1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::script::{Script,Builder};
11 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
12 use bitcoin::util::sighash;
13 use bitcoin::consensus::encode;
15 use bitcoin::hashes::Hash;
16 use bitcoin::hashes::sha256::Hash as Sha256;
17 use bitcoin::hashes::sha256d::Hash as Sha256d;
18 use bitcoin::hash_types::{Txid, BlockHash};
20 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
21 use bitcoin::secp256k1::{PublicKey,SecretKey};
22 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
23 use bitcoin::secp256k1;
25 use crate::ln::{PaymentPreimage, PaymentHash};
26 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
28 use crate::ln::msgs::DecodeError;
29 use crate::ln::script::{self, ShutdownScript};
30 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
31 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
32 use crate::ln::chan_utils;
33 use crate::ln::onion_utils::HTLCFailReason;
34 use crate::chain::BestBlock;
35 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
36 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
37 use crate::chain::transaction::{OutPoint, TransactionData};
38 use crate::sign::{WriteableEcdsaChannelSigner, EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
39 use crate::events::ClosureReason;
40 use crate::routing::gossip::NodeId;
41 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
42 use crate::util::logger::Logger;
43 use crate::util::errors::APIError;
44 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
45 use crate::util::scid_utils::scid_from_parts;
48 use crate::prelude::*;
49 use core::{cmp,mem,fmt};
51 #[cfg(any(test, fuzzing, debug_assertions))]
52 use crate::sync::Mutex;
53 use bitcoin::hashes::hex::ToHex;
56 pub struct ChannelValueStat {
57 pub value_to_self_msat: u64,
58 pub channel_value_msat: u64,
59 pub channel_reserve_msat: u64,
60 pub pending_outbound_htlcs_amount_msat: u64,
61 pub pending_inbound_htlcs_amount_msat: u64,
62 pub holding_cell_outbound_amount_msat: u64,
63 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
64 pub counterparty_dust_limit_msat: u64,
67 pub struct AvailableBalances {
68 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
69 pub balance_msat: u64,
70 /// Total amount available for our counterparty to send to us.
71 pub inbound_capacity_msat: u64,
72 /// Total amount available for us to send to our counterparty.
73 pub outbound_capacity_msat: u64,
74 /// The maximum value we can assign to the next outbound HTLC
75 pub next_outbound_htlc_limit_msat: u64,
76 /// The minimum value we can assign to the next outbound HTLC
77 pub next_outbound_htlc_minimum_msat: u64,
80 #[derive(Debug, Clone, Copy, PartialEq)]
82 // Inbound states mirroring InboundHTLCState
84 AwaitingRemoteRevokeToAnnounce,
85 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
86 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
87 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
88 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
89 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
91 // Outbound state can only be `LocalAnnounced` or `Committed`
95 enum InboundHTLCRemovalReason {
96 FailRelay(msgs::OnionErrorPacket),
97 FailMalformed(([u8; 32], u16)),
98 Fulfill(PaymentPreimage),
101 enum InboundHTLCState {
102 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
103 /// update_add_htlc message for this HTLC.
104 RemoteAnnounced(PendingHTLCStatus),
105 /// Included in a received commitment_signed message (implying we've
106 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
107 /// state (see the example below). We have not yet included this HTLC in a
108 /// commitment_signed message because we are waiting on the remote's
109 /// aforementioned state revocation. One reason this missing remote RAA
110 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
111 /// is because every time we create a new "state", i.e. every time we sign a
112 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
113 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
114 /// sent provided the per_commitment_point for our current commitment tx.
115 /// The other reason we should not send a commitment_signed without their RAA
116 /// is because their RAA serves to ACK our previous commitment_signed.
118 /// Here's an example of how an HTLC could come to be in this state:
119 /// remote --> update_add_htlc(prev_htlc) --> local
120 /// remote --> commitment_signed(prev_htlc) --> local
121 /// remote <-- revoke_and_ack <-- local
122 /// remote <-- commitment_signed(prev_htlc) <-- local
123 /// [note that here, the remote does not respond with a RAA]
124 /// remote --> update_add_htlc(this_htlc) --> local
125 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
126 /// Now `this_htlc` will be assigned this state. It's unable to be officially
127 /// accepted, i.e. included in a commitment_signed, because we're missing the
128 /// RAA that provides our next per_commitment_point. The per_commitment_point
129 /// is used to derive commitment keys, which are used to construct the
130 /// signatures in a commitment_signed message.
131 /// Implies AwaitingRemoteRevoke.
133 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
134 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
135 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
136 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
137 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
138 /// channel (before it can then get forwarded and/or removed).
139 /// Implies AwaitingRemoteRevoke.
140 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
142 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
143 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
145 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
146 /// commitment transaction without it as otherwise we'll have to force-close the channel to
147 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
148 /// anyway). That said, ChannelMonitor does this for us (see
149 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
150 /// our own local state before then, once we're sure that the next commitment_signed and
151 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
152 LocalRemoved(InboundHTLCRemovalReason),
155 struct InboundHTLCOutput {
159 payment_hash: PaymentHash,
160 state: InboundHTLCState,
163 enum OutboundHTLCState {
164 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
165 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
166 /// we will promote to Committed (note that they may not accept it until the next time we
167 /// revoke, but we don't really care about that:
168 /// * they've revoked, so worst case we can announce an old state and get our (option on)
169 /// money back (though we won't), and,
170 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
171 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
172 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
173 /// we'll never get out of sync).
174 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
175 /// OutboundHTLCOutput's size just for a temporary bit
176 LocalAnnounced(Box<msgs::OnionPacket>),
178 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
179 /// the change (though they'll need to revoke before we fail the payment).
180 RemoteRemoved(OutboundHTLCOutcome),
181 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
182 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
183 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
184 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
185 /// remote revoke_and_ack on a previous state before we can do so.
186 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
187 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
188 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
189 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
190 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
191 /// revoke_and_ack to drop completely.
192 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
196 enum OutboundHTLCOutcome {
197 /// LDK version 0.0.105+ will always fill in the preimage here.
198 Success(Option<PaymentPreimage>),
199 Failure(HTLCFailReason),
202 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
203 fn from(o: Option<HTLCFailReason>) -> Self {
205 None => OutboundHTLCOutcome::Success(None),
206 Some(r) => OutboundHTLCOutcome::Failure(r)
211 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
212 fn into(self) -> Option<&'a HTLCFailReason> {
214 OutboundHTLCOutcome::Success(_) => None,
215 OutboundHTLCOutcome::Failure(ref r) => Some(r)
220 struct OutboundHTLCOutput {
224 payment_hash: PaymentHash,
225 state: OutboundHTLCState,
227 skimmed_fee_msat: Option<u64>,
230 /// See AwaitingRemoteRevoke ChannelState for more info
231 enum HTLCUpdateAwaitingACK {
232 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
236 payment_hash: PaymentHash,
238 onion_routing_packet: msgs::OnionPacket,
239 // The extra fee we're skimming off the top of this HTLC.
240 skimmed_fee_msat: Option<u64>,
243 payment_preimage: PaymentPreimage,
248 err_packet: msgs::OnionErrorPacket,
252 /// There are a few "states" and then a number of flags which can be applied:
253 /// We first move through init with `OurInitSent` -> `TheirInitSent` -> `FundingCreated` -> `FundingSent`.
254 /// `TheirChannelReady` and `OurChannelReady` then get set on `FundingSent`, and when both are set we
255 /// move on to `ChannelReady`.
256 /// Note that `PeerDisconnected` can be set on both `ChannelReady` and `FundingSent`.
257 /// `ChannelReady` can then get all remaining flags set on it, until we finish shutdown, then we
258 /// move on to `ShutdownComplete`, at which point most calls into this channel are disallowed.
260 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
261 OurInitSent = 1 << 0,
262 /// Implies we have received their `open_channel`/`accept_channel` message
263 TheirInitSent = 1 << 1,
264 /// We have sent `funding_created` and are awaiting a `funding_signed` to advance to `FundingSent`.
265 /// Note that this is nonsense for an inbound channel as we immediately generate `funding_signed`
266 /// upon receipt of `funding_created`, so simply skip this state.
268 /// Set when we have received/sent `funding_created` and `funding_signed` and are thus now waiting
269 /// on the funding transaction to confirm. The `ChannelReady` flags are set to indicate when we
270 /// and our counterparty consider the funding transaction confirmed.
272 /// Flag which can be set on `FundingSent` to indicate they sent us a `channel_ready` message.
273 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
274 TheirChannelReady = 1 << 4,
275 /// Flag which can be set on `FundingSent` to indicate we sent them a `channel_ready` message.
276 /// Once both `TheirChannelReady` and `OurChannelReady` are set, state moves on to `ChannelReady`.
277 OurChannelReady = 1 << 5,
279 /// Flag which is set on `ChannelReady` and `FundingSent` indicating remote side is considered
280 /// "disconnected" and no updates are allowed until after we've done a `channel_reestablish`
282 PeerDisconnected = 1 << 7,
283 /// Flag which is set on `ChannelReady`, FundingCreated, and `FundingSent` indicating the user has
284 /// told us a `ChannelMonitor` update is pending async persistence somewhere and we should pause
285 /// sending any outbound messages until they've managed to finish.
286 MonitorUpdateInProgress = 1 << 8,
287 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
288 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
289 /// messages as then we will be unable to determine which HTLCs they included in their
290 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
292 /// Flag is set on `ChannelReady`.
293 AwaitingRemoteRevoke = 1 << 9,
294 /// Flag which is set on `ChannelReady` or `FundingSent` after receiving a shutdown message from
295 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
296 /// to respond with our own shutdown message when possible.
297 RemoteShutdownSent = 1 << 10,
298 /// Flag which is set on `ChannelReady` or `FundingSent` after sending a shutdown message. At this
299 /// point, we may not add any new HTLCs to the channel.
300 LocalShutdownSent = 1 << 11,
301 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
302 /// to drop us, but we store this anyway.
303 ShutdownComplete = 4096,
305 const BOTH_SIDES_SHUTDOWN_MASK: u32 = ChannelState::LocalShutdownSent as u32 | ChannelState::RemoteShutdownSent as u32;
306 const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32;
308 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
310 pub const DEFAULT_MAX_HTLCS: u16 = 50;
312 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
313 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
314 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
315 if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
319 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
321 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
323 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
325 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
326 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
327 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
328 /// `holder_max_htlc_value_in_flight_msat`.
329 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
331 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
332 /// `option_support_large_channel` (aka wumbo channels) is not supported.
334 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
336 /// Total bitcoin supply in satoshis.
337 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
339 /// The maximum network dust limit for standard script formats. This currently represents the
340 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
341 /// transaction non-standard and thus refuses to relay it.
342 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
343 /// implementations use this value for their dust limit today.
344 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
346 /// The maximum channel dust limit we will accept from our counterparty.
347 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
349 /// The dust limit is used for both the commitment transaction outputs as well as the closing
350 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
351 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
352 /// In order to avoid having to concern ourselves with standardness during the closing process, we
353 /// simply require our counterparty to use a dust limit which will leave any segwit output
355 /// See <https://github.com/lightning/bolts/issues/905> for more details.
356 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
358 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
359 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
361 /// Used to return a simple Error back to ChannelManager. Will get converted to a
362 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
363 /// channel_id in ChannelManager.
364 pub(super) enum ChannelError {
370 impl fmt::Debug for ChannelError {
371 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
373 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
374 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
375 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
380 impl fmt::Display for ChannelError {
381 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
383 &ChannelError::Ignore(ref e) => write!(f, "{}", e),
384 &ChannelError::Warn(ref e) => write!(f, "{}", e),
385 &ChannelError::Close(ref e) => write!(f, "{}", e),
390 macro_rules! secp_check {
391 ($res: expr, $err: expr) => {
394 Err(_) => return Err(ChannelError::Close($err)),
399 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
400 /// our counterparty or not. However, we don't want to announce updates right away to avoid
401 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
402 /// our channel_update message and track the current state here.
403 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
404 #[derive(Clone, Copy, PartialEq)]
405 pub(super) enum ChannelUpdateStatus {
406 /// We've announced the channel as enabled and are connected to our peer.
408 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
410 /// Our channel is live again, but we haven't announced the channel as enabled yet.
412 /// We've announced the channel as disabled.
416 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
418 pub enum AnnouncementSigsState {
419 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
420 /// we sent the last `AnnouncementSignatures`.
422 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
423 /// This state never appears on disk - instead we write `NotSent`.
425 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
426 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
427 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
428 /// they send back a `RevokeAndACK`.
429 /// This state never appears on disk - instead we write `NotSent`.
431 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
432 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
436 /// An enum indicating whether the local or remote side offered a given HTLC.
442 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
445 pending_htlcs_value_msat: u64,
446 on_counterparty_tx_dust_exposure_msat: u64,
447 on_holder_tx_dust_exposure_msat: u64,
448 holding_cell_msat: u64,
449 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
452 /// An enum gathering stats on commitment transaction, either local or remote.
453 struct CommitmentStats<'a> {
454 tx: CommitmentTransaction, // the transaction info
455 feerate_per_kw: u32, // the feerate included to build the transaction
456 total_fee_sat: u64, // the total fee included in the transaction
457 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
458 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
459 local_balance_msat: u64, // local balance before fees but considering dust limits
460 remote_balance_msat: u64, // remote balance before fees but considering dust limits
461 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
464 /// Used when calculating whether we or the remote can afford an additional HTLC.
465 struct HTLCCandidate {
467 origin: HTLCInitiator,
471 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
479 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
481 enum UpdateFulfillFetch {
483 monitor_update: ChannelMonitorUpdate,
484 htlc_value_msat: u64,
485 msg: Option<msgs::UpdateFulfillHTLC>,
490 /// The return type of get_update_fulfill_htlc_and_commit.
491 pub enum UpdateFulfillCommitFetch {
492 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
493 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
494 /// previously placed in the holding cell (and has since been removed).
496 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
497 monitor_update: ChannelMonitorUpdate,
498 /// The value of the HTLC which was claimed, in msat.
499 htlc_value_msat: u64,
501 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
502 /// or has been forgotten (presumably previously claimed).
506 /// The return value of `monitor_updating_restored`
507 pub(super) struct MonitorRestoreUpdates {
508 pub raa: Option<msgs::RevokeAndACK>,
509 pub commitment_update: Option<msgs::CommitmentUpdate>,
510 pub order: RAACommitmentOrder,
511 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
512 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
513 pub finalized_claimed_htlcs: Vec<HTLCSource>,
514 pub funding_broadcastable: Option<Transaction>,
515 pub channel_ready: Option<msgs::ChannelReady>,
516 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
519 /// The return value of `channel_reestablish`
520 pub(super) struct ReestablishResponses {
521 pub channel_ready: Option<msgs::ChannelReady>,
522 pub raa: Option<msgs::RevokeAndACK>,
523 pub commitment_update: Option<msgs::CommitmentUpdate>,
524 pub order: RAACommitmentOrder,
525 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
526 pub shutdown_msg: Option<msgs::Shutdown>,
529 /// The return type of `force_shutdown`
531 /// Contains a (counterparty_node_id, funding_txo, [`ChannelMonitorUpdate`]) tuple
532 /// followed by a list of HTLCs to fail back in the form of the (source, payment hash, and this
533 /// channel's counterparty_node_id and channel_id).
534 pub(crate) type ShutdownResult = (
535 Option<(PublicKey, OutPoint, ChannelMonitorUpdate)>,
536 Vec<(HTLCSource, PaymentHash, PublicKey, [u8; 32])>
539 /// If the majority of the channels funds are to the fundee and the initiator holds only just
540 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
541 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
542 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
543 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
544 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
545 /// by this multiple without hitting this case, before sending.
546 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
547 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
548 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
549 /// leave the channel less usable as we hold a bigger reserve.
550 #[cfg(any(fuzzing, test))]
551 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
552 #[cfg(not(any(fuzzing, test)))]
553 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
555 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
556 /// channel creation on an inbound channel, we simply force-close and move on.
557 /// This constant is the one suggested in BOLT 2.
558 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
560 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
561 /// not have enough balance value remaining to cover the onchain cost of this new
562 /// HTLC weight. If this happens, our counterparty fails the reception of our
563 /// commitment_signed including this new HTLC due to infringement on the channel
565 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
566 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
567 /// leads to a channel force-close. Ultimately, this is an issue coming from the
568 /// design of LN state machines, allowing asynchronous updates.
569 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
571 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
572 /// commitment transaction fees, with at least this many HTLCs present on the commitment
573 /// transaction (not counting the value of the HTLCs themselves).
574 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
576 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
577 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
578 /// ChannelUpdate prompted by the config update. This value was determined as follows:
580 /// * The expected interval between ticks (1 minute).
581 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
582 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
583 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
584 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
586 /// The number of ticks that may elapse while we're waiting for a response to a
587 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
590 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
591 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
593 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
594 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
595 /// exceeding this age limit will be force-closed and purged from memory.
596 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
598 struct PendingChannelMonitorUpdate {
599 update: ChannelMonitorUpdate,
602 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
603 (0, update, required),
606 /// Contains all state common to unfunded inbound/outbound channels.
607 pub(super) struct UnfundedChannelContext {
608 /// A counter tracking how many ticks have elapsed since this unfunded channel was
609 /// created. If this unfunded channel reaches peer has yet to respond after reaching
610 /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
612 /// This is so that we don't keep channels around that haven't progressed to a funded state
613 /// in a timely manner.
614 unfunded_channel_age_ticks: usize,
617 impl UnfundedChannelContext {
618 /// Determines whether we should force-close and purge this unfunded channel from memory due to it
619 /// having reached the unfunded channel age limit.
621 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
622 pub fn should_expire_unfunded_channel(&mut self) -> bool {
623 self.unfunded_channel_age_ticks += 1;
624 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
628 /// Contains everything about the channel including state, and various flags.
629 pub(super) struct ChannelContext<Signer: ChannelSigner> {
630 config: LegacyChannelConfig,
632 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
633 // constructed using it. The second element in the tuple corresponds to the number of ticks that
634 // have elapsed since the update occurred.
635 prev_config: Option<(ChannelConfig, usize)>,
637 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
641 channel_id: [u8; 32],
642 temporary_channel_id: Option<[u8; 32]>, // Will be `None` for channels created prior to 0.0.115.
645 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
646 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
648 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
649 // Note that a number of our tests were written prior to the behavior here which retransmits
650 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
652 #[cfg(any(test, feature = "_test_utils"))]
653 pub(crate) announcement_sigs_state: AnnouncementSigsState,
654 #[cfg(not(any(test, feature = "_test_utils")))]
655 announcement_sigs_state: AnnouncementSigsState,
657 secp_ctx: Secp256k1<secp256k1::All>,
658 channel_value_satoshis: u64,
660 latest_monitor_update_id: u64,
662 holder_signer: Signer,
663 shutdown_scriptpubkey: Option<ShutdownScript>,
664 destination_script: Script,
666 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
667 // generation start at 0 and count up...this simplifies some parts of implementation at the
668 // cost of others, but should really just be changed.
670 cur_holder_commitment_transaction_number: u64,
671 cur_counterparty_commitment_transaction_number: u64,
672 value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
673 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
674 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
675 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
677 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
678 /// need to ensure we resend them in the order we originally generated them. Note that because
679 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
680 /// sufficient to simply set this to the opposite of any message we are generating as we
681 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
682 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
684 resend_order: RAACommitmentOrder,
686 monitor_pending_channel_ready: bool,
687 monitor_pending_revoke_and_ack: bool,
688 monitor_pending_commitment_signed: bool,
690 // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
691 // responsible for some of the HTLCs here or not - we don't know whether the update in question
692 // completed or not. We currently ignore these fields entirely when force-closing a channel,
693 // but need to handle this somehow or we run the risk of losing HTLCs!
694 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
695 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
696 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
698 // pending_update_fee is filled when sending and receiving update_fee.
700 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
701 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
702 // generating new commitment transactions with exactly the same criteria as inbound/outbound
703 // HTLCs with similar state.
704 pending_update_fee: Option<(u32, FeeUpdateState)>,
705 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
706 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
707 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
708 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
709 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
710 holding_cell_update_fee: Option<u32>,
711 next_holder_htlc_id: u64,
712 next_counterparty_htlc_id: u64,
715 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
716 /// when the channel is updated in ways which may impact the `channel_update` message or when a
717 /// new block is received, ensuring it's always at least moderately close to the current real
719 update_time_counter: u32,
721 #[cfg(debug_assertions)]
722 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
723 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
724 #[cfg(debug_assertions)]
725 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
726 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
728 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
729 target_closing_feerate_sats_per_kw: Option<u32>,
731 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
732 /// update, we need to delay processing it until later. We do that here by simply storing the
733 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
734 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
736 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
737 /// transaction. These are set once we reach `closing_negotiation_ready`.
739 pub(crate) closing_fee_limits: Option<(u64, u64)>,
741 closing_fee_limits: Option<(u64, u64)>,
743 /// Flag that ensures that `accept_inbound_channel` must be called before `funding_created`
744 /// is executed successfully. The reason for this flag is that when the
745 /// `UserConfig::manually_accept_inbound_channels` config flag is set to true, inbound channels
746 /// are required to be manually accepted by the node operator before the `msgs::AcceptChannel`
747 /// message is created and sent out. During the manual accept process, `accept_inbound_channel`
748 /// is called by `ChannelManager::accept_inbound_channel`.
750 /// The flag counteracts that a counterparty node could theoretically send a
751 /// `msgs::FundingCreated` message before the node operator has manually accepted an inbound
752 /// channel request made by the counterparty node. That would execute `funding_created` before
753 /// `accept_inbound_channel`, and `funding_created` should therefore not execute successfully.
754 inbound_awaiting_accept: bool,
756 /// The hash of the block in which the funding transaction was included.
757 funding_tx_confirmed_in: Option<BlockHash>,
758 funding_tx_confirmation_height: u32,
759 short_channel_id: Option<u64>,
760 /// Either the height at which this channel was created or the height at which it was last
761 /// serialized if it was serialized by versions prior to 0.0.103.
762 /// We use this to close if funding is never broadcasted.
763 channel_creation_height: u32,
765 counterparty_dust_limit_satoshis: u64,
768 pub(super) holder_dust_limit_satoshis: u64,
770 holder_dust_limit_satoshis: u64,
773 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
775 counterparty_max_htlc_value_in_flight_msat: u64,
778 pub(super) holder_max_htlc_value_in_flight_msat: u64,
780 holder_max_htlc_value_in_flight_msat: u64,
782 /// minimum channel reserve for self to maintain - set by them.
783 counterparty_selected_channel_reserve_satoshis: Option<u64>,
786 pub(super) holder_selected_channel_reserve_satoshis: u64,
788 holder_selected_channel_reserve_satoshis: u64,
790 counterparty_htlc_minimum_msat: u64,
791 holder_htlc_minimum_msat: u64,
793 pub counterparty_max_accepted_htlcs: u16,
795 counterparty_max_accepted_htlcs: u16,
796 holder_max_accepted_htlcs: u16,
797 minimum_depth: Option<u32>,
799 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
801 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
802 funding_transaction: Option<Transaction>,
804 counterparty_cur_commitment_point: Option<PublicKey>,
805 counterparty_prev_commitment_point: Option<PublicKey>,
806 counterparty_node_id: PublicKey,
808 counterparty_shutdown_scriptpubkey: Option<Script>,
810 commitment_secrets: CounterpartyCommitmentSecrets,
812 channel_update_status: ChannelUpdateStatus,
813 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
814 /// not complete within a single timer tick (one minute), we should force-close the channel.
815 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
817 /// Note that this field is reset to false on deserialization to give us a chance to connect to
818 /// our peer and start the closing_signed negotiation fresh.
819 closing_signed_in_flight: bool,
821 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
822 /// This can be used to rebroadcast the channel_announcement message later.
823 announcement_sigs: Option<(Signature, Signature)>,
825 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
826 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
827 // be, by comparing the cached values to the fee of the tranaction generated by
828 // `build_commitment_transaction`.
829 #[cfg(any(test, fuzzing))]
830 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
831 #[cfg(any(test, fuzzing))]
832 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
834 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
835 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
836 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
837 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
838 /// message until we receive a channel_reestablish.
840 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
841 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
843 /// An option set when we wish to track how many ticks have elapsed while waiting for a response
844 /// from our counterparty after sending a message. If the peer has yet to respond after reaching
845 /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
846 /// unblock the state machine.
848 /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
849 /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
850 /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
852 /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
853 /// [`msgs::RevokeAndACK`] message from the counterparty.
854 sent_message_awaiting_response: Option<usize>,
856 #[cfg(any(test, fuzzing))]
857 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
858 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
859 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
860 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
861 // is fine, but as a sanity check in our failure to generate the second claim, we check here
862 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
863 historical_inbound_htlc_fulfills: HashSet<u64>,
865 /// This channel's type, as negotiated during channel open
866 channel_type: ChannelTypeFeatures,
868 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
869 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
870 // the channel's funding UTXO.
872 // We also use this when sending our peer a channel_update that isn't to be broadcasted
873 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
874 // associated channel mapping.
876 // We only bother storing the most recent SCID alias at any time, though our counterparty has
877 // to store all of them.
878 latest_inbound_scid_alias: Option<u64>,
880 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
881 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
882 // don't currently support node id aliases and eventually privacy should be provided with
883 // blinded paths instead of simple scid+node_id aliases.
884 outbound_scid_alias: u64,
886 // We track whether we already emitted a `ChannelPending` event.
887 channel_pending_event_emitted: bool,
889 // We track whether we already emitted a `ChannelReady` event.
890 channel_ready_event_emitted: bool,
892 /// The unique identifier used to re-derive the private key material for the channel through
893 /// [`SignerProvider::derive_channel_signer`].
894 channel_keys_id: [u8; 32],
896 /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
897 /// store it here and only release it to the `ChannelManager` once it asks for it.
898 blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
901 impl<Signer: ChannelSigner> ChannelContext<Signer> {
902 /// Allowed in any state (including after shutdown)
903 pub fn get_update_time_counter(&self) -> u32 {
904 self.update_time_counter
907 pub fn get_latest_monitor_update_id(&self) -> u64 {
908 self.latest_monitor_update_id
911 pub fn should_announce(&self) -> bool {
912 self.config.announced_channel
915 pub fn is_outbound(&self) -> bool {
916 self.channel_transaction_parameters.is_outbound_from_holder
919 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
920 /// Allowed in any state (including after shutdown)
921 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
922 self.config.options.forwarding_fee_base_msat
925 /// Returns true if we've ever received a message from the remote end for this Channel
926 pub fn have_received_message(&self) -> bool {
927 self.channel_state > (ChannelState::OurInitSent as u32)
930 /// Returns true if this channel is fully established and not known to be closing.
931 /// Allowed in any state (including after shutdown)
932 pub fn is_usable(&self) -> bool {
933 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
934 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
937 /// shutdown state returns the state of the channel in its various stages of shutdown
938 pub fn shutdown_state(&self) -> ChannelShutdownState {
939 if self.channel_state & (ChannelState::ShutdownComplete as u32) != 0 {
940 return ChannelShutdownState::ShutdownComplete;
942 if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 && self.channel_state & (ChannelState::RemoteShutdownSent as u32) == 0 {
943 return ChannelShutdownState::ShutdownInitiated;
945 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && !self.closing_negotiation_ready() {
946 return ChannelShutdownState::ResolvingHTLCs;
948 if (self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0) && self.closing_negotiation_ready() {
949 return ChannelShutdownState::NegotiatingClosingFee;
951 return ChannelShutdownState::NotShuttingDown;
954 fn closing_negotiation_ready(&self) -> bool {
955 self.pending_inbound_htlcs.is_empty() &&
956 self.pending_outbound_htlcs.is_empty() &&
957 self.pending_update_fee.is_none() &&
959 (BOTH_SIDES_SHUTDOWN_MASK |
960 ChannelState::AwaitingRemoteRevoke as u32 |
961 ChannelState::PeerDisconnected as u32 |
962 ChannelState::MonitorUpdateInProgress as u32) == BOTH_SIDES_SHUTDOWN_MASK
965 /// Returns true if this channel is currently available for use. This is a superset of
966 /// is_usable() and considers things like the channel being temporarily disabled.
