>(
3645 &mut self, logger: &L, node_signer: &NS, genesis_block_hash: BlockHash,
3646 user_config: &UserConfig, best_block_height: u32
3647 ) -> MonitorRestoreUpdates
3650 NS::Target: NodeSigner
3652 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3653 self.context.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3655 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3656 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3657 // first received the funding_signed.
3658 let mut funding_broadcastable =
3659 if self.context.is_outbound() && self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 {
3660 self.context.funding_transaction.take()
3662 // That said, if the funding transaction is already confirmed (ie we're active with a
3663 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3664 if self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.context.minimum_depth != Some(0) {
3665 funding_broadcastable = None;
3668 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3669 // (and we assume the user never directly broadcasts the funding transaction and waits for
3670 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3671 // * an inbound channel that failed to persist the monitor on funding_created and we got
3672 // the funding transaction confirmed before the monitor was persisted, or
3673 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3674 let channel_ready = if self.context.monitor_pending_channel_ready {
3675 assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
3676 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3677 self.context.monitor_pending_channel_ready = false;
3678 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3679 Some(msgs::ChannelReady {
3680 channel_id: self.context.channel_id(),
3681 next_per_commitment_point,
3682 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3686 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block_height, logger);
3688 let mut accepted_htlcs = Vec::new();
3689 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
3690 let mut failed_htlcs = Vec::new();
3691 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
3692 let mut finalized_claimed_htlcs = Vec::new();
3693 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
3695 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3696 self.context.monitor_pending_revoke_and_ack = false;
3697 self.context.monitor_pending_commitment_signed = false;
3698 return MonitorRestoreUpdates {
3699 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3700 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3704 let raa = if self.context.monitor_pending_revoke_and_ack {
3705 Some(self.get_last_revoke_and_ack())
3707 let commitment_update = if self.context.monitor_pending_commitment_signed {
3708 self.mark_awaiting_response();
3709 Some(self.get_last_commitment_update(logger))
3712 self.context.monitor_pending_revoke_and_ack = false;
3713 self.context.monitor_pending_commitment_signed = false;
3714 let order = self.context.resend_order.clone();
3715 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3716 log_bytes!(self.context.channel_id()), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3717 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3718 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3719 MonitorRestoreUpdates {
3720 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3724 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3725 where F::Target: FeeEstimator, L::Target: Logger
3727 if self.context.is_outbound() {
3728 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3730 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3731 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3733 Channel::<Signer>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
3734 let feerate_over_dust_buffer = msg.feerate_per_kw > self.context.get_dust_buffer_feerate(None);
3736 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3737 self.context.update_time_counter += 1;
3738 // If the feerate has increased over the previous dust buffer (note that
3739 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3740 // won't be pushed over our dust exposure limit by the feerate increase.
3741 if feerate_over_dust_buffer {
3742 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
3743 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
3744 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3745 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3746 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3747 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3748 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3749 msg.feerate_per_kw, holder_tx_dust_exposure)));
3751 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3752 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3753 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3759 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3760 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3761 let per_commitment_secret = self.context.holder_signer.release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
3762 msgs::RevokeAndACK {
3763 channel_id: self.context.channel_id,
3764 per_commitment_secret,
3765 next_per_commitment_point,
3767 next_local_nonce: None,
3771 fn get_last_commitment_update<L: Deref>(&self, logger: &L) -> msgs::CommitmentUpdate where L::Target: Logger {
3772 let mut update_add_htlcs = Vec::new();
3773 let mut update_fulfill_htlcs = Vec::new();
3774 let mut update_fail_htlcs = Vec::new();
3775 let mut update_fail_malformed_htlcs = Vec::new();
3777 for htlc in self.context.pending_outbound_htlcs.iter() {
3778 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3779 update_add_htlcs.push(msgs::UpdateAddHTLC {
3780 channel_id: self.context.channel_id(),
3781 htlc_id: htlc.htlc_id,
3782 amount_msat: htlc.amount_msat,
3783 payment_hash: htlc.payment_hash,
3784 cltv_expiry: htlc.cltv_expiry,
3785 onion_routing_packet: (**onion_packet).clone(),
3786 skimmed_fee_msat: htlc.skimmed_fee_msat,
3791 for htlc in self.context.pending_inbound_htlcs.iter() {
3792 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3794 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3795 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3796 channel_id: self.context.channel_id(),
3797 htlc_id: htlc.htlc_id,
3798 reason: err_packet.clone()
3801 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3802 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3803 channel_id: self.context.channel_id(),
3804 htlc_id: htlc.htlc_id,
3805 sha256_of_onion: sha256_of_onion.clone(),
3806 failure_code: failure_code.clone(),
3809 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
3810 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
3811 channel_id: self.context.channel_id(),
3812 htlc_id: htlc.htlc_id,
3813 payment_preimage: payment_preimage.clone(),
3820 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
3821 Some(msgs::UpdateFee {
3822 channel_id: self.context.channel_id(),
3823 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
3827 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
3828 log_bytes!(self.context.channel_id()), if update_fee.is_some() { " update_fee," } else { "" },
3829 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
3830 msgs::CommitmentUpdate {
3831 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
3832 commitment_signed: self.send_commitment_no_state_update(logger).expect("It looks like we failed to re-generate a commitment_signed we had previously sent?").0,
3836 /// May panic if some calls other than message-handling calls (which will all Err immediately)
3837 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
3839 /// Some links printed in log lines are included here to check them during build (when run with
3840 /// `cargo doc --document-private-items`):
3841 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
3842 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
3843 pub fn channel_reestablish<L: Deref, NS: Deref>(
3844 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
3845 genesis_block_hash: BlockHash, user_config: &UserConfig, best_block: &BestBlock
3846 ) -> Result<ReestablishResponses, ChannelError>
3849 NS::Target: NodeSigner
3851 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
3852 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
3853 // almost certainly indicates we are going to end up out-of-sync in some way, so we
3854 // just close here instead of trying to recover.
3855 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
3858 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
3859 msg.next_local_commitment_number == 0 {
3860 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish (usually an lnd node with lost state asking us to force-close for them)".to_owned()));
3863 if msg.next_remote_commitment_number > 0 {
3864 let expected_point = self.context.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
3865 let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
3866 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
3867 if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
3868 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
3870 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
3871 macro_rules! log_and_panic {
3872 ($err_msg: expr) => {
3873 log_error!(logger, $err_msg, log_bytes!(self.context.channel_id), log_pubkey!(self.context.counterparty_node_id));
3874 panic!($err_msg, log_bytes!(self.context.channel_id), log_pubkey!(self.context.counterparty_node_id));
3877 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
3878 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
3879 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
3880 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
3881 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
3882 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
3883 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
3884 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
3888 // Before we change the state of the channel, we check if the peer is sending a very old
3889 // commitment transaction number, if yes we send a warning message.
3890 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
3891 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
3893 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
3897 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
3898 // remaining cases either succeed or ErrorMessage-fail).
3899 self.context.channel_state &= !(ChannelState::PeerDisconnected as u32);
3900 self.context.sent_message_awaiting_response = None;
3902 let shutdown_msg = if self.context.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
3903 assert!(self.context.shutdown_scriptpubkey.is_some());
3904 Some(msgs::Shutdown {
3905 channel_id: self.context.channel_id,
3906 scriptpubkey: self.get_closing_scriptpubkey(),
3910 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger);
3912 if self.context.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
3913 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
3914 if self.context.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
3915 self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3916 if msg.next_remote_commitment_number != 0 {
3917 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
3919 // Short circuit the whole handler as there is nothing we can resend them
3920 return Ok(ReestablishResponses {
3921 channel_ready: None,
3922 raa: None, commitment_update: None,
3923 order: RAACommitmentOrder::CommitmentFirst,
3924 shutdown_msg, announcement_sigs,
3928 // We have OurChannelReady set!
3929 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3930 return Ok(ReestablishResponses {
3931 channel_ready: Some(msgs::ChannelReady {
3932 channel_id: self.context.channel_id(),
3933 next_per_commitment_point,
3934 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3936 raa: None, commitment_update: None,
3937 order: RAACommitmentOrder::CommitmentFirst,
3938 shutdown_msg, announcement_sigs,
3942 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
3943 // Remote isn't waiting on any RevokeAndACK from us!
3944 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
3946 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.context.cur_holder_commitment_transaction_number {
3947 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3948 self.context.monitor_pending_revoke_and_ack = true;
3951 Some(self.get_last_revoke_and_ack())
3954 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
3957 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
3958 // revoke_and_ack, not on sending commitment_signed, so we add one if have
3959 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
3960 // the corresponding revoke_and_ack back yet.
3961 let is_awaiting_remote_revoke = self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 != 0;
3962 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
3963 self.mark_awaiting_response();
3965 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
3967 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
3968 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
3969 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3970 Some(msgs::ChannelReady {
3971 channel_id: self.context.channel_id(),
3972 next_per_commitment_point,
3973 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3977 if msg.next_local_commitment_number == next_counterparty_commitment_number {
3978 if required_revoke.is_some() {
3979 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.context.channel_id()));
3981 log_debug!(logger, "Reconnected channel {} with no loss", log_bytes!(self.context.channel_id()));
3984 Ok(ReestablishResponses {
3985 channel_ready, shutdown_msg, announcement_sigs,
3986 raa: required_revoke,
3987 commitment_update: None,
3988 order: self.context.resend_order.clone(),
3990 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
3991 if required_revoke.is_some() {
3992 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", log_bytes!(self.context.channel_id()));
3994 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.context.channel_id()));
3997 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3998 self.context.monitor_pending_commitment_signed = true;
3999 Ok(ReestablishResponses {
4000 channel_ready, shutdown_msg, announcement_sigs,
4001 commitment_update: None, raa: None,
4002 order: self.context.resend_order.clone(),
4005 Ok(ReestablishResponses {
4006 channel_ready, shutdown_msg, announcement_sigs,
4007 raa: required_revoke,
4008 commitment_update: Some(self.get_last_commitment_update(logger)),
4009 order: self.context.resend_order.clone(),
4013 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4017 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4018 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4019 /// at which point they will be recalculated.
4020 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4022 where F::Target: FeeEstimator
4024 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
4026 // Propose a range from our current Background feerate to our Normal feerate plus our
4027 // force_close_avoidance_max_fee_satoshis.
4028 // If we fail to come to consensus, we'll have to force-close.
4029 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
4030 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
4031 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
4033 // The spec requires that (when the channel does not have anchors) we only send absolute
4034 // channel fees no greater than the absolute channel fee on the current commitment
4035 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4036 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4037 // some force-closure by old nodes, but we wanted to close the channel anyway.
4039 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
4040 let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
4041 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4042 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4045 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4046 // below our dust limit, causing the output to disappear. We don't bother handling this
4047 // case, however, as this should only happen if a channel is closed before any (material)
4048 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4049 // come to consensus with our counterparty on appropriate fees, however it should be a
4050 // relatively rare case. We can revisit this later, though note that in order to determine
4051 // if the funders' output is dust we have to know the absolute fee we're going to use.
4052 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4053 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4054 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
4055 // We always add force_close_avoidance_max_fee_satoshis to our normal
4056 // feerate-calculated fee, but allow the max to be overridden if we're using a
4057 // target feerate-calculated fee.
4058 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
4059 proposed_max_feerate as u64 * tx_weight / 1000)
4061 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
4064 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4065 self.context.closing_fee_limits.clone().unwrap()
4068 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4069 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4070 /// this point if we're the funder we should send the initial closing_signed, and in any case
4071 /// shutdown should complete within a reasonable timeframe.
4072 fn closing_negotiation_ready(&self) -> bool {
4073 self.context.closing_negotiation_ready()
4076 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4077 /// an Err if no progress is being made and the channel should be force-closed instead.
4078 /// Should be called on a one-minute timer.
4079 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4080 if self.closing_negotiation_ready() {
4081 if self.context.closing_signed_in_flight {
4082 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4084 self.context.closing_signed_in_flight = true;
4090 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4091 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4092 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4093 where F::Target: FeeEstimator, L::Target: Logger
4095 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4096 return Ok((None, None));
4099 if !self.context.is_outbound() {
4100 if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
4101 return self.closing_signed(fee_estimator, &msg);
4103 return Ok((None, None));
4106 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4108 assert!(self.context.shutdown_scriptpubkey.is_some());
4109 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4110 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4111 our_min_fee, our_max_fee, total_fee_satoshis);
4113 let sig = self.context.holder_signer
4114 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4115 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4117 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4118 Ok((Some(msgs::ClosingSigned {
4119 channel_id: self.context.channel_id,
4120 fee_satoshis: total_fee_satoshis,
4122 fee_range: Some(msgs::ClosingSignedFeeRange {
4123 min_fee_satoshis: our_min_fee,
4124 max_fee_satoshis: our_max_fee,
4129 // Marks a channel as waiting for a response from the counterparty. If it's not received
4130 // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
4132 fn mark_awaiting_response(&mut self) {
4133 self.context.sent_message_awaiting_response = Some(0);
4136 /// Determines whether we should disconnect the counterparty due to not receiving a response
4137 /// within our expected timeframe.
4139 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
4140 pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
4141 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
4144 // Don't disconnect when we're not waiting on a response.
4147 *ticks_elapsed += 1;
4148 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
4151 pub fn shutdown<SP: Deref>(
4152 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
4153 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4154 where SP::Target: SignerProvider
4156 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4157 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4159 if self.context.channel_state < ChannelState::FundingSent as u32 {
4160 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4161 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4162 // can do that via error message without getting a connection fail anyway...
4163 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4165 for htlc in self.context.pending_inbound_htlcs.iter() {
4166 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4167 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4170 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
4172 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4173 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4176 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
4177 if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
4178 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4181 self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4184 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4185 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4186 // any further commitment updates after we set LocalShutdownSent.
4187 let send_shutdown = (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4189 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
4192 assert!(send_shutdown);
4193 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
4194 Ok(scriptpubkey) => scriptpubkey,
4195 Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
4197 if !shutdown_scriptpubkey.is_compatible(their_features) {
4198 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4200 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4205 // From here on out, we may not fail!
4207 self.context.channel_state |= ChannelState::RemoteShutdownSent as u32;
4208 self.context.update_time_counter += 1;
4210 let monitor_update = if update_shutdown_script {
4211 self.context.latest_monitor_update_id += 1;
4212 let monitor_update = ChannelMonitorUpdate {
4213 update_id: self.context.latest_monitor_update_id,
4214 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4215 scriptpubkey: self.get_closing_scriptpubkey(),
4218 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
4219 self.push_ret_blockable_mon_update(monitor_update)
4221 let shutdown = if send_shutdown {
4222 Some(msgs::Shutdown {
4223 channel_id: self.context.channel_id,
4224 scriptpubkey: self.get_closing_scriptpubkey(),
4228 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4229 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4230 // cell HTLCs and return them to fail the payment.
4231 self.context.holding_cell_update_fee = None;
4232 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
4233 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4235 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4236 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4243 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
4244 self.context.update_time_counter += 1;
4246 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4249 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4250 let mut tx = closing_tx.trust().built_transaction().clone();
4252 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4254 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
4255 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
4256 let mut holder_sig = sig.serialize_der().to_vec();
4257 holder_sig.push(EcdsaSighashType::All as u8);
4258 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4259 cp_sig.push(EcdsaSighashType::All as u8);
4260 if funding_key[..] < counterparty_funding_key[..] {
4261 tx.input[0].witness.push(holder_sig);
4262 tx.input[0].witness.push(cp_sig);
4264 tx.input[0].witness.push(cp_sig);
4265 tx.input[0].witness.push(holder_sig);
4268 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
4272 pub fn closing_signed<F: Deref>(
4273 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4274 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4275 where F::Target: FeeEstimator
4277 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4278 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4280 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4281 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4283 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
4284 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4286 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4287 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4290 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
4291 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4294 if self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4295 self.context.pending_counterparty_closing_signed = Some(msg.clone());
4296 return Ok((None, None));
4299 let funding_redeemscript = self.context.get_funding_redeemscript();
4300 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4301 if used_total_fee != msg.fee_satoshis {
4302 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4304 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4306 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
4309 // The remote end may have decided to revoke their output due to inconsistent dust
4310 // limits, so check for that case by re-checking the signature here.
