1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 use bitcoin::blockdata::script::{Script,Builder};
11 use bitcoin::blockdata::transaction::{Transaction, EcdsaSighashType};
12 use bitcoin::util::sighash;
13 use bitcoin::consensus::encode;
15 use bitcoin::hashes::Hash;
16 use bitcoin::hashes::sha256::Hash as Sha256;
17 use bitcoin::hashes::sha256d::Hash as Sha256d;
18 use bitcoin::hash_types::{Txid, BlockHash};
20 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
21 use bitcoin::secp256k1::{PublicKey,SecretKey};
22 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
23 use bitcoin::secp256k1;
25 use crate::ln::{PaymentPreimage, PaymentHash};
26 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
28 use crate::ln::msgs::{DecodeError, OptionalField, DataLossProtect};
29 use crate::ln::script::{self, ShutdownScript};
30 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT};
31 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
32 use crate::ln::chan_utils;
33 use crate::chain::BestBlock;
34 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
35 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS};
36 use crate::chain::transaction::{OutPoint, TransactionData};
37 use crate::chain::keysinterface::{Sign, KeysInterface};
38 use crate::util::events::ClosureReason;
39 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
40 use crate::util::logger::Logger;
41 use crate::util::errors::APIError;
42 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits};
43 use crate::util::scid_utils::scid_from_parts;
46 use crate::prelude::*;
47 use core::{cmp,mem,fmt};
49 #[cfg(any(test, fuzzing, debug_assertions))]
50 use crate::sync::Mutex;
51 use bitcoin::hashes::hex::ToHex;
54 pub struct ChannelValueStat {
55 pub value_to_self_msat: u64,
56 pub channel_value_msat: u64,
57 pub channel_reserve_msat: u64,
58 pub pending_outbound_htlcs_amount_msat: u64,
59 pub pending_inbound_htlcs_amount_msat: u64,
60 pub holding_cell_outbound_amount_msat: u64,
61 pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
62 pub counterparty_dust_limit_msat: u64,
65 pub struct AvailableBalances {
66 /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
67 pub balance_msat: u64,
68 /// Total amount available for our counterparty to send to us.
69 pub inbound_capacity_msat: u64,
70 /// Total amount available for us to send to our counterparty.
71 pub outbound_capacity_msat: u64,
72 /// The maximum value we can assign to the next outbound HTLC
73 pub next_outbound_htlc_limit_msat: u64,
76 #[derive(Debug, Clone, Copy, PartialEq)]
78 // Inbound states mirroring InboundHTLCState
80 AwaitingRemoteRevokeToAnnounce,
81 // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
82 // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
83 // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
84 // the fee update anywhere, we can simply consider the fee update `Committed` immediately
85 // instead of setting it to AwaitingAnnouncedRemoteRevoke.
87 // Outbound state can only be `LocalAnnounced` or `Committed`
91 enum InboundHTLCRemovalReason {
92 FailRelay(msgs::OnionErrorPacket),
93 FailMalformed(([u8; 32], u16)),
94 Fulfill(PaymentPreimage),
97 enum InboundHTLCState {
98 /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
99 /// update_add_htlc message for this HTLC.
100 RemoteAnnounced(PendingHTLCStatus),
101 /// Included in a received commitment_signed message (implying we've
102 /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
103 /// state (see the example below). We have not yet included this HTLC in a
104 /// commitment_signed message because we are waiting on the remote's
105 /// aforementioned state revocation. One reason this missing remote RAA
106 /// (revoke_and_ack) blocks us from constructing a commitment_signed message
107 /// is because every time we create a new "state", i.e. every time we sign a
108 /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
109 /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
110 /// sent provided the per_commitment_point for our current commitment tx.
111 /// The other reason we should not send a commitment_signed without their RAA
112 /// is because their RAA serves to ACK our previous commitment_signed.
114 /// Here's an example of how an HTLC could come to be in this state:
115 /// remote --> update_add_htlc(prev_htlc) --> local
116 /// remote --> commitment_signed(prev_htlc) --> local
117 /// remote <-- revoke_and_ack <-- local
118 /// remote <-- commitment_signed(prev_htlc) <-- local
119 /// [note that here, the remote does not respond with a RAA]
120 /// remote --> update_add_htlc(this_htlc) --> local
121 /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
122 /// Now `this_htlc` will be assigned this state. It's unable to be officially
123 /// accepted, i.e. included in a commitment_signed, because we're missing the
124 /// RAA that provides our next per_commitment_point. The per_commitment_point
125 /// is used to derive commitment keys, which are used to construct the
126 /// signatures in a commitment_signed message.
127 /// Implies AwaitingRemoteRevoke.
129 /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
130 AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
131 /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
132 /// We have also included this HTLC in our latest commitment_signed and are now just waiting
133 /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
134 /// channel (before it can then get forwarded and/or removed).
135 /// Implies AwaitingRemoteRevoke.