967 /// Allowed in any state (including after shutdown)
968 pub fn is_live(&self) -> bool {
969 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
974 pub fn channel_id(&self) -> [u8; 32] {
978 // Return the `temporary_channel_id` used during channel establishment.
980 // Will return `None` for channels created prior to LDK version 0.0.115.
981 pub fn temporary_channel_id(&self) -> Option<[u8; 32]> {
982 self.temporary_channel_id
985 pub fn minimum_depth(&self) -> Option<u32> {
989 /// Gets the "user_id" value passed into the construction of this channel. It has no special
990 /// meaning and exists only to allow users to have a persistent identifier of a channel.
991 pub fn get_user_id(&self) -> u128 {
995 /// Gets the channel's type
996 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
1000 /// Gets the channel's `short_channel_id`.
1002 /// Will return `None` if the channel hasn't been confirmed yet.
1003 pub fn get_short_channel_id(&self) -> Option<u64> {
1004 self.short_channel_id
1007 /// Allowed in any state (including after shutdown)
1008 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
1009 self.latest_inbound_scid_alias
1012 /// Allowed in any state (including after shutdown)
1013 pub fn outbound_scid_alias(&self) -> u64 {
1014 self.outbound_scid_alias
1017 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
1018 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases.
1019 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
1020 assert_eq!(self.outbound_scid_alias, 0);
1021 self.outbound_scid_alias = outbound_scid_alias;
1024 /// Returns the funding_txo we either got from our peer, or were given by
1025 /// get_funding_created.
1026 pub fn get_funding_txo(&self) -> Option<OutPoint> {
1027 self.channel_transaction_parameters.funding_outpoint
1030 /// Returns the block hash in which our funding transaction was confirmed.
1031 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
1032 self.funding_tx_confirmed_in
1035 /// Returns the current number of confirmations on the funding transaction.
1036 pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
1037 if self.funding_tx_confirmation_height == 0 {
1038 // We either haven't seen any confirmation yet, or observed a reorg.
1042 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
1045 fn get_holder_selected_contest_delay(&self) -> u16 {
1046 self.channel_transaction_parameters.holder_selected_contest_delay
1049 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
1050 &self.channel_transaction_parameters.holder_pubkeys
1053 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
1054 self.channel_transaction_parameters.counterparty_parameters
1055 .as_ref().map(|params| params.selected_contest_delay)
1058 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
1059 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
1062 /// Allowed in any state (including after shutdown)
1063 pub fn get_counterparty_node_id(&self) -> PublicKey {
1064 self.counterparty_node_id
1067 /// Allowed in any state (including after shutdown)
1068 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
1069 self.holder_htlc_minimum_msat
1072 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1073 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
1074 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
1077 /// Allowed in any state (including after shutdown)
1078 pub fn get_announced_htlc_max_msat(&self) -> u64 {
1080 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
1081 // to use full capacity. This is an effort to reduce routing failures, because in many cases
1082 // channel might have been used to route very small values (either by honest users or as DoS).
1083 self.channel_value_satoshis * 1000 * 9 / 10,
1085 self.counterparty_max_htlc_value_in_flight_msat
1089 /// Allowed in any state (including after shutdown)
1090 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
1091 self.counterparty_htlc_minimum_msat
1094 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
1095 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
1096 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
1099 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
1100 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
1101 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
1103 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
1104 party_max_htlc_value_in_flight_msat
1109 pub fn get_value_satoshis(&self) -> u64 {
1110 self.channel_value_satoshis
1113 pub fn get_fee_proportional_millionths(&self) -> u32 {
1114 self.config.options.forwarding_fee_proportional_millionths
1117 pub fn get_cltv_expiry_delta(&self) -> u16 {
1118 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
1121 pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
1122 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
1123 where F::Target: FeeEstimator
1125 match self.config.options.max_dust_htlc_exposure {
1126 MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
1127 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
1128 ConfirmationTarget::HighPriority);
1129 feerate_per_kw as u64 * multiplier
1131 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
1135 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
1136 pub fn prev_config(&self) -> Option<ChannelConfig> {
1137 self.prev_config.map(|prev_config| prev_config.0)
1140 // Checks whether we should emit a `ChannelPending` event.
1141 pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
1142 self.is_funding_initiated() && !self.channel_pending_event_emitted
1145 // Returns whether we already emitted a `ChannelPending` event.
1146 pub(crate) fn channel_pending_event_emitted(&self) -> bool {
1147 self.channel_pending_event_emitted
1150 // Remembers that we already emitted a `ChannelPending` event.
1151 pub(crate) fn set_channel_pending_event_emitted(&mut self) {
1152 self.channel_pending_event_emitted = true;
1155 // Checks whether we should emit a `ChannelReady` event.
1156 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
1157 self.is_usable() && !self.channel_ready_event_emitted
1160 // Remembers that we already emitted a `ChannelReady` event.
1161 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
1162 self.channel_ready_event_emitted = true;
1165 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
1166 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
1167 /// no longer be considered when forwarding HTLCs.
1168 pub fn maybe_expire_prev_config(&mut self) {
1169 if self.prev_config.is_none() {
1172 let prev_config = self.prev_config.as_mut().unwrap();
1174 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
1175 self.prev_config = None;
1179 /// Returns the current [`ChannelConfig`] applied to the channel.
1180 pub fn config(&self) -> ChannelConfig {
1184 /// Updates the channel's config. A bool is returned indicating whether the config update
1185 /// applied resulted in a new ChannelUpdate message.
1186 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
1187 let did_channel_update =
1188 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
1189 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
1190 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
1191 if did_channel_update {
1192 self.prev_config = Some((self.config.options, 0));
1193 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
1194 // policy change to propagate throughout the network.
1195 self.update_time_counter += 1;
1197 self.config.options = *config;
1201 /// Returns true if funding_created was sent/received.
1202 pub fn is_funding_initiated(&self) -> bool {
1203 self.channel_state >= ChannelState::FundingSent as u32
1206 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1207 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1208 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1209 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1210 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1212 /// @local is used only to convert relevant internal structures which refer to remote vs local
1213 /// to decide value of outputs and direction of HTLCs.
1214 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1215 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1216 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1217 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1218 /// which peer generated this transaction and "to whom" this transaction flows.
1220 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1221 where L::Target: Logger
1223 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1224 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1225 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1227 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1228 let mut remote_htlc_total_msat = 0;
1229 let mut local_htlc_total_msat = 0;
1230 let mut value_to_self_msat_offset = 0;
1232 let mut feerate_per_kw = self.feerate_per_kw;
1233 if let Some((feerate, update_state)) = self.pending_update_fee {
1234 if match update_state {
1235 // Note that these match the inclusion criteria when scanning
1236 // pending_inbound_htlcs below.
1237 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1238 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1239 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1241 feerate_per_kw = feerate;
1245 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1246 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1247 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1248 log_bytes!(self.channel_id), if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1250 macro_rules! get_htlc_in_commitment {
1251 ($htlc: expr, $offered: expr) => {
1252 HTLCOutputInCommitment {
1254 amount_msat: $htlc.amount_msat,
1255 cltv_expiry: $htlc.cltv_expiry,
1256 payment_hash: $htlc.payment_hash,
1257 transaction_output_index: None
1262 macro_rules! add_htlc_output {
1263 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1264 if $outbound == local { // "offered HTLC output"
1265 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1266 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1269 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
1271 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1272 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1273 included_non_dust_htlcs.push((htlc_in_tx, $source));
1275 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1276 included_dust_htlcs.push((htlc_in_tx, $source));
1279 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1280 let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1283 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
1285 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1286 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1287 included_non_dust_htlcs.push((htlc_in_tx, $source));
1289 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1290 included_dust_htlcs.push((htlc_in_tx, $source));
1296 for ref htlc in self.pending_inbound_htlcs.iter() {
1297 let (include, state_name) = match htlc.state {
1298 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1299 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1300 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1301 InboundHTLCState::Committed => (true, "Committed"),
1302 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1306 add_htlc_output!(htlc, false, None, state_name);
1307 remote_htlc_total_msat += htlc.amount_msat;
1309 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1311 &InboundHTLCState::LocalRemoved(ref reason) => {
1312 if generated_by_local {
1313 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1314 value_to_self_msat_offset += htlc.amount_msat as i64;
1323 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1325 for ref htlc in self.pending_outbound_htlcs.iter() {
1326 let (include, state_name) = match htlc.state {
1327 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1328 OutboundHTLCState::Committed => (true, "Committed"),
1329 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1330 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1331 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1334 let preimage_opt = match htlc.state {
1335 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1336 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1337 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1341 if let Some(preimage) = preimage_opt {
1342 preimages.push(preimage);
1346 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1347 local_htlc_total_msat += htlc.amount_msat;
1349 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1351 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1352 value_to_self_msat_offset -= htlc.amount_msat as i64;
1354 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1355 if !generated_by_local {
1356 value_to_self_msat_offset -= htlc.amount_msat as i64;
1364 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1365 assert!(value_to_self_msat >= 0);
1366 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1367 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1368 // "violate" their reserve value by couting those against it. Thus, we have to convert
1369 // everything to i64 before subtracting as otherwise we can overflow.
1370 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1371 assert!(value_to_remote_msat >= 0);
1373 #[cfg(debug_assertions)]
1375 // Make sure that the to_self/to_remote is always either past the appropriate
1376 // channel_reserve *or* it is making progress towards it.
1377 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1378 self.holder_max_commitment_tx_output.lock().unwrap()
1380 self.counterparty_max_commitment_tx_output.lock().unwrap()
1382 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1383 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1384 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1385 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1388 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
1389 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1390 let (value_to_self, value_to_remote) = if self.is_outbound() {
1391 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1393 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1396 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1397 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1398 let (funding_pubkey_a, funding_pubkey_b) = if local {
1399 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1401 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1404 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1405 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1410 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1411 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1416 let num_nondust_htlcs = included_non_dust_htlcs.len();
1418 let channel_parameters =
1419 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1420 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1421 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1428 &mut included_non_dust_htlcs,
1431 let mut htlcs_included = included_non_dust_htlcs;
1432 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1433 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1434 htlcs_included.append(&mut included_dust_htlcs);
1436 // For the stats, trimmed-to-0 the value in msats accordingly
1437 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1438 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1446 local_balance_msat: value_to_self_msat as u64,
1447 remote_balance_msat: value_to_remote_msat as u64,
1453 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1454 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1455 /// our counterparty!)
1456 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1457 /// TODO Some magic rust shit to compile-time check this?
1458 fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
1459 let per_commitment_point = self.holder_signer.get_per_commitment_point(commitment_number, &self.secp_ctx);
1460 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1461 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1462 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1464 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
1468 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1469 /// will sign and send to our counterparty.
1470 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
1471 fn build_remote_transaction_keys(&self) -> TxCreationKeys {
1472 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1473 //may see payments to it!
1474 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1475 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1476 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1478 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
1481 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1482 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1483 /// Panics if called before accept_channel/InboundV1Channel::new
1484 pub fn get_funding_redeemscript(&self) -> Script {
1485 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1488 fn counterparty_funding_pubkey(&self) -> &PublicKey {
1489 &self.get_counterparty_pubkeys().funding_pubkey
1492 pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
1496 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
1497 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
1498 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
1499 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
1500 // more dust balance if the feerate increases when we have several HTLCs pending
1501 // which are near the dust limit.
1502 let mut feerate_per_kw = self.feerate_per_kw;
1503 // If there's a pending update fee, use it to ensure we aren't under-estimating
1504 // potential feerate updates coming soon.
1505 if let Some((feerate, _)) = self.pending_update_fee {
1506 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1508 if let Some(feerate) = outbound_feerate_update {
1509 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
1511 cmp::max(2530, feerate_per_kw * 1250 / 1000)
1514 /// Get forwarding information for the counterparty.
1515 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
1516 self.counterparty_forwarding_info.clone()
1519 /// Returns a HTLCStats about inbound pending htlcs
1520 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1522 let mut stats = HTLCStats {
1523 pending_htlcs: context.pending_inbound_htlcs.len() as u32,
1524 pending_htlcs_value_msat: 0,
1525 on_counterparty_tx_dust_exposure_msat: 0,
1526 on_holder_tx_dust_exposure_msat: 0,
1527 holding_cell_msat: 0,
1528 on_holder_tx_holding_cell_htlcs_count: 0,
1531 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1534 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1535 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1536 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1538 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1539 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1540 for ref htlc in context.pending_inbound_htlcs.iter() {
1541 stats.pending_htlcs_value_msat += htlc.amount_msat;
1542 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
1543 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1545 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
1546 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1552 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
1553 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
1555 let mut stats = HTLCStats {
1556 pending_htlcs: context.pending_outbound_htlcs.len() as u32,
1557 pending_htlcs_value_msat: 0,
1558 on_counterparty_tx_dust_exposure_msat: 0,
1559 on_holder_tx_dust_exposure_msat: 0,
1560 holding_cell_msat: 0,
1561 on_holder_tx_holding_cell_htlcs_count: 0,
1564 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1567 let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
1568 (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
1569 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
1571 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1572 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1573 for ref htlc in context.pending_outbound_htlcs.iter() {
1574 stats.pending_htlcs_value_msat += htlc.amount_msat;
1575 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
1576 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
1578 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
1579 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
1583 for update in context.holding_cell_htlc_updates.iter() {
1584 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
1585 stats.pending_htlcs += 1;
1586 stats.pending_htlcs_value_msat += amount_msat;
1587 stats.holding_cell_msat += amount_msat;
1588 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
1589 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
1591 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
1592 stats.on_holder_tx_dust_exposure_msat += amount_msat;
1594 stats.on_holder_tx_holding_cell_htlcs_count += 1;
1601 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
1602 /// Doesn't bother handling the
1603 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
1604 /// corner case properly.
1605 pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
1606 -> AvailableBalances
1607 where F::Target: FeeEstimator
1609 let context = &self;
1610 // Note that we have to handle overflow due to the above case.
1611 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
1612 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
1614 let mut balance_msat = context.value_to_self_msat;
1615 for ref htlc in context.pending_inbound_htlcs.iter() {
1616 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
1617 balance_msat += htlc.amount_msat;
1620 balance_msat -= outbound_stats.pending_htlcs_value_msat;
1622 let outbound_capacity_msat = context.value_to_self_msat
1623 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
1625 context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
1627 let mut available_capacity_msat = outbound_capacity_msat;
1629 if context.is_outbound() {
1630 // We should mind channel commit tx fee when computing how much of the available capacity
1631 // can be used in the next htlc. Mirrors the logic in send_htlc.
1633 // The fee depends on whether the amount we will be sending is above dust or not,
1634 // and the answer will in turn change the amount itself — making it a circular
1636 // This complicates the computation around dust-values, up to the one-htlc-value.
1637 let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
1638 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1639 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
1642 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
1643 let max_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
1644 let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
1645 let min_reserved_commit_tx_fee_msat = FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
1647 // We will first subtract the fee as if we were above-dust. Then, if the resulting
1648 // value ends up being below dust, we have this fee available again. In that case,
1649 // match the value to right-below-dust.
1650 let mut capacity_minus_commitment_fee_msat: i64 = (available_capacity_msat as i64) - (max_reserved_commit_tx_fee_msat as i64);
1651 if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
1652 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
1653 debug_assert!(one_htlc_difference_msat != 0);
1654 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
1655 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
1656 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
1658 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
1661 // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
1662 // sending a new HTLC won't reduce their balance below our reserve threshold.
1663 let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
1664 if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1665 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
1668 let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
1669 let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
1671 let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
1672 let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
1673 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
1675 if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat {
1676 // If another HTLC's fee would reduce the remote's balance below the reserve limit
1677 // we've selected for them, we can only send dust HTLCs.
1678 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
1682 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
1684 // If we get close to our maximum dust exposure, we end up in a situation where we can send
1685 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
1686 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
1687 // send above the dust limit (as the router can always overpay to meet the dust limit).
1688 let mut remaining_msat_below_dust_exposure_limit = None;
1689 let mut dust_exposure_dust_limit_msat = 0;
1690 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
1692 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1693 (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
1695 let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
1696 (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1697 context.holder_dust_limit_satoshis + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1699 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
1700 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1701 remaining_msat_below_dust_exposure_limit =
1702 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
1703 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
1706 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
1707 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat as i64 {
1708 remaining_msat_below_dust_exposure_limit = Some(cmp::min(
1709 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
1710 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
1711 dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
1714 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
1715 if available_capacity_msat < dust_exposure_dust_limit_msat {
1716 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
1718 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
1722 available_capacity_msat = cmp::min(available_capacity_msat,
1723 context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
1725 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
1726 available_capacity_msat = 0;
1730 inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
1731 - context.value_to_self_msat as i64
1732 - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
1733 - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
1735 outbound_capacity_msat,
1736 next_outbound_htlc_limit_msat: available_capacity_msat,
1737 next_outbound_htlc_minimum_msat,
1742 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
1743 let context = &self;
1744 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
1747 /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
1748 /// number of pending HTLCs that are on track to be in our next commitment tx.
1750 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1751 /// `fee_spike_buffer_htlc` is `Some`.
1753 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1754 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1756 /// Dust HTLCs are excluded.
1757 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1758 let context = &self;
1759 assert!(context.is_outbound());
1761 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1764 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1765 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1767 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
1768 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
1770 let mut addl_htlcs = 0;
1771 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1773 HTLCInitiator::LocalOffered => {
1774 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1778 HTLCInitiator::RemoteOffered => {
1779 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1785 let mut included_htlcs = 0;
1786 for ref htlc in context.pending_inbound_htlcs.iter() {
1787 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
1790 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
1791 // transaction including this HTLC if it times out before they RAA.
1792 included_htlcs += 1;
1795 for ref htlc in context.pending_outbound_htlcs.iter() {
1796 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
1800 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
1801 OutboundHTLCState::Committed => included_htlcs += 1,
1802 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1803 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
1804 // transaction won't be generated until they send us their next RAA, which will mean
1805 // dropping any HTLCs in this state.
1810 for htlc in context.holding_cell_htlc_updates.iter() {
1812 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
1813 if amount_msat / 1000 < real_dust_limit_timeout_sat {
1818 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
1819 // ack we're guaranteed to never include them in commitment txs anymore.
1823 let num_htlcs = included_htlcs + addl_htlcs;
1824 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1825 #[cfg(any(test, fuzzing))]
1828 if fee_spike_buffer_htlc.is_some() {
1829 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1831 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
1832 + context.holding_cell_htlc_updates.len();
1833 let commitment_tx_info = CommitmentTxInfoCached {
1835 total_pending_htlcs,
1836 next_holder_htlc_id: match htlc.origin {
1837 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1838 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1840 next_counterparty_htlc_id: match htlc.origin {
1841 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1842 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1844 feerate: context.feerate_per_kw,
1846 *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1851 /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
1852 /// pending HTLCs that are on track to be in their next commitment tx
1854 /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
1855 /// `fee_spike_buffer_htlc` is `Some`.
1857 /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
1858 /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
1860 /// Dust HTLCs are excluded.
1861 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
1862 let context = &self;
1863 assert!(!context.is_outbound());
1865 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
1868 (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
1869 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
1871 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
1872 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
1874 let mut addl_htlcs = 0;
1875 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
1877 HTLCInitiator::LocalOffered => {
1878 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
1882 HTLCInitiator::RemoteOffered => {
1883 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
1889 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
1890 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
1891 // committed outbound HTLCs, see below.
1892 let mut included_htlcs = 0;
1893 for ref htlc in context.pending_inbound_htlcs.iter() {
1894 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
1897 included_htlcs += 1;
1900 for ref htlc in context.pending_outbound_htlcs.iter() {
1901 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
1904 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
1905 // i.e. if they've responded to us with an RAA after announcement.
1907 OutboundHTLCState::Committed => included_htlcs += 1,
1908 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
1909 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
1914 let num_htlcs = included_htlcs + addl_htlcs;
1915 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
1916 #[cfg(any(test, fuzzing))]
1919 if fee_spike_buffer_htlc.is_some() {
1920 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
1922 let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
1923 let commitment_tx_info = CommitmentTxInfoCached {
1925 total_pending_htlcs,
1926 next_holder_htlc_id: match htlc.origin {
1927 HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
1928 HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
1930 next_counterparty_htlc_id: match htlc.origin {
1931 HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
1932 HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
1934 feerate: context.feerate_per_kw,
1936 *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
1941 /// Returns transaction if there is pending funding transaction that is yet to broadcast
1942 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
1943 if self.channel_state & (ChannelState::FundingCreated as u32) != 0 {
1944 self.funding_transaction.clone()
1950 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
1951 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
1952 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
1953 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
1954 /// immediately (others we will have to allow to time out).
1955 pub fn force_shutdown(&mut self, should_broadcast: bool) -> ShutdownResult {
1956 // Note that we MUST only generate a monitor update that indicates force-closure - we're
1957 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
1958 // being fully configured in some cases. Thus, its likely any monitor events we generate will
1959 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
1960 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
1962 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
1963 // return them to fail the payment.
1964 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
1965 let counterparty_node_id = self.get_counterparty_node_id();
1966 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
1968 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
1969 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
1974 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
1975 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
1976 // returning a channel monitor update here would imply a channel monitor update before
1977 // we even registered the channel monitor to begin with, which is invalid.
1978 // Thus, if we aren't actually at a point where we could conceivably broadcast the
1979 // funding transaction, don't return a funding txo (which prevents providing the
1980 // monitor update to the user, even if we return one).
1981 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
1982 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
1983 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
1984 Some((self.get_counterparty_node_id(), funding_txo, ChannelMonitorUpdate {
1985 update_id: self.latest_monitor_update_id,
1986 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
1991 self.channel_state = ChannelState::ShutdownComplete as u32;
1992 self.update_time_counter += 1;
1993 (monitor_update, dropped_outbound_htlcs)
1997 // Internal utility functions for channels
1999 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
2000 /// `channel_value_satoshis` in msat, set through
2001 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
2003 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
2005 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
2006 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
2007 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
2009 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
2012 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
2014 channel_value_satoshis * 10 * configured_percent
2017 /// Returns a minimum channel reserve value the remote needs to maintain,
2018 /// required by us according to the configured or default
2019 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
2021 /// Guaranteed to return a value no larger than channel_value_satoshis
2023 /// This is used both for outbound and inbound channels and has lower bound
2024 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
2025 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
2026 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
2027 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
2030 /// This is for legacy reasons, present for forward-compatibility.
2031 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
2032 /// from storage. Hence, we use this function to not persist default values of
2033 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
2034 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
2035 let (q, _) = channel_value_satoshis.overflowing_div(100);
2036 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
2039 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2040 // Note that num_htlcs should not include dust HTLCs.
2042 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2043 feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2046 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2047 // Note that num_htlcs should not include dust HTLCs.
2048 fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
2049 // Note that we need to divide before multiplying to round properly,
2050 // since the lowest denomination of bitcoin on-chain is the satoshi.
2051 (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2054 // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
2055 // has been completed, and then turn into a Channel to get compiler-time enforcement of things like
2056 // calling channel_id() before we're set up or things like get_funding_signed on an
2059 // Holder designates channel data owned for the benefit of the user client.
2060 // Counterparty designates channel data owned by the another channel participant entity.
2061 pub(super) struct Channel<Signer: ChannelSigner> {
2062 pub context: ChannelContext<Signer>,
2065 #[cfg(any(test, fuzzing))]
2066 struct CommitmentTxInfoCached {
2068 total_pending_htlcs: usize,
2069 next_holder_htlc_id: u64,
2070 next_counterparty_htlc_id: u64,
2074 impl<Signer: WriteableEcdsaChannelSigner> Channel<Signer> {
2075 fn check_remote_fee<F: Deref, L: Deref>(
2076 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
2077 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
2078 ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
2080 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
2081 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
2082 // We generally don't care too much if they set the feerate to something very high, but it
2083 // could result in the channel being useless due to everything being dust. This doesn't
2084 // apply to channels supporting anchor outputs since HTLC transactions are pre-signed with a
2085 // zero fee, so their fee is no longer considered to determine dust limits.
2086 if !channel_type.supports_anchors_zero_fee_htlc_tx() {
2087 let upper_limit = cmp::max(250 * 25,
2088 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
2089 if feerate_per_kw as u64 > upper_limit {
2090 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
2094 // We can afford to use a lower bound with anchors than previously since we can now bump
2095 // fees when broadcasting our commitment. However, we must still make sure we meet the
2096 // minimum mempool feerate, until package relay is deployed, such that we can ensure the
2097 // commitment transaction propagates throughout node mempools on its own.
2098 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
2099 ConfirmationTarget::MempoolMinimum
2101 ConfirmationTarget::Background
2103 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
2104 // Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
2105 // occasional issues with feerate disagreements between an initiator that wants a feerate
2106 // of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
2107 // sat/kw before the comparison here.
2108 if feerate_per_kw + 250 < lower_limit {
2109 if let Some(cur_feerate) = cur_feerate_per_kw {
2110 if feerate_per_kw > cur_feerate {
2112 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
2113 cur_feerate, feerate_per_kw);
2117 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {} (- 250)", feerate_per_kw, lower_limit)));
2123 fn get_closing_scriptpubkey(&self) -> Script {
2124 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
2125 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
2126 // outside of those situations will fail.
2127 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
2131 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
2136 1 + // script length (0)
2140 )*4 + // * 4 for non-witness parts
2141 2 + // witness marker and flag
2142 1 + // witness element count
2143 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
2144 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
2145 2*(1 + 71); // two signatures + sighash type flags
2146 if let Some(spk) = a_scriptpubkey {
2147 ret += ((8+1) + // output values and script length
2148 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2150 if let Some(spk) = b_scriptpubkey {
2151 ret += ((8+1) + // output values and script length
2152 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
2158 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
2159 assert!(self.context.pending_inbound_htlcs.is_empty());
2160 assert!(self.context.pending_outbound_htlcs.is_empty());
2161 assert!(self.context.pending_update_fee.is_none());
2163 let mut total_fee_satoshis = proposed_total_fee_satoshis;
2164 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
2165 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
2167 if value_to_holder < 0 {
2168 assert!(self.context.is_outbound());
2169 total_fee_satoshis += (-value_to_holder) as u64;
2170 } else if value_to_counterparty < 0 {
2171 assert!(!self.context.is_outbound());
2172 total_fee_satoshis += (-value_to_counterparty) as u64;
2175 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
2176 value_to_counterparty = 0;
2179 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
2180 value_to_holder = 0;
2183 assert!(self.context.shutdown_scriptpubkey.is_some());
2184 let holder_shutdown_script = self.get_closing_scriptpubkey();
2185 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
2186 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
2188 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
2189 (closing_transaction, total_fee_satoshis)
2192 fn funding_outpoint(&self) -> OutPoint {
2193 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
2196 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
2199 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
2200 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
2202 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
2204 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
2205 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
2206 where L::Target: Logger {
2207 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
2208 // (see equivalent if condition there).