4311 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4312 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4313 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4317 for outp in closing_tx.trust().built_transaction().output.iter() {
4318 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4319 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4323 assert!(self.context.shutdown_scriptpubkey.is_some());
4324 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
4325 if last_fee == msg.fee_satoshis {
4326 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4327 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4328 self.context.update_time_counter += 1;
4329 return Ok((None, Some(tx)));
4333 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4335 macro_rules! propose_fee {
4336 ($new_fee: expr) => {
4337 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4338 (closing_tx, $new_fee)
4340 self.build_closing_transaction($new_fee, false)
4343 let sig = self.context.holder_signer
4344 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4345 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4347 let signed_tx = if $new_fee == msg.fee_satoshis {
4348 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4349 self.context.update_time_counter += 1;
4350 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4354 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
4355 return Ok((Some(msgs::ClosingSigned {
4356 channel_id: self.context.channel_id,
4357 fee_satoshis: used_fee,
4359 fee_range: Some(msgs::ClosingSignedFeeRange {
4360 min_fee_satoshis: our_min_fee,
4361 max_fee_satoshis: our_max_fee,
4367 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4368 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4369 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4371 if max_fee_satoshis < our_min_fee {
4372 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4374 if min_fee_satoshis > our_max_fee {
4375 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4378 if !self.context.is_outbound() {
4379 // They have to pay, so pick the highest fee in the overlapping range.
4380 // We should never set an upper bound aside from their full balance
4381 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
4382 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4384 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4385 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4386 msg.fee_satoshis, our_min_fee, our_max_fee)));
4388 // The proposed fee is in our acceptable range, accept it and broadcast!
4389 propose_fee!(msg.fee_satoshis);
4392 // Old fee style negotiation. We don't bother to enforce whether they are complying
4393 // with the "making progress" requirements, we just comply and hope for the best.
4394 if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
4395 if msg.fee_satoshis > last_fee {
4396 if msg.fee_satoshis < our_max_fee {
4397 propose_fee!(msg.fee_satoshis);
4398 } else if last_fee < our_max_fee {
4399 propose_fee!(our_max_fee);
4401 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4404 if msg.fee_satoshis > our_min_fee {
4405 propose_fee!(msg.fee_satoshis);
4406 } else if last_fee > our_min_fee {
4407 propose_fee!(our_min_fee);
4409 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4413 if msg.fee_satoshis < our_min_fee {
4414 propose_fee!(our_min_fee);
4415 } else if msg.fee_satoshis > our_max_fee {
4416 propose_fee!(our_max_fee);
4418 propose_fee!(msg.fee_satoshis);
4424 fn internal_htlc_satisfies_config(
4425 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4426 ) -> Result<(), (&'static str, u16)> {
4427 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4428 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4429 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4430 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4432 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4433 0x1000 | 12, // fee_insufficient
4436 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4438 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4439 0x1000 | 13, // incorrect_cltv_expiry
4445 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4446 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4447 /// unsuccessful, falls back to the previous one if one exists.
4448 pub fn htlc_satisfies_config(
4449 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4450 ) -> Result<(), (&'static str, u16)> {
4451 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
4453 if let Some(prev_config) = self.context.prev_config() {
4454 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4461 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4462 self.context.cur_holder_commitment_transaction_number + 1
4465 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4466 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4469 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4470 self.context.cur_counterparty_commitment_transaction_number + 2
4474 pub fn get_signer(&self) -> &Signer {
4475 &self.context.holder_signer
4479 pub fn get_value_stat(&self) -> ChannelValueStat {
4481 value_to_self_msat: self.context.value_to_self_msat,
4482 channel_value_msat: self.context.channel_value_satoshis * 1000,
4483 channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4484 pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4485 pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4486 holding_cell_outbound_amount_msat: {
4488 for h in self.context.holding_cell_htlc_updates.iter() {
4490 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4498 counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
4499 counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
4503 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4504 /// Allowed in any state (including after shutdown)
4505 pub fn is_awaiting_monitor_update(&self) -> bool {
4506 (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4509 /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
4510 pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
4511 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
4512 self.context.blocked_monitor_updates[0].update.update_id - 1
4515 /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
4516 /// further blocked monitor update exists after the next.
4517 pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
4518 if self.context.blocked_monitor_updates.is_empty() { return None; }
4519 Some((self.context.blocked_monitor_updates.remove(0).update,
4520 !self.context.blocked_monitor_updates.is_empty()))
4523 /// Pushes a new monitor update into our monitor update queue, returning it if it should be
4524 /// immediately given to the user for persisting or `None` if it should be held as blocked.
4525 fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
4526 -> Option<ChannelMonitorUpdate> {
4527 let release_monitor = self.context.blocked_monitor_updates.is_empty();
4528 if !release_monitor {
4529 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4538 pub fn blocked_monitor_updates_pending(&self) -> usize {
4539 self.context.blocked_monitor_updates.len()
4542 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4543 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4544 /// transaction. If the channel is inbound, this implies simply that the channel has not
4546 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4547 if !self.is_awaiting_monitor_update() { return false; }
4548 if self.context.channel_state &
4549 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4550 == ChannelState::FundingSent as u32 {
4551 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4552 // FundingSent set, though our peer could have sent their channel_ready.
4553 debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
4556 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4557 self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4558 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4559 // waiting for the initial monitor persistence. Thus, we check if our commitment
4560 // transaction numbers have both been iterated only exactly once (for the
4561 // funding_signed), and we're awaiting monitor update.
4563 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4564 // only way to get an awaiting-monitor-update state during initial funding is if the
4565 // initial monitor persistence is still pending).
4567 // Because deciding we're awaiting initial broadcast spuriously could result in
4568 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4569 // we hard-assert here, even in production builds.
4570 if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
4571 assert!(self.context.monitor_pending_channel_ready);
4572 assert_eq!(self.context.latest_monitor_update_id, 0);
4578 /// Returns true if our channel_ready has been sent
4579 pub fn is_our_channel_ready(&self) -> bool {
4580 (self.context.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.context.channel_state >= ChannelState::ChannelReady as u32
4583 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4584 pub fn received_shutdown(&self) -> bool {
4585 (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4588 /// Returns true if we either initiated or agreed to shut down the channel.
4589 pub fn sent_shutdown(&self) -> bool {
4590 (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4593 /// Returns true if this channel is fully shut down. True here implies that no further actions
4594 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4595 /// will be handled appropriately by the chain monitor.
4596 pub fn is_shutdown(&self) -> bool {
4597 if (self.context.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4598 assert!(self.context.channel_state == ChannelState::ShutdownComplete as u32);
4603 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4604 self.context.channel_update_status
4607 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4608 self.context.update_time_counter += 1;
4609 self.context.channel_update_status = status;
4612 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4614 // * always when a new block/transactions are confirmed with the new height
4615 // * when funding is signed with a height of 0
4616 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
4620 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4621 if funding_tx_confirmations <= 0 {
4622 self.context.funding_tx_confirmation_height = 0;
4625 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
4629 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4630 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4631 self.context.channel_state |= ChannelState::OurChannelReady as u32;
4633 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4634 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
4635 self.context.update_time_counter += 1;
4637 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4638 // We got a reorg but not enough to trigger a force close, just ignore.
4641 if self.context.funding_tx_confirmation_height != 0 && self.context.channel_state < ChannelState::ChannelReady as u32 {
4642 // We should never see a funding transaction on-chain until we've received
4643 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4644 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4645 // however, may do this and we shouldn't treat it as a bug.
4646 #[cfg(not(fuzzing))]
4647 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4648 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4649 self.context.channel_state);
4651 // We got a reorg but not enough to trigger a force close, just ignore.
4655 if need_commitment_update {
4656 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4657 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4658 let next_per_commitment_point =
4659 self.context.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
4660 return Some(msgs::ChannelReady {
4661 channel_id: self.context.channel_id,
4662 next_per_commitment_point,
4663 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4667 self.context.monitor_pending_channel_ready = true;
4673 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4674 /// In the first case, we store the confirmation height and calculating the short channel id.
4675 /// In the second, we simply return an Err indicating we need to be force-closed now.
4676 pub fn transactions_confirmed<NS: Deref, L: Deref>(
4677 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
4678 genesis_block_hash: BlockHash, node_signer: &NS, user_config: &UserConfig, logger: &L
4679 ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4681 NS::Target: NodeSigner,
4684 if let Some(funding_txo) = self.context.get_funding_txo() {
4685 for &(index_in_block, tx) in txdata.iter() {
4686 // Check if the transaction is the expected funding transaction, and if it is,
4687 // check that it pays the right amount to the right script.
4688 if self.context.funding_tx_confirmation_height == 0 {
4689 if tx.txid() == funding_txo.txid {
4690 let txo_idx = funding_txo.index as usize;
4691 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
4692 tx.output[txo_idx].value != self.context.channel_value_satoshis {
4693 if self.context.is_outbound() {
4694 // If we generated the funding transaction and it doesn't match what it
4695 // should, the client is really broken and we should just panic and
4696 // tell them off. That said, because hash collisions happen with high
4697 // probability in fuzzing mode, if we're fuzzing we just close the
4698 // channel and move on.
4699 #[cfg(not(fuzzing))]
4700 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4702 self.context.update_time_counter += 1;
4703 let err_reason = "funding tx had wrong script/value or output index";
4704 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4706 if self.context.is_outbound() {
4707 for input in tx.input.iter() {
4708 if input.witness.is_empty() {
4709 // We generated a malleable funding transaction, implying we've
4710 // just exposed ourselves to funds loss to our counterparty.
4711 #[cfg(not(fuzzing))]
4712 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4716 self.context.funding_tx_confirmation_height = height;
4717 self.context.funding_tx_confirmed_in = Some(*block_hash);
4718 self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4719 Ok(scid) => Some(scid),
4720 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4724 // If we allow 1-conf funding, we may need to check for channel_ready here and
4725 // send it immediately instead of waiting for a best_block_updated call (which
4726 // may have already happened for this block).
4727 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4728 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.context.channel_id));
4729 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger);
4730 return Ok((Some(channel_ready), announcement_sigs));
4733 for inp in tx.input.iter() {
4734 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
4735 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, log_bytes!(self.context.channel_id()));
4736 return Err(ClosureReason::CommitmentTxConfirmed);
4744 /// When a new block is connected, we check the height of the block against outbound holding
4745 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
4746 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
4747 /// handled by the ChannelMonitor.
4749 /// If we return Err, the channel may have been closed, at which point the standard
4750 /// requirements apply - no calls may be made except those explicitly stated to be allowed
4753 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
4755 pub fn best_block_updated<NS: Deref, L: Deref>(
4756 &mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash,
4757 node_signer: &NS, user_config: &UserConfig, logger: &L
4758 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4760 NS::Target: NodeSigner,
4763 self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_signer, user_config)), logger)
4766 fn do_best_block_updated<NS: Deref, L: Deref>(
4767 &mut self, height: u32, highest_header_time: u32,
4768 genesis_node_signer: Option<(BlockHash, &NS, &UserConfig)>, logger: &L
4769 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4771 NS::Target: NodeSigner,
4774 let mut timed_out_htlcs = Vec::new();
4775 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
4776 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
4778 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
4779 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4781 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
4782 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
4783 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
4791 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
4793 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4794 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4795 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4797 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.context.channel_id));
4798 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
4801 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4802 if non_shutdown_state >= ChannelState::ChannelReady as u32 ||
4803 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
4804 let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4805 if self.context.funding_tx_confirmation_height == 0 {
4806 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
4807 // zero if it has been reorged out, however in either case, our state flags
4808 // indicate we've already sent a channel_ready
4809 funding_tx_confirmations = 0;
4812 // If we've sent channel_ready (or have both sent and received channel_ready), and
4813 // the funding transaction has become unconfirmed,
4814 // close the channel and hope we can get the latest state on chain (because presumably
4815 // the funding transaction is at least still in the mempool of most nodes).
4817 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
4818 // 0-conf channel, but not doing so may lead to the
4819 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
4821 if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
4822 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
4823 self.context.minimum_depth.unwrap(), funding_tx_confirmations);
4824 return Err(ClosureReason::ProcessingError { err: err_reason });
4826 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
4827 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
4828 log_info!(logger, "Closing channel {} due to funding timeout", log_bytes!(self.context.channel_id));
4829 // If funding_tx_confirmed_in is unset, the channel must not be active
4830 assert!(non_shutdown_state <= ChannelState::ChannelReady as u32);
4831 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
4832 return Err(ClosureReason::FundingTimedOut);
4835 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4836 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4838 Ok((None, timed_out_htlcs, announcement_sigs))
4841 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
4842 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
4843 /// before the channel has reached channel_ready and we can just wait for more blocks.
4844 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
4845 if self.context.funding_tx_confirmation_height != 0 {
4846 // We handle the funding disconnection by calling best_block_updated with a height one
4847 // below where our funding was connected, implying a reorg back to conf_height - 1.
4848 let reorg_height = self.context.funding_tx_confirmation_height - 1;
4849 // We use the time field to bump the current time we set on channel updates if its
4850 // larger. If we don't know that time has moved forward, we can just set it to the last
4851 // time we saw and it will be ignored.
4852 let best_time = self.context.update_time_counter;
4853 match self.do_best_block_updated(reorg_height, best_time, None::<(BlockHash, &&NodeSigner, &UserConfig)>, logger) {
4854 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
4855 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
4856 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
4857 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
4863 // We never learned about the funding confirmation anyway, just ignore
4868 // Methods to get unprompted messages to send to the remote end (or where we already returned
4869 // something in the handler for the message that prompted this message):
4871 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
4872 /// announceable and available for use (have exchanged ChannelReady messages in both
4873 /// directions). Should be used for both broadcasted announcements and in response to an
4874 /// AnnouncementSignatures message from the remote peer.
4876 /// Will only fail if we're not in a state where channel_announcement may be sent (including
4879 /// This will only return ChannelError::Ignore upon failure.
4880 fn get_channel_announcement<NS: Deref>(
4881 &self, node_signer: &NS, chain_hash: BlockHash, user_config: &UserConfig,
4882 ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
4883 if !self.context.config.announced_channel {
4884 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
4886 if !self.context.is_usable() {
4887 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
4890 let short_channel_id = self.context.get_short_channel_id()
4891 .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
4892 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
4893 .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
4894 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
4895 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
4897 let msg = msgs::UnsignedChannelAnnouncement {
4898 features: channelmanager::provided_channel_features(&user_config),
4901 node_id_1: if were_node_one { node_id } else { counterparty_node_id },
4902 node_id_2: if were_node_one { counterparty_node_id } else { node_id },
4903 bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
4904 bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
4905 excess_data: Vec::new(),
4911 fn get_announcement_sigs<NS: Deref, L: Deref>(
4912 &mut self, node_signer: &NS, genesis_block_hash: BlockHash, user_config: &UserConfig,
4913 best_block_height: u32, logger: &L
4914 ) -> Option<msgs::AnnouncementSignatures>
4916 NS::Target: NodeSigner,
4919 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
4923 if !self.context.is_usable() {
4927 if self.context.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
4928 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
4932 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
4936 log_trace!(logger, "Creating an announcement_signatures message for channel {}", log_bytes!(self.context.channel_id()));
4937 let announcement = match self.get_channel_announcement(node_signer, genesis_block_hash, user_config) {
4940 log_trace!(logger, "{:?}", e);
4944 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
4946 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
4951 let our_bitcoin_sig = match self.context.holder_signer.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
4953 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
4958 let short_channel_id = match self.context.get_short_channel_id() {
4960 None => return None,
4963 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
4965 Some(msgs::AnnouncementSignatures {
4966 channel_id: self.context.channel_id(),
4968 node_signature: our_node_sig,
4969 bitcoin_signature: our_bitcoin_sig,
4973 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
4975 fn sign_channel_announcement<NS: Deref>(
4976 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
4977 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
4978 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
4979 let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
4980 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
4981 let were_node_one = announcement.node_id_1 == our_node_key;
4983 let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
4984 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
4985 let our_bitcoin_sig = self.context.holder_signer.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
4986 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
4987 Ok(msgs::ChannelAnnouncement {
4988 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
4989 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
4990 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
4991 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
4992 contents: announcement,
4995 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
4999 /// Processes an incoming announcement_signatures message, providing a fully-signed
5000 /// channel_announcement message which we can broadcast and storing our counterparty's
5001 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5002 pub fn announcement_signatures<NS: Deref>(
5003 &mut self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32,
5004 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
5005 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5006 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
5008 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5010 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
5011 return Err(ChannelError::Close(format!(
5012 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5013 &announcement, self.context.get_counterparty_node_id())));
5015 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
5016 return Err(ChannelError::Close(format!(
5017 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5018 &announcement, self.context.counterparty_funding_pubkey())));
5021 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5022 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5023 return Err(ChannelError::Ignore(
5024 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5027 self.sign_channel_announcement(node_signer, announcement)
5030 /// Gets a signed channel_announcement for this channel, if we previously received an
5031 /// announcement_signatures from our counterparty.