136 AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
138 /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
139 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
141 /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
142 /// commitment transaction without it as otherwise we'll have to force-close the channel to
143 /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
144 /// anyway). That said, ChannelMonitor does this for us (see
145 /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
146 /// our own local state before then, once we're sure that the next commitment_signed and
147 /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
148 LocalRemoved(InboundHTLCRemovalReason),
151 struct InboundHTLCOutput {
155 payment_hash: PaymentHash,
156 state: InboundHTLCState,
159 enum OutboundHTLCState {
160 /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
161 /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
162 /// we will promote to Committed (note that they may not accept it until the next time we
163 /// revoke, but we don't really care about that:
164 /// * they've revoked, so worst case we can announce an old state and get our (option on)
165 /// money back (though we won't), and,
166 /// * we'll send them a revoke when they send a commitment_signed, and since only they're
167 /// allowed to remove it, the "can only be removed once committed on both sides" requirement
168 /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
169 /// we'll never get out of sync).
170 /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
171 /// OutboundHTLCOutput's size just for a temporary bit
172 LocalAnnounced(Box<msgs::OnionPacket>),
174 /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
175 /// the change (though they'll need to revoke before we fail the payment).
176 RemoteRemoved(OutboundHTLCOutcome),
177 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
178 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
179 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
180 /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
181 /// remote revoke_and_ack on a previous state before we can do so.
182 AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
183 /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
184 /// the remote side hasn't yet revoked their previous state, which we need them to do before we
185 /// can do any backwards failing. Implies AwaitingRemoteRevoke.
186 /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
187 /// revoke_and_ack to drop completely.
188 AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
192 enum OutboundHTLCOutcome {
193 Success(Option<PaymentPreimage>),
194 Failure(HTLCFailReason),
197 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
198 fn from(o: Option<HTLCFailReason>) -> Self {
200 None => OutboundHTLCOutcome::Success(None),
201 Some(r) => OutboundHTLCOutcome::Failure(r)
206 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
207 fn into(self) -> Option<&'a HTLCFailReason> {
209 OutboundHTLCOutcome::Success(_) => None,
210 OutboundHTLCOutcome::Failure(ref r) => Some(r)
215 struct OutboundHTLCOutput {
219 payment_hash: PaymentHash,
220 state: OutboundHTLCState,
224 /// See AwaitingRemoteRevoke ChannelState for more info
225 enum HTLCUpdateAwaitingACK {
226 AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
230 payment_hash: PaymentHash,
232 onion_routing_packet: msgs::OnionPacket,
235 payment_preimage: PaymentPreimage,
240 err_packet: msgs::OnionErrorPacket,
244 /// There are a few "states" and then a number of flags which can be applied:
245 /// We first move through init with OurInitSent -> TheirInitSent -> FundingCreated -> FundingSent.
246 /// TheirChannelReady and OurChannelReady then get set on FundingSent, and when both are set we
247 /// move on to ChannelReady.
248 /// Note that PeerDisconnected can be set on both ChannelReady and FundingSent.
249 /// ChannelReady can then get all remaining flags set on it, until we finish shutdown, then we
250 /// move on to ShutdownComplete, at which point most calls into this channel are disallowed.
252 /// Implies we have (or are prepared to) send our open_channel/accept_channel message
253 OurInitSent = 1 << 0,
254 /// Implies we have received their open_channel/accept_channel message
255 TheirInitSent = 1 << 1,
256 /// We have sent funding_created and are awaiting a funding_signed to advance to FundingSent.
257 /// Note that this is nonsense for an inbound channel as we immediately generate funding_signed
258 /// upon receipt of funding_created, so simply skip this state.
260 /// Set when we have received/sent funding_created and funding_signed and are thus now waiting
261 /// on the funding transaction to confirm. The ChannelReady flags are set to indicate when we
262 /// and our counterparty consider the funding transaction confirmed.
264 /// Flag which can be set on FundingSent to indicate they sent us a channel_ready message.
265 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
266 TheirChannelReady = 1 << 4,
267 /// Flag which can be set on FundingSent to indicate we sent them a channel_ready message.
268 /// Once both TheirChannelReady and OurChannelReady are set, state moves on to ChannelReady.
269 OurChannelReady = 1 << 5,
271 /// Flag which is set on ChannelReady and FundingSent indicating remote side is considered
272 /// "disconnected" and no updates are allowed until after we've done a channel_reestablish
274 PeerDisconnected = 1 << 7,
275 /// Flag which is set on ChannelReady, FundingCreated, and FundingSent indicating the user has
276 /// told us a ChannelMonitor update is pending async persistence somewhere and we should pause
277 /// sending any outbound messages until they've managed to finish.
278 MonitorUpdateInProgress = 1 << 8,
279 /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
280 /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
281 /// messages as then we will be unable to determine which HTLCs they included in their
282 /// revoke_and_ack implicit ACK, so instead we have to hold them away temporarily to be sent
284 /// Flag is set on ChannelReady.
285 AwaitingRemoteRevoke = 1 << 9,
286 /// Flag which is set on ChannelReady or FundingSent after receiving a shutdown message from
287 /// the remote end. If set, they may not add any new HTLCs to the channel, and we are expected
288 /// to respond with our own shutdown message when possible.
289 RemoteShutdownSent = 1 << 10,
290 /// Flag which is set on ChannelReady or FundingSent after sending a shutdown message. At this
291 /// point, we may not add any new HTLCs to the channel.