2209 assert!(self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
2210 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
2211 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
2212 self.context.latest_monitor_update_id = mon_update_id;
2213 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
2214 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
2218 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
2219 // Either ChannelReady got set (which means it won't be unset) or there is no way any
2220 // caller thought we could have something claimed (cause we wouldn't have accepted in an
2221 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
2223 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2224 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
2226 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2228 let payment_hash_calc = PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner());
2230 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2231 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2232 // these, but for now we just have to treat them as normal.
2234 let mut pending_idx = core::usize::MAX;
2235 let mut htlc_value_msat = 0;
2236 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2237 if htlc.htlc_id == htlc_id_arg {
2238 assert_eq!(htlc.payment_hash, payment_hash_calc);
2240 InboundHTLCState::Committed => {},
2241 InboundHTLCState::LocalRemoved(ref reason) => {
2242 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2244 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id()));
2245 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2247 return UpdateFulfillFetch::DuplicateClaim {};
2250 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2251 // Don't return in release mode here so that we can update channel_monitor
2255 htlc_value_msat = htlc.amount_msat;
2259 if pending_idx == core::usize::MAX {
2260 #[cfg(any(test, fuzzing))]
2261 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
2262 // this is simply a duplicate claim, not previously failed and we lost funds.
2263 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2264 return UpdateFulfillFetch::DuplicateClaim {};
2267 // Now update local state:
2269 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
2270 // can claim it even if the channel hits the chain before we see their next commitment.
2271 self.context.latest_monitor_update_id += 1;
2272 let monitor_update = ChannelMonitorUpdate {
2273 update_id: self.context.latest_monitor_update_id,
2274 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
2275 payment_preimage: payment_preimage_arg.clone(),
2279 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2280 // Note that this condition is the same as the assertion in
2281 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
2282 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
2283 // do not not get into this branch.
2284 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2285 match pending_update {
2286 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2287 if htlc_id_arg == htlc_id {
2288 // Make sure we don't leave latest_monitor_update_id incremented here:
2289 self.context.latest_monitor_update_id -= 1;
2290 #[cfg(any(test, fuzzing))]
2291 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2292 return UpdateFulfillFetch::DuplicateClaim {};
2295 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2296 if htlc_id_arg == htlc_id {
2297 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", log_bytes!(self.context.channel_id()));
2298 // TODO: We may actually be able to switch to a fulfill here, though its
2299 // rare enough it may not be worth the complexity burden.
2300 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
2301 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2307 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", log_bytes!(self.context.channel_id()), self.context.channel_state);
2308 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
2309 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
2311 #[cfg(any(test, fuzzing))]
2312 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2313 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2315 #[cfg(any(test, fuzzing))]
2316 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
2319 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2320 if let InboundHTLCState::Committed = htlc.state {
2322 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2323 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
2325 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
2326 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
2329 UpdateFulfillFetch::NewClaim {
2332 msg: Some(msgs::UpdateFulfillHTLC {
2333 channel_id: self.context.channel_id(),
2334 htlc_id: htlc_id_arg,
2335 payment_preimage: payment_preimage_arg,
2340 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
2341 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
2342 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
2343 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
2344 // Even if we aren't supposed to let new monitor updates with commitment state
2345 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
2346 // matter what. Sadly, to push a new monitor update which flies before others
2347 // already queued, we have to insert it into the pending queue and update the
2348 // update_ids of all the following monitors.
2349 if release_cs_monitor && msg.is_some() {
2350 let mut additional_update = self.build_commitment_no_status_check(logger);
2351 // build_commitment_no_status_check may bump latest_monitor_id but we want them
2352 // to be strictly increasing by one, so decrement it here.
2353 self.context.latest_monitor_update_id = monitor_update.update_id;
2354 monitor_update.updates.append(&mut additional_update.updates);
2356 let new_mon_id = self.context.blocked_monitor_updates.get(0)
2357 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
2358 monitor_update.update_id = new_mon_id;
2359 for held_update in self.context.blocked_monitor_updates.iter_mut() {
2360 held_update.update.update_id += 1;
2363 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
2364 let update = self.build_commitment_no_status_check(logger);
2365 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
2371 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
2372 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
2374 UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
2378 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2379 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2380 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2381 /// before we fail backwards.
2383 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2384 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2385 /// [`ChannelError::Ignore`].
2386 pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
2387 -> Result<(), ChannelError> where L::Target: Logger {
2388 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
2389 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
2392 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
2393 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
2394 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
2395 /// before we fail backwards.
2397 /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
2398 /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
2399 /// [`ChannelError::Ignore`].
2400 fn fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, mut force_holding_cell: bool, logger: &L)
2401 -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
2402 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2403 panic!("Was asked to fail an HTLC when channel was not in an operational state");
2405 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
2407 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
2408 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
2409 // these, but for now we just have to treat them as normal.
2411 let mut pending_idx = core::usize::MAX;
2412 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
2413 if htlc.htlc_id == htlc_id_arg {
2415 InboundHTLCState::Committed => {},
2416 InboundHTLCState::LocalRemoved(ref reason) => {
2417 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
2419 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2424 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
2425 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
2431 if pending_idx == core::usize::MAX {
2432 #[cfg(any(test, fuzzing))]
2433 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
2434 // is simply a duplicate fail, not previously failed and we failed-back too early.
2435 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2439 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
2440 debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
2441 force_holding_cell = true;
2444 // Now update local state:
2445 if force_holding_cell {
2446 for pending_update in self.context.holding_cell_htlc_updates.iter() {
2447 match pending_update {
2448 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2449 if htlc_id_arg == htlc_id {
2450 #[cfg(any(test, fuzzing))]
2451 debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
2455 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2456 if htlc_id_arg == htlc_id {
2457 debug_assert!(false, "Tried to fail an HTLC that was already failed");
2458 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
2464 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, log_bytes!(self.context.channel_id()));
2465 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2466 htlc_id: htlc_id_arg,
2472 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, log_bytes!(self.context.channel_id()));
2474 let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
2475 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2478 Ok(Some(msgs::UpdateFailHTLC {
2479 channel_id: self.context.channel_id(),
2480 htlc_id: htlc_id_arg,
2485 // Message handlers:
2487 /// Handles a funding_signed message from the remote end.
2488 /// If this call is successful, broadcast the funding transaction (and not before!)
2489 pub fn funding_signed<SP: Deref, L: Deref>(
2490 &mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
2491 ) -> Result<ChannelMonitor<Signer>, ChannelError>
2493 SP::Target: SignerProvider<Signer = Signer>,
2496 if !self.context.is_outbound() {
2497 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2499 if self.context.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2500 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2502 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2503 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2504 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2505 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2508 let funding_script = self.context.get_funding_redeemscript();
2510 let counterparty_keys = self.context.build_remote_transaction_keys();
2511 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2512 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2513 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2515 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2516 log_bytes!(self.context.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2518 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2519 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2521 let trusted_tx = initial_commitment_tx.trust();
2522 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2523 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2524 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2525 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
2526 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2530 let holder_commitment_tx = HolderCommitmentTransaction::new(
2531 initial_commitment_tx,
2534 &self.context.get_holder_pubkeys().funding_pubkey,
2535 self.context.counterparty_funding_pubkey()
2538 self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2539 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2542 let funding_redeemscript = self.context.get_funding_redeemscript();
2543 let funding_txo = self.context.get_funding_txo().unwrap();
2544 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2545 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
2546 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2547 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
2548 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
2549 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
2550 shutdown_script, self.context.get_holder_selected_contest_delay(),
2551 &self.context.destination_script, (funding_txo, funding_txo_script),
2552 &self.context.channel_transaction_parameters,
2553 funding_redeemscript.clone(), self.context.channel_value_satoshis,
2555 holder_commitment_tx, best_block, self.context.counterparty_node_id);
2557 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_bitcoin_tx.txid, Vec::new(), self.context.cur_counterparty_commitment_transaction_number, self.context.counterparty_cur_commitment_point.unwrap(), logger);
2559 assert_eq!(self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2560 self.context.channel_state = ChannelState::FundingSent as u32;
2561 self.context.cur_holder_commitment_transaction_number -= 1;
2562 self.context.cur_counterparty_commitment_transaction_number -= 1;
2564 log_info!(logger, "Received funding_signed from peer for channel {}", log_bytes!(self.context.channel_id()));
2566 let need_channel_ready = self.check_get_channel_ready(0).is_some();
2567 self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
2571 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2572 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2574 pub fn channel_ready<NS: Deref, L: Deref>(
2575 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, genesis_block_hash: BlockHash,
2576 user_config: &UserConfig, best_block: &BestBlock, logger: &L
2577 ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
2579 NS::Target: NodeSigner,
2582 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2583 self.context.workaround_lnd_bug_4006 = Some(msg.clone());
2584 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2587 if let Some(scid_alias) = msg.short_channel_id_alias {
2588 if Some(scid_alias) != self.context.short_channel_id {
2589 // The scid alias provided can be used to route payments *from* our counterparty,
2590 // i.e. can be used for inbound payments and provided in invoices, but is not used
2591 // when routing outbound payments.
2592 self.context.latest_inbound_scid_alias = Some(scid_alias);
2596 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
2598 if non_shutdown_state == ChannelState::FundingSent as u32 {
2599 self.context.channel_state |= ChannelState::TheirChannelReady as u32;
2600 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2601 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
2602 self.context.update_time_counter += 1;
2603 } else if self.context.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2604 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2605 (self.context.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2606 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2608 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2609 // required, or they're sending a fresh SCID alias.
2610 let expected_point =
2611 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2612 // If they haven't ever sent an updated point, the point they send should match
2614 self.context.counterparty_cur_commitment_point
2615 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
2616 // If we've advanced the commitment number once, the second commitment point is
2617 // at `counterparty_prev_commitment_point`, which is not yet revoked.
2618 debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
2619 self.context.counterparty_prev_commitment_point
2621 // If they have sent updated points, channel_ready is always supposed to match
2622 // their "first" point, which we re-derive here.
2623 Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
2624 &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2625 ).expect("We already advanced, so previous secret keys should have been validated already")))
2627 if expected_point != Some(msg.next_per_commitment_point) {
2628 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2632 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2635 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
2636 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2638 log_info!(logger, "Received channel_ready from peer for channel {}", log_bytes!(self.context.channel_id()));
2640 Ok(self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger))
2643 pub fn update_add_htlc<F, FE: Deref, L: Deref>(
2644 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
2645 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
2646 ) -> Result<(), ChannelError>
2647 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
2648 FE::Target: FeeEstimator, L::Target: Logger,
2650 // We can't accept HTLCs sent after we've sent a shutdown.
2651 let local_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2652 if local_sent_shutdown {
2653 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2655 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2656 let remote_sent_shutdown = (self.context.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2657 if remote_sent_shutdown {
2658 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2660 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2661 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2663 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
2664 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2666 if msg.amount_msat == 0 {
2667 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2669 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
2670 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
2673 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
2674 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
2675 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
2676 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
2678 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
2679 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
2681 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2682 // the reserve_satoshis we told them to always have as direct payment so that they lose
2683 // something if we punish them for broadcasting an old state).
2684 // Note that we don't really care about having a small/no to_remote output in our local
2685 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2686 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2687 // present in the next commitment transaction we send them (at least for fulfilled ones,
2688 // failed ones won't modify value_to_self).
2689 // Note that we will send HTLCs which another instance of rust-lightning would think
2690 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2691 // Channel state once they will not be present in the next received commitment
2693 let mut removed_outbound_total_msat = 0;
2694 for ref htlc in self.context.pending_outbound_htlcs.iter() {
2695 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2696 removed_outbound_total_msat += htlc.amount_msat;
2697 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2698 removed_outbound_total_msat += htlc.amount_msat;
2702 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
2703 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2706 let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
2707 (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
2708 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
2710 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
2711 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2712 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2713 if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2714 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2715 on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2716 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2720 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
2721 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2722 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2723 if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
2724 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2725 on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
2726 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2730 let pending_value_to_self_msat =
2731 self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2732 let pending_remote_value_msat =
2733 self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2734 if pending_remote_value_msat < msg.amount_msat {
2735 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2738 // Check that the remote can afford to pay for this HTLC on-chain at the current
2739 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2740 let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
2741 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2742 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2744 if pending_remote_value_msat - msg.amount_msat < remote_commit_tx_fee_msat {
2745 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2748 if pending_remote_value_msat - msg.amount_msat - remote_commit_tx_fee_msat < self.context.holder_selected_channel_reserve_satoshis * 1000 {
2749 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2752 if !self.context.is_outbound() {
2753 // `2 *` and `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2754 // the spec because in the spec, the fee spike buffer requirement doesn't exist on the
2755 // receiver's side, only on the sender's.
2756 // Note that when we eventually remove support for fee updates and switch to anchor output
2757 // fees, we will drop the `2 *`, since we no longer be as sensitive to fee spikes. But, keep
2758 // the extra htlc when calculating the next remote commitment transaction fee as we should
2759 // still be able to afford adding this HTLC plus one more future HTLC, regardless of being
2760 // sensitive to fee spikes.
2761 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2762 let remote_fee_cost_incl_stuck_buffer_msat = 2 * self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2763 if pending_remote_value_msat - msg.amount_msat - self.context.holder_selected_channel_reserve_satoshis * 1000 < remote_fee_cost_incl_stuck_buffer_msat {
2764 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2765 // the HTLC, i.e. its status is already set to failing.
2766 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", log_bytes!(self.context.channel_id()));
2767 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2770 // Check that they won't violate our local required channel reserve by adding this HTLC.
2771 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2772 let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
2773 if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat {
2774 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2777 if self.context.next_counterparty_htlc_id != msg.htlc_id {
2778 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
2780 if msg.cltv_expiry >= 500000000 {
2781 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2784 if self.context.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2785 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2786 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2790 // Now update local state:
2791 self.context.next_counterparty_htlc_id += 1;
2792 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
2793 htlc_id: msg.htlc_id,
2794 amount_msat: msg.amount_msat,
2795 payment_hash: msg.payment_hash,
2796 cltv_expiry: msg.cltv_expiry,
2797 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2802 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2804 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2805 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2806 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
2807 if htlc.htlc_id == htlc_id {
2808 let outcome = match check_preimage {
2809 None => fail_reason.into(),
2810 Some(payment_preimage) => {
2811 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2812 if payment_hash != htlc.payment_hash {
2813 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2815 OutboundHTLCOutcome::Success(Some(payment_preimage))
2819 OutboundHTLCState::LocalAnnounced(_) =>
2820 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2821 OutboundHTLCState::Committed => {
2822 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2824 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2825 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2830 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2833 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2834 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2835 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2837 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2838 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2841 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2844 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2845 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2846 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2848 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2849 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2852 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2856 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2857 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2858 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2860 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2861 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2864 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2868 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
2869 where L::Target: Logger
2871 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2872 return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
2874 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2875 return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
2877 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
2878 return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
2881 let funding_script = self.context.get_funding_redeemscript();
2883 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
2885 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
2886 let commitment_txid = {
2887 let trusted_tx = commitment_stats.tx.trust();
2888 let bitcoin_tx = trusted_tx.built_transaction();
2889 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
2891 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
2892 log_bytes!(msg.signature.serialize_compact()[..]),
2893 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
2894 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.context.channel_id()));
2895 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
2896 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
2900 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
2902 // If our counterparty updated the channel fee in this commitment transaction, check that
2903 // they can actually afford the new fee now.
2904 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
2905 update_state == FeeUpdateState::RemoteAnnounced
2908 debug_assert!(!self.context.is_outbound());
2909 let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
2910 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
2911 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
2914 #[cfg(any(test, fuzzing))]
2916 if self.context.is_outbound() {
2917 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
2918 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
2919 if let Some(info) = projected_commit_tx_info {
2920 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
2921 + self.context.holding_cell_htlc_updates.len();
2922 if info.total_pending_htlcs == total_pending_htlcs
2923 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
2924 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
2925 && info.feerate == self.context.feerate_per_kw {
2926 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
2932 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
2933 return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
2936 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
2937 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
2938 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
2939 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
2940 // backwards compatibility, we never use it in production. To provide test coverage, here,
2941 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
2942 #[allow(unused_assignments, unused_mut)]
2943 let mut separate_nondust_htlc_sources = false;
2944 #[cfg(all(feature = "std", any(test, fuzzing)))] {
2945 use core::hash::{BuildHasher, Hasher};
2946 // Get a random value using the only std API to do so - the DefaultHasher
2947 let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
2948 separate_nondust_htlc_sources = rand_val % 2 == 0;
2951 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
2952 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
2953 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
2954 if let Some(_) = htlc.transaction_output_index {
2955 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
2956 self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
2957 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
2959 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
2960 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
2961 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
2962 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
2963 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
2964 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.context.channel_id()));
2965 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
2966 return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
2968 if !separate_nondust_htlc_sources {
2969 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
2972 htlcs_and_sigs.push((htlc, None, source_opt.take()));
2974 if separate_nondust_htlc_sources {
2975 if let Some(source) = source_opt.take() {
2976 nondust_htlc_sources.push(source);
2979 debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
2982 let holder_commitment_tx = HolderCommitmentTransaction::new(
2983 commitment_stats.tx,
2985 msg.htlc_signatures.clone(),
2986 &self.context.get_holder_pubkeys().funding_pubkey,
2987 self.context.counterparty_funding_pubkey()
2990 self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
2991 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2993 // Update state now that we've passed all the can-fail calls...
2994 let mut need_commitment = false;
2995 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
2996 if *update_state == FeeUpdateState::RemoteAnnounced {
2997 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
2998 need_commitment = true;
3002 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
3003 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3004 Some(forward_info.clone())
3006 if let Some(forward_info) = new_forward {
3007 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3008 log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
3009 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3010 need_commitment = true;
3013 let mut claimed_htlcs = Vec::new();
3014 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3015 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3016 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3017 log_bytes!(htlc.payment_hash.0), log_bytes!(self.context.channel_id));
3018 // Grab the preimage, if it exists, instead of cloning
3019 let mut reason = OutboundHTLCOutcome::Success(None);
3020 mem::swap(outcome, &mut reason);
3021 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
3022 // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
3023 // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
3024 // have a `Success(None)` reason. In this case we could forget some HTLC
3025 // claims, but such an upgrade is unlikely and including claimed HTLCs here
3026 // fixes a bug which the user was exposed to on 0.0.104 when they started the
3028 claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
3030 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3031 need_commitment = true;
3035 self.context.latest_monitor_update_id += 1;
3036 let mut monitor_update = ChannelMonitorUpdate {
3037 update_id: self.context.latest_monitor_update_id,
3038 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3039 commitment_tx: holder_commitment_tx,
3040 htlc_outputs: htlcs_and_sigs,
3042 nondust_htlc_sources,
3046 self.context.cur_holder_commitment_transaction_number -= 1;
3047 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3048 // build_commitment_no_status_check() next which will reset this to RAAFirst.
3049 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
3051 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3052 // In case we initially failed monitor updating without requiring a response, we need
3053 // to make sure the RAA gets sent first.
3054 self.context.monitor_pending_revoke_and_ack = true;
3055 if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3056 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3057 // the corresponding HTLC status updates so that get_last_commitment_update
3058 // includes the right HTLCs.
3059 self.context.monitor_pending_commitment_signed = true;
3060 let mut additional_update = self.build_commitment_no_status_check(logger);
3061 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3062 // strictly increasing by one, so decrement it here.
3063 self.context.latest_monitor_update_id = monitor_update.update_id;
3064 monitor_update.updates.append(&mut additional_update.updates);
3066 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3067 log_bytes!(self.context.channel_id));
3068 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3071 let need_commitment_signed = if need_commitment && (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3072 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3073 // we'll send one right away when we get the revoke_and_ack when we
3074 // free_holding_cell_htlcs().
3075 let mut additional_update = self.build_commitment_no_status_check(logger);
3076 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3077 // strictly increasing by one, so decrement it here.
3078 self.context.latest_monitor_update_id = monitor_update.update_id;
3079 monitor_update.updates.append(&mut additional_update.updates);
3083 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3084 log_bytes!(self.context.channel_id()), if need_commitment_signed { " our own commitment_signed and" } else { "" });
3085 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
3086 return Ok(self.push_ret_blockable_mon_update(monitor_update));
3089 /// Public version of the below, checking relevant preconditions first.
3090 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3091 /// returns `(None, Vec::new())`.
3092 pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
3093 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3094 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3095 where F::Target: FeeEstimator, L::Target: Logger
3097 if self.context.channel_state >= ChannelState::ChannelReady as u32 &&
3098 (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3099 self.free_holding_cell_htlcs(fee_estimator, logger)
3100 } else { (None, Vec::new()) }
3103 /// Frees any pending commitment updates in the holding cell, generating the relevant messages
3104 /// for our counterparty.
3105 fn free_holding_cell_htlcs<F: Deref, L: Deref>(
3106 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3107 ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
3108 where F::Target: FeeEstimator, L::Target: Logger
3110 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3111 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
3112 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
3113 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, log_bytes!(self.context.channel_id()));
3115 let mut monitor_update = ChannelMonitorUpdate {
3116 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
3117 updates: Vec::new(),
3120 let mut htlc_updates = Vec::new();
3121 mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
3122 let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
3123 let mut update_fulfill_htlcs = Vec::with_capacity(htlc_updates.len());
3124 let mut update_fail_htlcs = Vec::with_capacity(htlc_updates.len());
3125 let mut htlcs_to_fail = Vec::new();
3126 for htlc_update in htlc_updates.drain(..) {
3127 // Note that this *can* fail, though it should be due to rather-rare conditions on
3128 // fee races with adding too many outputs which push our total payments just over
3129 // the limit. In case it's less rare than I anticipate, we may want to revisit
3130 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3131 // to rebalance channels.
3132 match &htlc_update {
3133 &HTLCUpdateAwaitingACK::AddHTLC {
3134 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
3135 skimmed_fee_msat, ..
3137 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(),
3138 onion_routing_packet.clone(), false, skimmed_fee_msat, fee_estimator, logger)
3140 Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()),
3143 ChannelError::Ignore(ref msg) => {
3144 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}",
3145 log_bytes!(payment_hash.0), msg, log_bytes!(self.context.channel_id()));
3146 // If we fail to send here, then this HTLC should
3147 // be failed backwards. Failing to send here
3148 // indicates that this HTLC may keep being put back
3149 // into the holding cell without ever being
3150 // successfully forwarded/failed/fulfilled, causing
3151 // our counterparty to eventually close on us.
3152 htlcs_to_fail.push((source.clone(), *payment_hash));
3155 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3161 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3162 // If an HTLC claim was previously added to the holding cell (via
3163 // `get_update_fulfill_htlc`, then generating the claim message itself must
3164 // not fail - any in between attempts to claim the HTLC will have resulted
3165 // in it hitting the holding cell again and we cannot change the state of a
3166 // holding cell HTLC from fulfill to anything else.
3167 let (update_fulfill_msg_option, mut additional_monitor_update) =
3168 if let UpdateFulfillFetch::NewClaim { msg, monitor_update, .. } = self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger) {
3169 (msg, monitor_update)
3170 } else { unreachable!() };
3171 update_fulfill_htlcs.push(update_fulfill_msg_option.unwrap());
3172 monitor_update.updates.append(&mut additional_monitor_update.updates);
3174 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3175 match self.fail_htlc(htlc_id, err_packet.clone(), false, logger) {
3176 Ok(update_fail_msg_option) => {
3177 // If an HTLC failure was previously added to the holding cell (via
3178 // `queue_fail_htlc`) then generating the fail message itself must
3179 // not fail - we should never end up in a state where we double-fail
3180 // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
3181 // for a full revocation before failing.
3182 update_fail_htlcs.push(update_fail_msg_option.unwrap())
3185 if let ChannelError::Ignore(_) = e {}
3187 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3194 if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.context.holding_cell_update_fee.is_none() {
3195 return (None, htlcs_to_fail);
3197 let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
3198 self.send_update_fee(feerate, false, fee_estimator, logger)
3203 let mut additional_update = self.build_commitment_no_status_check(logger);
3204 // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3205 // but we want them to be strictly increasing by one, so reset it here.
3206 self.context.latest_monitor_update_id = monitor_update.update_id;
3207 monitor_update.updates.append(&mut additional_update.updates);
3209 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3210 log_bytes!(self.context.channel_id()), if update_fee.is_some() { "a fee update, " } else { "" },
3211 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len());
3213 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
3214 (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
3220 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3221 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3222 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3223 /// generating an appropriate error *after* the channel state has been updated based on the
3224 /// revoke_and_ack message.
3225 pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
3226 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3227 ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
3228 where F::Target: FeeEstimator, L::Target: Logger,
3230 if (self.context.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3231 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3233 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3234 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3236 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.context.last_sent_closing_fee.is_some() {
3237 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3240 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3242 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
3243 if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
3244 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3248 if self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3249 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3250 // haven't given them a new commitment transaction to broadcast). We should probably
3251 // take advantage of this by updating our channel monitor, sending them an error, and
3252 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3253 // lot of work, and there's some chance this is all a misunderstanding anyway.
3254 // We have to do *something*, though, since our signer may get mad at us for otherwise
3255 // jumping a remote commitment number, so best to just force-close and move on.
3256 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3259 #[cfg(any(test, fuzzing))]
3261 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3262 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3265 self.context.holder_signer.validate_counterparty_revocation(
3266 self.context.cur_counterparty_commitment_transaction_number + 1,
3268 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3270 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3271 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3272 self.context.latest_monitor_update_id += 1;
3273 let mut monitor_update = ChannelMonitorUpdate {
3274 update_id: self.context.latest_monitor_update_id,
3275 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3276 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
3277 secret: msg.per_commitment_secret,
3281 // Update state now that we've passed all the can-fail calls...
3282 // (note that we may still fail to generate the new commitment_signed message, but that's
3283 // OK, we step the channel here and *then* if the new generation fails we can fail the
3284 // channel based on that, but stepping stuff here should be safe either way.
3285 self.context.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3286 self.context.sent_message_awaiting_response = None;
3287 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
3288 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3289 self.context.cur_counterparty_commitment_transaction_number -= 1;
3291 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3292 self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3295 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", log_bytes!(self.context.channel_id()));
3296 let mut to_forward_infos = Vec::new();
3297 let mut revoked_htlcs = Vec::new();
3298 let mut finalized_claimed_htlcs = Vec::new();
3299 let mut update_fail_htlcs = Vec::new();
3300 let mut update_fail_malformed_htlcs = Vec::new();
3301 let mut require_commitment = false;
3302 let mut value_to_self_msat_diff: i64 = 0;
3305 // Take references explicitly so that we can hold multiple references to self.context.