5032 pub fn get_signed_channel_announcement<NS: Deref>(
5033 &self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32, user_config: &UserConfig
5034 ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
5035 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5038 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5040 Err(_) => return None,
5042 match self.sign_channel_announcement(node_signer, announcement) {
5043 Ok(res) => Some(res),
5048 /// May panic if called on a channel that wasn't immediately-previously
5049 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5050 pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5051 assert_eq!(self.context.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5052 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5053 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5054 // current to_remote balances. However, it no longer has any use, and thus is now simply
5055 // set to a dummy (but valid, as required by the spec) public key.
5056 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5057 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5058 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5059 let mut pk = [2; 33]; pk[1] = 0xff;
5060 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5061 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5062 let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
5063 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), log_bytes!(self.context.channel_id()));
5066 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", log_bytes!(self.context.channel_id()));
5069 self.mark_awaiting_response();
5070 msgs::ChannelReestablish {
5071 channel_id: self.context.channel_id(),
5072 // The protocol has two different commitment number concepts - the "commitment
5073 // transaction number", which starts from 0 and counts up, and the "revocation key
5074 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5075 // commitment transaction numbers by the index which will be used to reveal the
5076 // revocation key for that commitment transaction, which means we have to convert them
5077 // to protocol-level commitment numbers here...
5079 // next_local_commitment_number is the next commitment_signed number we expect to
5080 // receive (indicating if they need to resend one that we missed).
5081 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
5082 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5083 // receive, however we track it by the next commitment number for a remote transaction
5084 // (which is one further, as they always revoke previous commitment transaction, not
5085 // the one we send) so we have to decrement by 1. Note that if
5086 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5087 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5089 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
5090 your_last_per_commitment_secret: remote_last_secret,
5091 my_current_per_commitment_point: dummy_pubkey,
5092 // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
5093 // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
5094 // txid of that interactive transaction, else we MUST NOT set it.
5095 next_funding_txid: None,
5100 // Send stuff to our remote peers:
5102 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5103 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5104 /// commitment update.
5106 /// `Err`s will only be [`ChannelError::Ignore`].
5107 pub fn queue_add_htlc<F: Deref, L: Deref>(
5108 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5109 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5110 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5111 ) -> Result<(), ChannelError>
5112 where F::Target: FeeEstimator, L::Target: Logger
5115 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
5116 skimmed_fee_msat, fee_estimator, logger)
5117 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5119 if let ChannelError::Ignore(_) = err { /* fine */ }
5120 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5125 /// Adds a pending outbound HTLC to this channel, note that you probably want
5126 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5128 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5130 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5131 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5133 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5134 /// we may not yet have sent the previous commitment update messages and will need to
5135 /// regenerate them.
5137 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5138 /// on this [`Channel`] if `force_holding_cell` is false.
5140 /// `Err`s will only be [`ChannelError::Ignore`].
5141 fn send_htlc<F: Deref, L: Deref>(
5142 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5143 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
5144 skimmed_fee_msat: Option<u64>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5145 ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
5146 where F::Target: FeeEstimator, L::Target: Logger
5148 if (self.context.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5149 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5151 let channel_total_msat = self.context.channel_value_satoshis * 1000;
5152 if amount_msat > channel_total_msat {
5153 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5156 if amount_msat == 0 {
5157 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5160 let available_balances = self.context.get_available_balances(fee_estimator);
5161 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
5162 return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
5163 available_balances.next_outbound_htlc_minimum_msat)));
5166 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
5167 return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
5168 available_balances.next_outbound_htlc_limit_msat)));
5171 if (self.context.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5172 // Note that this should never really happen, if we're !is_live() on receipt of an
5173 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5174 // the user to send directly into a !is_live() channel. However, if we
5175 // disconnected during the time the previous hop was doing the commitment dance we may
5176 // end up getting here after the forwarding delay. In any case, returning an
5177 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5178 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5181 let need_holding_cell = (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
5182 log_debug!(logger, "Pushing new outbound HTLC for {} msat {}", amount_msat,
5183 if force_holding_cell { "into holding cell" }
5184 else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
5185 else { "to peer" });
5187 if need_holding_cell {
5188 force_holding_cell = true;
5191 // Now update local state:
5192 if force_holding_cell {
5193 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5198 onion_routing_packet,
5204 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
5205 htlc_id: self.context.next_holder_htlc_id,
5207 payment_hash: payment_hash.clone(),
5209 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5214 let res = msgs::UpdateAddHTLC {
5215 channel_id: self.context.channel_id,
5216 htlc_id: self.context.next_holder_htlc_id,
5220 onion_routing_packet,
5223 self.context.next_holder_htlc_id += 1;
5228 fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
5229 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5230 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5231 // fail to generate this, we still are at least at a position where upgrading their status
5233 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
5234 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5235 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5237 if let Some(state) = new_state {
5238 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5242 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5243 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5244 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5245 // Grab the preimage, if it exists, instead of cloning
5246 let mut reason = OutboundHTLCOutcome::Success(None);
5247 mem::swap(outcome, &mut reason);
5248 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5251 if let Some((feerate, update_state)) = self.context.pending_update_fee {
5252 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5253 debug_assert!(!self.context.is_outbound());
5254 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5255 self.context.feerate_per_kw = feerate;
5256 self.context.pending_update_fee = None;
5259 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5261 let (counterparty_commitment_txid, mut htlcs_ref) = self.build_commitment_no_state_update(logger);
5262 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5263 htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5265 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5266 self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
5269 self.context.latest_monitor_update_id += 1;
5270 let monitor_update = ChannelMonitorUpdate {
5271 update_id: self.context.latest_monitor_update_id,
5272 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5273 commitment_txid: counterparty_commitment_txid,
5274 htlc_outputs: htlcs.clone(),
5275 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
5276 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap()
5279 self.context.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5283 fn build_commitment_no_state_update<L: Deref>(&self, logger: &L) -> (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>) where L::Target: Logger {
5284 let counterparty_keys = self.context.build_remote_transaction_keys();
5285 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5286 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5288 #[cfg(any(test, fuzzing))]
5290 if !self.context.is_outbound() {
5291 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5292 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5293 if let Some(info) = projected_commit_tx_info {
5294 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
5295 if info.total_pending_htlcs == total_pending_htlcs
5296 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
5297 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
5298 && info.feerate == self.context.feerate_per_kw {
5299 let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
5300 assert_eq!(actual_fee, info.fee);
5306 (counterparty_commitment_txid, commitment_stats.htlcs_included)
5309 /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
5310 /// generation when we shouldn't change HTLC/channel state.
5311 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5312 // Get the fee tests from `build_commitment_no_state_update`
5313 #[cfg(any(test, fuzzing))]
5314 self.build_commitment_no_state_update(logger);
5316 let counterparty_keys = self.context.build_remote_transaction_keys();
5317 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5318 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5319 let (signature, htlc_signatures);
5322 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5323 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5327 let res = self.context.holder_signer.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.context.secp_ctx)
5328 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?;
5330 htlc_signatures = res.1;
5332 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5333 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5334 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
5335 log_bytes!(signature.serialize_compact()[..]), log_bytes!(self.context.channel_id()));
5337 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5338 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5339 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5340 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
5341 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5342 log_bytes!(htlc_sig.serialize_compact()[..]), log_bytes!(self.context.channel_id()));
5346 Ok((msgs::CommitmentSigned {
5347 channel_id: self.context.channel_id,
5351 partial_signature_with_nonce: None,
5352 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5355 /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
5356 /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
5358 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5359 /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
5360 pub fn send_htlc_and_commit<F: Deref, L: Deref>(
5361 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
5362 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5363 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5364 ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
5365 where F::Target: FeeEstimator, L::Target: Logger
5367 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
5368 onion_routing_packet, false, skimmed_fee_msat, fee_estimator, logger);
5369 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
5372 let monitor_update = self.build_commitment_no_status_check(logger);
5373 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
5374 Ok(self.push_ret_blockable_mon_update(monitor_update))
5380 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<(), ChannelError> {
5381 if msg.contents.htlc_minimum_msat >= self.context.channel_value_satoshis * 1000 {
5382 return Err(ChannelError::Close("Minimum htlc value is greater than channel value".to_string()));
5384 self.context.counterparty_forwarding_info = Some(CounterpartyForwardingInfo {
5385 fee_base_msat: msg.contents.fee_base_msat,
5386 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5387 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5393 /// Begins the shutdown process, getting a message for the remote peer and returning all
5394 /// holding cell HTLCs for payment failure.
5396 /// May jump to the channel being fully shutdown (see [`Self::is_shutdown`]) in which case no
5397 /// [`ChannelMonitorUpdate`] will be returned).
5398 pub fn get_shutdown<SP: Deref>(&mut self, signer_provider: &SP, their_features: &InitFeatures,
5399 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
5400 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5401 where SP::Target: SignerProvider {
5402 for htlc in self.context.pending_outbound_htlcs.iter() {
5403 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5404 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5407 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5408 if (self.context.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5409 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5411 else if (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5412 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5415 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
5416 return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
5418 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
5419 if self.context.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5420 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5423 // If we haven't funded the channel yet, we don't need to bother ensuring the shutdown
5424 // script is set, we just force-close and call it a day.
5425 let mut chan_closed = false;
5426 if self.context.channel_state < ChannelState::FundingSent as u32 {
5430 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5432 None if !chan_closed => {
5433 // use override shutdown script if provided
5434 let shutdown_scriptpubkey = match override_shutdown_script {
5435 Some(script) => script,
5437 // otherwise, use the shutdown scriptpubkey provided by the signer
5438 match signer_provider.get_shutdown_scriptpubkey() {
5439 Ok(scriptpubkey) => scriptpubkey,
5440 Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
5444 if !shutdown_scriptpubkey.is_compatible(their_features) {
5445 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5447 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5453 // From here on out, we may not fail!
5454 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5455 if self.context.channel_state < ChannelState::FundingSent as u32 {
5456 self.context.channel_state = ChannelState::ShutdownComplete as u32;
5458 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
5460 self.context.update_time_counter += 1;
5462 let monitor_update = if update_shutdown_script {
5463 self.context.latest_monitor_update_id += 1;
5464 let monitor_update = ChannelMonitorUpdate {
5465 update_id: self.context.latest_monitor_update_id,
5466 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5467 scriptpubkey: self.get_closing_scriptpubkey(),
5470 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5471 self.push_ret_blockable_mon_update(monitor_update)
5473 let shutdown = msgs::Shutdown {
5474 channel_id: self.context.channel_id,
5475 scriptpubkey: self.get_closing_scriptpubkey(),
5478 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5479 // our shutdown until we've committed all of the pending changes.
5480 self.context.holding_cell_update_fee = None;
5481 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5482 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5484 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5485 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5492 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
5493 "we can't both complete shutdown and return a monitor update");
5495 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5498 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
5499 self.context.holding_cell_htlc_updates.iter()
5500 .flat_map(|htlc_update| {
5502 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
5503 => Some((source, payment_hash)),
5507 .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
5511 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
5512 pub(super) struct OutboundV1Channel<Signer: ChannelSigner> {
5513 pub context: ChannelContext<Signer>,
5514 pub unfunded_context: UnfundedChannelContext,
5517 impl<Signer: WriteableEcdsaChannelSigner> OutboundV1Channel<Signer> {
5518 pub fn new<ES: Deref, SP: Deref, F: Deref>(
5519 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
5520 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
5521 outbound_scid_alias: u64
5522 ) -> Result<OutboundV1Channel<Signer>, APIError>
5523 where ES::Target: EntropySource,
5524 SP::Target: SignerProvider<Signer = Signer>,
5525 F::Target: FeeEstimator,
5527 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
5528 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
5529 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
5530 let pubkeys = holder_signer.pubkeys().clone();
5532 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
5533 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
5535 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
5536 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
5538 let channel_value_msat = channel_value_satoshis * 1000;
5539 if push_msat > channel_value_msat {
5540 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
5542 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
5543 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
5545 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
5546 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5547 // Protocol level safety check in place, although it should never happen because
5548 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
5549 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
5552 let channel_type = Self::get_initial_channel_type(&config, their_features);
5553 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
5555 let commitment_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
5556 ConfirmationTarget::MempoolMinimum
5558 ConfirmationTarget::Normal
5560 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
5562 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
5563 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
5564 if value_to_self_msat < commitment_tx_fee {
5565 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
5568 let mut secp_ctx = Secp256k1::new();
5569 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
5571 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
5572 match signer_provider.get_shutdown_scriptpubkey() {
5573 Ok(scriptpubkey) => Some(scriptpubkey),
5574 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
5578 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
5579 if !shutdown_scriptpubkey.is_compatible(&their_features) {
5580 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5584 let destination_script = match signer_provider.get_destination_script() {
5585 Ok(script) => script,
5586 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
5589 let temporary_channel_id = entropy_source.get_secure_random_bytes();
5592 context: ChannelContext {
5595 config: LegacyChannelConfig {
5596 options: config.channel_config.clone(),
5597 announced_channel: config.channel_handshake_config.announced_channel,
5598 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
5603 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
5605 channel_id: temporary_channel_id,
5606 temporary_channel_id: Some(temporary_channel_id),
5607 channel_state: ChannelState::OurInitSent as u32,
5608 announcement_sigs_state: AnnouncementSigsState::NotSent,
5610 channel_value_satoshis,
5612 latest_monitor_update_id: 0,
5615 shutdown_scriptpubkey,
5618 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5619 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5622 pending_inbound_htlcs: Vec::new(),
5623 pending_outbound_htlcs: Vec::new(),
5624 holding_cell_htlc_updates: Vec::new(),
5625 pending_update_fee: None,
5626 holding_cell_update_fee: None,
5627 next_holder_htlc_id: 0,
5628 next_counterparty_htlc_id: 0,
5629 update_time_counter: 1,
5631 resend_order: RAACommitmentOrder::CommitmentFirst,
5633 monitor_pending_channel_ready: false,
5634 monitor_pending_revoke_and_ack: false,
5635 monitor_pending_commitment_signed: false,
5636 monitor_pending_forwards: Vec::new(),
5637 monitor_pending_failures: Vec::new(),
5638 monitor_pending_finalized_fulfills: Vec::new(),
5640 #[cfg(debug_assertions)]
5641 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5642 #[cfg(debug_assertions)]
5643 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5645 last_sent_closing_fee: None,
5646 pending_counterparty_closing_signed: None,
5647 closing_fee_limits: None,
5648 target_closing_feerate_sats_per_kw: None,
5650 inbound_awaiting_accept: false,
5652 funding_tx_confirmed_in: None,
5653 funding_tx_confirmation_height: 0,
5654 short_channel_id: None,
5655 channel_creation_height: current_chain_height,
5657 feerate_per_kw: commitment_feerate,
5658 counterparty_dust_limit_satoshis: 0,
5659 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
5660 counterparty_max_htlc_value_in_flight_msat: 0,
5661 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
5662 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
5663 holder_selected_channel_reserve_satoshis,
5664 counterparty_htlc_minimum_msat: 0,
5665 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
5666 counterparty_max_accepted_htlcs: 0,
5667 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
5668 minimum_depth: None, // Filled in in accept_channel
5670 counterparty_forwarding_info: None,
5672 channel_transaction_parameters: ChannelTransactionParameters {
5673 holder_pubkeys: pubkeys,
5674 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
5675 is_outbound_from_holder: true,
5676 counterparty_parameters: None,
5677 funding_outpoint: None,
5678 channel_type_features: channel_type.clone()
5680 funding_transaction: None,
5682 counterparty_cur_commitment_point: None,
5683 counterparty_prev_commitment_point: None,
5684 counterparty_node_id,
5686 counterparty_shutdown_scriptpubkey: None,
5688 commitment_secrets: CounterpartyCommitmentSecrets::new(),
5690 channel_update_status: ChannelUpdateStatus::Enabled,
5691 closing_signed_in_flight: false,
5693 announcement_sigs: None,
5695 #[cfg(any(test, fuzzing))]
5696 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
5697 #[cfg(any(test, fuzzing))]
5698 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
5700 workaround_lnd_bug_4006: None,
5701 sent_message_awaiting_response: None,
5703 latest_inbound_scid_alias: None,
5704 outbound_scid_alias,
5706 channel_pending_event_emitted: false,
5707 channel_ready_event_emitted: false,
5709 #[cfg(any(test, fuzzing))]
5710 historical_inbound_htlc_fulfills: HashSet::new(),
5715 blocked_monitor_updates: Vec::new(),
5717 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
5721 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
5722 fn get_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ChannelError> where L::Target: Logger {
5723 let counterparty_keys = self.context.build_remote_transaction_keys();
5724 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
5725 Ok(self.context.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
5726 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0)
5729 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
5730 /// a funding_created message for the remote peer.