292 LocalShutdownSent = 1 << 11,
293 /// We've successfully negotiated a closing_signed dance. At this point ChannelManager is about
294 /// to drop us, but we store this anyway.
295 ShutdownComplete = 4096,
297 const BOTH_SIDES_SHUTDOWN_MASK: u32 = ChannelState::LocalShutdownSent as u32 | ChannelState::RemoteShutdownSent as u32;
298 const MULTI_STATE_FLAGS: u32 = BOTH_SIDES_SHUTDOWN_MASK | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32;
300 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
302 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
303 /// our counterparty or not. However, we don't want to announce updates right away to avoid
304 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
305 /// our channel_update message and track the current state here.
306 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
307 #[derive(Clone, Copy, PartialEq)]
308 pub(super) enum ChannelUpdateStatus {
309 /// We've announced the channel as enabled and are connected to our peer.
311 /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
313 /// Our channel is live again, but we haven't announced the channel as enabled yet.
315 /// We've announced the channel as disabled.
319 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
321 pub enum AnnouncementSigsState {
322 /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
323 /// we sent the last `AnnouncementSignatures`.
325 /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
326 /// This state never appears on disk - instead we write `NotSent`.
328 /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
329 /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
330 /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
331 /// they send back a `RevokeAndACK`.
332 /// This state never appears on disk - instead we write `NotSent`.
334 /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
335 /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
339 /// An enum indicating whether the local or remote side offered a given HTLC.
345 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
348 pending_htlcs_value_msat: u64,
349 on_counterparty_tx_dust_exposure_msat: u64,
350 on_holder_tx_dust_exposure_msat: u64,
351 holding_cell_msat: u64,
352 on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
355 /// An enum gathering stats on commitment transaction, either local or remote.
356 struct CommitmentStats<'a> {
357 tx: CommitmentTransaction, // the transaction info
358 feerate_per_kw: u32, // the feerate included to build the transaction
359 total_fee_sat: u64, // the total fee included in the transaction
360 num_nondust_htlcs: usize, // the number of HTLC outputs (dust HTLCs *non*-included)
361 htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
362 local_balance_msat: u64, // local balance before fees but considering dust limits
363 remote_balance_msat: u64, // remote balance before fees but considering dust limits
364 preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
367 /// Used when calculating whether we or the remote can afford an additional HTLC.
368 struct HTLCCandidate {
370 origin: HTLCInitiator,
374 fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
382 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
384 enum UpdateFulfillFetch {
386 monitor_update: ChannelMonitorUpdate,
387 htlc_value_msat: u64,
388 msg: Option<msgs::UpdateFulfillHTLC>,
393 /// The return type of get_update_fulfill_htlc_and_commit.
394 pub enum UpdateFulfillCommitFetch {
395 /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
396 /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
397 /// previously placed in the holding cell (and has since been removed).
399 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
400 monitor_update: ChannelMonitorUpdate,
401 /// The value of the HTLC which was claimed, in msat.
402 htlc_value_msat: u64,
403 /// The update_fulfill message and commitment_signed message (if the claim was not placed
404 /// in the holding cell).
405 msgs: Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)>,
407 /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
408 /// or has been forgotten (presumably previously claimed).
412 /// The return value of `revoke_and_ack` on success, primarily updates to other channels or HTLC
414 pub(super) struct RAAUpdates {
415 pub commitment_update: Option<msgs::CommitmentUpdate>,
416 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
417 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
418 pub finalized_claimed_htlcs: Vec<HTLCSource>,
419 pub monitor_update: ChannelMonitorUpdate,
420 pub holding_cell_failed_htlcs: Vec<(HTLCSource, PaymentHash)>,
423 /// The return value of `monitor_updating_restored`
424 pub(super) struct MonitorRestoreUpdates {
425 pub raa: Option<msgs::RevokeAndACK>,
426 pub commitment_update: Option<msgs::CommitmentUpdate>,
427 pub order: RAACommitmentOrder,
428 pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
429 pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
430 pub finalized_claimed_htlcs: Vec<HTLCSource>,
431 pub funding_broadcastable: Option<Transaction>,
432 pub channel_ready: Option<msgs::ChannelReady>,
433 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
436 /// The return value of `channel_reestablish`
437 pub(super) struct ReestablishResponses {
438 pub channel_ready: Option<msgs::ChannelReady>,
439 pub raa: Option<msgs::RevokeAndACK>,
440 pub commitment_update: Option<msgs::CommitmentUpdate>,
441 pub order: RAACommitmentOrder,
442 pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
443 pub shutdown_msg: Option<msgs::Shutdown>,
446 /// If the majority of the channels funds are to the fundee and the initiator holds only just
447 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
448 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
449 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
450 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
451 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
452 /// by this multiple without hitting this case, before sending.
453 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
454 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
455 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
456 /// leave the channel less usable as we hold a bigger reserve.
457 #[cfg(any(fuzzing, test))]
458 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
459 #[cfg(not(any(fuzzing, test)))]
460 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
462 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
463 /// channel creation on an inbound channel, we simply force-close and move on.
464 /// This constant is the one suggested in BOLT 2.