3306 let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
3307 let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
3309 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3310 pending_inbound_htlcs.retain(|htlc| {
3311 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3312 log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0));
3313 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3314 value_to_self_msat_diff += htlc.amount_msat as i64;
3319 pending_outbound_htlcs.retain(|htlc| {
3320 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3321 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
3322 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3323 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3325 finalized_claimed_htlcs.push(htlc.source.clone());
3326 // They fulfilled, so we sent them money
3327 value_to_self_msat_diff -= htlc.amount_msat as i64;
3332 for htlc in pending_inbound_htlcs.iter_mut() {
3333 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3335 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3339 let mut state = InboundHTLCState::Committed;
3340 mem::swap(&mut state, &mut htlc.state);
3342 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3343 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3344 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3345 require_commitment = true;
3346 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3347 match forward_info {
3348 PendingHTLCStatus::Fail(fail_msg) => {
3349 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", log_bytes!(htlc.payment_hash.0));
3350 require_commitment = true;
3352 HTLCFailureMsg::Relay(msg) => {
3353 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3354 update_fail_htlcs.push(msg)
3356 HTLCFailureMsg::Malformed(msg) => {
3357 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3358 update_fail_malformed_htlcs.push(msg)
3362 PendingHTLCStatus::Forward(forward_info) => {
3363 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0));
3364 to_forward_infos.push((forward_info, htlc.htlc_id));
3365 htlc.state = InboundHTLCState::Committed;
3371 for htlc in pending_outbound_htlcs.iter_mut() {
3372 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3373 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
3374 htlc.state = OutboundHTLCState::Committed;
3376 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3377 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3378 // Grab the preimage, if it exists, instead of cloning
3379 let mut reason = OutboundHTLCOutcome::Success(None);
3380 mem::swap(outcome, &mut reason);
3381 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3382 require_commitment = true;
3386 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3388 if let Some((feerate, update_state)) = self.context.pending_update_fee {
3389 match update_state {
3390 FeeUpdateState::Outbound => {
3391 debug_assert!(self.context.is_outbound());
3392 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3393 self.context.feerate_per_kw = feerate;
3394 self.context.pending_update_fee = None;
3396 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
3397 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3398 debug_assert!(!self.context.is_outbound());
3399 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3400 require_commitment = true;
3401 self.context.feerate_per_kw = feerate;
3402 self.context.pending_update_fee = None;
3407 if (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3408 // We can't actually generate a new commitment transaction (incl by freeing holding
3409 // cells) while we can't update the monitor, so we just return what we have.
3410 if require_commitment {
3411 self.context.monitor_pending_commitment_signed = true;
3412 // When the monitor updating is restored we'll call get_last_commitment_update(),
3413 // which does not update state, but we're definitely now awaiting a remote revoke
3414 // before we can step forward any more, so set it here.
3415 let mut additional_update = self.build_commitment_no_status_check(logger);
3416 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3417 // strictly increasing by one, so decrement it here.
3418 self.context.latest_monitor_update_id = monitor_update.update_id;
3419 monitor_update.updates.append(&mut additional_update.updates);
3421 self.context.monitor_pending_forwards.append(&mut to_forward_infos);
3422 self.context.monitor_pending_failures.append(&mut revoked_htlcs);
3423 self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3424 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", log_bytes!(self.context.channel_id()));
3425 return Ok((Vec::new(), self.push_ret_blockable_mon_update(monitor_update)));
3428 match self.free_holding_cell_htlcs(fee_estimator, logger) {
3429 (Some(mut additional_update), htlcs_to_fail) => {
3430 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3431 // strictly increasing by one, so decrement it here.
3432 self.context.latest_monitor_update_id = monitor_update.update_id;
3433 monitor_update.updates.append(&mut additional_update.updates);
3435 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3436 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3438 (None, htlcs_to_fail) => {
3439 if require_commitment {
3440 let mut additional_update = self.build_commitment_no_status_check(logger);
3442 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
3443 // strictly increasing by one, so decrement it here.
3444 self.context.latest_monitor_update_id = monitor_update.update_id;
3445 monitor_update.updates.append(&mut additional_update.updates);
3447 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed.",
3448 log_bytes!(self.context.channel_id()), update_fail_htlcs.len() + update_fail_malformed_htlcs.len());
3449 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3450 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3452 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary.", log_bytes!(self.context.channel_id()));
3453 self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
3454 Ok((htlcs_to_fail, self.push_ret_blockable_mon_update(monitor_update)))
3460 /// Queues up an outbound update fee by placing it in the holding cell. You should call
3461 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
3462 /// commitment update.
3463 pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
3464 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
3465 where F::Target: FeeEstimator, L::Target: Logger
3467 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
3468 assert!(msg_opt.is_none(), "We forced holding cell?");
3471 /// Adds a pending update to this channel. See the doc for send_htlc for
3472 /// further details on the optionness of the return value.
3473 /// If our balance is too low to cover the cost of the next commitment transaction at the
3474 /// new feerate, the update is cancelled.
3476 /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
3477 /// [`Channel`] if `force_holding_cell` is false.
3478 fn send_update_fee<F: Deref, L: Deref>(
3479 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
3480 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
3481 ) -> Option<msgs::UpdateFee>
3482 where F::Target: FeeEstimator, L::Target: Logger
3484 if !self.context.is_outbound() {
3485 panic!("Cannot send fee from inbound channel");
3487 if !self.context.is_usable() {
3488 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3490 if !self.context.is_live() {
3491 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3494 // Before proposing a feerate update, check that we can actually afford the new fee.
3495 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3496 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3497 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
3498 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3499 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
3500 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3501 if holder_balance_msat < buffer_fee_msat + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3502 //TODO: auto-close after a number of failures?
3503 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3507 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3508 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3509 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3510 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3511 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3512 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3515 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3516 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3520 if (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3521 force_holding_cell = true;
3524 if force_holding_cell {
3525 self.context.holding_cell_update_fee = Some(feerate_per_kw);
3529 debug_assert!(self.context.pending_update_fee.is_none());
3530 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3532 Some(msgs::UpdateFee {
3533 channel_id: self.context.channel_id,
3538 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3539 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3541 /// No further message handling calls may be made until a channel_reestablish dance has
3543 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) where L::Target: Logger {
3544 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
3545 if self.context.channel_state < ChannelState::FundingSent as u32 {
3546 self.context.channel_state = ChannelState::ShutdownComplete as u32;
3550 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3551 // While the below code should be idempotent, it's simpler to just return early, as
3552 // redundant disconnect events can fire, though they should be rare.
3556 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
3557 self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
3560 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3561 // will be retransmitted.
3562 self.context.last_sent_closing_fee = None;
3563 self.context.pending_counterparty_closing_signed = None;
3564 self.context.closing_fee_limits = None;
3566 let mut inbound_drop_count = 0;
3567 self.context.pending_inbound_htlcs.retain(|htlc| {
3569 InboundHTLCState::RemoteAnnounced(_) => {
3570 // They sent us an update_add_htlc but we never got the commitment_signed.
3571 // We'll tell them what commitment_signed we're expecting next and they'll drop
3572 // this HTLC accordingly
3573 inbound_drop_count += 1;
3576 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3577 // We received a commitment_signed updating this HTLC and (at least hopefully)
3578 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3579 // in response to it yet, so don't touch it.
3582 InboundHTLCState::Committed => true,
3583 InboundHTLCState::LocalRemoved(_) => {
3584 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3585 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3586 // (that we missed). Keep this around for now and if they tell us they missed
3587 // the commitment_signed we can re-transmit the update then.
3592 self.context.next_counterparty_htlc_id -= inbound_drop_count;
3594 if let Some((_, update_state)) = self.context.pending_update_fee {
3595 if update_state == FeeUpdateState::RemoteAnnounced {
3596 debug_assert!(!self.context.is_outbound());
3597 self.context.pending_update_fee = None;
3601 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
3602 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3603 // They sent us an update to remove this but haven't yet sent the corresponding
3604 // commitment_signed, we need to move it back to Committed and they can re-send
3605 // the update upon reconnection.
3606 htlc.state = OutboundHTLCState::Committed;
3610 self.context.sent_message_awaiting_response = None;
3612 self.context.channel_state |= ChannelState::PeerDisconnected as u32;
3613 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, log_bytes!(self.context.channel_id()));
3616 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3617 /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
3618 /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
3619 /// update completes (potentially immediately).
3620 /// The messages which were generated with the monitor update must *not* have been sent to the
3621 /// remote end, and must instead have been dropped. They will be regenerated when
3622 /// [`Self::monitor_updating_restored`] is called.
3624 /// [`ChannelManager`]: super::channelmanager::ChannelManager
3625 /// [`chain::Watch`]: crate::chain::Watch
3626 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3627 fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3628 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3629 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3630 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3632 self.context.monitor_pending_revoke_and_ack |= resend_raa;
3633 self.context.monitor_pending_commitment_signed |= resend_commitment;
3634 self.context.monitor_pending_channel_ready |= resend_channel_ready;
3635 self.context.monitor_pending_forwards.append(&mut pending_forwards);
3636 self.context.monitor_pending_failures.append(&mut pending_fails);
3637 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3638 self.context.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3641 /// Indicates that the latest ChannelMonitor update has been committed by the client
3642 /// successfully and we should restore normal operation. Returns messages which should be sent
3643 /// to the remote side.
3644 pub fn monitor_updating_restored<L: Deref, NS: Deref>(
3645 &mut self, logger: &L, node_signer: &NS, genesis_block_hash: BlockHash,
3646 user_config: &UserConfig, best_block_height: u32
3647 ) -> MonitorRestoreUpdates
3650 NS::Target: NodeSigner
3652 assert_eq!(self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3653 self.context.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3655 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3656 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3657 // first received the funding_signed.
3658 let mut funding_broadcastable =
3659 if self.context.is_outbound() && self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 {
3660 self.context.funding_transaction.take()
3662 // That said, if the funding transaction is already confirmed (ie we're active with a
3663 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3664 if self.context.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.context.minimum_depth != Some(0) {
3665 funding_broadcastable = None;
3668 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3669 // (and we assume the user never directly broadcasts the funding transaction and waits for
3670 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3671 // * an inbound channel that failed to persist the monitor on funding_created and we got
3672 // the funding transaction confirmed before the monitor was persisted, or
3673 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3674 let channel_ready = if self.context.monitor_pending_channel_ready {
3675 assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
3676 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3677 self.context.monitor_pending_channel_ready = false;
3678 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3679 Some(msgs::ChannelReady {
3680 channel_id: self.context.channel_id(),
3681 next_per_commitment_point,
3682 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3686 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block_height, logger);
3688 let mut accepted_htlcs = Vec::new();
3689 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
3690 let mut failed_htlcs = Vec::new();
3691 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
3692 let mut finalized_claimed_htlcs = Vec::new();
3693 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
3695 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3696 self.context.monitor_pending_revoke_and_ack = false;
3697 self.context.monitor_pending_commitment_signed = false;
3698 return MonitorRestoreUpdates {
3699 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3700 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3704 let raa = if self.context.monitor_pending_revoke_and_ack {
3705 Some(self.get_last_revoke_and_ack())
3707 let commitment_update = if self.context.monitor_pending_commitment_signed {
3708 self.mark_awaiting_response();
3709 Some(self.get_last_commitment_update(logger))
3712 self.context.monitor_pending_revoke_and_ack = false;
3713 self.context.monitor_pending_commitment_signed = false;
3714 let order = self.context.resend_order.clone();
3715 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3716 log_bytes!(self.context.channel_id()), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3717 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3718 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3719 MonitorRestoreUpdates {
3720 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3724 pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
3725 where F::Target: FeeEstimator, L::Target: Logger
3727 if self.context.is_outbound() {
3728 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3730 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3731 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3733 Channel::<Signer>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
3734 let feerate_over_dust_buffer = msg.feerate_per_kw > self.context.get_dust_buffer_feerate(None);
3736 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3737 self.context.update_time_counter += 1;
3738 // If the feerate has increased over the previous dust buffer (note that
3739 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3740 // won't be pushed over our dust exposure limit by the feerate increase.
3741 if feerate_over_dust_buffer {
3742 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
3743 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
3744 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3745 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3746 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
3747 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
3748 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3749 msg.feerate_per_kw, holder_tx_dust_exposure)));
3751 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
3752 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3753 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3759 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3760 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3761 let per_commitment_secret = self.context.holder_signer.release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
3762 msgs::RevokeAndACK {
3763 channel_id: self.context.channel_id,
3764 per_commitment_secret,
3765 next_per_commitment_point,
3767 next_local_nonce: None,
3771 fn get_last_commitment_update<L: Deref>(&self, logger: &L) -> msgs::CommitmentUpdate where L::Target: Logger {
3772 let mut update_add_htlcs = Vec::new();
3773 let mut update_fulfill_htlcs = Vec::new();
3774 let mut update_fail_htlcs = Vec::new();
3775 let mut update_fail_malformed_htlcs = Vec::new();
3777 for htlc in self.context.pending_outbound_htlcs.iter() {
3778 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3779 update_add_htlcs.push(msgs::UpdateAddHTLC {
3780 channel_id: self.context.channel_id(),
3781 htlc_id: htlc.htlc_id,
3782 amount_msat: htlc.amount_msat,
3783 payment_hash: htlc.payment_hash,
3784 cltv_expiry: htlc.cltv_expiry,
3785 onion_routing_packet: (**onion_packet).clone(),
3786 skimmed_fee_msat: htlc.skimmed_fee_msat,
3791 for htlc in self.context.pending_inbound_htlcs.iter() {
3792 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3794 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3795 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3796 channel_id: self.context.channel_id(),
3797 htlc_id: htlc.htlc_id,
3798 reason: err_packet.clone()
3801 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3802 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3803 channel_id: self.context.channel_id(),
3804 htlc_id: htlc.htlc_id,
3805 sha256_of_onion: sha256_of_onion.clone(),
3806 failure_code: failure_code.clone(),
3809 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
3810 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
3811 channel_id: self.context.channel_id(),
3812 htlc_id: htlc.htlc_id,
3813 payment_preimage: payment_preimage.clone(),
3820 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
3821 Some(msgs::UpdateFee {
3822 channel_id: self.context.channel_id(),
3823 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
3827 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
3828 log_bytes!(self.context.channel_id()), if update_fee.is_some() { " update_fee," } else { "" },
3829 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
3830 msgs::CommitmentUpdate {
3831 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
3832 commitment_signed: self.send_commitment_no_state_update(logger).expect("It looks like we failed to re-generate a commitment_signed we had previously sent?").0,
3836 /// May panic if some calls other than message-handling calls (which will all Err immediately)
3837 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
3839 /// Some links printed in log lines are included here to check them during build (when run with
3840 /// `cargo doc --document-private-items`):
3841 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
3842 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
3843 pub fn channel_reestablish<L: Deref, NS: Deref>(
3844 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
3845 genesis_block_hash: BlockHash, user_config: &UserConfig, best_block: &BestBlock
3846 ) -> Result<ReestablishResponses, ChannelError>
3849 NS::Target: NodeSigner
3851 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
3852 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
3853 // almost certainly indicates we are going to end up out-of-sync in some way, so we
3854 // just close here instead of trying to recover.
3855 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
3858 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
3859 msg.next_local_commitment_number == 0 {
3860 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish (usually an lnd node with lost state asking us to force-close for them)".to_owned()));
3863 if msg.next_remote_commitment_number > 0 {
3864 let expected_point = self.context.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
3865 let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
3866 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
3867 if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
3868 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
3870 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
3871 macro_rules! log_and_panic {
3872 ($err_msg: expr) => {
3873 log_error!(logger, $err_msg, log_bytes!(self.context.channel_id), log_pubkey!(self.context.counterparty_node_id));
3874 panic!($err_msg, log_bytes!(self.context.channel_id), log_pubkey!(self.context.counterparty_node_id));
3877 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
3878 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
3879 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
3880 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
3881 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
3882 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
3883 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
3884 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
3888 // Before we change the state of the channel, we check if the peer is sending a very old
3889 // commitment transaction number, if yes we send a warning message.
3890 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
3891 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
3893 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
3897 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
3898 // remaining cases either succeed or ErrorMessage-fail).
3899 self.context.channel_state &= !(ChannelState::PeerDisconnected as u32);
3900 self.context.sent_message_awaiting_response = None;
3902 let shutdown_msg = if self.context.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
3903 assert!(self.context.shutdown_scriptpubkey.is_some());
3904 Some(msgs::Shutdown {
3905 channel_id: self.context.channel_id,
3906 scriptpubkey: self.get_closing_scriptpubkey(),
3910 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, best_block.height(), logger);
3912 if self.context.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
3913 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
3914 if self.context.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
3915 self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3916 if msg.next_remote_commitment_number != 0 {
3917 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
3919 // Short circuit the whole handler as there is nothing we can resend them
3920 return Ok(ReestablishResponses {
3921 channel_ready: None,
3922 raa: None, commitment_update: None,
3923 order: RAACommitmentOrder::CommitmentFirst,
3924 shutdown_msg, announcement_sigs,
3928 // We have OurChannelReady set!
3929 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3930 return Ok(ReestablishResponses {
3931 channel_ready: Some(msgs::ChannelReady {
3932 channel_id: self.context.channel_id(),
3933 next_per_commitment_point,
3934 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3936 raa: None, commitment_update: None,
3937 order: RAACommitmentOrder::CommitmentFirst,
3938 shutdown_msg, announcement_sigs,
3942 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number {
3943 // Remote isn't waiting on any RevokeAndACK from us!
3944 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
3946 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.context.cur_holder_commitment_transaction_number {
3947 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3948 self.context.monitor_pending_revoke_and_ack = true;
3951 Some(self.get_last_revoke_and_ack())
3954 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
3957 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
3958 // revoke_and_ack, not on sending commitment_signed, so we add one if have
3959 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
3960 // the corresponding revoke_and_ack back yet.
3961 let is_awaiting_remote_revoke = self.context.channel_state & ChannelState::AwaitingRemoteRevoke as u32 != 0;
3962 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
3963 self.mark_awaiting_response();
3965 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
3967 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
3968 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
3969 let next_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
3970 Some(msgs::ChannelReady {
3971 channel_id: self.context.channel_id(),
3972 next_per_commitment_point,
3973 short_channel_id_alias: Some(self.context.outbound_scid_alias),
3977 if msg.next_local_commitment_number == next_counterparty_commitment_number {
3978 if required_revoke.is_some() {
3979 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.context.channel_id()));
3981 log_debug!(logger, "Reconnected channel {} with no loss", log_bytes!(self.context.channel_id()));
3984 Ok(ReestablishResponses {
3985 channel_ready, shutdown_msg, announcement_sigs,
3986 raa: required_revoke,
3987 commitment_update: None,
3988 order: self.context.resend_order.clone(),
3990 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
3991 if required_revoke.is_some() {
3992 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", log_bytes!(self.context.channel_id()));
3994 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.context.channel_id()));
3997 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3998 self.context.monitor_pending_commitment_signed = true;
3999 Ok(ReestablishResponses {
4000 channel_ready, shutdown_msg, announcement_sigs,
4001 commitment_update: None, raa: None,
4002 order: self.context.resend_order.clone(),
4005 Ok(ReestablishResponses {
4006 channel_ready, shutdown_msg, announcement_sigs,
4007 raa: required_revoke,
4008 commitment_update: Some(self.get_last_commitment_update(logger)),
4009 order: self.context.resend_order.clone(),
4013 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4017 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4018 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4019 /// at which point they will be recalculated.
4020 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4022 where F::Target: FeeEstimator
4024 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
4026 // Propose a range from our current Background feerate to our Normal feerate plus our
4027 // force_close_avoidance_max_fee_satoshis.
4028 // If we fail to come to consensus, we'll have to force-close.
4029 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
4030 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
4031 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
4033 // The spec requires that (when the channel does not have anchors) we only send absolute
4034 // channel fees no greater than the absolute channel fee on the current commitment
4035 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4036 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4037 // some force-closure by old nodes, but we wanted to close the channel anyway.
4039 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
4040 let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
4041 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4042 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4045 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4046 // below our dust limit, causing the output to disappear. We don't bother handling this
4047 // case, however, as this should only happen if a channel is closed before any (material)
4048 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4049 // come to consensus with our counterparty on appropriate fees, however it should be a
4050 // relatively rare case. We can revisit this later, though note that in order to determine
4051 // if the funders' output is dust we have to know the absolute fee we're going to use.
4052 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4053 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4054 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
4055 // We always add force_close_avoidance_max_fee_satoshis to our normal
4056 // feerate-calculated fee, but allow the max to be overridden if we're using a
4057 // target feerate-calculated fee.
4058 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
4059 proposed_max_feerate as u64 * tx_weight / 1000)
4061 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
4064 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4065 self.context.closing_fee_limits.clone().unwrap()
4068 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4069 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4070 /// this point if we're the funder we should send the initial closing_signed, and in any case
4071 /// shutdown should complete within a reasonable timeframe.
4072 fn closing_negotiation_ready(&self) -> bool {
4073 self.context.closing_negotiation_ready()
4076 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4077 /// an Err if no progress is being made and the channel should be force-closed instead.
4078 /// Should be called on a one-minute timer.
4079 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4080 if self.closing_negotiation_ready() {
4081 if self.context.closing_signed_in_flight {
4082 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4084 self.context.closing_signed_in_flight = true;
4090 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4091 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4092 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4093 where F::Target: FeeEstimator, L::Target: Logger
4095 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4096 return Ok((None, None));
4099 if !self.context.is_outbound() {
4100 if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
4101 return self.closing_signed(fee_estimator, &msg);
4103 return Ok((None, None));
4106 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4108 assert!(self.context.shutdown_scriptpubkey.is_some());
4109 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4110 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4111 our_min_fee, our_max_fee, total_fee_satoshis);
4113 let sig = self.context.holder_signer
4114 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4115 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4117 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4118 Ok((Some(msgs::ClosingSigned {
4119 channel_id: self.context.channel_id,
4120 fee_satoshis: total_fee_satoshis,
4122 fee_range: Some(msgs::ClosingSignedFeeRange {
4123 min_fee_satoshis: our_min_fee,
4124 max_fee_satoshis: our_max_fee,
4129 // Marks a channel as waiting for a response from the counterparty. If it's not received
4130 // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
4132 fn mark_awaiting_response(&mut self) {
4133 self.context.sent_message_awaiting_response = Some(0);
4136 /// Determines whether we should disconnect the counterparty due to not receiving a response
4137 /// within our expected timeframe.
4139 /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
4140 pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
4141 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
4144 // Don't disconnect when we're not waiting on a response.
4147 *ticks_elapsed += 1;
4148 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
4151 pub fn shutdown<SP: Deref>(
4152 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
4153 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4154 where SP::Target: SignerProvider
4156 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4157 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4159 if self.context.channel_state < ChannelState::FundingSent as u32 {
4160 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4161 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4162 // can do that via error message without getting a connection fail anyway...
4163 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4165 for htlc in self.context.pending_inbound_htlcs.iter() {
4166 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4167 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4170 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
4172 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4173 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4176 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
4177 if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
4178 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4181 self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4184 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4185 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4186 // any further commitment updates after we set LocalShutdownSent.
4187 let send_shutdown = (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4189 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
4192 assert!(send_shutdown);
4193 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
4194 Ok(scriptpubkey) => scriptpubkey,
4195 Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
4197 if !shutdown_scriptpubkey.is_compatible(their_features) {
4198 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4200 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4205 // From here on out, we may not fail!
4207 self.context.channel_state |= ChannelState::RemoteShutdownSent as u32;
4208 self.context.update_time_counter += 1;
4210 let monitor_update = if update_shutdown_script {
4211 self.context.latest_monitor_update_id += 1;
4212 let monitor_update = ChannelMonitorUpdate {
4213 update_id: self.context.latest_monitor_update_id,
4214 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4215 scriptpubkey: self.get_closing_scriptpubkey(),
4218 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
4219 self.push_ret_blockable_mon_update(monitor_update)
4221 let shutdown = if send_shutdown {
4222 Some(msgs::Shutdown {
4223 channel_id: self.context.channel_id,
4224 scriptpubkey: self.get_closing_scriptpubkey(),
4228 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4229 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4230 // cell HTLCs and return them to fail the payment.
4231 self.context.holding_cell_update_fee = None;
4232 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
4233 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4235 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4236 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4243 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
4244 self.context.update_time_counter += 1;
4246 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4249 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4250 let mut tx = closing_tx.trust().built_transaction().clone();
4252 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4254 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
4255 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
4256 let mut holder_sig = sig.serialize_der().to_vec();
4257 holder_sig.push(EcdsaSighashType::All as u8);
4258 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4259 cp_sig.push(EcdsaSighashType::All as u8);
4260 if funding_key[..] < counterparty_funding_key[..] {
4261 tx.input[0].witness.push(holder_sig);
4262 tx.input[0].witness.push(cp_sig);
4264 tx.input[0].witness.push(cp_sig);
4265 tx.input[0].witness.push(holder_sig);
4268 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
4272 pub fn closing_signed<F: Deref>(
4273 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4274 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4275 where F::Target: FeeEstimator
4277 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4278 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4280 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4281 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4283 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
4284 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4286 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4287 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4290 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
4291 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4294 if self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4295 self.context.pending_counterparty_closing_signed = Some(msg.clone());
4296 return Ok((None, None));
4299 let funding_redeemscript = self.context.get_funding_redeemscript();
4300 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4301 if used_total_fee != msg.fee_satoshis {
4302 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4304 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4306 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
4309 // The remote end may have decided to revoke their output due to inconsistent dust
4310 // limits, so check for that case by re-checking the signature here.
4311 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4312 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
4313 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4317 for outp in closing_tx.trust().built_transaction().output.iter() {
4318 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4319 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4323 assert!(self.context.shutdown_scriptpubkey.is_some());
4324 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
4325 if last_fee == msg.fee_satoshis {
4326 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4327 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4328 self.context.update_time_counter += 1;
4329 return Ok((None, Some(tx)));
4333 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4335 macro_rules! propose_fee {
4336 ($new_fee: expr) => {
4337 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4338 (closing_tx, $new_fee)
4340 self.build_closing_transaction($new_fee, false)
4343 let sig = self.context.holder_signer
4344 .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
4345 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4347 let signed_tx = if $new_fee == msg.fee_satoshis {
4348 self.context.channel_state = ChannelState::ShutdownComplete as u32;
4349 self.context.update_time_counter += 1;
4350 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4354 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
4355 return Ok((Some(msgs::ClosingSigned {
4356 channel_id: self.context.channel_id,
4357 fee_satoshis: used_fee,
4359 fee_range: Some(msgs::ClosingSignedFeeRange {
4360 min_fee_satoshis: our_min_fee,
4361 max_fee_satoshis: our_max_fee,
4367 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4368 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4369 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4371 if max_fee_satoshis < our_min_fee {
4372 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4374 if min_fee_satoshis > our_max_fee {
4375 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4378 if !self.context.is_outbound() {
4379 // They have to pay, so pick the highest fee in the overlapping range.
4380 // We should never set an upper bound aside from their full balance
4381 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
4382 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4384 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4385 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4386 msg.fee_satoshis, our_min_fee, our_max_fee)));
4388 // The proposed fee is in our acceptable range, accept it and broadcast!
4389 propose_fee!(msg.fee_satoshis);
4392 // Old fee style negotiation. We don't bother to enforce whether they are complying
4393 // with the "making progress" requirements, we just comply and hope for the best.
4394 if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
4395 if msg.fee_satoshis > last_fee {
4396 if msg.fee_satoshis < our_max_fee {
4397 propose_fee!(msg.fee_satoshis);
4398 } else if last_fee < our_max_fee {
4399 propose_fee!(our_max_fee);
4401 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4404 if msg.fee_satoshis > our_min_fee {
4405 propose_fee!(msg.fee_satoshis);
4406 } else if last_fee > our_min_fee {
4407 propose_fee!(our_min_fee);
4409 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4413 if msg.fee_satoshis < our_min_fee {
4414 propose_fee!(our_min_fee);
4415 } else if msg.fee_satoshis > our_max_fee {
4416 propose_fee!(our_max_fee);
4418 propose_fee!(msg.fee_satoshis);
4424 fn internal_htlc_satisfies_config(
4425 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4426 ) -> Result<(), (&'static str, u16)> {
4427 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4428 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4429 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4430 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4432 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4433 0x1000 | 12, // fee_insufficient
4436 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4438 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4439 0x1000 | 13, // incorrect_cltv_expiry
4445 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4446 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4447 /// unsuccessful, falls back to the previous one if one exists.