5731 /// Panics if called at some time other than immediately after initial handshake, if called twice,
5732 /// or if called on an inbound channel.
5733 /// Note that channel_id changes during this call!
5734 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
5735 /// If an Err is returned, it is a ChannelError::Close.
5736 pub fn get_funding_created<L: Deref>(mut self, funding_transaction: Transaction, funding_txo: OutPoint, logger: &L)
5737 -> Result<(Channel<Signer>, msgs::FundingCreated), (Self, ChannelError)> where L::Target: Logger {
5738 if !self.context.is_outbound() {
5739 panic!("Tried to create outbound funding_created message on an inbound channel!");
5741 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
5742 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
5744 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
5745 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
5746 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5747 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
5750 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
5751 self.context.holder_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
5753 let signature = match self.get_funding_created_signature(logger) {
5756 log_error!(logger, "Got bad signatures: {:?}!", e);
5757 self.context.channel_transaction_parameters.funding_outpoint = None;
5758 return Err((self, e));
5762 let temporary_channel_id = self.context.channel_id;
5764 // Now that we're past error-generating stuff, update our local state:
5766 self.context.channel_state = ChannelState::FundingCreated as u32;
5767 self.context.channel_id = funding_txo.to_channel_id();
5768 self.context.funding_transaction = Some(funding_transaction);
5770 let channel = Channel {
5771 context: self.context,
5774 Ok((channel, msgs::FundingCreated {
5775 temporary_channel_id,
5776 funding_txid: funding_txo.txid,
5777 funding_output_index: funding_txo.index,
5780 partial_signature_with_nonce: None,
5782 next_local_nonce: None,
5786 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
5787 // The default channel type (ie the first one we try) depends on whether the channel is
5788 // public - if it is, we just go with `only_static_remotekey` as it's the only option
5789 // available. If it's private, we first try `scid_privacy` as it provides better privacy
5790 // with no other changes, and fall back to `only_static_remotekey`.
5791 let mut ret = ChannelTypeFeatures::only_static_remote_key();
5792 if !config.channel_handshake_config.announced_channel &&
5793 config.channel_handshake_config.negotiate_scid_privacy &&
5794 their_features.supports_scid_privacy() {
5795 ret.set_scid_privacy_required();
5798 // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
5799 // set it now. If they don't understand it, we'll fall back to our default of
5800 // `only_static_remotekey`.
5801 if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
5802 their_features.supports_anchors_zero_fee_htlc_tx() {
5803 ret.set_anchors_zero_fee_htlc_tx_required();
5809 /// If we receive an error message, it may only be a rejection of the channel type we tried,
5810 /// not of our ability to open any channel at all. Thus, on error, we should first call this
5811 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
5812 pub(crate) fn maybe_handle_error_without_close<F: Deref>(
5813 &mut self, chain_hash: BlockHash, fee_estimator: &LowerBoundedFeeEstimator<F>
5814 ) -> Result<msgs::OpenChannel, ()>
5816 F::Target: FeeEstimator
5818 if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
5819 if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
5820 // We've exhausted our options
5823 // We support opening a few different types of channels. Try removing our additional
5824 // features one by one until we've either arrived at our default or the counterparty has
5827 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
5828 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
5829 // checks whether the counterparty supports every feature, this would only happen if the
5830 // counterparty is advertising the feature, but rejecting channels proposing the feature for
5832 if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
5833 self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
5834 self.context.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
5835 assert!(!self.context.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
5836 } else if self.context.channel_type.supports_scid_privacy() {
5837 self.context.channel_type.clear_scid_privacy();
5839 self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
5841 self.context.channel_transaction_parameters.channel_type_features = self.context.channel_type.clone();
5842 Ok(self.get_open_channel(chain_hash))
5845 pub fn get_open_channel(&self, chain_hash: BlockHash) -> msgs::OpenChannel {
5846 if !self.context.is_outbound() {
5847 panic!("Tried to open a channel for an inbound channel?");
5849 if self.context.channel_state != ChannelState::OurInitSent as u32 {
5850 panic!("Cannot generate an open_channel after we've moved forward");
5853 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5854 panic!("Tried to send an open_channel for a channel that has already advanced");
5857 let first_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5858 let keys = self.context.get_holder_pubkeys();
5862 temporary_channel_id: self.context.channel_id,
5863 funding_satoshis: self.context.channel_value_satoshis,
5864 push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
5865 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
5866 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
5867 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
5868 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
5869 feerate_per_kw: self.context.feerate_per_kw as u32,
5870 to_self_delay: self.context.get_holder_selected_contest_delay(),
5871 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
5872 funding_pubkey: keys.funding_pubkey,
5873 revocation_basepoint: keys.revocation_basepoint,
5874 payment_point: keys.payment_point,
5875 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5876 htlc_basepoint: keys.htlc_basepoint,
5877 first_per_commitment_point,
5878 channel_flags: if self.context.config.announced_channel {1} else {0},
5879 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
5880 Some(script) => script.clone().into_inner(),
5881 None => Builder::new().into_script(),
5883 channel_type: Some(self.context.channel_type.clone()),
5888 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
5889 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
5891 // Check sanity of message fields:
5892 if !self.context.is_outbound() {
5893 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
5895 if self.context.channel_state != ChannelState::OurInitSent as u32 {
5896 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
5898 if msg.dust_limit_satoshis > 21000000 * 100000000 {
5899 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
5901 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
5902 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
5904 if msg.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
5905 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
5907 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
5908 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
5909 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
5911 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
5912 if msg.htlc_minimum_msat >= full_channel_value_msat {
5913 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
5915 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
5916 if msg.to_self_delay > max_delay_acceptable {
5917 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
5919 if msg.max_accepted_htlcs < 1 {
5920 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
5922 if msg.max_accepted_htlcs > MAX_HTLCS {
5923 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
5926 // Now check against optional parameters as set by config...
5927 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
5928 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
5930 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
5931 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
5933 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
5934 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
5936 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
5937 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
5939 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5940 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
5942 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
5943 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
5945 if msg.minimum_depth > peer_limits.max_minimum_depth {
5946 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
5949 if let Some(ty) = &msg.channel_type {
5950 if *ty != self.context.channel_type {
5951 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
5953 } else if their_features.supports_channel_type() {
5954 // Assume they've accepted the channel type as they said they understand it.
5956 let channel_type = ChannelTypeFeatures::from_init(&their_features);
5957 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
5958 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
5960 self.context.channel_type = channel_type.clone();
5961 self.context.channel_transaction_parameters.channel_type_features = channel_type;
5964 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
5965 match &msg.shutdown_scriptpubkey {
5966 &Some(ref script) => {
5967 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
5968 if script.len() == 0 {
5971 if !script::is_bolt2_compliant(&script, their_features) {
5972 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
5974 Some(script.clone())
5977 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
5979 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
5984 self.context.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
5985 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
5986 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
5987 self.context.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
5988 self.context.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
5990 if peer_limits.trust_own_funding_0conf {
5991 self.context.minimum_depth = Some(msg.minimum_depth);
5993 self.context.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
5996 let counterparty_pubkeys = ChannelPublicKeys {
5997 funding_pubkey: msg.funding_pubkey,
5998 revocation_basepoint: msg.revocation_basepoint,
5999 payment_point: msg.payment_point,
6000 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6001 htlc_basepoint: msg.htlc_basepoint
6004 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
6005 selected_contest_delay: msg.to_self_delay,
6006 pubkeys: counterparty_pubkeys,
6009 self.context.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
6010 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
6012 self.context.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
6013 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
6019 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
6020 pub(super) struct InboundV1Channel<Signer: ChannelSigner> {
6021 pub context: ChannelContext<Signer>,
6022 pub unfunded_context: UnfundedChannelContext,
6025 impl<Signer: WriteableEcdsaChannelSigner> InboundV1Channel<Signer> {
6026 /// Creates a new channel from a remote sides' request for one.
6027 /// Assumes chain_hash has already been checked and corresponds with what we expect!
6028 pub fn new<ES: Deref, SP: Deref, F: Deref, L: Deref>(
6029 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
6030 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
6031 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
6032 current_chain_height: u32, logger: &L, outbound_scid_alias: u64
6033 ) -> Result<InboundV1Channel<Signer>, ChannelError>
6034 where ES::Target: EntropySource,
6035 SP::Target: SignerProvider<Signer = Signer>,
6036 F::Target: FeeEstimator,
6039 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
6041 // First check the channel type is known, failing before we do anything else if we don't
6042 // support this channel type.
6043 let channel_type = if let Some(channel_type) = &msg.channel_type {
6044 if channel_type.supports_any_optional_bits() {
6045 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
6048 // We only support the channel types defined by the `ChannelManager` in
6049 // `provided_channel_type_features`. The channel type must always support
6050 // `static_remote_key`.
6051 if !channel_type.requires_static_remote_key() {
6052 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
6054 // Make sure we support all of the features behind the channel type.
6055 if !channel_type.is_subset(our_supported_features) {
6056 return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
6058 if channel_type.requires_scid_privacy() && announced_channel {
6059 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
6061 channel_type.clone()
6063 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6064 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6065 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6070 let channel_keys_id = signer_provider.generate_channel_keys_id(true, msg.funding_satoshis, user_id);
6071 let holder_signer = signer_provider.derive_channel_signer(msg.funding_satoshis, channel_keys_id);
6072 let pubkeys = holder_signer.pubkeys().clone();
6073 let counterparty_pubkeys = ChannelPublicKeys {
6074 funding_pubkey: msg.funding_pubkey,
6075 revocation_basepoint: msg.revocation_basepoint,
6076 payment_point: msg.payment_point,
6077 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6078 htlc_basepoint: msg.htlc_basepoint
6081 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
6082 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
6085 // Check sanity of message fields:
6086 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
6087 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
6089 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
6090 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
6092 if msg.channel_reserve_satoshis > msg.funding_satoshis {
6093 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
6095 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
6096 if msg.push_msat > full_channel_value_msat {
6097 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
6099 if msg.dust_limit_satoshis > msg.funding_satoshis {
6100 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
6102 if msg.htlc_minimum_msat >= full_channel_value_msat {
6103 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6105 Channel::<Signer>::check_remote_fee(&channel_type, fee_estimator, msg.feerate_per_kw, None, logger)?;
6107 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6108 if msg.to_self_delay > max_counterparty_selected_contest_delay {
6109 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
6111 if msg.max_accepted_htlcs < 1 {
6112 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6114 if msg.max_accepted_htlcs > MAX_HTLCS {
6115 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6118 // Now check against optional parameters as set by config...
6119 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
6120 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
6122 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
6123 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
6125 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
6126 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
6128 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
6129 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
6131 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
6132 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
6134 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6135 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6137 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6138 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6141 // Convert things into internal flags and prep our state:
6143 if config.channel_handshake_limits.force_announced_channel_preference {
6144 if config.channel_handshake_config.announced_channel != announced_channel {
6145 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
6149 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
6150 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6151 // Protocol level safety check in place, although it should never happen because
6152 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
6153 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6155 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
6156 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
6158 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6159 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
6160 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
6162 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
6163 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
6166 // check if the funder's amount for the initial commitment tx is sufficient
6167 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
6168 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
6169 let commitment_tx_fee = commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
6170 if funders_amount_msat / 1000 < commitment_tx_fee {
6171 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", funders_amount_msat / 1000, commitment_tx_fee)));
6174 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee;
6175 // While it's reasonable for us to not meet the channel reserve initially (if they don't
6176 // want to push much to us), our counterparty should always have more than our reserve.