465 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
467 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
468 /// not have enough balance value remaining to cover the onchain cost of this new
469 /// HTLC weight. If this happens, our counterparty fails the reception of our
470 /// commitment_signed including this new HTLC due to infringement on the channel
472 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
473 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
474 /// leads to a channel force-close. Ultimately, this is an issue coming from the
475 /// design of LN state machines, allowing asynchronous updates.
476 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
478 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
479 /// commitment transaction fees, with at least this many HTLCs present on the commitment
480 /// transaction (not counting the value of the HTLCs themselves).
481 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
483 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
484 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
485 /// ChannelUpdate prompted by the config update. This value was determined as follows:
487 /// * The expected interval between ticks (1 minute).
488 /// * The average convergence delay of updates across the network, i.e., ~300 seconds on average
489 /// for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
490 /// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
491 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
493 // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking
494 // has been completed, and then turn into a Channel to get compiler-time enforcement of things like
495 // calling channel_id() before we're set up or things like get_outbound_funding_signed on an
498 // Holder designates channel data owned for the benefice of the user client.
499 // Counterparty designates channel data owned by the another channel participant entity.
500 pub(super) struct Channel<Signer: Sign> {
501 config: LegacyChannelConfig,
503 // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
504 // constructed using it. The second element in the tuple corresponds to the number of ticks that
505 // have elapsed since the update occurred.
506 prev_config: Option<(ChannelConfig, usize)>,
508 inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
512 channel_id: [u8; 32],
515 // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
516 // our peer. However, we want to make sure they received it, or else rebroadcast it when we
518 // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
519 // Note that a number of our tests were written prior to the behavior here which retransmits
520 // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
522 #[cfg(any(test, feature = "_test_utils"))]
523 pub(crate) announcement_sigs_state: AnnouncementSigsState,
524 #[cfg(not(any(test, feature = "_test_utils")))]
525 announcement_sigs_state: AnnouncementSigsState,
527 secp_ctx: Secp256k1<secp256k1::All>,
528 channel_value_satoshis: u64,
530 latest_monitor_update_id: u64,
532 holder_signer: Signer,
533 shutdown_scriptpubkey: Option<ShutdownScript>,
534 destination_script: Script,
536 // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
537 // generation start at 0 and count up...this simplifies some parts of implementation at the
538 // cost of others, but should really just be changed.
540 cur_holder_commitment_transaction_number: u64,
541 cur_counterparty_commitment_transaction_number: u64,
542 value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
543 pending_inbound_htlcs: Vec<InboundHTLCOutput>,
544 pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
545 holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
547 /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
548 /// need to ensure we resend them in the order we originally generated them. Note that because
549 /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
550 /// sufficient to simply set this to the opposite of any message we are generating as we
551 /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
552 /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
554 resend_order: RAACommitmentOrder,
556 monitor_pending_channel_ready: bool,
557 monitor_pending_revoke_and_ack: bool,
558 monitor_pending_commitment_signed: bool,
559 monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
560 monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
561 monitor_pending_finalized_fulfills: Vec<HTLCSource>,
563 // pending_update_fee is filled when sending and receiving update_fee.
565 // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
566 // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
567 // generating new commitment transactions with exactly the same criteria as inbound/outbound
568 // HTLCs with similar state.
569 pending_update_fee: Option<(u32, FeeUpdateState)>,
570 // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
571 // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
572 // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
573 // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
574 // further `send_update_fee` calls, dropping the previous holding cell update entirely.
575 holding_cell_update_fee: Option<u32>,
576 next_holder_htlc_id: u64,
577 next_counterparty_htlc_id: u64,
580 /// The timestamp set on our latest `channel_update` message for this channel. It is updated
581 /// when the channel is updated in ways which may impact the `channel_update` message or when a
582 /// new block is received, ensuring it's always at least moderately close to the current real
584 update_time_counter: u32,
586 #[cfg(debug_assertions)]
587 /// Max to_local and to_remote outputs in a locally-generated commitment transaction
588 holder_max_commitment_tx_output: Mutex<(u64, u64)>,
589 #[cfg(debug_assertions)]
590 /// Max to_local and to_remote outputs in a remote-generated commitment transaction
591 counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
593 last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
594 target_closing_feerate_sats_per_kw: Option<u32>,
596 /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
597 /// update, we need to delay processing it until later. We do that here by simply storing the
598 /// closing_signed message and handling it in `maybe_propose_closing_signed`.
599 pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
601 /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
602 /// transaction. These are set once we reach `closing_negotiation_ready`.
604 pub(crate) closing_fee_limits: Option<(u64, u64)>,
606 closing_fee_limits: Option<(u64, u64)>,
608 /// Flag that ensures that `accept_inbound_channel` must be called before `funding_created`
609 /// is executed successfully. The reason for this flag is that when the
610 /// `UserConfig::manually_accept_inbound_channels` config flag is set to true, inbound channels
611 /// are required to be manually accepted by the node operator before the `msgs::AcceptChannel`
612 /// message is created and sent out. During the manual accept process, `accept_inbound_channel`
613 /// is called by `ChannelManager::accept_inbound_channel`.