4448 pub fn htlc_satisfies_config(
4449 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4450 ) -> Result<(), (&'static str, u16)> {
4451 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
4453 if let Some(prev_config) = self.context.prev_config() {
4454 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4461 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4462 self.context.cur_holder_commitment_transaction_number + 1
4465 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4466 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4469 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4470 self.context.cur_counterparty_commitment_transaction_number + 2
4474 pub fn get_signer(&self) -> &Signer {
4475 &self.context.holder_signer
4479 pub fn get_value_stat(&self) -> ChannelValueStat {
4481 value_to_self_msat: self.context.value_to_self_msat,
4482 channel_value_msat: self.context.channel_value_satoshis * 1000,
4483 channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4484 pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4485 pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4486 holding_cell_outbound_amount_msat: {
4488 for h in self.context.holding_cell_htlc_updates.iter() {
4490 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4498 counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
4499 counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
4503 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4504 /// Allowed in any state (including after shutdown)
4505 pub fn is_awaiting_monitor_update(&self) -> bool {
4506 (self.context.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4509 /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
4510 pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
4511 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
4512 self.context.blocked_monitor_updates[0].update.update_id - 1
4515 /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
4516 /// further blocked monitor update exists after the next.
4517 pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
4518 if self.context.blocked_monitor_updates.is_empty() { return None; }
4519 Some((self.context.blocked_monitor_updates.remove(0).update,
4520 !self.context.blocked_monitor_updates.is_empty()))
4523 /// Pushes a new monitor update into our monitor update queue, returning it if it should be
4524 /// immediately given to the user for persisting or `None` if it should be held as blocked.
4525 fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
4526 -> Option<ChannelMonitorUpdate> {
4527 let release_monitor = self.context.blocked_monitor_updates.is_empty();
4528 if !release_monitor {
4529 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4538 pub fn blocked_monitor_updates_pending(&self) -> usize {
4539 self.context.blocked_monitor_updates.len()
4542 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4543 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4544 /// transaction. If the channel is inbound, this implies simply that the channel has not
4546 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4547 if !self.is_awaiting_monitor_update() { return false; }
4548 if self.context.channel_state &
4549 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4550 == ChannelState::FundingSent as u32 {
4551 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4552 // FundingSent set, though our peer could have sent their channel_ready.
4553 debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
4556 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4557 self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4558 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4559 // waiting for the initial monitor persistence. Thus, we check if our commitment
4560 // transaction numbers have both been iterated only exactly once (for the
4561 // funding_signed), and we're awaiting monitor update.
4563 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4564 // only way to get an awaiting-monitor-update state during initial funding is if the
4565 // initial monitor persistence is still pending).
4567 // Because deciding we're awaiting initial broadcast spuriously could result in
4568 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4569 // we hard-assert here, even in production builds.
4570 if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
4571 assert!(self.context.monitor_pending_channel_ready);
4572 assert_eq!(self.context.latest_monitor_update_id, 0);
4578 /// Returns true if our channel_ready has been sent
4579 pub fn is_our_channel_ready(&self) -> bool {
4580 (self.context.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.context.channel_state >= ChannelState::ChannelReady as u32
4583 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4584 pub fn received_shutdown(&self) -> bool {
4585 (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4588 /// Returns true if we either initiated or agreed to shut down the channel.
4589 pub fn sent_shutdown(&self) -> bool {
4590 (self.context.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4593 /// Returns true if this channel is fully shut down. True here implies that no further actions
4594 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4595 /// will be handled appropriately by the chain monitor.
4596 pub fn is_shutdown(&self) -> bool {
4597 if (self.context.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4598 assert!(self.context.channel_state == ChannelState::ShutdownComplete as u32);
4603 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4604 self.context.channel_update_status
4607 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4608 self.context.update_time_counter += 1;
4609 self.context.channel_update_status = status;
4612 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4614 // * always when a new block/transactions are confirmed with the new height
4615 // * when funding is signed with a height of 0
4616 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
4620 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4621 if funding_tx_confirmations <= 0 {
4622 self.context.funding_tx_confirmation_height = 0;
4625 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
4629 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4630 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4631 self.context.channel_state |= ChannelState::OurChannelReady as u32;
4633 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4634 self.context.channel_state = ChannelState::ChannelReady as u32 | (self.context.channel_state & MULTI_STATE_FLAGS);
4635 self.context.update_time_counter += 1;
4637 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4638 // We got a reorg but not enough to trigger a force close, just ignore.
4641 if self.context.funding_tx_confirmation_height != 0 && self.context.channel_state < ChannelState::ChannelReady as u32 {
4642 // We should never see a funding transaction on-chain until we've received
4643 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4644 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4645 // however, may do this and we shouldn't treat it as a bug.
4646 #[cfg(not(fuzzing))]
4647 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4648 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4649 self.context.channel_state);
4651 // We got a reorg but not enough to trigger a force close, just ignore.
4655 if need_commitment_update {
4656 if self.context.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4657 if self.context.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4658 let next_per_commitment_point =
4659 self.context.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
4660 return Some(msgs::ChannelReady {
4661 channel_id: self.context.channel_id,
4662 next_per_commitment_point,
4663 short_channel_id_alias: Some(self.context.outbound_scid_alias),
4667 self.context.monitor_pending_channel_ready = true;
4673 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4674 /// In the first case, we store the confirmation height and calculating the short channel id.
4675 /// In the second, we simply return an Err indicating we need to be force-closed now.
4676 pub fn transactions_confirmed<NS: Deref, L: Deref>(
4677 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
4678 genesis_block_hash: BlockHash, node_signer: &NS, user_config: &UserConfig, logger: &L
4679 ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4681 NS::Target: NodeSigner,
4684 if let Some(funding_txo) = self.context.get_funding_txo() {
4685 for &(index_in_block, tx) in txdata.iter() {
4686 // Check if the transaction is the expected funding transaction, and if it is,
4687 // check that it pays the right amount to the right script.
4688 if self.context.funding_tx_confirmation_height == 0 {
4689 if tx.txid() == funding_txo.txid {
4690 let txo_idx = funding_txo.index as usize;
4691 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
4692 tx.output[txo_idx].value != self.context.channel_value_satoshis {
4693 if self.context.is_outbound() {
4694 // If we generated the funding transaction and it doesn't match what it
4695 // should, the client is really broken and we should just panic and
4696 // tell them off. That said, because hash collisions happen with high
4697 // probability in fuzzing mode, if we're fuzzing we just close the
4698 // channel and move on.
4699 #[cfg(not(fuzzing))]
4700 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4702 self.context.update_time_counter += 1;
4703 let err_reason = "funding tx had wrong script/value or output index";
4704 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4706 if self.context.is_outbound() {
4707 for input in tx.input.iter() {
4708 if input.witness.is_empty() {
4709 // We generated a malleable funding transaction, implying we've
4710 // just exposed ourselves to funds loss to our counterparty.
4711 #[cfg(not(fuzzing))]
4712 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4716 self.context.funding_tx_confirmation_height = height;
4717 self.context.funding_tx_confirmed_in = Some(*block_hash);
4718 self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4719 Ok(scid) => Some(scid),
4720 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4724 // If we allow 1-conf funding, we may need to check for channel_ready here and
4725 // send it immediately instead of waiting for a best_block_updated call (which
4726 // may have already happened for this block).
4727 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4728 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.context.channel_id));
4729 let announcement_sigs = self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger);
4730 return Ok((Some(channel_ready), announcement_sigs));
4733 for inp in tx.input.iter() {
4734 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
4735 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, log_bytes!(self.context.channel_id()));
4736 return Err(ClosureReason::CommitmentTxConfirmed);
4744 /// When a new block is connected, we check the height of the block against outbound holding
4745 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
4746 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
4747 /// handled by the ChannelMonitor.
4749 /// If we return Err, the channel may have been closed, at which point the standard
4750 /// requirements apply - no calls may be made except those explicitly stated to be allowed
4753 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
4755 pub fn best_block_updated<NS: Deref, L: Deref>(
4756 &mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash,
4757 node_signer: &NS, user_config: &UserConfig, logger: &L
4758 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4760 NS::Target: NodeSigner,
4763 self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_signer, user_config)), logger)
4766 fn do_best_block_updated<NS: Deref, L: Deref>(
4767 &mut self, height: u32, highest_header_time: u32,
4768 genesis_node_signer: Option<(BlockHash, &NS, &UserConfig)>, logger: &L
4769 ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
4771 NS::Target: NodeSigner,
4774 let mut timed_out_htlcs = Vec::new();
4775 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
4776 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
4778 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
4779 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
4781 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
4782 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
4783 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
4791 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
4793 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4794 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4795 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4797 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.context.channel_id));
4798 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
4801 let non_shutdown_state = self.context.channel_state & (!MULTI_STATE_FLAGS);
4802 if non_shutdown_state >= ChannelState::ChannelReady as u32 ||
4803 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
4804 let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
4805 if self.context.funding_tx_confirmation_height == 0 {
4806 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
4807 // zero if it has been reorged out, however in either case, our state flags
4808 // indicate we've already sent a channel_ready
4809 funding_tx_confirmations = 0;
4812 // If we've sent channel_ready (or have both sent and received channel_ready), and
4813 // the funding transaction has become unconfirmed,
4814 // close the channel and hope we can get the latest state on chain (because presumably
4815 // the funding transaction is at least still in the mempool of most nodes).
4817 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
4818 // 0-conf channel, but not doing so may lead to the
4819 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
4821 if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
4822 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
4823 self.context.minimum_depth.unwrap(), funding_tx_confirmations);
4824 return Err(ClosureReason::ProcessingError { err: err_reason });
4826 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
4827 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
4828 log_info!(logger, "Closing channel {} due to funding timeout", log_bytes!(self.context.channel_id));
4829 // If funding_tx_confirmed_in is unset, the channel must not be active
4830 assert!(non_shutdown_state <= ChannelState::ChannelReady as u32);
4831 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
4832 return Err(ClosureReason::FundingTimedOut);
4835 let announcement_sigs = if let Some((genesis_block_hash, node_signer, user_config)) = genesis_node_signer {
4836 self.get_announcement_sigs(node_signer, genesis_block_hash, user_config, height, logger)
4838 Ok((None, timed_out_htlcs, announcement_sigs))
4841 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
4842 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
4843 /// before the channel has reached channel_ready and we can just wait for more blocks.
4844 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
4845 if self.context.funding_tx_confirmation_height != 0 {
4846 // We handle the funding disconnection by calling best_block_updated with a height one
4847 // below where our funding was connected, implying a reorg back to conf_height - 1.
4848 let reorg_height = self.context.funding_tx_confirmation_height - 1;
4849 // We use the time field to bump the current time we set on channel updates if its
4850 // larger. If we don't know that time has moved forward, we can just set it to the last
4851 // time we saw and it will be ignored.
4852 let best_time = self.context.update_time_counter;
4853 match self.do_best_block_updated(reorg_height, best_time, None::<(BlockHash, &&NodeSigner, &UserConfig)>, logger) {
4854 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
4855 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
4856 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
4857 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
4863 // We never learned about the funding confirmation anyway, just ignore
4868 // Methods to get unprompted messages to send to the remote end (or where we already returned
4869 // something in the handler for the message that prompted this message):
4871 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
4872 /// announceable and available for use (have exchanged [`ChannelReady`] messages in both
4873 /// directions). Should be used for both broadcasted announcements and in response to an
4874 /// AnnouncementSignatures message from the remote peer.
4876 /// Will only fail if we're not in a state where channel_announcement may be sent (including
4879 /// This will only return ChannelError::Ignore upon failure.
4881 /// [`ChannelReady`]: crate::ln::msgs::ChannelReady
4882 fn get_channel_announcement<NS: Deref>(
4883 &self, node_signer: &NS, chain_hash: BlockHash, user_config: &UserConfig,
4884 ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
4885 if !self.context.config.announced_channel {
4886 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
4888 if !self.context.is_usable() {
4889 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
4892 let short_channel_id = self.context.get_short_channel_id()
4893 .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
4894 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
4895 .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
4896 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
4897 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
4899 let msg = msgs::UnsignedChannelAnnouncement {
4900 features: channelmanager::provided_channel_features(&user_config),
4903 node_id_1: if were_node_one { node_id } else { counterparty_node_id },
4904 node_id_2: if were_node_one { counterparty_node_id } else { node_id },
4905 bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
4906 bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
4907 excess_data: Vec::new(),
4913 fn get_announcement_sigs<NS: Deref, L: Deref>(
4914 &mut self, node_signer: &NS, genesis_block_hash: BlockHash, user_config: &UserConfig,
4915 best_block_height: u32, logger: &L
4916 ) -> Option<msgs::AnnouncementSignatures>
4918 NS::Target: NodeSigner,
4921 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
4925 if !self.context.is_usable() {
4929 if self.context.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
4930 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
4934 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
4938 log_trace!(logger, "Creating an announcement_signatures message for channel {}", log_bytes!(self.context.channel_id()));
4939 let announcement = match self.get_channel_announcement(node_signer, genesis_block_hash, user_config) {
4942 log_trace!(logger, "{:?}", e);
4946 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
4948 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
4953 let our_bitcoin_sig = match self.context.holder_signer.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
4955 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
4960 let short_channel_id = match self.context.get_short_channel_id() {
4962 None => return None,
4965 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
4967 Some(msgs::AnnouncementSignatures {
4968 channel_id: self.context.channel_id(),
4970 node_signature: our_node_sig,
4971 bitcoin_signature: our_bitcoin_sig,
4975 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
4977 fn sign_channel_announcement<NS: Deref>(
4978 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
4979 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
4980 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
4981 let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
4982 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
4983 let were_node_one = announcement.node_id_1 == our_node_key;
4985 let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
4986 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
4987 let our_bitcoin_sig = self.context.holder_signer.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
4988 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
4989 Ok(msgs::ChannelAnnouncement {
4990 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
4991 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
4992 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
4993 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
4994 contents: announcement,
4997 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5001 /// Processes an incoming announcement_signatures message, providing a fully-signed
5002 /// channel_announcement message which we can broadcast and storing our counterparty's
5003 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5004 pub fn announcement_signatures<NS: Deref>(
5005 &mut self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32,
5006 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
5007 ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
5008 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
5010 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5012 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
5013 return Err(ChannelError::Close(format!(
5014 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5015 &announcement, self.context.get_counterparty_node_id())));
5017 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
5018 return Err(ChannelError::Close(format!(
5019 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5020 &announcement, self.context.counterparty_funding_pubkey())));
5023 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5024 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5025 return Err(ChannelError::Ignore(
5026 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5029 self.sign_channel_announcement(node_signer, announcement)
5032 /// Gets a signed channel_announcement for this channel, if we previously received an
5033 /// announcement_signatures from our counterparty.
5034 pub fn get_signed_channel_announcement<NS: Deref>(
5035 &self, node_signer: &NS, chain_hash: BlockHash, best_block_height: u32, user_config: &UserConfig
5036 ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
5037 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
5040 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
5042 Err(_) => return None,
5044 match self.sign_channel_announcement(node_signer, announcement) {
5045 Ok(res) => Some(res),
5050 /// May panic if called on a channel that wasn't immediately-previously
5051 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5052 pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5053 assert_eq!(self.context.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5054 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5055 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5056 // current to_remote balances. However, it no longer has any use, and thus is now simply
5057 // set to a dummy (but valid, as required by the spec) public key.
5058 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5059 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5060 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5061 let mut pk = [2; 33]; pk[1] = 0xff;
5062 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5063 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5064 let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
5065 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), log_bytes!(self.context.channel_id()));
5068 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", log_bytes!(self.context.channel_id()));
5071 self.mark_awaiting_response();
5072 msgs::ChannelReestablish {
5073 channel_id: self.context.channel_id(),
5074 // The protocol has two different commitment number concepts - the "commitment
5075 // transaction number", which starts from 0 and counts up, and the "revocation key
5076 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5077 // commitment transaction numbers by the index which will be used to reveal the
5078 // revocation key for that commitment transaction, which means we have to convert them
5079 // to protocol-level commitment numbers here...
5081 // next_local_commitment_number is the next commitment_signed number we expect to
5082 // receive (indicating if they need to resend one that we missed).
5083 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
5084 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5085 // receive, however we track it by the next commitment number for a remote transaction
5086 // (which is one further, as they always revoke previous commitment transaction, not
5087 // the one we send) so we have to decrement by 1. Note that if
5088 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5089 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5091 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
5092 your_last_per_commitment_secret: remote_last_secret,
5093 my_current_per_commitment_point: dummy_pubkey,
5094 // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
5095 // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
5096 // txid of that interactive transaction, else we MUST NOT set it.
5097 next_funding_txid: None,
5102 // Send stuff to our remote peers:
5104 /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
5105 /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
5106 /// commitment update.
5108 /// `Err`s will only be [`ChannelError::Ignore`].
5109 pub fn queue_add_htlc<F: Deref, L: Deref>(
5110 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5111 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5112 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5113 ) -> Result<(), ChannelError>
5114 where F::Target: FeeEstimator, L::Target: Logger
5117 .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
5118 skimmed_fee_msat, fee_estimator, logger)
5119 .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
5121 if let ChannelError::Ignore(_) = err { /* fine */ }
5122 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
5127 /// Adds a pending outbound HTLC to this channel, note that you probably want
5128 /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
5130 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5132 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5133 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5135 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5136 /// we may not yet have sent the previous commitment update messages and will need to
5137 /// regenerate them.
5139 /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
5140 /// on this [`Channel`] if `force_holding_cell` is false.
5142 /// `Err`s will only be [`ChannelError::Ignore`].
5143 fn send_htlc<F: Deref, L: Deref>(
5144 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
5145 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
5146 skimmed_fee_msat: Option<u64>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5147 ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
5148 where F::Target: FeeEstimator, L::Target: Logger
5150 if (self.context.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5151 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5153 let channel_total_msat = self.context.channel_value_satoshis * 1000;
5154 if amount_msat > channel_total_msat {
5155 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5158 if amount_msat == 0 {
5159 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5162 let available_balances = self.context.get_available_balances(fee_estimator);
5163 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
5164 return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
5165 available_balances.next_outbound_htlc_minimum_msat)));
5168 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
5169 return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
5170 available_balances.next_outbound_htlc_limit_msat)));
5173 if (self.context.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5174 // Note that this should never really happen, if we're !is_live() on receipt of an
5175 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5176 // the user to send directly into a !is_live() channel. However, if we
5177 // disconnected during the time the previous hop was doing the commitment dance we may
5178 // end up getting here after the forwarding delay. In any case, returning an
5179 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5180 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5183 let need_holding_cell = (self.context.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
5184 log_debug!(logger, "Pushing new outbound HTLC for {} msat {}", amount_msat,
5185 if force_holding_cell { "into holding cell" }
5186 else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
5187 else { "to peer" });
5189 if need_holding_cell {
5190 force_holding_cell = true;
5193 // Now update local state:
5194 if force_holding_cell {
5195 self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5200 onion_routing_packet,
5206 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
5207 htlc_id: self.context.next_holder_htlc_id,
5209 payment_hash: payment_hash.clone(),
5211 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5216 let res = msgs::UpdateAddHTLC {
5217 channel_id: self.context.channel_id,
5218 htlc_id: self.context.next_holder_htlc_id,
5222 onion_routing_packet,
5225 self.context.next_holder_htlc_id += 1;
5230 fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
5231 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5232 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5233 // fail to generate this, we still are at least at a position where upgrading their status
5235 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
5236 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5237 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5239 if let Some(state) = new_state {
5240 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5244 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5245 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5246 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5247 // Grab the preimage, if it exists, instead of cloning
5248 let mut reason = OutboundHTLCOutcome::Success(None);
5249 mem::swap(outcome, &mut reason);
5250 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5253 if let Some((feerate, update_state)) = self.context.pending_update_fee {
5254 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5255 debug_assert!(!self.context.is_outbound());
5256 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5257 self.context.feerate_per_kw = feerate;
5258 self.context.pending_update_fee = None;
5261 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5263 let (counterparty_commitment_txid, mut htlcs_ref) = self.build_commitment_no_state_update(logger);
5264 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5265 htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5267 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5268 self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
5271 self.context.latest_monitor_update_id += 1;
5272 let monitor_update = ChannelMonitorUpdate {
5273 update_id: self.context.latest_monitor_update_id,
5274 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5275 commitment_txid: counterparty_commitment_txid,
5276 htlc_outputs: htlcs.clone(),
5277 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
5278 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap()
5281 self.context.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5285 fn build_commitment_no_state_update<L: Deref>(&self, logger: &L) -> (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>) where L::Target: Logger {
5286 let counterparty_keys = self.context.build_remote_transaction_keys();
5287 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5288 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5290 #[cfg(any(test, fuzzing))]
5292 if !self.context.is_outbound() {
5293 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5294 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5295 if let Some(info) = projected_commit_tx_info {
5296 let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
5297 if info.total_pending_htlcs == total_pending_htlcs
5298 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
5299 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
5300 && info.feerate == self.context.feerate_per_kw {
5301 let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
5302 assert_eq!(actual_fee, info.fee);
5308 (counterparty_commitment_txid, commitment_stats.htlcs_included)
5311 /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
5312 /// generation when we shouldn't change HTLC/channel state.
5313 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5314 // Get the fee tests from `build_commitment_no_state_update`
5315 #[cfg(any(test, fuzzing))]
5316 self.build_commitment_no_state_update(logger);
5318 let counterparty_keys = self.context.build_remote_transaction_keys();
5319 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5320 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5321 let (signature, htlc_signatures);
5324 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5325 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5329 let res = self.context.holder_signer.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.context.secp_ctx)
5330 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?;
5332 htlc_signatures = res.1;
5334 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5335 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5336 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
5337 log_bytes!(signature.serialize_compact()[..]), log_bytes!(self.context.channel_id()));
5339 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5340 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5341 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5342 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
5343 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5344 log_bytes!(htlc_sig.serialize_compact()[..]), log_bytes!(self.context.channel_id()));
5348 Ok((msgs::CommitmentSigned {
5349 channel_id: self.context.channel_id,
5353 partial_signature_with_nonce: None,
5354 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5357 /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
5358 /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
5360 /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
5361 /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
5362 pub fn send_htlc_and_commit<F: Deref, L: Deref>(
5363 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
5364 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
5365 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
5366 ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
5367 where F::Target: FeeEstimator, L::Target: Logger
5369 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
5370 onion_routing_packet, false, skimmed_fee_msat, fee_estimator, logger);
5371 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
5374 let monitor_update = self.build_commitment_no_status_check(logger);
5375 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
5376 Ok(self.push_ret_blockable_mon_update(monitor_update))
5382 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<(), ChannelError> {
5383 if msg.contents.htlc_minimum_msat >= self.context.channel_value_satoshis * 1000 {
5384 return Err(ChannelError::Close("Minimum htlc value is greater than channel value".to_string()));
5386 self.context.counterparty_forwarding_info = Some(CounterpartyForwardingInfo {
5387 fee_base_msat: msg.contents.fee_base_msat,
5388 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5389 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5395 /// Begins the shutdown process, getting a message for the remote peer and returning all
5396 /// holding cell HTLCs for payment failure.
5398 /// May jump to the channel being fully shutdown (see [`Self::is_shutdown`]) in which case no
5399 /// [`ChannelMonitorUpdate`] will be returned).
5400 pub fn get_shutdown<SP: Deref>(&mut self, signer_provider: &SP, their_features: &InitFeatures,
5401 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
5402 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5403 where SP::Target: SignerProvider {
5404 for htlc in self.context.pending_outbound_htlcs.iter() {
5405 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5406 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5409 if self.context.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5410 if (self.context.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5411 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5413 else if (self.context.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5414 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5417 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
5418 return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
5420 assert_eq!(self.context.channel_state & ChannelState::ShutdownComplete as u32, 0);
5421 if self.context.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5422 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5425 // If we haven't funded the channel yet, we don't need to bother ensuring the shutdown
5426 // script is set, we just force-close and call it a day.
5427 let mut chan_closed = false;
5428 if self.context.channel_state < ChannelState::FundingSent as u32 {
5432 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5434 None if !chan_closed => {
5435 // use override shutdown script if provided
5436 let shutdown_scriptpubkey = match override_shutdown_script {
5437 Some(script) => script,
5439 // otherwise, use the shutdown scriptpubkey provided by the signer
5440 match signer_provider.get_shutdown_scriptpubkey() {
5441 Ok(scriptpubkey) => scriptpubkey,
5442 Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
5446 if !shutdown_scriptpubkey.is_compatible(their_features) {
5447 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5449 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5455 // From here on out, we may not fail!
5456 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5457 if self.context.channel_state < ChannelState::FundingSent as u32 {
5458 self.context.channel_state = ChannelState::ShutdownComplete as u32;
5460 self.context.channel_state |= ChannelState::LocalShutdownSent as u32;
5462 self.context.update_time_counter += 1;
5464 let monitor_update = if update_shutdown_script {
5465 self.context.latest_monitor_update_id += 1;
5466 let monitor_update = ChannelMonitorUpdate {
5467 update_id: self.context.latest_monitor_update_id,
5468 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5469 scriptpubkey: self.get_closing_scriptpubkey(),
5472 self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5473 self.push_ret_blockable_mon_update(monitor_update)
5475 let shutdown = msgs::Shutdown {
5476 channel_id: self.context.channel_id,
5477 scriptpubkey: self.get_closing_scriptpubkey(),
5480 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5481 // our shutdown until we've committed all of the pending changes.