6177 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
6178 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
6181 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6182 match &msg.shutdown_scriptpubkey {
6183 &Some(ref script) => {
6184 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6185 if script.len() == 0 {
6188 if !script::is_bolt2_compliant(&script, their_features) {
6189 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
6191 Some(script.clone())
6194 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6196 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6201 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
6202 match signer_provider.get_shutdown_scriptpubkey() {
6203 Ok(scriptpubkey) => Some(scriptpubkey),
6204 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
6208 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
6209 if !shutdown_scriptpubkey.is_compatible(&their_features) {
6210 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
6214 let destination_script = match signer_provider.get_destination_script() {
6215 Ok(script) => script,
6216 Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
6219 let mut secp_ctx = Secp256k1::new();
6220 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
6223 context: ChannelContext {
6226 config: LegacyChannelConfig {
6227 options: config.channel_config.clone(),
6229 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
6234 inbound_handshake_limits_override: None,
6236 temporary_channel_id: Some(msg.temporary_channel_id),
6237 channel_id: msg.temporary_channel_id,
6238 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
6239 announcement_sigs_state: AnnouncementSigsState::NotSent,
6242 latest_monitor_update_id: 0,
6245 shutdown_scriptpubkey,
6248 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6249 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6250 value_to_self_msat: msg.push_msat,
6252 pending_inbound_htlcs: Vec::new(),
6253 pending_outbound_htlcs: Vec::new(),
6254 holding_cell_htlc_updates: Vec::new(),
6255 pending_update_fee: None,
6256 holding_cell_update_fee: None,
6257 next_holder_htlc_id: 0,
6258 next_counterparty_htlc_id: 0,
6259 update_time_counter: 1,
6261 resend_order: RAACommitmentOrder::CommitmentFirst,
6263 monitor_pending_channel_ready: false,
6264 monitor_pending_revoke_and_ack: false,
6265 monitor_pending_commitment_signed: false,
6266 monitor_pending_forwards: Vec::new(),
6267 monitor_pending_failures: Vec::new(),
6268 monitor_pending_finalized_fulfills: Vec::new(),
6270 #[cfg(debug_assertions)]
6271 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6272 #[cfg(debug_assertions)]
6273 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6275 last_sent_closing_fee: None,
6276 pending_counterparty_closing_signed: None,
6277 closing_fee_limits: None,
6278 target_closing_feerate_sats_per_kw: None,
6280 inbound_awaiting_accept: true,
6282 funding_tx_confirmed_in: None,
6283 funding_tx_confirmation_height: 0,
6284 short_channel_id: None,
6285 channel_creation_height: current_chain_height,
6287 feerate_per_kw: msg.feerate_per_kw,
6288 channel_value_satoshis: msg.funding_satoshis,
6289 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
6290 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
6291 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
6292 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
6293 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
6294 holder_selected_channel_reserve_satoshis,
6295 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
6296 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
6297 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
6298 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
6299 minimum_depth: Some(cmp::max(config.channel_handshake_config.minimum_depth, 1)),
6301 counterparty_forwarding_info: None,
6303 channel_transaction_parameters: ChannelTransactionParameters {
6304 holder_pubkeys: pubkeys,
6305 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
6306 is_outbound_from_holder: false,
6307 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
6308 selected_contest_delay: msg.to_self_delay,
6309 pubkeys: counterparty_pubkeys,
6311 funding_outpoint: None,
6312 channel_type_features: channel_type.clone()
6314 funding_transaction: None,
6316 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
6317 counterparty_prev_commitment_point: None,
6318 counterparty_node_id,
6320 counterparty_shutdown_scriptpubkey,
6322 commitment_secrets: CounterpartyCommitmentSecrets::new(),
6324 channel_update_status: ChannelUpdateStatus::Enabled,
6325 closing_signed_in_flight: false,
6327 announcement_sigs: None,
6329 #[cfg(any(test, fuzzing))]
6330 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6331 #[cfg(any(test, fuzzing))]
6332 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6334 workaround_lnd_bug_4006: None,
6335 sent_message_awaiting_response: None,
6337 latest_inbound_scid_alias: None,
6338 outbound_scid_alias,
6340 channel_pending_event_emitted: false,
6341 channel_ready_event_emitted: false,
6343 #[cfg(any(test, fuzzing))]
6344 historical_inbound_htlc_fulfills: HashSet::new(),
6349 blocked_monitor_updates: Vec::new(),
6351 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6357 pub fn is_awaiting_accept(&self) -> bool {
6358 self.context.inbound_awaiting_accept
6361 /// Sets this channel to accepting 0conf, must be done before `get_accept_channel`
6362 pub fn set_0conf(&mut self) {
6363 assert!(self.context.inbound_awaiting_accept);
6364 self.context.minimum_depth = Some(0);
6367 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
6368 /// should be sent back to the counterparty node.
6370 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6371 pub fn accept_inbound_channel(&mut self, user_id: u128) -> msgs::AcceptChannel {
6372 if self.context.is_outbound() {
6373 panic!("Tried to send accept_channel for an outbound channel?");
6375 if self.context.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
6376 panic!("Tried to send accept_channel after channel had moved forward");
6378 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6379 panic!("Tried to send an accept_channel for a channel that has already advanced");
6381 if !self.context.inbound_awaiting_accept {
6382 panic!("The inbound channel has already been accepted");
6385 self.context.user_id = user_id;
6386 self.context.inbound_awaiting_accept = false;
6388 self.generate_accept_channel_message()
6391 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
6392 /// inbound channel. If the intention is to accept an inbound channel, use
6393 /// [`InboundV1Channel::accept_inbound_channel`] instead.
6395 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6396 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
6397 let first_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6398 let keys = self.context.get_holder_pubkeys();
6400 msgs::AcceptChannel {
6401 temporary_channel_id: self.context.channel_id,
6402 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6403 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6404 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6405 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6406 minimum_depth: self.context.minimum_depth.unwrap(),
6407 to_self_delay: self.context.get_holder_selected_contest_delay(),
6408 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6409 funding_pubkey: keys.funding_pubkey,
6410 revocation_basepoint: keys.revocation_basepoint,
6411 payment_point: keys.payment_point,
6412 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6413 htlc_basepoint: keys.htlc_basepoint,
6414 first_per_commitment_point,
6415 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6416 Some(script) => script.clone().into_inner(),
6417 None => Builder::new().into_script(),
6419 channel_type: Some(self.context.channel_type.clone()),
6421 next_local_nonce: None,
6425 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
6426 /// inbound channel without accepting it.
6428 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6430 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
6431 self.generate_accept_channel_message()
6434 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(Txid, CommitmentTransaction, Signature), ChannelError> where L::Target: Logger {
6435 let funding_script = self.context.get_funding_redeemscript();
6437 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
6438 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
6440 let trusted_tx = initial_commitment_tx.trust();
6441 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
6442 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
6443 // They sign the holder commitment transaction...
6444 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
6445 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
6446 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
6447 encode::serialize_hex(&funding_script), log_bytes!(self.context.channel_id()));
6448 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
6451 let counterparty_keys = self.context.build_remote_transaction_keys();
6452 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
6454 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
6455 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
6456 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
6457 log_bytes!(self.context.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
6459 let counterparty_signature = self.context.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
6460 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0;
6462 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
6463 Ok((counterparty_initial_bitcoin_tx.txid, initial_commitment_tx, counterparty_signature))
6466 pub fn funding_created<SP: Deref, L: Deref>(
6467 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
6468 ) -> Result<(Channel<Signer>, msgs::FundingSigned, ChannelMonitor<Signer>), (Self, ChannelError)>
6470 SP::Target: SignerProvider<Signer = Signer>,
6473 if self.context.is_outbound() {
6474 return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
6476 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6477 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
6478 // remember the channel, so it's safe to just send an error_message here and drop the
6480 return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
6482 if self.context.inbound_awaiting_accept {
6483 return Err((self, ChannelError::Close("FundingCreated message received before the channel was accepted".to_owned())));
6485 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6486 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6487 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6488 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6491 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
6492 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6493 // This is an externally observable change before we finish all our checks. In particular
6494 // funding_created_signature may fail.
6495 self.context.holder_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6497 let (counterparty_initial_commitment_txid, initial_commitment_tx, signature) = match self.funding_created_signature(&msg.signature, logger) {
6499 Err(ChannelError::Close(e)) => {
6500 self.context.channel_transaction_parameters.funding_outpoint = None;
6501 return Err((self, ChannelError::Close(e)));
6504 // The only error we know how to handle is ChannelError::Close, so we fall over here
6505 // to make sure we don't continue with an inconsistent state.
6506 panic!("unexpected error type from funding_created_signature {:?}", e);
6510 let holder_commitment_tx = HolderCommitmentTransaction::new(
6511 initial_commitment_tx,
6514 &self.context.get_holder_pubkeys().funding_pubkey,
6515 self.context.counterparty_funding_pubkey()
6518 if let Err(_) = self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
6519 return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
6522 // Now that we're past error-generating stuff, update our local state:
6524 let funding_redeemscript = self.context.get_funding_redeemscript();
6525 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
6526 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
6527 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
6528 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
6529 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6530 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
6531 shutdown_script, self.context.get_holder_selected_contest_delay(),
6532 &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
6533 &self.context.channel_transaction_parameters,
6534 funding_redeemscript.clone(), self.context.channel_value_satoshis,
6536 holder_commitment_tx, best_block, self.context.counterparty_node_id);
6538 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_commitment_txid, Vec::new(), self.context.cur_counterparty_commitment_transaction_number, self.context.counterparty_cur_commitment_point.unwrap(), logger);
6540 self.context.channel_state = ChannelState::FundingSent as u32;
6541 self.context.channel_id = funding_txo.to_channel_id();
6542 self.context.cur_counterparty_commitment_transaction_number -= 1;
6543 self.context.cur_holder_commitment_transaction_number -= 1;
6545 log_info!(logger, "Generated funding_signed for peer for channel {}", log_bytes!(self.context.channel_id()));
6547 // Promote the channel to a full-fledged one now that we have updated the state and have a
6548 // `ChannelMonitor`.
6549 let mut channel = Channel {
6550 context: self.context,
6552 let channel_id = channel.context.channel_id.clone();
6553 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
6554 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
6556 Ok((channel, msgs::FundingSigned {
6560 partial_signature_with_nonce: None,
6561 }, channel_monitor))
6565 const SERIALIZATION_VERSION: u8 = 3;
6566 const MIN_SERIALIZATION_VERSION: u8 = 2;
6568 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
6574 impl Writeable for ChannelUpdateStatus {
6575 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6576 // We only care about writing out the current state as it was announced, ie only either
6577 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
6578 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
6580 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
6581 ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
6582 ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
6583 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
6589 impl Readable for ChannelUpdateStatus {
6590 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6591 Ok(match <u8 as Readable>::read(reader)? {
6592 0 => ChannelUpdateStatus::Enabled,
6593 1 => ChannelUpdateStatus::Disabled,
6594 _ => return Err(DecodeError::InvalidValue),
6599 impl Writeable for AnnouncementSigsState {
6600 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6601 // We only care about writing out the current state as if we had just disconnected, at
6602 // which point we always set anything but AnnouncementSigsReceived to NotSent.
6604 AnnouncementSigsState::NotSent => 0u8.write(writer),
6605 AnnouncementSigsState::MessageSent => 0u8.write(writer),
6606 AnnouncementSigsState::Committed => 0u8.write(writer),
6607 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6612 impl Readable for AnnouncementSigsState {
6613 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6614 Ok(match <u8 as Readable>::read(reader)? {
6615 0 => AnnouncementSigsState::NotSent,
6616 1 => AnnouncementSigsState::PeerReceived,
6617 _ => return Err(DecodeError::InvalidValue),
6622 impl<Signer: WriteableEcdsaChannelSigner> Writeable for Channel<Signer> {
6623 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6624 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6627 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6629 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6630 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6631 // the low bytes now and the optional high bytes later.
6632 let user_id_low = self.context.user_id as u64;
6633 user_id_low.write(writer)?;
6635 // Version 1 deserializers expected to read parts of the config object here. Version 2
6636 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6637 // `minimum_depth` we simply write dummy values here.
6638 writer.write_all(&[0; 8])?;
6640 self.context.channel_id.write(writer)?;
6641 (self.context.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6642 self.context.channel_value_satoshis.write(writer)?;
6644 self.context.latest_monitor_update_id.write(writer)?;
6646 let mut key_data = VecWriter(Vec::new());
6647 self.context.holder_signer.write(&mut key_data)?;
6648 assert!(key_data.0.len() < core::usize::MAX);
6649 assert!(key_data.0.len() < core::u32::MAX as usize);
6650 (key_data.0.len() as u32).write(writer)?;
6651 writer.write_all(&key_data.0[..])?;
6653 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6654 // deserialized from that format.
6655 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6656 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6657 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6659 self.context.destination_script.write(writer)?;
6661 self.context.cur_holder_commitment_transaction_number.write(writer)?;
6662 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
6663 self.context.value_to_self_msat.write(writer)?;
6665 let mut dropped_inbound_htlcs = 0;
6666 for htlc in self.context.pending_inbound_htlcs.iter() {
6667 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6668 dropped_inbound_htlcs += 1;
6671 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6672 for htlc in self.context.pending_inbound_htlcs.iter() {
6673 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6676 htlc.htlc_id.write(writer)?;
6677 htlc.amount_msat.write(writer)?;
6678 htlc.cltv_expiry.write(writer)?;
6679 htlc.payment_hash.write(writer)?;
6681 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6682 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6684 htlc_state.write(writer)?;
6686 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6688 htlc_state.write(writer)?;
6690 &InboundHTLCState::Committed => {
6693 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6695 removal_reason.write(writer)?;
6700 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6701 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
6703 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
6704 for (idx, htlc) in self.context.pending_outbound_htlcs.iter().enumerate() {
6705 htlc.htlc_id.write(writer)?;
6706 htlc.amount_msat.write(writer)?;
6707 htlc.cltv_expiry.write(writer)?;
6708 htlc.payment_hash.write(writer)?;
6709 htlc.source.write(writer)?;
6711 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6713 onion_packet.write(writer)?;
6715 &OutboundHTLCState::Committed => {
6718 &OutboundHTLCState::RemoteRemoved(_) => {
6719 // Treat this as a Committed because we haven't received the CS - they'll
6720 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6723 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6725 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6726 preimages.push(preimage);
6728 let reason: Option<&HTLCFailReason> = outcome.into();
6729 reason.write(writer)?;
6731 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6733 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6734 preimages.push(preimage);
6736 let reason: Option<&HTLCFailReason> = outcome.into();
6737 reason.write(writer)?;
6740 if let Some(skimmed_fee) = htlc.skimmed_fee_msat {
6741 if pending_outbound_skimmed_fees.is_empty() {
6742 for _ in 0..idx { pending_outbound_skimmed_fees.push(None); }
6744 pending_outbound_skimmed_fees.push(Some(skimmed_fee));
6745 } else if !pending_outbound_skimmed_fees.is_empty() {
6746 pending_outbound_skimmed_fees.push(None);
6750 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
6751 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
6752 for (idx, update) in self.context.holding_cell_htlc_updates.iter().enumerate() {
6754 &HTLCUpdateAwaitingACK::AddHTLC {
6755 ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
6759 amount_msat.write(writer)?;
6760 cltv_expiry.write(writer)?;
6761 payment_hash.write(writer)?;
6762 source.write(writer)?;
6763 onion_routing_packet.write(writer)?;
6765 if let Some(skimmed_fee) = skimmed_fee_msat {
6766 if holding_cell_skimmed_fees.is_empty() {
6767 for _ in 0..idx { holding_cell_skimmed_fees.push(None); }
6769 holding_cell_skimmed_fees.push(Some(skimmed_fee));
6770 } else if !holding_cell_skimmed_fees.is_empty() { holding_cell_skimmed_fees.push(None); }
6772 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
6774 payment_preimage.write(writer)?;
6775 htlc_id.write(writer)?;
6777 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
6779 htlc_id.write(writer)?;
6780 err_packet.write(writer)?;
6785 match self.context.resend_order {
6786 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
6787 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
6790 self.context.monitor_pending_channel_ready.write(writer)?;
6791 self.context.monitor_pending_revoke_and_ack.write(writer)?;
6792 self.context.monitor_pending_commitment_signed.write(writer)?;
6794 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
6795 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
6796 pending_forward.write(writer)?;
6797 htlc_id.write(writer)?;
6800 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
6801 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
6802 htlc_source.write(writer)?;
6803 payment_hash.write(writer)?;
6804 fail_reason.write(writer)?;
6807 if self.context.is_outbound() {
6808 self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
6809 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
6810 Some(feerate).write(writer)?;
6812 // As for inbound HTLCs, if the update was only announced and never committed in a
6813 // commitment_signed, drop it.
6814 None::<u32>.write(writer)?;
6816 self.context.holding_cell_update_fee.write(writer)?;
6818 self.context.next_holder_htlc_id.write(writer)?;
6819 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
6820 self.context.update_time_counter.write(writer)?;
6821 self.context.feerate_per_kw.write(writer)?;
6823 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6824 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6825 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6826 // consider the stale state on reload.