615 /// The flag counteracts that a counterparty node could theoretically send a
616 /// `msgs::FundingCreated` message before the node operator has manually accepted an inbound
617 /// channel request made by the counterparty node. That would execute `funding_created` before
618 /// `accept_inbound_channel`, and `funding_created` should therefore not execute successfully.
619 inbound_awaiting_accept: bool,
621 /// The hash of the block in which the funding transaction was included.
622 funding_tx_confirmed_in: Option<BlockHash>,
623 funding_tx_confirmation_height: u32,
624 short_channel_id: Option<u64>,
625 /// Either the height at which this channel was created or the height at which it was last
626 /// serialized if it was serialized by versions prior to 0.0.103.
627 /// We use this to close if funding is never broadcasted.
628 channel_creation_height: u32,
630 counterparty_dust_limit_satoshis: u64,
633 pub(super) holder_dust_limit_satoshis: u64,
635 holder_dust_limit_satoshis: u64,
638 pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
640 counterparty_max_htlc_value_in_flight_msat: u64,
643 pub(super) holder_max_htlc_value_in_flight_msat: u64,
645 holder_max_htlc_value_in_flight_msat: u64,
647 /// minimum channel reserve for self to maintain - set by them.
648 counterparty_selected_channel_reserve_satoshis: Option<u64>,
651 pub(super) holder_selected_channel_reserve_satoshis: u64,
653 holder_selected_channel_reserve_satoshis: u64,
655 counterparty_htlc_minimum_msat: u64,
656 holder_htlc_minimum_msat: u64,
658 pub counterparty_max_accepted_htlcs: u16,
660 counterparty_max_accepted_htlcs: u16,
661 //implied by OUR_MAX_HTLCS: max_accepted_htlcs: u16,
662 minimum_depth: Option<u32>,
664 counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
666 pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
667 funding_transaction: Option<Transaction>,
669 counterparty_cur_commitment_point: Option<PublicKey>,
670 counterparty_prev_commitment_point: Option<PublicKey>,
671 counterparty_node_id: PublicKey,
673 counterparty_shutdown_scriptpubkey: Option<Script>,
675 commitment_secrets: CounterpartyCommitmentSecrets,
677 channel_update_status: ChannelUpdateStatus,
678 /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
679 /// not complete within a single timer tick (one minute), we should force-close the channel.
680 /// This prevents us from keeping unusable channels around forever if our counterparty wishes
682 /// Note that this field is reset to false on deserialization to give us a chance to connect to
683 /// our peer and start the closing_signed negotiation fresh.
684 closing_signed_in_flight: bool,
686 /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
687 /// This can be used to rebroadcast the channel_announcement message later.
688 announcement_sigs: Option<(Signature, Signature)>,
690 // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
691 // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
692 // be, by comparing the cached values to the fee of the tranaction generated by
693 // `build_commitment_transaction`.
694 #[cfg(any(test, fuzzing))]
695 next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
696 #[cfg(any(test, fuzzing))]
697 next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
699 /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
700 /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
701 /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
702 /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
703 /// message until we receive a channel_reestablish.
705 /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
706 pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
708 #[cfg(any(test, fuzzing))]
709 // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
710 // corresponding HTLC on the inbound path. If, then, the outbound path channel is
711 // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
712 // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
713 // is fine, but as a sanity check in our failure to generate the second claim, we check here
714 // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
715 historical_inbound_htlc_fulfills: HashSet<u64>,
717 /// This channel's type, as negotiated during channel open
718 channel_type: ChannelTypeFeatures,
720 // Our counterparty can offer us SCID aliases which they will map to this channel when routing
721 // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
722 // the channel's funding UTXO.
724 // We also use this when sending our peer a channel_update that isn't to be broadcasted
725 // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
726 // associated channel mapping.
728 // We only bother storing the most recent SCID alias at any time, though our counterparty has
729 // to store all of them.
730 latest_inbound_scid_alias: Option<u64>,
732 // We always offer our counterparty a static SCID alias, which we recognize as for this channel
733 // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
734 // don't currently support node id aliases and eventually privacy should be provided with
735 // blinded paths instead of simple scid+node_id aliases.
736 outbound_scid_alias: u64,
738 // We track whether we already emitted a `ChannelReady` event.
739 channel_ready_event_emitted: bool,
742 #[cfg(any(test, fuzzing))]
743 struct CommitmentTxInfoCached {
745 total_pending_htlcs: usize,
746 next_holder_htlc_id: u64,
747 next_counterparty_htlc_id: u64,
751 pub const OUR_MAX_HTLCS: u16 = 50; //TODO
753 pub(crate) fn commitment_tx_base_weight(opt_anchors: bool) -> u64 {
754 const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
755 const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
756 if opt_anchors { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
760 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
762 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
764 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
766 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
767 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
768 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
769 /// `holder_max_htlc_value_in_flight_msat`.
770 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
772 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
773 /// `option_support_large_channel` (aka wumbo channels) is not supported.
775 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
777 /// Total bitcoin supply in satoshis.
778 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
780 /// The maximum network dust limit for standard script formats. This currently represents the
781 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
782 /// transaction non-standard and thus refuses to relay it.
783 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
784 /// implementations use this value for their dust limit today.
785 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
787 /// The maximum channel dust limit we will accept from our counterparty.