5482 self.context.holding_cell_update_fee = None;
5483 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5484 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5486 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5487 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5494 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
5495 "we can't both complete shutdown and return a monitor update");
5497 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5500 pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
5501 self.context.holding_cell_htlc_updates.iter()
5502 .flat_map(|htlc_update| {
5504 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
5505 => Some((source, payment_hash)),
5509 .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
5513 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
5514 pub(super) struct OutboundV1Channel<Signer: ChannelSigner> {
5515 pub context: ChannelContext<Signer>,
5516 pub unfunded_context: UnfundedChannelContext,
5519 impl<Signer: WriteableEcdsaChannelSigner> OutboundV1Channel<Signer> {
5520 pub fn new<ES: Deref, SP: Deref, F: Deref>(
5521 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
5522 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
5523 outbound_scid_alias: u64
5524 ) -> Result<OutboundV1Channel<Signer>, APIError>
5525 where ES::Target: EntropySource,
5526 SP::Target: SignerProvider<Signer = Signer>,
5527 F::Target: FeeEstimator,
5529 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
5530 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
5531 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
5532 let pubkeys = holder_signer.pubkeys().clone();
5534 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
5535 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
5537 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
5538 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
5540 let channel_value_msat = channel_value_satoshis * 1000;
5541 if push_msat > channel_value_msat {
5542 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
5544 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
5545 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
5547 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
5548 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5549 // Protocol level safety check in place, although it should never happen because
5550 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
5551 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
5554 let channel_type = Self::get_initial_channel_type(&config, their_features);
5555 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
5557 let commitment_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
5558 ConfirmationTarget::MempoolMinimum
5560 ConfirmationTarget::Normal
5562 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
5564 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
5565 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
5566 if value_to_self_msat < commitment_tx_fee {
5567 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
5570 let mut secp_ctx = Secp256k1::new();
5571 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
5573 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
5574 match signer_provider.get_shutdown_scriptpubkey() {
5575 Ok(scriptpubkey) => Some(scriptpubkey),
5576 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
5580 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
5581 if !shutdown_scriptpubkey.is_compatible(&their_features) {
5582 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5586 let destination_script = match signer_provider.get_destination_script() {
5587 Ok(script) => script,
5588 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
5591 let temporary_channel_id = entropy_source.get_secure_random_bytes();
5594 context: ChannelContext {
5597 config: LegacyChannelConfig {
5598 options: config.channel_config.clone(),
5599 announced_channel: config.channel_handshake_config.announced_channel,
5600 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
5605 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
5607 channel_id: temporary_channel_id,
5608 temporary_channel_id: Some(temporary_channel_id),
5609 channel_state: ChannelState::OurInitSent as u32,
5610 announcement_sigs_state: AnnouncementSigsState::NotSent,
5612 channel_value_satoshis,
5614 latest_monitor_update_id: 0,
5617 shutdown_scriptpubkey,
5620 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5621 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
5624 pending_inbound_htlcs: Vec::new(),
5625 pending_outbound_htlcs: Vec::new(),
5626 holding_cell_htlc_updates: Vec::new(),
5627 pending_update_fee: None,
5628 holding_cell_update_fee: None,
5629 next_holder_htlc_id: 0,
5630 next_counterparty_htlc_id: 0,
5631 update_time_counter: 1,
5633 resend_order: RAACommitmentOrder::CommitmentFirst,
5635 monitor_pending_channel_ready: false,
5636 monitor_pending_revoke_and_ack: false,
5637 monitor_pending_commitment_signed: false,
5638 monitor_pending_forwards: Vec::new(),
5639 monitor_pending_failures: Vec::new(),
5640 monitor_pending_finalized_fulfills: Vec::new(),
5642 #[cfg(debug_assertions)]
5643 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5644 #[cfg(debug_assertions)]
5645 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
5647 last_sent_closing_fee: None,
5648 pending_counterparty_closing_signed: None,
5649 closing_fee_limits: None,
5650 target_closing_feerate_sats_per_kw: None,
5652 inbound_awaiting_accept: false,
5654 funding_tx_confirmed_in: None,
5655 funding_tx_confirmation_height: 0,
5656 short_channel_id: None,
5657 channel_creation_height: current_chain_height,
5659 feerate_per_kw: commitment_feerate,
5660 counterparty_dust_limit_satoshis: 0,
5661 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
5662 counterparty_max_htlc_value_in_flight_msat: 0,
5663 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
5664 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
5665 holder_selected_channel_reserve_satoshis,
5666 counterparty_htlc_minimum_msat: 0,
5667 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
5668 counterparty_max_accepted_htlcs: 0,
5669 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
5670 minimum_depth: None, // Filled in in accept_channel
5672 counterparty_forwarding_info: None,
5674 channel_transaction_parameters: ChannelTransactionParameters {
5675 holder_pubkeys: pubkeys,
5676 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
5677 is_outbound_from_holder: true,
5678 counterparty_parameters: None,
5679 funding_outpoint: None,
5680 channel_type_features: channel_type.clone()
5682 funding_transaction: None,
5684 counterparty_cur_commitment_point: None,
5685 counterparty_prev_commitment_point: None,
5686 counterparty_node_id,
5688 counterparty_shutdown_scriptpubkey: None,
5690 commitment_secrets: CounterpartyCommitmentSecrets::new(),
5692 channel_update_status: ChannelUpdateStatus::Enabled,
5693 closing_signed_in_flight: false,
5695 announcement_sigs: None,
5697 #[cfg(any(test, fuzzing))]
5698 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
5699 #[cfg(any(test, fuzzing))]
5700 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
5702 workaround_lnd_bug_4006: None,
5703 sent_message_awaiting_response: None,
5705 latest_inbound_scid_alias: None,
5706 outbound_scid_alias,
5708 channel_pending_event_emitted: false,
5709 channel_ready_event_emitted: false,
5711 #[cfg(any(test, fuzzing))]
5712 historical_inbound_htlc_fulfills: HashSet::new(),
5717 blocked_monitor_updates: Vec::new(),
5719 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
5723 /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
5724 fn get_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ChannelError> where L::Target: Logger {
5725 let counterparty_keys = self.context.build_remote_transaction_keys();
5726 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
5727 Ok(self.context.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
5728 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0)
5731 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
5732 /// a funding_created message for the remote peer.
5733 /// Panics if called at some time other than immediately after initial handshake, if called twice,
5734 /// or if called on an inbound channel.
5735 /// Note that channel_id changes during this call!
5736 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
5737 /// If an Err is returned, it is a ChannelError::Close.
5738 pub fn get_funding_created<L: Deref>(mut self, funding_transaction: Transaction, funding_txo: OutPoint, logger: &L)
5739 -> Result<(Channel<Signer>, msgs::FundingCreated), (Self, ChannelError)> where L::Target: Logger {
5740 if !self.context.is_outbound() {
5741 panic!("Tried to create outbound funding_created message on an inbound channel!");
5743 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
5744 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
5746 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
5747 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
5748 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5749 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
5752 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
5753 self.context.holder_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
5755 let signature = match self.get_funding_created_signature(logger) {
5758 log_error!(logger, "Got bad signatures: {:?}!", e);
5759 self.context.channel_transaction_parameters.funding_outpoint = None;
5760 return Err((self, e));
5764 let temporary_channel_id = self.context.channel_id;
5766 // Now that we're past error-generating stuff, update our local state:
5768 self.context.channel_state = ChannelState::FundingCreated as u32;
5769 self.context.channel_id = funding_txo.to_channel_id();
5770 self.context.funding_transaction = Some(funding_transaction);
5772 let channel = Channel {
5773 context: self.context,
5776 Ok((channel, msgs::FundingCreated {
5777 temporary_channel_id,
5778 funding_txid: funding_txo.txid,
5779 funding_output_index: funding_txo.index,
5782 partial_signature_with_nonce: None,
5784 next_local_nonce: None,
5788 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
5789 // The default channel type (ie the first one we try) depends on whether the channel is
5790 // public - if it is, we just go with `only_static_remotekey` as it's the only option
5791 // available. If it's private, we first try `scid_privacy` as it provides better privacy
5792 // with no other changes, and fall back to `only_static_remotekey`.
5793 let mut ret = ChannelTypeFeatures::only_static_remote_key();
5794 if !config.channel_handshake_config.announced_channel &&
5795 config.channel_handshake_config.negotiate_scid_privacy &&
5796 their_features.supports_scid_privacy() {
5797 ret.set_scid_privacy_required();
5800 // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
5801 // set it now. If they don't understand it, we'll fall back to our default of
5802 // `only_static_remotekey`.
5803 if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
5804 their_features.supports_anchors_zero_fee_htlc_tx() {
5805 ret.set_anchors_zero_fee_htlc_tx_required();
5811 /// If we receive an error message, it may only be a rejection of the channel type we tried,
5812 /// not of our ability to open any channel at all. Thus, on error, we should first call this
5813 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
5814 pub(crate) fn maybe_handle_error_without_close<F: Deref>(
5815 &mut self, chain_hash: BlockHash, fee_estimator: &LowerBoundedFeeEstimator<F>
5816 ) -> Result<msgs::OpenChannel, ()>
5818 F::Target: FeeEstimator
5820 if !self.context.is_outbound() || self.context.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
5821 if self.context.channel_type == ChannelTypeFeatures::only_static_remote_key() {
5822 // We've exhausted our options
5825 // We support opening a few different types of channels. Try removing our additional
5826 // features one by one until we've either arrived at our default or the counterparty has
5829 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
5830 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
5831 // checks whether the counterparty supports every feature, this would only happen if the
5832 // counterparty is advertising the feature, but rejecting channels proposing the feature for
5834 if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
5835 self.context.channel_type.clear_anchors_zero_fee_htlc_tx();
5836 self.context.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
5837 assert!(!self.context.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
5838 } else if self.context.channel_type.supports_scid_privacy() {
5839 self.context.channel_type.clear_scid_privacy();
5841 self.context.channel_type = ChannelTypeFeatures::only_static_remote_key();
5843 self.context.channel_transaction_parameters.channel_type_features = self.context.channel_type.clone();
5844 Ok(self.get_open_channel(chain_hash))
5847 pub fn get_open_channel(&self, chain_hash: BlockHash) -> msgs::OpenChannel {
5848 if !self.context.is_outbound() {
5849 panic!("Tried to open a channel for an inbound channel?");
5851 if self.context.channel_state != ChannelState::OurInitSent as u32 {
5852 panic!("Cannot generate an open_channel after we've moved forward");
5855 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5856 panic!("Tried to send an open_channel for a channel that has already advanced");
5859 let first_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5860 let keys = self.context.get_holder_pubkeys();
5864 temporary_channel_id: self.context.channel_id,
5865 funding_satoshis: self.context.channel_value_satoshis,
5866 push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
5867 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
5868 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
5869 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
5870 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
5871 feerate_per_kw: self.context.feerate_per_kw as u32,
5872 to_self_delay: self.context.get_holder_selected_contest_delay(),
5873 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
5874 funding_pubkey: keys.funding_pubkey,
5875 revocation_basepoint: keys.revocation_basepoint,
5876 payment_point: keys.payment_point,
5877 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5878 htlc_basepoint: keys.htlc_basepoint,
5879 first_per_commitment_point,
5880 channel_flags: if self.context.config.announced_channel {1} else {0},
5881 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
5882 Some(script) => script.clone().into_inner(),
5883 None => Builder::new().into_script(),
5885 channel_type: Some(self.context.channel_type.clone()),
5890 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
5891 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
5893 // Check sanity of message fields:
5894 if !self.context.is_outbound() {
5895 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
5897 if self.context.channel_state != ChannelState::OurInitSent as u32 {
5898 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
5900 if msg.dust_limit_satoshis > 21000000 * 100000000 {
5901 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
5903 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
5904 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
5906 if msg.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
5907 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
5909 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
5910 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
5911 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
5913 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
5914 if msg.htlc_minimum_msat >= full_channel_value_msat {
5915 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
5917 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
5918 if msg.to_self_delay > max_delay_acceptable {
5919 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
5921 if msg.max_accepted_htlcs < 1 {
5922 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
5924 if msg.max_accepted_htlcs > MAX_HTLCS {
5925 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
5928 // Now check against optional parameters as set by config...
5929 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
5930 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
5932 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
5933 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
5935 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
5936 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
5938 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
5939 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
5941 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
5942 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
5944 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
5945 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
5947 if msg.minimum_depth > peer_limits.max_minimum_depth {
5948 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
5951 if let Some(ty) = &msg.channel_type {
5952 if *ty != self.context.channel_type {
5953 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
5955 } else if their_features.supports_channel_type() {
5956 // Assume they've accepted the channel type as they said they understand it.
5958 let channel_type = ChannelTypeFeatures::from_init(&their_features);
5959 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
5960 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
5962 self.context.channel_type = channel_type.clone();
5963 self.context.channel_transaction_parameters.channel_type_features = channel_type;
5966 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
5967 match &msg.shutdown_scriptpubkey {
5968 &Some(ref script) => {
5969 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
5970 if script.len() == 0 {
5973 if !script::is_bolt2_compliant(&script, their_features) {
5974 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
5976 Some(script.clone())
5979 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
5981 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
5986 self.context.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
5987 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
5988 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
5989 self.context.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
5990 self.context.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
5992 if peer_limits.trust_own_funding_0conf {
5993 self.context.minimum_depth = Some(msg.minimum_depth);
5995 self.context.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
5998 let counterparty_pubkeys = ChannelPublicKeys {
5999 funding_pubkey: msg.funding_pubkey,
6000 revocation_basepoint: msg.revocation_basepoint,
6001 payment_point: msg.payment_point,
6002 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6003 htlc_basepoint: msg.htlc_basepoint
6006 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
6007 selected_contest_delay: msg.to_self_delay,
6008 pubkeys: counterparty_pubkeys,
6011 self.context.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
6012 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
6014 self.context.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
6015 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
6021 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
6022 pub(super) struct InboundV1Channel<Signer: ChannelSigner> {
6023 pub context: ChannelContext<Signer>,
6024 pub unfunded_context: UnfundedChannelContext,
6027 impl<Signer: WriteableEcdsaChannelSigner> InboundV1Channel<Signer> {
6028 /// Creates a new channel from a remote sides' request for one.
6029 /// Assumes chain_hash has already been checked and corresponds with what we expect!
6030 pub fn new<ES: Deref, SP: Deref, F: Deref, L: Deref>(
6031 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
6032 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
6033 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
6034 current_chain_height: u32, logger: &L, outbound_scid_alias: u64
6035 ) -> Result<InboundV1Channel<Signer>, ChannelError>
6036 where ES::Target: EntropySource,
6037 SP::Target: SignerProvider<Signer = Signer>,
6038 F::Target: FeeEstimator,
6041 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
6043 // First check the channel type is known, failing before we do anything else if we don't
6044 // support this channel type.
6045 let channel_type = if let Some(channel_type) = &msg.channel_type {
6046 if channel_type.supports_any_optional_bits() {
6047 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
6050 // We only support the channel types defined by the `ChannelManager` in
6051 // `provided_channel_type_features`. The channel type must always support
6052 // `static_remote_key`.
6053 if !channel_type.requires_static_remote_key() {
6054 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
6056 // Make sure we support all of the features behind the channel type.
6057 if !channel_type.is_subset(our_supported_features) {
6058 return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
6060 if channel_type.requires_scid_privacy() && announced_channel {
6061 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
6063 channel_type.clone()
6065 let channel_type = ChannelTypeFeatures::from_init(&their_features);
6066 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
6067 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
6072 let channel_keys_id = signer_provider.generate_channel_keys_id(true, msg.funding_satoshis, user_id);
6073 let holder_signer = signer_provider.derive_channel_signer(msg.funding_satoshis, channel_keys_id);
6074 let pubkeys = holder_signer.pubkeys().clone();
6075 let counterparty_pubkeys = ChannelPublicKeys {
6076 funding_pubkey: msg.funding_pubkey,
6077 revocation_basepoint: msg.revocation_basepoint,
6078 payment_point: msg.payment_point,
6079 delayed_payment_basepoint: msg.delayed_payment_basepoint,
6080 htlc_basepoint: msg.htlc_basepoint
6083 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
6084 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
6087 // Check sanity of message fields:
6088 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
6089 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
6091 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
6092 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
6094 if msg.channel_reserve_satoshis > msg.funding_satoshis {
6095 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
6097 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
6098 if msg.push_msat > full_channel_value_msat {
6099 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
6101 if msg.dust_limit_satoshis > msg.funding_satoshis {
6102 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
6104 if msg.htlc_minimum_msat >= full_channel_value_msat {
6105 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
6107 Channel::<Signer>::check_remote_fee(&channel_type, fee_estimator, msg.feerate_per_kw, None, logger)?;
6109 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
6110 if msg.to_self_delay > max_counterparty_selected_contest_delay {
6111 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
6113 if msg.max_accepted_htlcs < 1 {
6114 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
6116 if msg.max_accepted_htlcs > MAX_HTLCS {
6117 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
6120 // Now check against optional parameters as set by config...
6121 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
6122 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
6124 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
6125 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
6127 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
6128 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
6130 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
6131 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
6133 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
6134 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
6136 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6137 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6139 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
6140 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
6143 // Convert things into internal flags and prep our state:
6145 if config.channel_handshake_limits.force_announced_channel_preference {
6146 if config.channel_handshake_config.announced_channel != announced_channel {
6147 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
6151 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
6152 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6153 // Protocol level safety check in place, although it should never happen because
6154 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
6155 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
6157 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
6158 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
6160 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
6161 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
6162 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
6164 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
6165 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
6168 // check if the funder's amount for the initial commitment tx is sufficient
6169 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
6170 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
6171 let commitment_tx_fee = commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
6172 if funders_amount_msat / 1000 < commitment_tx_fee {
6173 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", funders_amount_msat / 1000, commitment_tx_fee)));
6176 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee;
6177 // While it's reasonable for us to not meet the channel reserve initially (if they don't
6178 // want to push much to us), our counterparty should always have more than our reserve.
6179 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
6180 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
6183 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
6184 match &msg.shutdown_scriptpubkey {
6185 &Some(ref script) => {
6186 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
6187 if script.len() == 0 {
6190 if !script::is_bolt2_compliant(&script, their_features) {
6191 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
6193 Some(script.clone())
6196 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
6198 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
6203 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
6204 match signer_provider.get_shutdown_scriptpubkey() {
6205 Ok(scriptpubkey) => Some(scriptpubkey),
6206 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
6210 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
6211 if !shutdown_scriptpubkey.is_compatible(&their_features) {
6212 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
6216 let destination_script = match signer_provider.get_destination_script() {
6217 Ok(script) => script,
6218 Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
6221 let mut secp_ctx = Secp256k1::new();
6222 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
6225 context: ChannelContext {
6228 config: LegacyChannelConfig {
6229 options: config.channel_config.clone(),
6231 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
6236 inbound_handshake_limits_override: None,
6238 temporary_channel_id: Some(msg.temporary_channel_id),
6239 channel_id: msg.temporary_channel_id,
6240 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
6241 announcement_sigs_state: AnnouncementSigsState::NotSent,
6244 latest_monitor_update_id: 0,
6247 shutdown_scriptpubkey,
6250 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6251 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
6252 value_to_self_msat: msg.push_msat,
6254 pending_inbound_htlcs: Vec::new(),
6255 pending_outbound_htlcs: Vec::new(),
6256 holding_cell_htlc_updates: Vec::new(),
6257 pending_update_fee: None,
6258 holding_cell_update_fee: None,
6259 next_holder_htlc_id: 0,
6260 next_counterparty_htlc_id: 0,
6261 update_time_counter: 1,
6263 resend_order: RAACommitmentOrder::CommitmentFirst,
6265 monitor_pending_channel_ready: false,
6266 monitor_pending_revoke_and_ack: false,
6267 monitor_pending_commitment_signed: false,
6268 monitor_pending_forwards: Vec::new(),
6269 monitor_pending_failures: Vec::new(),
6270 monitor_pending_finalized_fulfills: Vec::new(),
6272 #[cfg(debug_assertions)]
6273 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6274 #[cfg(debug_assertions)]
6275 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
6277 last_sent_closing_fee: None,
6278 pending_counterparty_closing_signed: None,
6279 closing_fee_limits: None,
6280 target_closing_feerate_sats_per_kw: None,
6282 inbound_awaiting_accept: true,
6284 funding_tx_confirmed_in: None,
6285 funding_tx_confirmation_height: 0,
6286 short_channel_id: None,
6287 channel_creation_height: current_chain_height,
6289 feerate_per_kw: msg.feerate_per_kw,
6290 channel_value_satoshis: msg.funding_satoshis,
6291 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
6292 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
6293 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
6294 holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
6295 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
6296 holder_selected_channel_reserve_satoshis,
6297 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
6298 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
6299 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
6300 holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
6301 minimum_depth: Some(cmp::max(config.channel_handshake_config.minimum_depth, 1)),
6303 counterparty_forwarding_info: None,
6305 channel_transaction_parameters: ChannelTransactionParameters {
6306 holder_pubkeys: pubkeys,
6307 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
6308 is_outbound_from_holder: false,
6309 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
6310 selected_contest_delay: msg.to_self_delay,
6311 pubkeys: counterparty_pubkeys,
6313 funding_outpoint: None,
6314 channel_type_features: channel_type.clone()
6316 funding_transaction: None,
6318 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
6319 counterparty_prev_commitment_point: None,
6320 counterparty_node_id,
6322 counterparty_shutdown_scriptpubkey,
6324 commitment_secrets: CounterpartyCommitmentSecrets::new(),
6326 channel_update_status: ChannelUpdateStatus::Enabled,
6327 closing_signed_in_flight: false,
6329 announcement_sigs: None,
6331 #[cfg(any(test, fuzzing))]
6332 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6333 #[cfg(any(test, fuzzing))]
6334 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6336 workaround_lnd_bug_4006: None,
6337 sent_message_awaiting_response: None,
6339 latest_inbound_scid_alias: None,
6340 outbound_scid_alias,
6342 channel_pending_event_emitted: false,
6343 channel_ready_event_emitted: false,
6345 #[cfg(any(test, fuzzing))]
6346 historical_inbound_htlc_fulfills: HashSet::new(),
6351 blocked_monitor_updates: Vec::new(),
6353 unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
6359 pub fn is_awaiting_accept(&self) -> bool {
6360 self.context.inbound_awaiting_accept
6363 /// Sets this channel to accepting 0conf, must be done before `get_accept_channel`
6364 pub fn set_0conf(&mut self) {
6365 assert!(self.context.inbound_awaiting_accept);
6366 self.context.minimum_depth = Some(0);
6369 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
6370 /// should be sent back to the counterparty node.
6372 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6373 pub fn accept_inbound_channel(&mut self, user_id: u128) -> msgs::AcceptChannel {
6374 if self.context.is_outbound() {
6375 panic!("Tried to send accept_channel for an outbound channel?");
6377 if self.context.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
6378 panic!("Tried to send accept_channel after channel had moved forward");
6380 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6381 panic!("Tried to send an accept_channel for a channel that has already advanced");
6383 if !self.context.inbound_awaiting_accept {
6384 panic!("The inbound channel has already been accepted");
6387 self.context.user_id = user_id;
6388 self.context.inbound_awaiting_accept = false;
6390 self.generate_accept_channel_message()
6393 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
6394 /// inbound channel. If the intention is to accept an inbound channel, use
6395 /// [`InboundV1Channel::accept_inbound_channel`] instead.
6397 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6398 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
6399 let first_per_commitment_point = self.context.holder_signer.get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
6400 let keys = self.context.get_holder_pubkeys();
6402 msgs::AcceptChannel {
6403 temporary_channel_id: self.context.channel_id,
6404 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
6405 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
6406 channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
6407 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
6408 minimum_depth: self.context.minimum_depth.unwrap(),
6409 to_self_delay: self.context.get_holder_selected_contest_delay(),
6410 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
6411 funding_pubkey: keys.funding_pubkey,
6412 revocation_basepoint: keys.revocation_basepoint,
6413 payment_point: keys.payment_point,
6414 delayed_payment_basepoint: keys.delayed_payment_basepoint,
6415 htlc_basepoint: keys.htlc_basepoint,
6416 first_per_commitment_point,
6417 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
6418 Some(script) => script.clone().into_inner(),
6419 None => Builder::new().into_script(),
6421 channel_type: Some(self.context.channel_type.clone()),
6423 next_local_nonce: None,
6427 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
6428 /// inbound channel without accepting it.
6430 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
6432 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
6433 self.generate_accept_channel_message()
6436 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(Txid, CommitmentTransaction, Signature), ChannelError> where L::Target: Logger {
6437 let funding_script = self.context.get_funding_redeemscript();
6439 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
6440 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
6442 let trusted_tx = initial_commitment_tx.trust();
6443 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
6444 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
6445 // They sign the holder commitment transaction...
6446 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
6447 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
6448 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
6449 encode::serialize_hex(&funding_script), log_bytes!(self.context.channel_id()));
6450 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
6453 let counterparty_keys = self.context.build_remote_transaction_keys();
6454 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
6456 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
6457 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
6458 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
6459 log_bytes!(self.context.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
6461 let counterparty_signature = self.context.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.context.secp_ctx)
6462 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0;
6464 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
6465 Ok((counterparty_initial_bitcoin_tx.txid, initial_commitment_tx, counterparty_signature))
6468 pub fn funding_created<SP: Deref, L: Deref>(
6469 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
6470 ) -> Result<(Channel<Signer>, msgs::FundingSigned, ChannelMonitor<Signer>), (Self, ChannelError)>
6472 SP::Target: SignerProvider<Signer = Signer>,
6475 if self.context.is_outbound() {
6476 return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
6478 if self.context.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
6479 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
6480 // remember the channel, so it's safe to just send an error_message here and drop the
6482 return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
6484 if self.context.inbound_awaiting_accept {
6485 return Err((self, ChannelError::Close("FundingCreated message received before the channel was accepted".to_owned())));
6487 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
6488 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
6489 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
6490 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
6493 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
6494 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
6495 // This is an externally observable change before we finish all our checks. In particular
6496 // funding_created_signature may fail.
6497 self.context.holder_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6499 let (counterparty_initial_commitment_txid, initial_commitment_tx, signature) = match self.funding_created_signature(&msg.signature, logger) {
6501 Err(ChannelError::Close(e)) => {
6502 self.context.channel_transaction_parameters.funding_outpoint = None;
6503 return Err((self, ChannelError::Close(e)));
6506 // The only error we know how to handle is ChannelError::Close, so we fall over here
6507 // to make sure we don't continue with an inconsistent state.
6508 panic!("unexpected error type from funding_created_signature {:?}", e);
6512 let holder_commitment_tx = HolderCommitmentTransaction::new(
6513 initial_commitment_tx,
6516 &self.context.get_holder_pubkeys().funding_pubkey,
6517 self.context.counterparty_funding_pubkey()
6520 if let Err(_) = self.context.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
6521 return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
6524 // Now that we're past error-generating stuff, update our local state:
6526 let funding_redeemscript = self.context.get_funding_redeemscript();
6527 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
6528 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
6529 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
6530 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
6531 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
6532 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
6533 shutdown_script, self.context.get_holder_selected_contest_delay(),
6534 &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
6535 &self.context.channel_transaction_parameters,
6536 funding_redeemscript.clone(), self.context.channel_value_satoshis,
6538 holder_commitment_tx, best_block, self.context.counterparty_node_id);
6540 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_commitment_txid, Vec::new(), self.context.cur_counterparty_commitment_transaction_number, self.context.counterparty_cur_commitment_point.unwrap(), logger);
6542 self.context.channel_state = ChannelState::FundingSent as u32;
6543 self.context.channel_id = funding_txo.to_channel_id();
6544 self.context.cur_counterparty_commitment_transaction_number -= 1;
6545 self.context.cur_holder_commitment_transaction_number -= 1;
6547 log_info!(logger, "Generated funding_signed for peer for channel {}", log_bytes!(self.context.channel_id()));
6549 // Promote the channel to a full-fledged one now that we have updated the state and have a
6550 // `ChannelMonitor`.
6551 let mut channel = Channel {
6552 context: self.context,
6554 let channel_id = channel.context.channel_id.clone();
6555 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
6556 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
6558 Ok((channel, msgs::FundingSigned {
6562 partial_signature_with_nonce: None,
6563 }, channel_monitor))
6567 const SERIALIZATION_VERSION: u8 = 3;
6568 const MIN_SERIALIZATION_VERSION: u8 = 2;
6570 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
6576 impl Writeable for ChannelUpdateStatus {
6577 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6578 // We only care about writing out the current state as it was announced, ie only either
6579 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
6580 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
6582 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
6583 ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
6584 ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
6585 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
6591 impl Readable for ChannelUpdateStatus {
6592 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6593 Ok(match <u8 as Readable>::read(reader)? {
6594 0 => ChannelUpdateStatus::Enabled,
6595 1 => ChannelUpdateStatus::Disabled,
6596 _ => return Err(DecodeError::InvalidValue),
6601 impl Writeable for AnnouncementSigsState {
6602 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6603 // We only care about writing out the current state as if we had just disconnected, at
6604 // which point we always set anything but AnnouncementSigsReceived to NotSent.
6606 AnnouncementSigsState::NotSent => 0u8.write(writer),
6607 AnnouncementSigsState::MessageSent => 0u8.write(writer),
6608 AnnouncementSigsState::Committed => 0u8.write(writer),
6609 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
6614 impl Readable for AnnouncementSigsState {
6615 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
6616 Ok(match <u8 as Readable>::read(reader)? {
6617 0 => AnnouncementSigsState::NotSent,
6618 1 => AnnouncementSigsState::PeerReceived,
6619 _ => return Err(DecodeError::InvalidValue),
6624 impl<Signer: WriteableEcdsaChannelSigner> Writeable for Channel<Signer> {
6625 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
6626 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
6629 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6631 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6632 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
6633 // the low bytes now and the optional high bytes later.