6829 self.context.funding_tx_confirmed_in.write(writer)?;
6830 self.context.funding_tx_confirmation_height.write(writer)?;
6831 self.context.short_channel_id.write(writer)?;
6833 self.context.counterparty_dust_limit_satoshis.write(writer)?;
6834 self.context.holder_dust_limit_satoshis.write(writer)?;
6835 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
6837 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6838 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
6840 self.context.counterparty_htlc_minimum_msat.write(writer)?;
6841 self.context.holder_htlc_minimum_msat.write(writer)?;
6842 self.context.counterparty_max_accepted_htlcs.write(writer)?;
6844 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6845 self.context.minimum_depth.unwrap_or(0).write(writer)?;
6847 match &self.context.counterparty_forwarding_info {
6850 info.fee_base_msat.write(writer)?;
6851 info.fee_proportional_millionths.write(writer)?;
6852 info.cltv_expiry_delta.write(writer)?;
6854 None => 0u8.write(writer)?
6857 self.context.channel_transaction_parameters.write(writer)?;
6858 self.context.funding_transaction.write(writer)?;
6860 self.context.counterparty_cur_commitment_point.write(writer)?;
6861 self.context.counterparty_prev_commitment_point.write(writer)?;
6862 self.context.counterparty_node_id.write(writer)?;
6864 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
6866 self.context.commitment_secrets.write(writer)?;
6868 self.context.channel_update_status.write(writer)?;
6870 #[cfg(any(test, fuzzing))]
6871 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
6872 #[cfg(any(test, fuzzing))]
6873 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
6874 htlc.write(writer)?;
6877 // If the channel type is something other than only-static-remote-key, then we need to have
6878 // older clients fail to deserialize this channel at all. If the type is
6879 // only-static-remote-key, we simply consider it "default" and don't write the channel type
6881 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
6882 Some(&self.context.channel_type) } else { None };
6884 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
6885 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
6886 // a different percentage of the channel value then 10%, which older versions of LDK used
6887 // to set it to before the percentage was made configurable.
6888 let serialized_holder_selected_reserve =
6889 if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
6890 { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
6892 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
6893 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
6894 let serialized_holder_htlc_max_in_flight =
6895 if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
6896 { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
6898 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
6899 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
6901 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6902 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
6903 // we write the high bytes as an option here.
6904 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
6906 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
6908 write_tlv_fields!(writer, {
6909 (0, self.context.announcement_sigs, option),
6910 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
6911 // default value instead of being Option<>al. Thus, to maintain compatibility we write
6912 // them twice, once with their original default values above, and once as an option
6913 // here. On the read side, old versions will simply ignore the odd-type entries here,
6914 // and new versions map the default values to None and allow the TLV entries here to
6916 (1, self.context.minimum_depth, option),
6917 (2, chan_type, option),
6918 (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
6919 (4, serialized_holder_selected_reserve, option),
6920 (5, self.context.config, required),
6921 (6, serialized_holder_htlc_max_in_flight, option),
6922 (7, self.context.shutdown_scriptpubkey, option),
6923 (8, self.context.blocked_monitor_updates, optional_vec),
6924 (9, self.context.target_closing_feerate_sats_per_kw, option),
6925 (11, self.context.monitor_pending_finalized_fulfills, required_vec),
6926 (13, self.context.channel_creation_height, required),
6927 (15, preimages, required_vec),
6928 (17, self.context.announcement_sigs_state, required),
6929 (19, self.context.latest_inbound_scid_alias, option),
6930 (21, self.context.outbound_scid_alias, required),
6931 (23, channel_ready_event_emitted, option),
6932 (25, user_id_high_opt, option),
6933 (27, self.context.channel_keys_id, required),
6934 (28, holder_max_accepted_htlcs, option),
6935 (29, self.context.temporary_channel_id, option),
6936 (31, channel_pending_event_emitted, option),
6937 (35, pending_outbound_skimmed_fees, optional_vec),
6938 (37, holding_cell_skimmed_fees, optional_vec),
6945 const MAX_ALLOC_SIZE: usize = 64*1024;
6946 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<<SP::Target as SignerProvider>::Signer>
6948 ES::Target: EntropySource,
6949 SP::Target: SignerProvider
6951 fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
6952 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
6953 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
6955 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6956 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
6957 // the low bytes now and the high bytes later.
6958 let user_id_low: u64 = Readable::read(reader)?;
6960 let mut config = Some(LegacyChannelConfig::default());
6962 // Read the old serialization of the ChannelConfig from version 0.0.98.
6963 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
6964 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
6965 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
6966 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
6968 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
6969 let mut _val: u64 = Readable::read(reader)?;
6972 let channel_id = Readable::read(reader)?;
6973 let channel_state = Readable::read(reader)?;
6974 let channel_value_satoshis = Readable::read(reader)?;
6976 let latest_monitor_update_id = Readable::read(reader)?;
6978 let mut keys_data = None;
6980 // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
6981 // the `channel_keys_id` TLV is present below.
6982 let keys_len: u32 = Readable::read(reader)?;
6983 keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
6984 while keys_data.as_ref().unwrap().len() != keys_len as usize {
6985 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6986 let mut data = [0; 1024];
6987 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
6988 reader.read_exact(read_slice)?;
6989 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
6993 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
6994 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
6995 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
6998 let destination_script = Readable::read(reader)?;
7000 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
7001 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
7002 let value_to_self_msat = Readable::read(reader)?;
7004 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
7006 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7007 for _ in 0..pending_inbound_htlc_count {
7008 pending_inbound_htlcs.push(InboundHTLCOutput {
7009 htlc_id: Readable::read(reader)?,
7010 amount_msat: Readable::read(reader)?,
7011 cltv_expiry: Readable::read(reader)?,
7012 payment_hash: Readable::read(reader)?,
7013 state: match <u8 as Readable>::read(reader)? {
7014 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
7015 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
7016 3 => InboundHTLCState::Committed,
7017 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
7018 _ => return Err(DecodeError::InvalidValue),
7023 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
7024 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7025 for _ in 0..pending_outbound_htlc_count {
7026 pending_outbound_htlcs.push(OutboundHTLCOutput {
7027 htlc_id: Readable::read(reader)?,
7028 amount_msat: Readable::read(reader)?,
7029 cltv_expiry: Readable::read(reader)?,
7030 payment_hash: Readable::read(reader)?,
7031 source: Readable::read(reader)?,
7032 state: match <u8 as Readable>::read(reader)? {
7033 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
7034 1 => OutboundHTLCState::Committed,
7036 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7037 OutboundHTLCState::RemoteRemoved(option.into())
7040 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7041 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
7044 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7045 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
7047 _ => return Err(DecodeError::InvalidValue),
7049 skimmed_fee_msat: None,
7053 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
7054 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
7055 for _ in 0..holding_cell_htlc_update_count {
7056 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
7057 0 => HTLCUpdateAwaitingACK::AddHTLC {
7058 amount_msat: Readable::read(reader)?,
7059 cltv_expiry: Readable::read(reader)?,
7060 payment_hash: Readable::read(reader)?,
7061 source: Readable::read(reader)?,
7062 onion_routing_packet: Readable::read(reader)?,
7063 skimmed_fee_msat: None,
7065 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
7066 payment_preimage: Readable::read(reader)?,
7067 htlc_id: Readable::read(reader)?,
7069 2 => HTLCUpdateAwaitingACK::FailHTLC {
7070 htlc_id: Readable::read(reader)?,
7071 err_packet: Readable::read(reader)?,
7073 _ => return Err(DecodeError::InvalidValue),
7077 let resend_order = match <u8 as Readable>::read(reader)? {
7078 0 => RAACommitmentOrder::CommitmentFirst,
7079 1 => RAACommitmentOrder::RevokeAndACKFirst,
7080 _ => return Err(DecodeError::InvalidValue),
7083 let monitor_pending_channel_ready = Readable::read(reader)?;
7084 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
7085 let monitor_pending_commitment_signed = Readable::read(reader)?;
7087 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
7088 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
7089 for _ in 0..monitor_pending_forwards_count {
7090 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
7093 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
7094 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
7095 for _ in 0..monitor_pending_failures_count {
7096 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
7099 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
7101 let holding_cell_update_fee = Readable::read(reader)?;
7103 let next_holder_htlc_id = Readable::read(reader)?;
7104 let next_counterparty_htlc_id = Readable::read(reader)?;
7105 let update_time_counter = Readable::read(reader)?;
7106 let feerate_per_kw = Readable::read(reader)?;
7108 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7109 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7110 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7111 // consider the stale state on reload.
7112 match <u8 as Readable>::read(reader)? {
7115 let _: u32 = Readable::read(reader)?;
7116 let _: u64 = Readable::read(reader)?;
7117 let _: Signature = Readable::read(reader)?;
7119 _ => return Err(DecodeError::InvalidValue),
7122 let funding_tx_confirmed_in = Readable::read(reader)?;
7123 let funding_tx_confirmation_height = Readable::read(reader)?;
7124 let short_channel_id = Readable::read(reader)?;
7126 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
7127 let holder_dust_limit_satoshis = Readable::read(reader)?;
7128 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
7129 let mut counterparty_selected_channel_reserve_satoshis = None;
7131 // Read the old serialization from version 0.0.98.
7132 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
7134 // Read the 8 bytes of backwards-compatibility data.
7135 let _dummy: u64 = Readable::read(reader)?;
7137 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
7138 let holder_htlc_minimum_msat = Readable::read(reader)?;
7139 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
7141 let mut minimum_depth = None;
7143 // Read the old serialization from version 0.0.98.
7144 minimum_depth = Some(Readable::read(reader)?);
7146 // Read the 4 bytes of backwards-compatibility data.
7147 let _dummy: u32 = Readable::read(reader)?;
7150 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
7152 1 => Some(CounterpartyForwardingInfo {
7153 fee_base_msat: Readable::read(reader)?,
7154 fee_proportional_millionths: Readable::read(reader)?,
7155 cltv_expiry_delta: Readable::read(reader)?,
7157 _ => return Err(DecodeError::InvalidValue),
7160 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
7161 let funding_transaction = Readable::read(reader)?;
7163 let counterparty_cur_commitment_point = Readable::read(reader)?;
7165 let counterparty_prev_commitment_point = Readable::read(reader)?;
7166 let counterparty_node_id = Readable::read(reader)?;
7168 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
7169 let commitment_secrets = Readable::read(reader)?;
7171 let channel_update_status = Readable::read(reader)?;
7173 #[cfg(any(test, fuzzing))]
7174 let mut historical_inbound_htlc_fulfills = HashSet::new();
7175 #[cfg(any(test, fuzzing))]
7177 let htlc_fulfills_len: u64 = Readable::read(reader)?;
7178 for _ in 0..htlc_fulfills_len {
7179 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
7183 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
7184 Some((feerate, if channel_parameters.is_outbound_from_holder {
7185 FeeUpdateState::Outbound
7187 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
7193 let mut announcement_sigs = None;
7194 let mut target_closing_feerate_sats_per_kw = None;
7195 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
7196 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
7197 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
7198 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
7199 // only, so we default to that if none was written.
7200 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
7201 let mut channel_creation_height = Some(serialized_height);
7202 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
7204 // If we read an old Channel, for simplicity we just treat it as "we never sent an
7205 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
7206 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
7207 let mut latest_inbound_scid_alias = None;
7208 let mut outbound_scid_alias = None;
7209 let mut channel_pending_event_emitted = None;
7210 let mut channel_ready_event_emitted = None;
7212 let mut user_id_high_opt: Option<u64> = None;
7213 let mut channel_keys_id: Option<[u8; 32]> = None;
7214 let mut temporary_channel_id: Option<[u8; 32]> = None;
7215 let mut holder_max_accepted_htlcs: Option<u16> = None;
7217 let mut blocked_monitor_updates = Some(Vec::new());
7219 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7220 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7222 read_tlv_fields!(reader, {
7223 (0, announcement_sigs, option),
7224 (1, minimum_depth, option),
7225 (2, channel_type, option),
7226 (3, counterparty_selected_channel_reserve_satoshis, option),
7227 (4, holder_selected_channel_reserve_satoshis, option),
7228 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
7229 (6, holder_max_htlc_value_in_flight_msat, option),
7230 (7, shutdown_scriptpubkey, option),
7231 (8, blocked_monitor_updates, optional_vec),
7232 (9, target_closing_feerate_sats_per_kw, option),
7233 (11, monitor_pending_finalized_fulfills, optional_vec),
7234 (13, channel_creation_height, option),
7235 (15, preimages_opt, optional_vec),
7236 (17, announcement_sigs_state, option),
7237 (19, latest_inbound_scid_alias, option),
7238 (21, outbound_scid_alias, option),
7239 (23, channel_ready_event_emitted, option),
7240 (25, user_id_high_opt, option),
7241 (27, channel_keys_id, option),
7242 (28, holder_max_accepted_htlcs, option),
7243 (29, temporary_channel_id, option),
7244 (31, channel_pending_event_emitted, option),
7245 (35, pending_outbound_skimmed_fees_opt, optional_vec),
7246 (37, holding_cell_skimmed_fees_opt, optional_vec),
7249 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
7250 let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7251 // If we've gotten to the funding stage of the channel, populate the signer with its
7252 // required channel parameters.
7253 let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
7254 if non_shutdown_state >= (ChannelState::FundingCreated as u32) {
7255 holder_signer.provide_channel_parameters(&channel_parameters);
7257 (channel_keys_id, holder_signer)
7259 // `keys_data` can be `None` if we had corrupted data.
7260 let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
7261 let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
7262 (holder_signer.channel_keys_id(), holder_signer)
7265 if let Some(preimages) = preimages_opt {
7266 let mut iter = preimages.into_iter();
7267 for htlc in pending_outbound_htlcs.iter_mut() {
7269 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
7270 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7272 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
7273 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7278 // We expect all preimages to be consumed above
7279 if iter.next().is_some() {
7280 return Err(DecodeError::InvalidValue);
7284 let chan_features = channel_type.as_ref().unwrap();
7285 if !chan_features.is_subset(our_supported_features) {
7286 // If the channel was written by a new version and negotiated with features we don't
7287 // understand yet, refuse to read it.
7288 return Err(DecodeError::UnknownRequiredFeature);
7291 // ChannelTransactionParameters may have had an empty features set upon deserialization.
7292 // To account for that, we're proactively setting/overriding the field here.
7293 channel_parameters.channel_type_features = chan_features.clone();
7295 let mut secp_ctx = Secp256k1::new();
7296 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
7298 // `user_id` used to be a single u64 value. In order to remain backwards
7299 // compatible with versions prior to 0.0.113, the u128 is serialized as two
7300 // separate u64 values.
7301 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
7303 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
7305 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
7306 let mut iter = skimmed_fees.into_iter();
7307 for htlc in pending_outbound_htlcs.iter_mut() {
7308 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7310 // We expect all skimmed fees to be consumed above
7311 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7313 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
7314 let mut iter = skimmed_fees.into_iter();
7315 for htlc in holding_cell_htlc_updates.iter_mut() {
7316 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
7317 *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7320 // We expect all skimmed fees to be consumed above
7321 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7325 context: ChannelContext {
7328 config: config.unwrap(),
7332 // Note that we don't care about serializing handshake limits as we only ever serialize
7333 // channel data after the handshake has completed.