788 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
790 /// The dust limit is used for both the commitment transaction outputs as well as the closing
791 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
792 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
793 /// In order to avoid having to concern ourselves with standardness during the closing process, we
794 /// simply require our counterparty to use a dust limit which will leave any segwit output
796 /// See https://github.com/lightning/bolts/issues/905 for more details.
797 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
799 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
800 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
802 /// Used to return a simple Error back to ChannelManager. Will get converted to a
803 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
804 /// channel_id in ChannelManager.
805 pub(super) enum ChannelError {
811 impl fmt::Debug for ChannelError {
812 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
814 &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
815 &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
816 &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
821 macro_rules! secp_check {
822 ($res: expr, $err: expr) => {
825 Err(_) => return Err(ChannelError::Close($err)),
830 impl<Signer: Sign> Channel<Signer> {
831 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
832 /// `channel_value_satoshis` in msat, set through
833 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
835 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
837 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
838 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
839 let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
841 } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
844 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
846 channel_value_satoshis * 10 * configured_percent
849 /// Returns a minimum channel reserve value the remote needs to maintain,
850 /// required by us according to the configured or default
851 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
853 /// Guaranteed to return a value no larger than channel_value_satoshis
855 /// This is used both for outbound and inbound channels and has lower bound
856 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
857 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
858 let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
859 cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
862 /// This is for legacy reasons, present for forward-compatibility.
863 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
864 /// from storage. Hence, we use this function to not persist default values of
865 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
866 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
867 let (q, _) = channel_value_satoshis.overflowing_div(100);
868 cmp::min(channel_value_satoshis, cmp::max(q, 1000))
871 pub(crate) fn opt_anchors(&self) -> bool {
872 self.channel_transaction_parameters.opt_anchors.is_some()
875 fn get_initial_channel_type(config: &UserConfig) -> ChannelTypeFeatures {
876 // The default channel type (ie the first one we try) depends on whether the channel is
877 // public - if it is, we just go with `only_static_remotekey` as it's the only option
878 // available. If it's private, we first try `scid_privacy` as it provides better privacy
879 // with no other changes, and fall back to `only_static_remotekey`
880 let mut ret = ChannelTypeFeatures::only_static_remote_key();
881 if !config.channel_handshake_config.announced_channel && config.channel_handshake_config.negotiate_scid_privacy {
882 ret.set_scid_privacy_required();
887 /// If we receive an error message, it may only be a rejection of the channel type we tried,
888 /// not of our ability to open any channel at all. Thus, on error, we should first call this
889 /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
890 pub(crate) fn maybe_handle_error_without_close(&mut self, chain_hash: BlockHash) -> Result<msgs::OpenChannel, ()> {
891 if !self.is_outbound() || self.channel_state != ChannelState::OurInitSent as u32 { return Err(()); }
892 if self.channel_type == ChannelTypeFeatures::only_static_remote_key() {
893 // We've exhausted our options
896 self.channel_type = ChannelTypeFeatures::only_static_remote_key(); // We only currently support two types
897 Ok(self.get_open_channel(chain_hash))
901 pub fn new_outbound<K: Deref, F: Deref>(
902 fee_estimator: &LowerBoundedFeeEstimator<F>, keys_provider: &K, counterparty_node_id: PublicKey, their_features: &InitFeatures,
903 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
904 outbound_scid_alias: u64
905 ) -> Result<Channel<Signer>, APIError>
906 where K::Target: KeysInterface<Signer = Signer>,
907 F::Target: FeeEstimator,
909 let opt_anchors = false; // TODO - should be based on features
911 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
912 let holder_signer = keys_provider.get_channel_signer(false, channel_value_satoshis);
913 let pubkeys = holder_signer.pubkeys().clone();
915 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
916 return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
918 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
919 return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
921 let channel_value_msat = channel_value_satoshis * 1000;
922 if push_msat > channel_value_msat {
923 return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
925 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
926 return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
928 let holder_selected_channel_reserve_satoshis = Channel::<Signer>::get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
929 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
930 // Protocol level safety check in place, although it should never happen because
931 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
932 return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
935 let feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
937 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
938 let commitment_tx_fee = Self::commit_tx_fee_msat(feerate, MIN_AFFORDABLE_HTLC_COUNT, opt_anchors);