6634 let user_id_low = self.context.user_id as u64;
6635 user_id_low.write(writer)?;
6637 // Version 1 deserializers expected to read parts of the config object here. Version 2
6638 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
6639 // `minimum_depth` we simply write dummy values here.
6640 writer.write_all(&[0; 8])?;
6642 self.context.channel_id.write(writer)?;
6643 (self.context.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
6644 self.context.channel_value_satoshis.write(writer)?;
6646 self.context.latest_monitor_update_id.write(writer)?;
6648 let mut key_data = VecWriter(Vec::new());
6649 self.context.holder_signer.write(&mut key_data)?;
6650 assert!(key_data.0.len() < core::usize::MAX);
6651 assert!(key_data.0.len() < core::u32::MAX as usize);
6652 (key_data.0.len() as u32).write(writer)?;
6653 writer.write_all(&key_data.0[..])?;
6655 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
6656 // deserialized from that format.
6657 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
6658 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
6659 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
6661 self.context.destination_script.write(writer)?;
6663 self.context.cur_holder_commitment_transaction_number.write(writer)?;
6664 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
6665 self.context.value_to_self_msat.write(writer)?;
6667 let mut dropped_inbound_htlcs = 0;
6668 for htlc in self.context.pending_inbound_htlcs.iter() {
6669 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6670 dropped_inbound_htlcs += 1;
6673 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6674 for htlc in self.context.pending_inbound_htlcs.iter() {
6675 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6678 htlc.htlc_id.write(writer)?;
6679 htlc.amount_msat.write(writer)?;
6680 htlc.cltv_expiry.write(writer)?;
6681 htlc.payment_hash.write(writer)?;
6683 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6684 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6686 htlc_state.write(writer)?;
6688 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6690 htlc_state.write(writer)?;
6692 &InboundHTLCState::Committed => {
6695 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6697 removal_reason.write(writer)?;
6702 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6703 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
6705 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
6706 for (idx, htlc) in self.context.pending_outbound_htlcs.iter().enumerate() {
6707 htlc.htlc_id.write(writer)?;
6708 htlc.amount_msat.write(writer)?;
6709 htlc.cltv_expiry.write(writer)?;
6710 htlc.payment_hash.write(writer)?;
6711 htlc.source.write(writer)?;
6713 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6715 onion_packet.write(writer)?;
6717 &OutboundHTLCState::Committed => {
6720 &OutboundHTLCState::RemoteRemoved(_) => {
6721 // Treat this as a Committed because we haven't received the CS - they'll
6722 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6725 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6727 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6728 preimages.push(preimage);
6730 let reason: Option<&HTLCFailReason> = outcome.into();
6731 reason.write(writer)?;
6733 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6735 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6736 preimages.push(preimage);
6738 let reason: Option<&HTLCFailReason> = outcome.into();
6739 reason.write(writer)?;
6742 if let Some(skimmed_fee) = htlc.skimmed_fee_msat {
6743 if pending_outbound_skimmed_fees.is_empty() {
6744 for _ in 0..idx { pending_outbound_skimmed_fees.push(None); }
6746 pending_outbound_skimmed_fees.push(Some(skimmed_fee));
6747 } else if !pending_outbound_skimmed_fees.is_empty() {
6748 pending_outbound_skimmed_fees.push(None);
6752 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
6753 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
6754 for (idx, update) in self.context.holding_cell_htlc_updates.iter().enumerate() {
6756 &HTLCUpdateAwaitingACK::AddHTLC {
6757 ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
6761 amount_msat.write(writer)?;
6762 cltv_expiry.write(writer)?;
6763 payment_hash.write(writer)?;
6764 source.write(writer)?;
6765 onion_routing_packet.write(writer)?;
6767 if let Some(skimmed_fee) = skimmed_fee_msat {
6768 if holding_cell_skimmed_fees.is_empty() {
6769 for _ in 0..idx { holding_cell_skimmed_fees.push(None); }
6771 holding_cell_skimmed_fees.push(Some(skimmed_fee));
6772 } else if !holding_cell_skimmed_fees.is_empty() { holding_cell_skimmed_fees.push(None); }
6774 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
6776 payment_preimage.write(writer)?;
6777 htlc_id.write(writer)?;
6779 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
6781 htlc_id.write(writer)?;
6782 err_packet.write(writer)?;
6787 match self.context.resend_order {
6788 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
6789 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
6792 self.context.monitor_pending_channel_ready.write(writer)?;
6793 self.context.monitor_pending_revoke_and_ack.write(writer)?;
6794 self.context.monitor_pending_commitment_signed.write(writer)?;
6796 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
6797 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
6798 pending_forward.write(writer)?;
6799 htlc_id.write(writer)?;
6802 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
6803 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
6804 htlc_source.write(writer)?;
6805 payment_hash.write(writer)?;
6806 fail_reason.write(writer)?;
6809 if self.context.is_outbound() {
6810 self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
6811 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
6812 Some(feerate).write(writer)?;
6814 // As for inbound HTLCs, if the update was only announced and never committed in a
6815 // commitment_signed, drop it.
6816 None::<u32>.write(writer)?;
6818 self.context.holding_cell_update_fee.write(writer)?;
6820 self.context.next_holder_htlc_id.write(writer)?;
6821 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
6822 self.context.update_time_counter.write(writer)?;
6823 self.context.feerate_per_kw.write(writer)?;
6825 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6826 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6827 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6828 // consider the stale state on reload.
6831 self.context.funding_tx_confirmed_in.write(writer)?;
6832 self.context.funding_tx_confirmation_height.write(writer)?;
6833 self.context.short_channel_id.write(writer)?;
6835 self.context.counterparty_dust_limit_satoshis.write(writer)?;
6836 self.context.holder_dust_limit_satoshis.write(writer)?;
6837 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
6839 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6840 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
6842 self.context.counterparty_htlc_minimum_msat.write(writer)?;
6843 self.context.holder_htlc_minimum_msat.write(writer)?;
6844 self.context.counterparty_max_accepted_htlcs.write(writer)?;
6846 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6847 self.context.minimum_depth.unwrap_or(0).write(writer)?;
6849 match &self.context.counterparty_forwarding_info {
6852 info.fee_base_msat.write(writer)?;
6853 info.fee_proportional_millionths.write(writer)?;
6854 info.cltv_expiry_delta.write(writer)?;
6856 None => 0u8.write(writer)?
6859 self.context.channel_transaction_parameters.write(writer)?;
6860 self.context.funding_transaction.write(writer)?;
6862 self.context.counterparty_cur_commitment_point.write(writer)?;
6863 self.context.counterparty_prev_commitment_point.write(writer)?;
6864 self.context.counterparty_node_id.write(writer)?;
6866 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
6868 self.context.commitment_secrets.write(writer)?;
6870 self.context.channel_update_status.write(writer)?;
6872 #[cfg(any(test, fuzzing))]
6873 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
6874 #[cfg(any(test, fuzzing))]
6875 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
6876 htlc.write(writer)?;
6879 // If the channel type is something other than only-static-remote-key, then we need to have
6880 // older clients fail to deserialize this channel at all. If the type is
6881 // only-static-remote-key, we simply consider it "default" and don't write the channel type
6883 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
6884 Some(&self.context.channel_type) } else { None };
6886 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
6887 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
6888 // a different percentage of the channel value then 10%, which older versions of LDK used
6889 // to set it to before the percentage was made configurable.
6890 let serialized_holder_selected_reserve =
6891 if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
6892 { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
6894 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
6895 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
6896 let serialized_holder_htlc_max_in_flight =
6897 if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
6898 { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
6900 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
6901 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
6903 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6904 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
6905 // we write the high bytes as an option here.
6906 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
6908 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
6910 write_tlv_fields!(writer, {
6911 (0, self.context.announcement_sigs, option),
6912 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
6913 // default value instead of being Option<>al. Thus, to maintain compatibility we write
6914 // them twice, once with their original default values above, and once as an option
6915 // here. On the read side, old versions will simply ignore the odd-type entries here,
6916 // and new versions map the default values to None and allow the TLV entries here to
6918 (1, self.context.minimum_depth, option),
6919 (2, chan_type, option),
6920 (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
6921 (4, serialized_holder_selected_reserve, option),
6922 (5, self.context.config, required),
6923 (6, serialized_holder_htlc_max_in_flight, option),
6924 (7, self.context.shutdown_scriptpubkey, option),
6925 (8, self.context.blocked_monitor_updates, optional_vec),
6926 (9, self.context.target_closing_feerate_sats_per_kw, option),
6927 (11, self.context.monitor_pending_finalized_fulfills, required_vec),
6928 (13, self.context.channel_creation_height, required),
6929 (15, preimages, required_vec),
6930 (17, self.context.announcement_sigs_state, required),
6931 (19, self.context.latest_inbound_scid_alias, option),
6932 (21, self.context.outbound_scid_alias, required),
6933 (23, channel_ready_event_emitted, option),
6934 (25, user_id_high_opt, option),
6935 (27, self.context.channel_keys_id, required),
6936 (28, holder_max_accepted_htlcs, option),
6937 (29, self.context.temporary_channel_id, option),
6938 (31, channel_pending_event_emitted, option),
6939 (35, pending_outbound_skimmed_fees, optional_vec),
6940 (37, holding_cell_skimmed_fees, optional_vec),
6947 const MAX_ALLOC_SIZE: usize = 64*1024;
6948 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<<SP::Target as SignerProvider>::Signer>
6950 ES::Target: EntropySource,
6951 SP::Target: SignerProvider
6953 fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
6954 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
6955 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
6957 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6958 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
6959 // the low bytes now and the high bytes later.
6960 let user_id_low: u64 = Readable::read(reader)?;
6962 let mut config = Some(LegacyChannelConfig::default());
6964 // Read the old serialization of the ChannelConfig from version 0.0.98.
6965 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
6966 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
6967 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
6968 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
6970 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
6971 let mut _val: u64 = Readable::read(reader)?;
6974 let channel_id = Readable::read(reader)?;
6975 let channel_state = Readable::read(reader)?;
6976 let channel_value_satoshis = Readable::read(reader)?;
6978 let latest_monitor_update_id = Readable::read(reader)?;
6980 let mut keys_data = None;
6982 // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
6983 // the `channel_keys_id` TLV is present below.
6984 let keys_len: u32 = Readable::read(reader)?;
6985 keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
6986 while keys_data.as_ref().unwrap().len() != keys_len as usize {
6987 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6988 let mut data = [0; 1024];
6989 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
6990 reader.read_exact(read_slice)?;
6991 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
6995 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
6996 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
6997 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
7000 let destination_script = Readable::read(reader)?;
7002 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
7003 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
7004 let value_to_self_msat = Readable::read(reader)?;
7006 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
7008 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7009 for _ in 0..pending_inbound_htlc_count {
7010 pending_inbound_htlcs.push(InboundHTLCOutput {
7011 htlc_id: Readable::read(reader)?,
7012 amount_msat: Readable::read(reader)?,
7013 cltv_expiry: Readable::read(reader)?,
7014 payment_hash: Readable::read(reader)?,
7015 state: match <u8 as Readable>::read(reader)? {
7016 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
7017 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
7018 3 => InboundHTLCState::Committed,
7019 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
7020 _ => return Err(DecodeError::InvalidValue),
7025 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
7026 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
7027 for _ in 0..pending_outbound_htlc_count {
7028 pending_outbound_htlcs.push(OutboundHTLCOutput {
7029 htlc_id: Readable::read(reader)?,
7030 amount_msat: Readable::read(reader)?,
7031 cltv_expiry: Readable::read(reader)?,
7032 payment_hash: Readable::read(reader)?,
7033 source: Readable::read(reader)?,
7034 state: match <u8 as Readable>::read(reader)? {
7035 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
7036 1 => OutboundHTLCState::Committed,
7038 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7039 OutboundHTLCState::RemoteRemoved(option.into())
7042 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7043 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
7046 let option: Option<HTLCFailReason> = Readable::read(reader)?;
7047 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
7049 _ => return Err(DecodeError::InvalidValue),
7051 skimmed_fee_msat: None,
7055 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
7056 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
7057 for _ in 0..holding_cell_htlc_update_count {
7058 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
7059 0 => HTLCUpdateAwaitingACK::AddHTLC {
7060 amount_msat: Readable::read(reader)?,
7061 cltv_expiry: Readable::read(reader)?,
7062 payment_hash: Readable::read(reader)?,
7063 source: Readable::read(reader)?,
7064 onion_routing_packet: Readable::read(reader)?,
7065 skimmed_fee_msat: None,
7067 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
7068 payment_preimage: Readable::read(reader)?,
7069 htlc_id: Readable::read(reader)?,
7071 2 => HTLCUpdateAwaitingACK::FailHTLC {
7072 htlc_id: Readable::read(reader)?,
7073 err_packet: Readable::read(reader)?,
7075 _ => return Err(DecodeError::InvalidValue),
7079 let resend_order = match <u8 as Readable>::read(reader)? {
7080 0 => RAACommitmentOrder::CommitmentFirst,
7081 1 => RAACommitmentOrder::RevokeAndACKFirst,
7082 _ => return Err(DecodeError::InvalidValue),
7085 let monitor_pending_channel_ready = Readable::read(reader)?;
7086 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
7087 let monitor_pending_commitment_signed = Readable::read(reader)?;
7089 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
7090 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
7091 for _ in 0..monitor_pending_forwards_count {
7092 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
7095 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
7096 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
7097 for _ in 0..monitor_pending_failures_count {
7098 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
7101 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
7103 let holding_cell_update_fee = Readable::read(reader)?;
7105 let next_holder_htlc_id = Readable::read(reader)?;
7106 let next_counterparty_htlc_id = Readable::read(reader)?;
7107 let update_time_counter = Readable::read(reader)?;
7108 let feerate_per_kw = Readable::read(reader)?;
7110 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
7111 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
7112 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
7113 // consider the stale state on reload.
7114 match <u8 as Readable>::read(reader)? {
7117 let _: u32 = Readable::read(reader)?;
7118 let _: u64 = Readable::read(reader)?;
7119 let _: Signature = Readable::read(reader)?;
7121 _ => return Err(DecodeError::InvalidValue),
7124 let funding_tx_confirmed_in = Readable::read(reader)?;
7125 let funding_tx_confirmation_height = Readable::read(reader)?;
7126 let short_channel_id = Readable::read(reader)?;
7128 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
7129 let holder_dust_limit_satoshis = Readable::read(reader)?;
7130 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
7131 let mut counterparty_selected_channel_reserve_satoshis = None;
7133 // Read the old serialization from version 0.0.98.
7134 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
7136 // Read the 8 bytes of backwards-compatibility data.
7137 let _dummy: u64 = Readable::read(reader)?;
7139 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
7140 let holder_htlc_minimum_msat = Readable::read(reader)?;
7141 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
7143 let mut minimum_depth = None;
7145 // Read the old serialization from version 0.0.98.
7146 minimum_depth = Some(Readable::read(reader)?);
7148 // Read the 4 bytes of backwards-compatibility data.
7149 let _dummy: u32 = Readable::read(reader)?;
7152 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
7154 1 => Some(CounterpartyForwardingInfo {
7155 fee_base_msat: Readable::read(reader)?,
7156 fee_proportional_millionths: Readable::read(reader)?,
7157 cltv_expiry_delta: Readable::read(reader)?,
7159 _ => return Err(DecodeError::InvalidValue),
7162 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
7163 let funding_transaction = Readable::read(reader)?;
7165 let counterparty_cur_commitment_point = Readable::read(reader)?;
7167 let counterparty_prev_commitment_point = Readable::read(reader)?;
7168 let counterparty_node_id = Readable::read(reader)?;
7170 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
7171 let commitment_secrets = Readable::read(reader)?;
7173 let channel_update_status = Readable::read(reader)?;
7175 #[cfg(any(test, fuzzing))]
7176 let mut historical_inbound_htlc_fulfills = HashSet::new();
7177 #[cfg(any(test, fuzzing))]
7179 let htlc_fulfills_len: u64 = Readable::read(reader)?;
7180 for _ in 0..htlc_fulfills_len {
7181 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
7185 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
7186 Some((feerate, if channel_parameters.is_outbound_from_holder {
7187 FeeUpdateState::Outbound
7189 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
7195 let mut announcement_sigs = None;
7196 let mut target_closing_feerate_sats_per_kw = None;
7197 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
7198 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
7199 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
7200 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
7201 // only, so we default to that if none was written.
7202 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
7203 let mut channel_creation_height = Some(serialized_height);
7204 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
7206 // If we read an old Channel, for simplicity we just treat it as "we never sent an
7207 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
7208 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
7209 let mut latest_inbound_scid_alias = None;
7210 let mut outbound_scid_alias = None;
7211 let mut channel_pending_event_emitted = None;
7212 let mut channel_ready_event_emitted = None;
7214 let mut user_id_high_opt: Option<u64> = None;
7215 let mut channel_keys_id: Option<[u8; 32]> = None;
7216 let mut temporary_channel_id: Option<[u8; 32]> = None;
7217 let mut holder_max_accepted_htlcs: Option<u16> = None;
7219 let mut blocked_monitor_updates = Some(Vec::new());
7221 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7222 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
7224 read_tlv_fields!(reader, {
7225 (0, announcement_sigs, option),
7226 (1, minimum_depth, option),
7227 (2, channel_type, option),
7228 (3, counterparty_selected_channel_reserve_satoshis, option),
7229 (4, holder_selected_channel_reserve_satoshis, option),
7230 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
7231 (6, holder_max_htlc_value_in_flight_msat, option),
7232 (7, shutdown_scriptpubkey, option),
7233 (8, blocked_monitor_updates, optional_vec),
7234 (9, target_closing_feerate_sats_per_kw, option),
7235 (11, monitor_pending_finalized_fulfills, optional_vec),
7236 (13, channel_creation_height, option),
7237 (15, preimages_opt, optional_vec),
7238 (17, announcement_sigs_state, option),
7239 (19, latest_inbound_scid_alias, option),
7240 (21, outbound_scid_alias, option),
7241 (23, channel_ready_event_emitted, option),
7242 (25, user_id_high_opt, option),
7243 (27, channel_keys_id, option),
7244 (28, holder_max_accepted_htlcs, option),
7245 (29, temporary_channel_id, option),
7246 (31, channel_pending_event_emitted, option),
7247 (35, pending_outbound_skimmed_fees_opt, optional_vec),
7248 (37, holding_cell_skimmed_fees_opt, optional_vec),
7251 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
7252 let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7253 // If we've gotten to the funding stage of the channel, populate the signer with its
7254 // required channel parameters.
7255 let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
7256 if non_shutdown_state >= (ChannelState::FundingCreated as u32) {
7257 holder_signer.provide_channel_parameters(&channel_parameters);
7259 (channel_keys_id, holder_signer)
7261 // `keys_data` can be `None` if we had corrupted data.
7262 let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
7263 let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
7264 (holder_signer.channel_keys_id(), holder_signer)
7267 if let Some(preimages) = preimages_opt {
7268 let mut iter = preimages.into_iter();
7269 for htlc in pending_outbound_htlcs.iter_mut() {
7271 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
7272 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7274 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
7275 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
7280 // We expect all preimages to be consumed above
7281 if iter.next().is_some() {
7282 return Err(DecodeError::InvalidValue);
7286 let chan_features = channel_type.as_ref().unwrap();
7287 if !chan_features.is_subset(our_supported_features) {
7288 // If the channel was written by a new version and negotiated with features we don't
7289 // understand yet, refuse to read it.
7290 return Err(DecodeError::UnknownRequiredFeature);
7293 // ChannelTransactionParameters may have had an empty features set upon deserialization.
7294 // To account for that, we're proactively setting/overriding the field here.
7295 channel_parameters.channel_type_features = chan_features.clone();
7297 let mut secp_ctx = Secp256k1::new();
7298 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
7300 // `user_id` used to be a single u64 value. In order to remain backwards
7301 // compatible with versions prior to 0.0.113, the u128 is serialized as two
7302 // separate u64 values.
7303 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
7305 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
7307 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
7308 let mut iter = skimmed_fees.into_iter();
7309 for htlc in pending_outbound_htlcs.iter_mut() {
7310 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7312 // We expect all skimmed fees to be consumed above
7313 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7315 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
7316 let mut iter = skimmed_fees.into_iter();
7317 for htlc in holding_cell_htlc_updates.iter_mut() {
7318 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
7319 *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
7322 // We expect all skimmed fees to be consumed above
7323 if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
7327 context: ChannelContext {
7330 config: config.unwrap(),
7334 // Note that we don't care about serializing handshake limits as we only ever serialize
7335 // channel data after the handshake has completed.
7336 inbound_handshake_limits_override: None,
7339 temporary_channel_id,
7341 announcement_sigs_state: announcement_sigs_state.unwrap(),
7343 channel_value_satoshis,
7345 latest_monitor_update_id,
7348 shutdown_scriptpubkey,
7351 cur_holder_commitment_transaction_number,
7352 cur_counterparty_commitment_transaction_number,
7355 holder_max_accepted_htlcs,
7356 pending_inbound_htlcs,
7357 pending_outbound_htlcs,
7358 holding_cell_htlc_updates,
7362 monitor_pending_channel_ready,
7363 monitor_pending_revoke_and_ack,
7364 monitor_pending_commitment_signed,
7365 monitor_pending_forwards,
7366 monitor_pending_failures,
7367 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
7370 holding_cell_update_fee,
7371 next_holder_htlc_id,
7372 next_counterparty_htlc_id,
7373 update_time_counter,
7376 #[cfg(debug_assertions)]
7377 holder_max_commitment_tx_output: Mutex::new((0, 0)),
7378 #[cfg(debug_assertions)]
7379 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
7381 last_sent_closing_fee: None,
7382 pending_counterparty_closing_signed: None,
7383 closing_fee_limits: None,
7384 target_closing_feerate_sats_per_kw,
7386 inbound_awaiting_accept: false,
7388 funding_tx_confirmed_in,
7389 funding_tx_confirmation_height,
7391 channel_creation_height: channel_creation_height.unwrap(),
7393 counterparty_dust_limit_satoshis,
7394 holder_dust_limit_satoshis,
7395 counterparty_max_htlc_value_in_flight_msat,
7396 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
7397 counterparty_selected_channel_reserve_satoshis,
7398 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
7399 counterparty_htlc_minimum_msat,
7400 holder_htlc_minimum_msat,
7401 counterparty_max_accepted_htlcs,
7404 counterparty_forwarding_info,
7406 channel_transaction_parameters: channel_parameters,
7407 funding_transaction,
7409 counterparty_cur_commitment_point,
7410 counterparty_prev_commitment_point,
7411 counterparty_node_id,
7413 counterparty_shutdown_scriptpubkey,
7417 channel_update_status,
7418 closing_signed_in_flight: false,
7422 #[cfg(any(test, fuzzing))]
7423 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
7424 #[cfg(any(test, fuzzing))]
7425 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
7427 workaround_lnd_bug_4006: None,
7428 sent_message_awaiting_response: None,
7430 latest_inbound_scid_alias,
7431 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
7432 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
7434 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
7435 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
7437 #[cfg(any(test, fuzzing))]
7438 historical_inbound_htlc_fulfills,
7440 channel_type: channel_type.unwrap(),
7443 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
7452 use bitcoin::blockdata::script::{Script, Builder};
7453 use bitcoin::blockdata::transaction::{Transaction, TxOut};
7454 use bitcoin::blockdata::constants::genesis_block;
7455 use bitcoin::blockdata::opcodes;
7456 use bitcoin::network::constants::Network;
7458 use crate::ln::PaymentHash;
7459 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
7460 use crate::ln::channel::InitFeatures;
7461 use crate::ln::channel::{Channel, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, commit_tx_fee_msat};
7462 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
7463 use crate::ln::features::ChannelTypeFeatures;
7464 use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
7465 use crate::ln::script::ShutdownScript;
7466 use crate::ln::chan_utils;
7467 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
7468 use crate::chain::BestBlock;
7469 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
7470 use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
7471 use crate::chain::transaction::OutPoint;
7472 use crate::routing::router::Path;
7473 use crate::util::config::UserConfig;
7474 use crate::util::enforcing_trait_impls::EnforcingSigner;
7475 use crate::util::errors::APIError;
7476 use crate::util::test_utils;
7477 use crate::util::test_utils::OnGetShutdownScriptpubkey;
7478 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
7479 use bitcoin::secp256k1::ffi::Signature as FFISignature;
7480 use bitcoin::secp256k1::{SecretKey,PublicKey};
7481 use bitcoin::hashes::sha256::Hash as Sha256;
7482 use bitcoin::hashes::Hash;
7483 use bitcoin::hash_types::WPubkeyHash;
7484 use bitcoin::PackedLockTime;
7485 use bitcoin::util::address::WitnessVersion;
7486 use crate::prelude::*;
7488 struct TestFeeEstimator {
7491 impl FeeEstimator for TestFeeEstimator {
7492 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
7498 fn test_max_funding_satoshis_no_wumbo() {
7499 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
7500 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
7501 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
7505 fn test_no_fee_check_overflow() {
7506 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
7507 // arithmetic, causing a panic with debug assertions enabled.
7508 let fee_est = TestFeeEstimator { fee_est: 42 };
7509 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7510 assert!(Channel::<InMemorySigner>::check_remote_fee(
7511 &ChannelTypeFeatures::only_static_remote_key(), &bounded_fee_estimator,
7512 u32::max_value(), None, &&test_utils::TestLogger::new()).is_err());
7516 signer: InMemorySigner,
7519 impl EntropySource for Keys {
7520 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
7523 impl SignerProvider for Keys {
7524 type Signer = InMemorySigner;
7526 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
7527 self.signer.channel_keys_id()
7530 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::Signer {
7534 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
7536 fn get_destination_script(&self) -> Result<Script, ()> {
7537 let secp_ctx = Secp256k1::signing_only();
7538 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7539 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
7540 Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script())
7543 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
7544 let secp_ctx = Secp256k1::signing_only();
7545 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
7546 Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
7550 #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
7551 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
7552 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
7556 fn upfront_shutdown_script_incompatibility() {
7557 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
7558 let non_v0_segwit_shutdown_script =
7559 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
7561 let seed = [42; 32];
7562 let network = Network::Testnet;
7563 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7564 keys_provider.expect(OnGetShutdownScriptpubkey {
7565 returns: non_v0_segwit_shutdown_script.clone(),
7568 let secp_ctx = Secp256k1::new();
7569 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7570 let config = UserConfig::default();
7571 match OutboundV1Channel::<EnforcingSigner>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
7572 Err(APIError::IncompatibleShutdownScript { script }) => {
7573 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
7575 Err(e) => panic!("Unexpected error: {:?}", e),
7576 Ok(_) => panic!("Expected error"),
7580 // Check that, during channel creation, we use the same feerate in the open channel message
7581 // as we do in the Channel object creation itself.
7583 fn test_open_channel_msg_fee() {
7584 let original_fee = 253;
7585 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
7586 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
7587 let secp_ctx = Secp256k1::new();
7588 let seed = [42; 32];
7589 let network = Network::Testnet;
7590 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7592 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7593 let config = UserConfig::default();
7594 let node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7596 // Now change the fee so we can check that the fee in the open_channel message is the
7597 // same as the old fee.