7334 inbound_handshake_limits_override: None,
7337 temporary_channel_id,
7339 announcement_sigs_state: announcement_sigs_state.unwrap(),
7341 channel_value_satoshis,
7343 latest_monitor_update_id,
7346 shutdown_scriptpubkey,
7349 cur_holder_commitment_transaction_number,
7350 cur_counterparty_commitment_transaction_number,
7353 holder_max_accepted_htlcs,
7354 pending_inbound_htlcs,
7355 pending_outbound_htlcs,
7356 holding_cell_htlc_updates,
7360 monitor_pending_channel_ready,
7361 monitor_pending_revoke_and_ack,
7362 monitor_pending_commitment_signed,
7363 monitor_pending_forwards,
7364 monitor_pending_failures,
7365 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
7368 holding_cell_update_fee,
7369 next_holder_htlc_id,
7370 next_counterparty_htlc_id,
7371 update_time_counter,
7374 #[cfg(debug_assertions)]
7375 holder_max_commitment_tx_output: Mutex::new((0, 0)),
7376 #[cfg(debug_assertions)]
7377 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
7379 last_sent_closing_fee: None,
7380 pending_counterparty_closing_signed: None,
7381 closing_fee_limits: None,
7382 target_closing_feerate_sats_per_kw,
7384 inbound_awaiting_accept: false,
7386 funding_tx_confirmed_in,
7387 funding_tx_confirmation_height,
7389 channel_creation_height: channel_creation_height.unwrap(),
7391 counterparty_dust_limit_satoshis,
7392 holder_dust_limit_satoshis,
7393 counterparty_max_htlc_value_in_flight_msat,
7394 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
7395 counterparty_selected_channel_reserve_satoshis,
7396 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
7397 counterparty_htlc_minimum_msat,
7398 holder_htlc_minimum_msat,
7399 counterparty_max_accepted_htlcs,
7402 counterparty_forwarding_info,
7404 channel_transaction_parameters: channel_parameters,
7405 funding_transaction,
7407 counterparty_cur_commitment_point,
7408 counterparty_prev_commitment_point,
7409 counterparty_node_id,
7411 counterparty_shutdown_scriptpubkey,
7415 channel_update_status,
7416 closing_signed_in_flight: false,
7420 #[cfg(any(test, fuzzing))]
7421 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
7422 #[cfg(any(test, fuzzing))]
7423 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
7425 workaround_lnd_bug_4006: None,
7426 sent_message_awaiting_response: None,
7428 latest_inbound_scid_alias,
7429 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
7430 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
7432 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
7433 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
7435 #[cfg(any(test, fuzzing))]
7436 historical_inbound_htlc_fulfills,
7438 channel_type: channel_type.unwrap(),
7441 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
7450 use bitcoin::blockdata::script::{Script, Builder};
7451 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7452 use bitcoin::blockdata::constants::genesis_block;
7453 use bitcoin::blockdata::opcodes;
7454 use bitcoin::network::constants::Network;
7456 use crate::ln::PaymentHash;
7457 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
7458 use crate::ln::channel::InitFeatures;
7459 use crate::ln::channel::{Channel, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, commit_tx_fee_msat};
7460 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
7461 use crate::ln::features::ChannelTypeFeatures;
7462 use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
7463 use crate::ln::script::ShutdownScript;
7464 use crate::ln::chan_utils;
7465 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
7466 use crate::chain::BestBlock;
7467 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
7468 use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
7469 use crate::chain::transaction::OutPoint;
7470 use crate::routing::router::Path;
7471 use crate::util::config::UserConfig;
7472 use crate::util::enforcing_trait_impls::EnforcingSigner;
7473 use crate::util::errors::APIError;
7474 use crate::util::test_utils;
7475 use crate::util::test_utils::OnGetShutdownScriptpubkey;
7476 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
7477 use bitcoin::secp256k1::ffi::Signature as FFISignature;
7478 use bitcoin::secp256k1::{SecretKey,PublicKey};
7479 use bitcoin::hashes::sha256::Hash as Sha256;
7480 use bitcoin::hashes::Hash;
7481 use bitcoin::hash_types::WPubkeyHash;
7482 use bitcoin::PackedLockTime;
7483 use bitcoin::util::address::WitnessVersion;
7484 use crate::prelude::*;
7486 struct TestFeeEstimator {
7489 impl FeeEstimator for TestFeeEstimator {
7490 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
7496 fn test_max_funding_satoshis_no_wumbo() {
7497 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
7498 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
7499 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
7503 fn test_no_fee_check_overflow() {
7504 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
7505 // arithmetic, causing a panic with debug assertions enabled.
7506 let fee_est = TestFeeEstimator { fee_est: 42 };
7507 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7508 assert!(Channel::<InMemorySigner>::check_remote_fee(
7509 &ChannelTypeFeatures::only_static_remote_key(), &bounded_fee_estimator,
7510 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
7514 signer: InMemorySigner,
7517 impl EntropySource for Keys {
7518 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
7521 impl SignerProvider for Keys {
7522 type Signer = InMemorySigner;
7524 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
7525 self.signer.channel_keys_id()
7528 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::Signer {
7532 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
7534 fn get_destination_script(&self) -> Result<Script, ()> {
7535 let secp_ctx = Secp256k1::signing_only();
7536 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7537 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
7538 Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script())
7541 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
7542 let secp_ctx = Secp256k1::signing_only();
7543 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7544 Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
7548 #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
7549 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
7550 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
7554 fn upfront_shutdown_script_incompatibility() {
7555 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
7556 let non_v0_segwit_shutdown_script =
7557 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
7559 let seed = [42; 32];
7560 let network = Network::Testnet;
7561 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7562 keys_provider.expect(OnGetShutdownScriptpubkey {
7563 returns: non_v0_segwit_shutdown_script.clone(),
7566 let secp_ctx = Secp256k1::new();
7567 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7568 let config = UserConfig::default();
7569 match OutboundV1Channel::<EnforcingSigner>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
7570 Err(APIError::IncompatibleShutdownScript { script }) => {
7571 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
7573 Err(e) => panic!("Unexpected error: {:?}", e),
7574 Ok(_) => panic!("Expected error"),
7578 // Check that, during channel creation, we use the same feerate in the open channel message
7579 // as we do in the Channel object creation itself.
7581 fn test_open_channel_msg_fee() {
7582 let original_fee = 253;
7583 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
7584 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7585 let secp_ctx = Secp256k1::new();
7586 let seed = [42; 32];
7587 let network = Network::Testnet;
7588 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7590 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7591 let config = UserConfig::default();
7592 let node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7594 // Now change the fee so we can check that the fee in the open_channel message is the
7595 // same as the old fee.
7596 fee_est.fee_est = 500;
7597 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7598 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
7602 fn test_holder_vs_counterparty_dust_limit() {
7603 // Test that when calculating the local and remote commitment transaction fees, the correct
7604 // dust limits are used.
7605 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7606 let secp_ctx = Secp256k1::new();
7607 let seed = [42; 32];
7608 let network = Network::Testnet;
7609 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7610 let logger = test_utils::TestLogger::new();
7611 let best_block = BestBlock::from_network(network);
7613 // Go through the flow of opening a channel between two nodes, making sure
7614 // they have different dust limits.
7616 // Create Node A's channel pointing to Node B's pubkey
7617 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7618 let config = UserConfig::default();
7619 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7621 // Create Node B's channel by receiving Node A's open_channel message
7622 // Make sure A's dust limit is as we expect.
7623 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7624 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7625 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7627 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7628 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7629 accept_channel_msg.dust_limit_satoshis = 546;
7630 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7631 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7633 // Node A --> Node B: funding created
7634 let output_script = node_a_chan.context.get_funding_redeemscript();
7635 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7636 value: 10000000, script_pubkey: output_script.clone(),
7638 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7639 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7640 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7642 // Node B --> Node A: funding signed
7643 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7645 // Put some inbound and outbound HTLCs in A's channel.
7646 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
7647 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
7649 amount_msat: htlc_amount_msat,
7650 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
7651 cltv_expiry: 300000000,
7652 state: InboundHTLCState::Committed,
7655 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
7657 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
7658 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
7659 cltv_expiry: 200000000,
7660 state: OutboundHTLCState::Committed,
7661 source: HTLCSource::OutboundRoute {
7662 path: Path { hops: Vec::new(), blinded_tail: None },
7663 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7664 first_hop_htlc_msat: 548,
7665 payment_id: PaymentId([42; 32]),
7667 skimmed_fee_msat: None,
7670 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
7671 // the dust limit check.
7672 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7673 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7674 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
7675 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
7677 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
7678 // of the HTLCs are seen to be above the dust limit.
7679 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7680 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
7681 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7682 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7683 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
7687 fn test_timeout_vs_success_htlc_dust_limit() {
7688 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
7689 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
7690 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
7691 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
7692 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
7693 let secp_ctx = Secp256k1::new();
7694 let seed = [42; 32];
7695 let network = Network::Testnet;
7696 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7698 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7699 let config = UserConfig::default();
7700 let mut chan = OutboundV1Channel::<EnforcingSigner>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7702 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
7703 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
7705 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
7706 // counted as dust when it shouldn't be.
7707 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
7708 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7709 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7710 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7712 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7713 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
7714 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7715 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7716 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7718 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7720 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7721 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
7722 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7723 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7724 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7726 // If swapped: this HTLC would be counted as dust when it shouldn't be.
7727 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
7728 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7729 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7730 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7734 fn channel_reestablish_no_updates() {
7735 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7736 let logger = test_utils::TestLogger::new();
7737 let secp_ctx = Secp256k1::new();
7738 let seed = [42; 32];
7739 let network = Network::Testnet;
7740 let best_block = BestBlock::from_network(network);
7741 let chain_hash = best_block.block_hash();
7742 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7744 // Go through the flow of opening a channel between two nodes.
7746 // Create Node A's channel pointing to Node B's pubkey
7747 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7748 let config = UserConfig::default();
7749 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7751 // Create Node B's channel by receiving Node A's open_channel message
7752 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
7753 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7754 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7756 // Node B --> Node A: accept channel
7757 let accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7758 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7760 // Node A --> Node B: funding created
7761 let output_script = node_a_chan.context.get_funding_redeemscript();
7762 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7763 value: 10000000, script_pubkey: output_script.clone(),
7765 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7766 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7767 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7769 // Node B --> Node A: funding signed
7770 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7772 // Now disconnect the two nodes and check that the commitment point in
7773 // Node B's channel_reestablish message is sane.
7774 node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7775 let msg = node_b_chan.get_channel_reestablish(&&logger);
7776 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7777 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7778 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7780 // Check that the commitment point in Node A's channel_reestablish message
7782 node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7783 let msg = node_a_chan.get_channel_reestablish(&&logger);
7784 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7785 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7786 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7790 fn test_configured_holder_max_htlc_value_in_flight() {
7791 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7792 let logger = test_utils::TestLogger::new();
7793 let secp_ctx = Secp256k1::new();
7794 let seed = [42; 32];
7795 let network = Network::Testnet;
7796 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7797 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7798 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7800 let mut config_2_percent = UserConfig::default();
7801 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
7802 let mut config_99_percent = UserConfig::default();
7803 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
7804 let mut config_0_percent = UserConfig::default();
7805 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
7806 let mut config_101_percent = UserConfig::default();
7807 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
7809 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
7810 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7811 // which is set to the lower bound + 1 (2%) of the `channel_value`.
7812 let chan_1 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
7813 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
7814 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
7816 // Test with the upper bound - 1 of valid values (99%).
7817 let chan_2 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
7818 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
7819 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
7821 let chan_1_open_channel_msg = chan_1.get_open_channel(genesis_block(network).header.block_hash());
7823 // Test that `InboundV1Channel::new` creates a channel with the correct value for
7824 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7825 // which is set to the lower bound - 1 (2%) of the `channel_value`.
7826 let chan_3 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, 42).unwrap();
7827 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
7828 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
7830 // Test with the upper bound - 1 of valid values (99%).
7831 let chan_4 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, 42).unwrap();
7832 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
7833 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
7835 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7836 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7837 let chan_5 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
7838 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
7839 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
7841 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
7842 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7844 let chan_6 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
7845 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
7846 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
7848 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7849 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7850 let chan_7 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, 42).unwrap();
7851 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
7852 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
7854 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
7855 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7857 let chan_8 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, 42).unwrap();
7858 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
7859 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
7863 fn test_configured_holder_selected_channel_reserve_satoshis() {
7865 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
7866 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
7867 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
7869 // Test with valid but unreasonably high channel reserves
7870 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
7871 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
7872 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
7874 // Test with calculated channel reserve less than lower bound
7875 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
7876 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
7878 // Test with invalid channel reserves since sum of both is greater than or equal
7880 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
7881 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
7884 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
7885 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
7886 let logger = test_utils::TestLogger::new();
7887 let secp_ctx = Secp256k1::new();
7888 let seed = [42; 32];
7889 let network = Network::Testnet;
7890 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7891 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7892 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7895 let mut outbound_node_config = UserConfig::default();
7896 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7897 let chan = OutboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
7899 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
7900 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
7902 let chan_open_channel_msg = chan.get_open_channel(genesis_block(network).header.block_hash());
7903 let mut inbound_node_config = UserConfig::default();
7904 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7906 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
7907 let chan_inbound_node = InboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42).unwrap();
7909 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
7911 assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
7912 assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
7914 // Channel Negotiations failed
7915 let result = InboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42);
7916 assert!(result.is_err());
7921 fn channel_update() {
7922 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7923 let logger = test_utils::TestLogger::new();
7924 let secp_ctx = Secp256k1::new();
7925 let seed = [42; 32];
7926 let network = Network::Testnet;
7927 let best_block = BestBlock::from_network(network);
7928 let chain_hash = genesis_block(network).header.block_hash();
7929 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7931 // Create Node A's channel pointing to Node B's pubkey
7932 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7933 let config = UserConfig::default();
7934 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7936 // Create Node B's channel by receiving Node A's open_channel message
7937 // Make sure A's dust limit is as we expect.
7938 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7939 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7940 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7942 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7943 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7944 accept_channel_msg.dust_limit_satoshis = 546;
7945 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7946 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7948 // Node A --> Node B: funding created
7949 let output_script = node_a_chan.context.get_funding_redeemscript();
7950 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7951 value: 10000000, script_pubkey: output_script.clone(),
7953 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7954 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7955 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7957 // Node B --> Node A: funding signed
7958 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7960 // Make sure that receiving a channel update will update the Channel as expected.
7961 let update = ChannelUpdate {
7962 contents: UnsignedChannelUpdate {
7964 short_channel_id: 0,
7967 cltv_expiry_delta: 100,
7968 htlc_minimum_msat: 5,
7969 htlc_maximum_msat: MAX_VALUE_MSAT,
7971 fee_proportional_millionths: 11,
7972 excess_data: Vec::new(),
7974 signature: Signature::from(unsafe { FFISignature::new() })
7976 node_a_chan.channel_update(&update).unwrap();
7978 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
7979 // change our official htlc_minimum_msat.
7980 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
7981 match node_a_chan.context.counterparty_forwarding_info() {
7983 assert_eq!(info.cltv_expiry_delta, 100);
7984 assert_eq!(info.fee_base_msat, 110);
7985 assert_eq!(info.fee_proportional_millionths, 11);
7987 None => panic!("expected counterparty forwarding info to be Some")
7991 #[cfg(feature = "_test_vectors")]
7993 fn outbound_commitment_test() {
7994 use bitcoin::util::sighash;
7995 use bitcoin::consensus::encode::serialize;
7996 use bitcoin::blockdata::transaction::EcdsaSighashType;
7997 use bitcoin::hashes::hex::FromHex;
7998 use bitcoin::hash_types::Txid;
7999 use bitcoin::secp256k1::Message;
8000 use crate::sign::EcdsaChannelSigner;
8001 use crate::ln::PaymentPreimage;
8002 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
8003 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
8004 use crate::util::logger::Logger;
8005 use crate::sync::Arc;
8007 // Test vectors from BOLT 3 Appendices C and F (anchors):
8008 let feeest = TestFeeEstimator{fee_est: 15000};
8009 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
8010 let secp_ctx = Secp256k1::new();
8012 let mut signer = InMemorySigner::new(
8014 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
8015 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
8016 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8017 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
8018 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8020 // These aren't set in the test vectors:
8021 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
8027 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
8028 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
8029 let keys_provider = Keys { signer: signer.clone() };
8031 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8032 let mut config = UserConfig::default();
8033 config.channel_handshake_config.announced_channel = false;
8034 let mut chan = OutboundV1Channel::<InMemorySigner>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
8035 chan.context.holder_dust_limit_satoshis = 546;
8036 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
8038 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
8040 let counterparty_pubkeys = ChannelPublicKeys {
8041 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8042 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
8043 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
8044 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8045 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
8047 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
8048 CounterpartyChannelTransactionParameters {
8049 pubkeys: counterparty_pubkeys.clone(),
8050 selected_contest_delay: 144
8052 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
8053 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
8055 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
8056 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8058 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
8059 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
8061 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
8062 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8064 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
8065 // derived from a commitment_seed, so instead we copy it here and call
8066 // build_commitment_transaction.