939 if value_to_self_msat < commitment_tx_fee {
940 return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
943 let mut secp_ctx = Secp256k1::new();
944 secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());
946 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
947 Some(keys_provider.get_shutdown_scriptpubkey())
950 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
951 if !shutdown_scriptpubkey.is_compatible(&their_features) {
952 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
959 config: LegacyChannelConfig {
960 options: config.channel_config.clone(),
961 announced_channel: config.channel_handshake_config.announced_channel,
962 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
967 inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
969 channel_id: keys_provider.get_secure_random_bytes(),
970 channel_state: ChannelState::OurInitSent as u32,
971 announcement_sigs_state: AnnouncementSigsState::NotSent,
973 channel_value_satoshis,
975 latest_monitor_update_id: 0,
978 shutdown_scriptpubkey,
979 destination_script: keys_provider.get_destination_script(),
981 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
982 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
985 pending_inbound_htlcs: Vec::new(),
986 pending_outbound_htlcs: Vec::new(),
987 holding_cell_htlc_updates: Vec::new(),
988 pending_update_fee: None,
989 holding_cell_update_fee: None,
990 next_holder_htlc_id: 0,
991 next_counterparty_htlc_id: 0,
992 update_time_counter: 1,
994 resend_order: RAACommitmentOrder::CommitmentFirst,
996 monitor_pending_channel_ready: false,
997 monitor_pending_revoke_and_ack: false,
998 monitor_pending_commitment_signed: false,
999 monitor_pending_forwards: Vec::new(),
1000 monitor_pending_failures: Vec::new(),
1001 monitor_pending_finalized_fulfills: Vec::new(),
1003 #[cfg(debug_assertions)]
1004 holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1005 #[cfg(debug_assertions)]
1006 counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1008 last_sent_closing_fee: None,
1009 pending_counterparty_closing_signed: None,
1010 closing_fee_limits: None,
1011 target_closing_feerate_sats_per_kw: None,
1013 inbound_awaiting_accept: false,
1015 funding_tx_confirmed_in: None,
1016 funding_tx_confirmation_height: 0,
1017 short_channel_id: None,
1018 channel_creation_height: current_chain_height,
1020 feerate_per_kw: feerate,
1021 counterparty_dust_limit_satoshis: 0,
1022 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
1023 counterparty_max_htlc_value_in_flight_msat: 0,
1024 holder_max_htlc_value_in_flight_msat: Self::get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
1025 counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
1026 holder_selected_channel_reserve_satoshis,
1027 counterparty_htlc_minimum_msat: 0,
1028 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
1029 counterparty_max_accepted_htlcs: 0,
1030 minimum_depth: None, // Filled in in accept_channel
1032 counterparty_forwarding_info: None,
1034 channel_transaction_parameters: ChannelTransactionParameters {
1035 holder_pubkeys: pubkeys,
1036 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
1037 is_outbound_from_holder: true,
1038 counterparty_parameters: None,
1039 funding_outpoint: None,
1040 opt_anchors: if opt_anchors { Some(()) } else { None },
1042 funding_transaction: None,
1044 counterparty_cur_commitment_point: None,
1045 counterparty_prev_commitment_point: None,
1046 counterparty_node_id,
1048 counterparty_shutdown_scriptpubkey: None,
1050 commitment_secrets: CounterpartyCommitmentSecrets::new(),
1052 channel_update_status: ChannelUpdateStatus::Enabled,
1053 closing_signed_in_flight: false,
1055 announcement_sigs: None,
1057 #[cfg(any(test, fuzzing))]
1058 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
1059 #[cfg(any(test, fuzzing))]
1060 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
1062 workaround_lnd_bug_4006: None,
1064 latest_inbound_scid_alias: None,
1065 outbound_scid_alias,
1067 channel_ready_event_emitted: false,
1069 #[cfg(any(test, fuzzing))]
1070 historical_inbound_htlc_fulfills: HashSet::new(),
1072 channel_type: Self::get_initial_channel_type(&config),
1076 fn check_remote_fee<F: Deref>(fee_estimator: &LowerBoundedFeeEstimator<F>, feerate_per_kw: u32) -> Result<(), ChannelError>
1077 where F::Target: FeeEstimator
1079 // We only bound the fee updates on the upper side to prevent completely absurd feerates,
1080 // always accepting up to 25 sat/vByte or 10x our fee estimator's "High Priority" fee.
1081 // We generally don't care too much if they set the feerate to something very high, but it
1082 // could result in the channel being useless due to everything being dust.
1083 let upper_limit = cmp::max(250 * 25,
1084 fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
1085 if feerate_per_kw as u64 > upper_limit {
1086 return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
1088 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
1089 // Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
1090 // occasional issues with feerate disagreements between an initiator that wants a feerate
1091 // of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
1092 // sat/kw before the comparison here.
1093 if feerate_per_kw + 250 < lower_limit {
1094 return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {} (- 250)", feerate_per_kw, lower_limit)));
1099 /// Creates a new channel from a remote sides' request for one.
1100 /// Assumes chain_hash has already been checked and corresponds with what we expect!
1101 pub fn new_from_req<K: Deref, F: Deref, L: Deref>(
1102 fee_estimator: &LowerBoundedFeeEstimator<F>, keys_provider: &K, counterparty_node_id: PublicKey, their_features: &InitFeatures,
1103 msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig, current_chain_height: u32, logger: &L,
1104 outbound_scid_alias: u64
1105 ) -> Result<Channel<Signer>, ChannelError>
1106 where K::Target: KeysInterface<Signer = Signer>,
1107 F::Target: FeeEstimator,
1110 let opt_anchors = false; // TODO - should be based on features
1111 let announced_channel = if (msg.channel_flags & 1) == 1 { true } else { false };
1113 // First check the channel type is known, failing before we do anything else if we don't
1114 // support this channel type.