7598 fee_est.fee_est = 500;
7599 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7600 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
7604 fn test_holder_vs_counterparty_dust_limit() {
7605 // Test that when calculating the local and remote commitment transaction fees, the correct
7606 // dust limits are used.
7607 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7608 let secp_ctx = Secp256k1::new();
7609 let seed = [42; 32];
7610 let network = Network::Testnet;
7611 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7612 let logger = test_utils::TestLogger::new();
7613 let best_block = BestBlock::from_network(network);
7615 // Go through the flow of opening a channel between two nodes, making sure
7616 // they have different dust limits.
7618 // Create Node A's channel pointing to Node B's pubkey
7619 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7620 let config = UserConfig::default();
7621 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7623 // Create Node B's channel by receiving Node A's open_channel message
7624 // Make sure A's dust limit is as we expect.
7625 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7626 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7627 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7629 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7630 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7631 accept_channel_msg.dust_limit_satoshis = 546;
7632 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7633 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7635 // Node A --> Node B: funding created
7636 let output_script = node_a_chan.context.get_funding_redeemscript();
7637 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7638 value: 10000000, script_pubkey: output_script.clone(),
7640 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7641 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7642 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7644 // Node B --> Node A: funding signed
7645 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7647 // Put some inbound and outbound HTLCs in A's channel.
7648 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
7649 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
7651 amount_msat: htlc_amount_msat,
7652 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
7653 cltv_expiry: 300000000,
7654 state: InboundHTLCState::Committed,
7657 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
7659 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
7660 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
7661 cltv_expiry: 200000000,
7662 state: OutboundHTLCState::Committed,
7663 source: HTLCSource::OutboundRoute {
7664 path: Path { hops: Vec::new(), blinded_tail: None },
7665 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7666 first_hop_htlc_msat: 548,
7667 payment_id: PaymentId([42; 32]),
7669 skimmed_fee_msat: None,
7672 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
7673 // the dust limit check.
7674 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7675 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7676 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
7677 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
7679 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
7680 // of the HTLCs are seen to be above the dust limit.
7681 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7682 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
7683 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
7684 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7685 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
7689 fn test_timeout_vs_success_htlc_dust_limit() {
7690 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
7691 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
7692 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
7693 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
7694 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
7695 let secp_ctx = Secp256k1::new();
7696 let seed = [42; 32];
7697 let network = Network::Testnet;
7698 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7700 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7701 let config = UserConfig::default();
7702 let mut chan = OutboundV1Channel::<EnforcingSigner>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7704 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
7705 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
7707 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
7708 // counted as dust when it shouldn't be.
7709 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
7710 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7711 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7712 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7714 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7715 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
7716 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7717 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
7718 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7720 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
7722 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
7723 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
7724 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
7725 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7726 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
7728 // If swapped: this HTLC would be counted as dust when it shouldn't be.
7729 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
7730 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
7731 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
7732 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
7736 fn channel_reestablish_no_updates() {
7737 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7738 let logger = test_utils::TestLogger::new();
7739 let secp_ctx = Secp256k1::new();
7740 let seed = [42; 32];
7741 let network = Network::Testnet;
7742 let best_block = BestBlock::from_network(network);
7743 let chain_hash = best_block.block_hash();
7744 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7746 // Go through the flow of opening a channel between two nodes.
7748 // Create Node A's channel pointing to Node B's pubkey
7749 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7750 let config = UserConfig::default();
7751 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7753 // Create Node B's channel by receiving Node A's open_channel message
7754 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
7755 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7756 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7758 // Node B --> Node A: accept channel
7759 let accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7760 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7762 // Node A --> Node B: funding created
7763 let output_script = node_a_chan.context.get_funding_redeemscript();
7764 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7765 value: 10000000, script_pubkey: output_script.clone(),
7767 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7768 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7769 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7771 // Node B --> Node A: funding signed
7772 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7774 // Now disconnect the two nodes and check that the commitment point in
7775 // Node B's channel_reestablish message is sane.
7776 node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7777 let msg = node_b_chan.get_channel_reestablish(&&logger);
7778 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7779 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7780 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7782 // Check that the commitment point in Node A's channel_reestablish message
7784 node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7785 let msg = node_a_chan.get_channel_reestablish(&&logger);
7786 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7787 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7788 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
7792 fn test_configured_holder_max_htlc_value_in_flight() {
7793 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7794 let logger = test_utils::TestLogger::new();
7795 let secp_ctx = Secp256k1::new();
7796 let seed = [42; 32];
7797 let network = Network::Testnet;
7798 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7799 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7800 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7802 let mut config_2_percent = UserConfig::default();
7803 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
7804 let mut config_99_percent = UserConfig::default();
7805 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
7806 let mut config_0_percent = UserConfig::default();
7807 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
7808 let mut config_101_percent = UserConfig::default();
7809 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
7811 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
7812 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7813 // which is set to the lower bound + 1 (2%) of the `channel_value`.
7814 let chan_1 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
7815 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
7816 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
7818 // Test with the upper bound - 1 of valid values (99%).
7819 let chan_2 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
7820 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
7821 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
7823 let chan_1_open_channel_msg = chan_1.get_open_channel(genesis_block(network).header.block_hash());
7825 // Test that `InboundV1Channel::new` creates a channel with the correct value for
7826 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7827 // which is set to the lower bound - 1 (2%) of the `channel_value`.
7828 let chan_3 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, 42).unwrap();
7829 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
7830 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
7832 // Test with the upper bound - 1 of valid values (99%).
7833 let chan_4 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, 42).unwrap();
7834 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
7835 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
7837 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7838 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7839 let chan_5 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
7840 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
7841 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
7843 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
7844 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7846 let chan_6 = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
7847 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
7848 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
7850 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
7851 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7852 let chan_7 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, 42).unwrap();
7853 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
7854 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
7856 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
7857 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7859 let chan_8 = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, 42).unwrap();
7860 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
7861 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
7865 fn test_configured_holder_selected_channel_reserve_satoshis() {
7867 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
7868 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
7869 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
7871 // Test with valid but unreasonably high channel reserves
7872 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
7873 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
7874 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
7876 // Test with calculated channel reserve less than lower bound
7877 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
7878 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
7880 // Test with invalid channel reserves since sum of both is greater than or equal
7882 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
7883 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
7886 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
7887 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
7888 let logger = test_utils::TestLogger::new();
7889 let secp_ctx = Secp256k1::new();
7890 let seed = [42; 32];
7891 let network = Network::Testnet;
7892 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7893 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7894 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7897 let mut outbound_node_config = UserConfig::default();
7898 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7899 let chan = OutboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
7901 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
7902 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
7904 let chan_open_channel_msg = chan.get_open_channel(genesis_block(network).header.block_hash());
7905 let mut inbound_node_config = UserConfig::default();
7906 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7908 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
7909 let chan_inbound_node = InboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42).unwrap();
7911 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
7913 assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
7914 assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
7916 // Channel Negotiations failed
7917 let result = InboundV1Channel::<EnforcingSigner>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42);
7918 assert!(result.is_err());
7923 fn channel_update() {
7924 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7925 let logger = test_utils::TestLogger::new();
7926 let secp_ctx = Secp256k1::new();
7927 let seed = [42; 32];
7928 let network = Network::Testnet;
7929 let best_block = BestBlock::from_network(network);
7930 let chain_hash = genesis_block(network).header.block_hash();
7931 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7933 // Create Node A's channel pointing to Node B's pubkey
7934 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7935 let config = UserConfig::default();
7936 let mut node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
7938 // Create Node B's channel by receiving Node A's open_channel message
7939 // Make sure A's dust limit is as we expect.
7940 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7941 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7942 let mut node_b_chan = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
7944 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
7945 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
7946 accept_channel_msg.dust_limit_satoshis = 546;
7947 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
7948 node_a_chan.context.holder_dust_limit_satoshis = 1560;
7950 // Node A --> Node B: funding created
7951 let output_script = node_a_chan.context.get_funding_redeemscript();
7952 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
7953 value: 10000000, script_pubkey: output_script.clone(),
7955 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
7956 let (mut node_a_chan, funding_created_msg) = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, &&logger).map_err(|_| ()).unwrap();
7957 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
7959 // Node B --> Node A: funding signed
7960 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&keys_provider, &&logger).unwrap();
7962 // Make sure that receiving a channel update will update the Channel as expected.
7963 let update = ChannelUpdate {
7964 contents: UnsignedChannelUpdate {
7966 short_channel_id: 0,
7969 cltv_expiry_delta: 100,
7970 htlc_minimum_msat: 5,
7971 htlc_maximum_msat: MAX_VALUE_MSAT,
7973 fee_proportional_millionths: 11,
7974 excess_data: Vec::new(),
7976 signature: Signature::from(unsafe { FFISignature::new() })
7978 node_a_chan.channel_update(&update).unwrap();
7980 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
7981 // change our official htlc_minimum_msat.
7982 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
7983 match node_a_chan.context.counterparty_forwarding_info() {
7985 assert_eq!(info.cltv_expiry_delta, 100);
7986 assert_eq!(info.fee_base_msat, 110);
7987 assert_eq!(info.fee_proportional_millionths, 11);
7989 None => panic!("expected counterparty forwarding info to be Some")
7993 #[cfg(feature = "_test_vectors")]
7995 fn outbound_commitment_test() {
7996 use bitcoin::util::sighash;
7997 use bitcoin::consensus::encode::serialize;
7998 use bitcoin::blockdata::transaction::EcdsaSighashType;
7999 use bitcoin::hashes::hex::FromHex;
8000 use bitcoin::hash_types::Txid;
8001 use bitcoin::secp256k1::Message;
8002 use crate::sign::EcdsaChannelSigner;
8003 use crate::ln::PaymentPreimage;
8004 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
8005 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
8006 use crate::util::logger::Logger;
8007 use crate::sync::Arc;
8009 // Test vectors from BOLT 3 Appendices C and F (anchors):
8010 let feeest = TestFeeEstimator{fee_est: 15000};
8011 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
8012 let secp_ctx = Secp256k1::new();
8014 let mut signer = InMemorySigner::new(
8016 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
8017 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
8018 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8019 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
8020 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
8022 // These aren't set in the test vectors:
8023 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
8029 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
8030 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
8031 let keys_provider = Keys { signer: signer.clone() };
8033 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8034 let mut config = UserConfig::default();
8035 config.channel_handshake_config.announced_channel = false;
8036 let mut chan = OutboundV1Channel::<InMemorySigner>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
8037 chan.context.holder_dust_limit_satoshis = 546;
8038 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
8040 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
8042 let counterparty_pubkeys = ChannelPublicKeys {
8043 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8044 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
8045 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
8046 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
8047 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
8049 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
8050 CounterpartyChannelTransactionParameters {
8051 pubkeys: counterparty_pubkeys.clone(),
8052 selected_contest_delay: 144
8054 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
8055 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
8057 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
8058 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8060 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
8061 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
8063 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
8064 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
8066 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
8067 // derived from a commitment_seed, so instead we copy it here and call
8068 // build_commitment_transaction.
8069 let delayed_payment_base = &chan.context.holder_signer.pubkeys().delayed_payment_basepoint;
8070 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8071 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8072 let htlc_basepoint = &chan.context.holder_signer.pubkeys().htlc_basepoint;
8073 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
8075 macro_rules! test_commitment {
8076 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8077 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8078 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
8082 macro_rules! test_commitment_with_anchors {
8083 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
8084 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8085 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
8089 macro_rules! test_commitment_common {
8090 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
8091 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
8093 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
8094 let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
8096 let htlcs = commitment_stats.htlcs_included.drain(..)
8097 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
8099 (commitment_stats.tx, htlcs)
8101 let trusted_tx = commitment_tx.trust();
8102 let unsigned_tx = trusted_tx.built_transaction();
8103 let redeemscript = chan.context.get_funding_redeemscript();
8104 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
8105 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
8106 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
8107 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
8109 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
8110 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
8111 let mut counterparty_htlc_sigs = Vec::new();
8112 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
8114 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8115 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
8116 counterparty_htlc_sigs.push(remote_signature);
8118 assert_eq!(htlcs.len(), per_htlc.len());
8120 let holder_commitment_tx = HolderCommitmentTransaction::new(
8121 commitment_tx.clone(),
8122 counterparty_signature,
8123 counterparty_htlc_sigs,
8124 &chan.context.holder_signer.pubkeys().funding_pubkey,
8125 chan.context.counterparty_funding_pubkey()
8127 let (holder_sig, htlc_sigs) = signer.sign_holder_commitment_and_htlcs(&holder_commitment_tx, &secp_ctx).unwrap();
8128 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
8130 let funding_redeemscript = chan.context.get_funding_redeemscript();
8131 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
8132 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
8134 // ((htlc, counterparty_sig), (index, holder_sig))
8135 let mut htlc_sig_iter = holder_commitment_tx.htlcs().iter().zip(&holder_commitment_tx.counterparty_htlc_sigs).zip(htlc_sigs.iter().enumerate());
8138 log_trace!(logger, "verifying htlc {}", $htlc_idx);
8139 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
8141 let ref htlc = htlcs[$htlc_idx];
8142 let htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
8143 chan.context.get_counterparty_selected_contest_delay().unwrap(),
8144 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
8145 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
8146 let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
8147 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
8148 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
8150 let mut preimage: Option<PaymentPreimage> = None;
8153 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
8154 if out == htlc.payment_hash {
8155 preimage = Some(PaymentPreimage([i; 32]));
8159 assert!(preimage.is_some());
8162 let htlc_sig = htlc_sig_iter.next().unwrap();
8163 let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
8164 assert_eq!((htlc_sig.0).0.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
8166 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
8167 assert_eq!(signature, *(htlc_sig.1).1, "htlc sig");
8168 let index = (htlc_sig.1).0;
8169 let channel_parameters = chan.context.channel_transaction_parameters.as_holder_broadcastable();
8170 let trusted_tx = holder_commitment_tx.trust();
8171 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))));
8172 assert_eq!(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))[..],
8173 hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
8175 assert!(htlc_sig_iter.next().is_none());
8179 // anchors: simple commitment tx with no HTLCs and single anchor
8180 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
8181 "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
8182 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8184 // simple commitment tx with no HTLCs
8185 chan.context.value_to_self_msat = 7000000000;
8187 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
8188 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
8189 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8191 // anchors: simple commitment tx with no HTLCs
8192 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
8193 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
8194 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8196 chan.context.pending_inbound_htlcs.push({
8197 let mut out = InboundHTLCOutput{
8199 amount_msat: 1000000,
8201 payment_hash: PaymentHash([0; 32]),
8202 state: InboundHTLCState::Committed,
8204 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
8207 chan.context.pending_inbound_htlcs.push({
8208 let mut out = InboundHTLCOutput{
8210 amount_msat: 2000000,
8212 payment_hash: PaymentHash([0; 32]),
8213 state: InboundHTLCState::Committed,
8215 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8218 chan.context.pending_outbound_htlcs.push({
8219 let mut out = OutboundHTLCOutput{
8221 amount_msat: 2000000,
8223 payment_hash: PaymentHash([0; 32]),
8224 state: OutboundHTLCState::Committed,
8225 source: HTLCSource::dummy(),
8226 skimmed_fee_msat: None,
8228 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
8231 chan.context.pending_outbound_htlcs.push({
8232 let mut out = OutboundHTLCOutput{
8234 amount_msat: 3000000,
8236 payment_hash: PaymentHash([0; 32]),
8237 state: OutboundHTLCState::Committed,
8238 source: HTLCSource::dummy(),
8239 skimmed_fee_msat: None,
8241 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
8244 chan.context.pending_inbound_htlcs.push({
8245 let mut out = InboundHTLCOutput{
8247 amount_msat: 4000000,
8249 payment_hash: PaymentHash([0; 32]),
8250 state: InboundHTLCState::Committed,
8252 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
8256 // commitment tx with all five HTLCs untrimmed (minimum feerate)
8257 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8258 chan.context.feerate_per_kw = 0;
8260 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
8261 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
8262 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8265 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
8266 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
8267 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8270 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
8271 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
8272 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8275 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
8276 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
8277 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8280 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
8281 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
8282 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8285 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
8286 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
8287 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8290 // commitment tx with seven outputs untrimmed (maximum feerate)
8291 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8292 chan.context.feerate_per_kw = 647;
8294 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
8295 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
8296 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8299 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
8300 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
8301 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
8304 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
8305 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
8306 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8309 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
8310 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
8311 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8314 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
8315 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
8316 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8319 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
8320 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
8321 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8324 // commitment tx with six outputs untrimmed (minimum feerate)
8325 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8326 chan.context.feerate_per_kw = 648;
8328 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
8329 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
8330 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8333 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
8334 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
8335 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8338 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
8339 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
8340 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8343 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
8344 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
8345 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8348 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
8349 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
8350 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8353 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
8354 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8355 chan.context.feerate_per_kw = 645;
8356 chan.context.holder_dust_limit_satoshis = 1001;
8358 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
8359 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
8360 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8363 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
8364 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
8365 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
8368 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
8369 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
8370 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8373 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
8374 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
8375 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8378 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
8379 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
8380 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8383 // commitment tx with six outputs untrimmed (maximum feerate)
8384 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8385 chan.context.feerate_per_kw = 2069;
8386 chan.context.holder_dust_limit_satoshis = 546;
8388 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
8389 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
8390 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8393 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
8394 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
8395 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8398 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
8399 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
8400 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8403 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
8404 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
8405 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8408 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
8409 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
8410 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8413 // commitment tx with five outputs untrimmed (minimum feerate)
8414 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8415 chan.context.feerate_per_kw = 2070;
8417 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
8418 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
8419 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8422 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
8423 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
8424 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8427 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
8428 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
8429 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8432 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
8433 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
8434 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8437 // commitment tx with five outputs untrimmed (maximum feerate)
8438 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8439 chan.context.feerate_per_kw = 2194;
8441 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
8442 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
8443 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8446 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
8447 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
8448 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
8451 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
8452 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
8453 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8456 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
8457 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
8458 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8461 // commitment tx with four outputs untrimmed (minimum feerate)
8462 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8463 chan.context.feerate_per_kw = 2195;
8465 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
8466 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
8467 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8470 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
8471 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
8472 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8475 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
8476 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
8477 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8480 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
8481 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8482 chan.context.feerate_per_kw = 2185;
8483 chan.context.holder_dust_limit_satoshis = 2001;
8484 let cached_channel_type = chan.context.channel_type;
8485 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8487 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
8488 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
8489 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8492 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
8493 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
8494 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
8497 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
8498 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
8499 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8502 // commitment tx with four outputs untrimmed (maximum feerate)
8503 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8504 chan.context.feerate_per_kw = 3702;
8505 chan.context.holder_dust_limit_satoshis = 546;
8506 chan.context.channel_type = cached_channel_type.clone();
8508 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
8509 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
8510 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8513 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
8514 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
8515 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
8518 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
8519 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
8520 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8523 // commitment tx with three outputs untrimmed (minimum feerate)
8524 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8525 chan.context.feerate_per_kw = 3703;
8527 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
8528 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
8529 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8532 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
8533 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
8534 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8537 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
8538 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8539 chan.context.feerate_per_kw = 3687;
8540 chan.context.holder_dust_limit_satoshis = 3001;
8541 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8543 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
8544 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
8545 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8548 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
8549 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
8550 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
8553 // commitment tx with three outputs untrimmed (maximum feerate)
8554 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8555 chan.context.feerate_per_kw = 4914;
8556 chan.context.holder_dust_limit_satoshis = 546;
8557 chan.context.channel_type = cached_channel_type.clone();
8559 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
8560 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
8561 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8564 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
8565 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
8566 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
8569 // commitment tx with two outputs untrimmed (minimum feerate)
8570 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8571 chan.context.feerate_per_kw = 4915;
8572 chan.context.holder_dust_limit_satoshis = 546;
8574 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
8575 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
8576 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8578 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
8579 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8580 chan.context.feerate_per_kw = 4894;
8581 chan.context.holder_dust_limit_satoshis = 4001;
8582 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8584 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
8585 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
8586 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8588 // commitment tx with two outputs untrimmed (maximum feerate)
8589 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8590 chan.context.feerate_per_kw = 9651180;
8591 chan.context.holder_dust_limit_satoshis = 546;
8592 chan.context.channel_type = cached_channel_type.clone();
8594 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
8595 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
8596 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8598 // commitment tx with one output untrimmed (minimum feerate)
8599 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8600 chan.context.feerate_per_kw = 9651181;
8602 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8603 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8604 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8606 // anchors: commitment tx with one output untrimmed (minimum dust limit)
8607 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8608 chan.context.feerate_per_kw = 6216010;
8609 chan.context.holder_dust_limit_satoshis = 4001;
8610 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8612 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
8613 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
8614 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8616 // commitment tx with fee greater than funder amount
8617 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
8618 chan.context.feerate_per_kw = 9651936;
8619 chan.context.holder_dust_limit_satoshis = 546;
8620 chan.context.channel_type = cached_channel_type;
8622 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
8623 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
8624 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
8626 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
8627 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
8628 chan.context.feerate_per_kw = 253;
8629 chan.context.pending_inbound_htlcs.clear();
8630 chan.context.pending_inbound_htlcs.push({
8631 let mut out = InboundHTLCOutput{
8633 amount_msat: 2000000,
8635 payment_hash: PaymentHash([0; 32]),
8636 state: InboundHTLCState::Committed,
8638 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
8641 chan.context.pending_outbound_htlcs.clear();
8642 chan.context.pending_outbound_htlcs.push({
8643 let mut out = OutboundHTLCOutput{
8645 amount_msat: 5000001,
8647 payment_hash: PaymentHash([0; 32]),
8648 state: OutboundHTLCState::Committed,
8649 source: HTLCSource::dummy(),
8650 skimmed_fee_msat: None,
8652 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8655 chan.context.pending_outbound_htlcs.push({
8656 let mut out = OutboundHTLCOutput{
8658 amount_msat: 5000000,
8660 payment_hash: PaymentHash([0; 32]),
8661 state: OutboundHTLCState::Committed,
8662 source: HTLCSource::dummy(),
8663 skimmed_fee_msat: None,
8665 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
8669 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
8670 "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
8671 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8674 "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
8675 "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
8676 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
8678 "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
8679 "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
8680 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
8682 "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
8683 "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
8684 "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
8687 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
8688 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
8689 "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
8690 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
8693 "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
8694 "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
8695 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
8697 "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
8698 "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
8699 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
8701 "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
8702 "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
8703 "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
8708 fn test_per_commitment_secret_gen() {
8709 // Test vectors from BOLT 3 Appendix D:
8711 let mut seed = [0; 32];
8712 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
8713 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8714 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
8716 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
8717 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
8718 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
8720 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
8721 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
8723 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
8724 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
8726 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
8727 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
8728 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
8732 fn test_key_derivation() {
8733 // Test vectors from BOLT 3 Appendix E:
8734 let secp_ctx = Secp256k1::new();
8736 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
8737 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
8739 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
8740 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
8742 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
8743 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
8745 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8746 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
8748 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
8749 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
8751 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).serialize()[..],
8752 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
8754 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
8755 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
8759 fn test_zero_conf_channel_type_support() {
8760 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8761 let secp_ctx = Secp256k1::new();
8762 let seed = [42; 32];
8763 let network = Network::Testnet;
8764 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
8765 let logger = test_utils::TestLogger::new();
8767 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
8768 let config = UserConfig::default();
8769 let node_a_chan = OutboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider,
8770 node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42).unwrap();
8772 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
8773 channel_type_features.set_zero_conf_required();
8775 let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
8776 open_channel_msg.channel_type = Some(channel_type_features);
8777 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
8778 let res = InboundV1Channel::<EnforcingSigner>::new(&feeest, &&keys_provider, &&keys_provider,
8779 node_b_node_id, &channelmanager::provided_channel_type_features(&config),
8780 &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, 42);
8781 assert!(res.is_ok());
8785 fn test_supports_anchors_zero_htlc_tx_fee() {
8786 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
8787 // resulting `channel_type`.
8788 let secp_ctx = Secp256k1::new();
8789 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8790 let network = Network::Testnet;
8791 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8792 let logger = test_utils::TestLogger::new();
8794 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8795 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8797 let mut config = UserConfig::default();
8798 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
8800 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
8801 // need to signal it.
8802 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8803 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8804 &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
8807 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
8809 let mut expected_channel_type = ChannelTypeFeatures::empty();
8810 expected_channel_type.set_static_remote_key_required();
8811 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
8813 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8814 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8815 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8818 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8819 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8820 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8821 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
8822 &open_channel_msg, 7, &config, 0, &&logger, 42
8825 assert_eq!(channel_a.context.channel_type, expected_channel_type);
8826 assert_eq!(channel_b.context.channel_type, expected_channel_type);
8830 fn test_rejects_implicit_simple_anchors() {
8831 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
8832 // each side's `InitFeatures`, it is rejected.
8833 let secp_ctx = Secp256k1::new();
8834 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8835 let network = Network::Testnet;
8836 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8837 let logger = test_utils::TestLogger::new();
8839 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8840 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8842 let config = UserConfig::default();
8844 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
8845 let static_remote_key_required: u64 = 1 << 12;
8846 let simple_anchors_required: u64 = 1 << 20;
8847 let raw_init_features = static_remote_key_required | simple_anchors_required;
8848 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
8850 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8851 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8852 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8855 // Set `channel_type` to `None` to force the implicit feature negotiation.
8856 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8857 open_channel_msg.channel_type = None;
8859 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
8860 // `static_remote_key`, it will fail the channel.
8861 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8862 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8863 &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
8864 &open_channel_msg, 7, &config, 0, &&logger, 42
8866 assert!(channel_b.is_err());
8870 fn test_rejects_simple_anchors_channel_type() {
8871 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
8873 let secp_ctx = Secp256k1::new();
8874 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
8875 let network = Network::Testnet;
8876 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
8877 let logger = test_utils::TestLogger::new();
8879 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
8880 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
8882 let config = UserConfig::default();
8884 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
8885 let static_remote_key_required: u64 = 1 << 12;
8886 let simple_anchors_required: u64 = 1 << 20;
8887 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
8888 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
8889 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
8890 assert!(!simple_anchors_init.requires_unknown_bits());
8891 assert!(!simple_anchors_channel_type.requires_unknown_bits());
8893 // First, we'll try to open a channel between A and B where A requests a channel type for
8894 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
8895 // B as it's not supported by LDK.
8896 let channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8897 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
8898 &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42
8901 let mut open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8902 open_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
8904 let res = InboundV1Channel::<EnforcingSigner>::new(
8905 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8906 &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
8907 &open_channel_msg, 7, &config, 0, &&logger, 42
8909 assert!(res.is_err());
8911 // Then, we'll try to open another channel where A requests a channel type for
8912 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
8913 // original `option_anchors` feature, which should be rejected by A as it's not supported by
8915 let mut channel_a = OutboundV1Channel::<EnforcingSigner>::new(
8916 &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
8917 10000000, 100000, 42, &config, 0, 42
8920 let open_channel_msg = channel_a.get_open_channel(genesis_block(network).header.block_hash());
8922 let channel_b = InboundV1Channel::<EnforcingSigner>::new(
8923 &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
8924 &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
8925 &open_channel_msg, 7, &config, 0, &&logger, 42
8928 let mut accept_channel_msg = channel_b.get_accept_channel_message();
8929 accept_channel_msg.channel_type = Some(simple_anchors_channel_type.clone());
8931 let res = channel_a.accept_channel(
8932 &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
8934 assert!(res.is_err());