8067 let delayed_payment_base = &chan.context.holder_signer.pubkeys().delayed_payment_basepoint;
8068 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8069 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8070 let htlc_basepoint = &chan.context.holder_signer.pubkeys().htlc_basepoint;
8071 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
8073 macro_rules! test_commitment {
8074 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8075 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8076 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
8080 macro_rules! test_commitment_with_anchors {
8081 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8082 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8083 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
8087 macro_rules! test_commitment_common {
8088 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
8089 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
8091 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
8092 let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
8094 let htlcs = commitment_stats.htlcs_included.drain(..)
8095 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
8097 (commitment_stats.tx, htlcs)
8099 let trusted_tx = commitment_tx.trust();
8100 let unsigned_tx = trusted_tx.built_transaction();
8101 let redeemscript = chan.context.get_funding_redeemscript();
8102 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
8103 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
8104 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
8105 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
8107 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
8108 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
8109 let mut counterparty_htlc_sigs = Vec::new();
8110 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
8112 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8113 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
8114 counterparty_htlc_sigs.push(remote_signature);
8116 assert_eq!(htlcs.len(), per_htlc.len());
8118 let holder_commitment_tx = HolderCommitmentTransaction::new(
8119 commitment_tx.clone(),
8120 counterparty_signature,
8121 counterparty_htlc_sigs,
8122 &chan.context.holder_signer.pubkeys().funding_pubkey,
8123 chan.context.counterparty_funding_pubkey()
8125 let (holder_sig, htlc_sigs) = signer.sign_holder_commitment_and_htlcs(&holder_commitment_tx, &secp_ctx).unwrap();
8126 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
8128 let funding_redeemscript = chan.context.get_funding_redeemscript();
8129 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
8130 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
8132 // ((htlc, counterparty_sig), (index, holder_sig))
8133 let mut htlc_sig_iter = holder_commitment_tx.htlcs().iter().zip(&holder_commitment_tx.counterparty_htlc_sigs).zip(htlc_sigs.iter().enumerate());
8136 log_trace!(logger, "verifying htlc {}", $htlc_idx);
8137 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8139 let ref htlc = htlcs[$htlc_idx];
8140 let htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
8141 chan.context.get_counterparty_selected_contest_delay().unwrap(),
8142 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
8143 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
8144 let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
8145 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
8146 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
8148 let mut preimage: Option<PaymentPreimage> = None;
8151 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
8152 if out == htlc.payment_hash {
8153 preimage = Some(PaymentPreimage([i; 32]));
8157 assert!(preimage.is_some());
8160 let htlc_sig = htlc_sig_iter.next().unwrap();
8161 let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
8162 assert_eq!((htlc_sig.0).0.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
8164 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
8165 assert_eq!(signature, *(htlc_sig.1).1, "htlc sig");
8166 let index = (htlc_sig.1).0;
8167 let channel_parameters = chan.context.channel_transaction_parameters.as_holder_broadcastable();
8168 let trusted_tx = holder_commitment_tx.trust();
8169 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))));
8170 assert_eq!(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))[..],
8171 hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
8173 assert!(htlc_sig_iter.next().is_none());
8177 // anchors: simple commitment tx with no HTLCs and single anchor
8178 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
8179 "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
8180 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8182 // simple commitment tx with no HTLCs
8183 chan.context.value_to_self_msat = 7000000000;
8185 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
8186 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
8187 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8189 // anchors: simple commitment tx with no HTLCs
8190 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
8191 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
8192 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8194 chan.context.pending_inbound_htlcs.push({
8195 let mut out = InboundHTLCOutput{
8197 amount_msat: 1000000,
8199 payment_hash: PaymentHash([0; 32]),
8200 state: InboundHTLCState::Committed,
8202 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
8205 chan.context.pending_inbound_htlcs.push({
8206 let mut out = InboundHTLCOutput{
8208 amount_msat: 2000000,
8210 payment_hash: PaymentHash([0; 32]),
8211 state: InboundHTLCState::Committed,
8213 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8216 chan.context.pending_outbound_htlcs.push({
8217 let mut out = OutboundHTLCOutput{
8219 amount_msat: 2000000,
8221 payment_hash: PaymentHash([0; 32]),
8222 state: OutboundHTLCState::Committed,
8223 source: HTLCSource::dummy(),
8224 skimmed_fee_msat: None,
8226 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
8229 chan.context.pending_outbound_htlcs.push({
8230 let mut out = OutboundHTLCOutput{
8232 amount_msat: 3000000,
8234 payment_hash: PaymentHash([0; 32]),
8235 state: OutboundHTLCState::Committed,
8236 source: HTLCSource::dummy(),
8237 skimmed_fee_msat: None,
8239 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
8242 chan.context.pending_inbound_htlcs.push({
8243 let mut out = InboundHTLCOutput{
8245 amount_msat: 4000000,
8247 payment_hash: PaymentHash([0; 32]),
8248 state: InboundHTLCState::Committed,
8250 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
8254 // commitment tx with all five HTLCs untrimmed (minimum feerate)
8255 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8256 chan.context.feerate_per_kw = 0;
8258 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
8259 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
8260 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8263 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
8264 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
8265 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8268 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
8269 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
8270 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8273 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
8274 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
8275 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8278 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
8279 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
8280 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8283 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
8284 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
8285 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8288 // commitment tx with seven outputs untrimmed (maximum feerate)
8289 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8290 chan.context.feerate_per_kw = 647;
8292 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
8293 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
8294 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8297 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
8298 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
8299 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8302 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
8303 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
8304 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8307 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
8308 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
8309 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8312 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
8313 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
8314 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8317 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
8318 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
8319 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8322 // commitment tx with six outputs untrimmed (minimum feerate)
8323 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8324 chan.context.feerate_per_kw = 648;
8326 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
8327 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
8328 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8331 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
8332 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
8333 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8336 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
8337 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
8338 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8341 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
8342 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
8343 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8346 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
8347 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
8348 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8351 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
8352 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8353 chan.context.feerate_per_kw = 645;
8354 chan.context.holder_dust_limit_satoshis = 1001;
8356 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
8357 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
8358 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8361 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
8362 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
8363 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
8366 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
8367 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
8368 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8371 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
8372 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
8373 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8376 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
8377 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
8378 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8381 // commitment tx with six outputs untrimmed (maximum feerate)
8382 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8383 chan.context.feerate_per_kw = 2069;
8384 chan.context.holder_dust_limit_satoshis = 546;
8386 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
8387 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
8388 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8391 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
8392 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
8393 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8396 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
8397 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
8398 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8401 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
8402 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
8403 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8406 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
8407 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
8408 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8411 // commitment tx with five outputs untrimmed (minimum feerate)
8412 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8413 chan.context.feerate_per_kw = 2070;
8415 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
8416 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
8417 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8420 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
8421 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
8422 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8425 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
8426 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
8427 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8430 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
8431 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
8432 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8435 // commitment tx with five outputs untrimmed (maximum feerate)
8436 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8437 chan.context.feerate_per_kw = 2194;
8439 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
8440 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
8441 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8444 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
8445 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
8446 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8449 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
8450 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
8451 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8454 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
8455 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
8456 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8459 // commitment tx with four outputs untrimmed (minimum feerate)
8460 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8461 chan.context.feerate_per_kw = 2195;
8463 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
8464 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
8465 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8468 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
8469 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
8470 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8473 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
8474 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
8475 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8478 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
8479 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8480 chan.context.feerate_per_kw = 2185;
8481 chan.context.holder_dust_limit_satoshis = 2001;
8482 let cached_channel_type = chan.context.channel_type;
8483 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8485 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
8486 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
8487 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8490 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
8491 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
8492 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8495 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
8496 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
8497 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8500 // commitment tx with four outputs untrimmed (maximum feerate)
8501 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8502 chan.context.feerate_per_kw = 3702;
8503 chan.context.holder_dust_limit_satoshis = 546;
8504 chan.context.channel_type = cached_channel_type.clone();
8506 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
8507 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
8508 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8511 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
8512 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
8513 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8516 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
8517 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
8518 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8521 // commitment tx with three outputs untrimmed (minimum feerate)
8522 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8523 chan.context.feerate_per_kw = 3703;
8525 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
8526 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
8527 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8530 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
8531 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
8532 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8535 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
8536 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8537 chan.context.feerate_per_kw = 3687;
8538 chan.context.holder_dust_limit_satoshis = 3001;
8539 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8541 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
8542 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
8543 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8546 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
8547 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
8548 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8551 // commitment tx with three outputs untrimmed (maximum feerate)
8552 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8553 chan.context.feerate_per_kw = 4914;
8554 chan.context.holder_dust_limit_satoshis = 546;
8555 chan.context.channel_type = cached_channel_type.clone();
8557 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
8558 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
8559 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8562 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
8563 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
8564 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8567 // commitment tx with two outputs untrimmed (minimum feerate)
8568 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8569 chan.context.feerate_per_kw = 4915;
8570 chan.context.holder_dust_limit_satoshis = 546;
8572 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
8573 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
8574 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8576 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
8577 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8578 chan.context.feerate_per_kw = 4894;
8579 chan.context.holder_dust_limit_satoshis = 4001;
8580 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8582 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
8583 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
8584 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8586 // commitment tx with two outputs untrimmed (maximum feerate)
8587 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8588 chan.context.feerate_per_kw = 9651180;
8589 chan.context.holder_dust_limit_satoshis = 546;
8590 chan.context.channel_type = cached_channel_type.clone();
8592 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
8593 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
8594 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8596 // commitment tx with one output untrimmed (minimum feerate)
8597 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8598 chan.context.feerate_per_kw = 9651181;
8600 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8601 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8602 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8604 // anchors: commitment tx with one output untrimmed (minimum dust limit)
8605 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8606 chan.context.feerate_per_kw = 6216010;
8607 chan.context.holder_dust_limit_satoshis = 4001;
8608 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8610 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
8611 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
8612 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8614 // commitment tx with fee greater than funder amount
8615 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8616 chan.context.feerate_per_kw = 9651936;
8617 chan.context.holder_dust_limit_satoshis = 546;
8618 chan.context.channel_type = cached_channel_type;
8620 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8621 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8622 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8624 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
8625 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
8626 chan.context.feerate_per_kw = 253;
8627 chan.context.pending_inbound_htlcs.clear();
8628 chan.context.pending_inbound_htlcs.push({
8629 let mut out = InboundHTLCOutput{
8631 amount_msat: 2000000,
8633 payment_hash: PaymentHash([0; 32]),
8634 state: InboundHTLCState::Committed,
8636 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8639 chan.context.pending_outbound_htlcs.clear();
8640 chan.context.pending_outbound_htlcs.push({
8641 let mut out = OutboundHTLCOutput{
8643 amount_msat: 5000001,
8645 payment_hash: PaymentHash([0; 32]),
8646 state: OutboundHTLCState::Committed,
8647 source: HTLCSource::dummy(),
8648 skimmed_fee_msat: None,
8650 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8653 chan.context.pending_outbound_htlcs.push({
8654 let mut out = OutboundHTLCOutput{
8656 amount_msat: 5000000,
8658 payment_hash: PaymentHash([0; 32]),
8659 state: OutboundHTLCState::Committed,
8660 source: HTLCSource::dummy(),
8661 skimmed_fee_msat: None,
8663 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8667 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
8668 "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
8669 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8672 "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
8673 "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
8674 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8676 "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
8677 "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
8678 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
8680 "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
8681 "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
8682 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
8685 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8686 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
8687 "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
8688 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8691 "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
8692 "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
8693 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8695 "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
8696 "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
8697 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
8699 "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
8700 "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
8701 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
8706 fn test_per_commitment_secret_gen() {
8707 // Test vectors from BOLT 3 Appendix D:
8709 let mut seed = [0; 32];
8710 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
8711 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8712 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
8714 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
8715 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8716 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
8718 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
8719 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
8721 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
8722 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
8724 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
8725 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
8726 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
8730 fn test_key_derivation() {
8731 // Test vectors from BOLT 3 Appendix E:
8732 let secp_ctx = Secp256k1::new();
8734 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
8735 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8737 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
8738 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
8740 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8741 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
8743 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8744 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
8746 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
8747 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
8749 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8750 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
8752 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
8753 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
8757 fn test_zero_conf_channel_type_support() {
8758 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8759 let secp_ctx = Secp256k1::new();
8760 let seed = [42; 32];
8761 let network = Network::Testnet;
8762 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8763 let logger = test_utils::TestLogger::new();
8765 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8766 let config = UserConfig::default();
8767 let node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider,
8768 node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8770 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8771 channel_type_features.set_zero_conf_required();
8773 let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
8774 open_channel_msg.channel_type = Some(channel_type_features);
8775 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8776 let res = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider,
8777 node_b_node_id, &channelmanager::provided_channel_type_features(&config),
8778 &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42);
8779 assert!(res.is_ok());
8783 fn test_supports_anchors_zero_htlc_tx_fee() {
8784 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
8785 // resulting `channel_type`.
8786 let secp_ctx = Secp256k1::new();
8787 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8788 let network = Network::Testnet;
8789 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8790 let logger = test_utils::TestLogger::new();
8792 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8793 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8795 let mut config = UserConfig::default();
8796 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
8798 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
8799 // need to signal it.
8800 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8801 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8802 &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
8805 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
8807 let mut expected_channel_type = ChannelTypeFeatures::empty();
8808 expected_channel_type.set_static_remote_key_required();
8809 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
8811 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8812 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8813 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8816 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8817 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8818 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8819 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
8820 &open_channel_msg, 7, &config, 0, &&logger, 42
8823 assert_eq!(channel_a.context.channel_type, expected_channel_type);
8824 assert_eq!(channel_b.context.channel_type, expected_channel_type);
8828 fn test_rejects_implicit_simple_anchors() {
8829 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
8830 // each side's `InitFeatures`, it is rejected.
8831 let secp_ctx = Secp256k1::new();
8832 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8833 let network = Network::Testnet;
8834 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8835 let logger = test_utils::TestLogger::new();
8837 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8838 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8840 let config = UserConfig::default();
8842 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
8843 let static_remote_key_required: u64 = 1 << 12;
8844 let simple_anchors_required: u64 = 1 << 20;
8845 let raw_init_features = static_remote_key_required | simple_anchors_required;
8846 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
8848 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8849 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8850 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8853 // Set `channel_type` to `None` to force the implicit feature negotiation.
8854 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8855 open_channel_msg.channel_type = None;
8857 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
8858 // `static_remote_key`, it will fail the channel.
8859 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8860 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8861 &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
8862 &open_channel_msg, 7, &config, 0, &&logger, 42
8864 assert!(channel_b.is_err());
8868 fn test_rejects_simple_anchors_channel_type() {
8869 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
8871 let secp_ctx = Secp256k1::new();
8872 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8873 let network = Network::Testnet;
8874 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8875 let logger = test_utils::TestLogger::new();
8877 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8878 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8880 let config = UserConfig::default();
8882 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
8883 let static_remote_key_required: u64 = 1 << 12;
8884 let simple_anchors_required: u64 = 1 << 20;
8885 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
8886 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
8887 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
8888 assert!(!simple_anchors_init.requires_unknown_bits());
8889 assert!(!simple_anchors_channel_type.requires_unknown_bits());
8891 // First, we'll try to open a channel between A and B where A requests a channel type for
8892 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
8893 // B as it's not supported by LDK.
8894 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8895 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8896 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8899 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8900 open_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
8902 let res = InboundV1Channel::<EnforcingSigner>::new(
8903 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8904 &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
8905 &open_channel_msg, 7, &config, 0, &&logger, 42
8907 assert!(res.is_err());
8909 // Then, we'll try to open another channel where A requests a channel type for
8910 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
8911 // original `option_anchors` feature, which should be rejected by A as it's not supported by
8913 let mut channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8914 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
8915 10000000, 100000, 42, &config, 0, 42
8918 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8920 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8921 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8922 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
8923 &open_channel_msg, 7, &config, 0, &&logger, 42
8926 let mut accept_channel_msg = channel_b.get_accept_channel_message();
8927 accept_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
8929 let res = channel_a.accept_channel(
8930 &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
8932 assert!(res.is_err());