1115 let channel_type = if let Some(channel_type) = &msg.channel_type {
1116 if channel_type.supports_any_optional_bits() {
1117 return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
1120 if channel_type.requires_unknown_bits() {
1121 return Err(ChannelError::Close("Channel Type field contains unknown bits".to_owned()));
1124 // We currently only allow four channel types, so write it all out here - we allow
1125 // `only_static_remote_key` or `static_remote_key | zero_conf` in all contexts, and
1126 // further allow `static_remote_key | scid_privacy` or
1127 // `static_remote_key | scid_privacy | zero_conf`, if the channel is not
1128 // publicly announced.
1129 if *channel_type != ChannelTypeFeatures::only_static_remote_key() {
1130 if !channel_type.requires_scid_privacy() && !channel_type.requires_zero_conf() {
1131 return Err(ChannelError::Close("Channel Type was not understood".to_owned()));
1134 if channel_type.requires_scid_privacy() && announced_channel {
1135 return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
1138 channel_type.clone()
1140 ChannelTypeFeatures::from_counterparty_init(&their_features)
1142 if !channel_type.supports_static_remote_key() {
1143 return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
1146 let holder_signer = keys_provider.get_channel_signer(true, msg.funding_satoshis);
1147 let pubkeys = holder_signer.pubkeys().clone();
1148 let counterparty_pubkeys = ChannelPublicKeys {
1149 funding_pubkey: msg.funding_pubkey,
1150 revocation_basepoint: msg.revocation_basepoint,
1151 payment_point: msg.payment_point,
1152 delayed_payment_basepoint: msg.delayed_payment_basepoint,
1153 htlc_basepoint: msg.htlc_basepoint
1156 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
1157 return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
1160 // Check sanity of message fields:
1161 if msg.funding_satoshis > config.channel_handshake_limits.max_funding_satoshis {
1162 return Err(ChannelError::Close(format!("Per our config, funding must be at most {}. It was {}", config.channel_handshake_limits.max_funding_satoshis, msg.funding_satoshis)));
1164 if msg.funding_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
1165 return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", msg.funding_satoshis)));
1167 if msg.channel_reserve_satoshis > msg.funding_satoshis {
1168 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be not greater than funding_satoshis: {}", msg.channel_reserve_satoshis, msg.funding_satoshis)));
1170 let full_channel_value_msat = (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000;
1171 if msg.push_msat > full_channel_value_msat {
1172 return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg.push_msat, full_channel_value_msat)));
1174 if msg.dust_limit_satoshis > msg.funding_satoshis {
1175 return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than funding_satoshis {}. Peer never wants payout outputs?", msg.dust_limit_satoshis, msg.funding_satoshis)));
1177 if msg.htlc_minimum_msat >= full_channel_value_msat {
1178 return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
1180 Channel::<Signer>::check_remote_fee(fee_estimator, msg.feerate_per_kw)?;
1182 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
1183 if msg.to_self_delay > max_counterparty_selected_contest_delay {
1184 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, msg.to_self_delay)));
1186 if msg.max_accepted_htlcs < 1 {
1187 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
1189 if msg.max_accepted_htlcs > MAX_HTLCS {
1190 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
1193 // Now check against optional parameters as set by config...
1194 if msg.funding_satoshis < config.channel_handshake_limits.min_funding_satoshis {
1195 return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", msg.funding_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
1197 if msg.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
1198 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
1200 if msg.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
1201 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
1203 if msg.channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
1204 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
1206 if msg.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
1207 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
1209 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1210 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1212 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
1213 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
1216 // Convert things into internal flags and prep our state:
1218 if config.channel_handshake_limits.force_announced_channel_preference {
1219 if config.channel_handshake_config.announced_channel != announced_channel {
1220 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
1224 let holder_selected_channel_reserve_satoshis = Channel::<Signer>::get_holder_selected_channel_reserve_satoshis(msg.funding_satoshis, config);
1225 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1226 // Protocol level safety check in place, although it should never happen because
1227 // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
1228 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1230 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
1231 return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg.push_msat)));
1233 if msg.channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1234 log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
1235 msg.channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
1237 if holder_selected_channel_reserve_satoshis < msg.dust_limit_satoshis {
1238 return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", msg.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
1241 // check if the funder's amount for the initial commitment tx is sufficient
1242 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
1243 let funders_amount_msat = msg.funding_satoshis * 1000 - msg.push_msat;
1244 let commitment_tx_fee = Self::commit_tx_fee_msat(msg.feerate_per_kw, MIN_AFFORDABLE_HTLC_COUNT, opt_anchors) / 1000;
1245 if funders_amount_msat / 1000 < commitment_tx_fee {
1246 return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", funders_amount_msat / 1000, commitment_tx_fee)));
1249 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee;
1250 // While it's reasonable for us to not meet the channel reserve initially (if they don't
1251 // want to push much to us), our counterparty should always have more than our reserve.
1252 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
1253 return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
1256 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
1257 match &msg.shutdown_scriptpubkey {
1258 &OptionalField::Present(ref script) => {
1259 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
1260 if script.len() == 0 {
1263 if !script::is_bolt2_compliant(&script, their_features) {
1264 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
1266 Some(script.clone())
1269 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
1270 &OptionalField::Absent => {
1271 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
1276 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
1277 Some(keys_provider.get_shutdown_scriptpubkey())
1280 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
1281 if !shutdown_scriptpubkey.is_compatible(&their_features) {
1282 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
1286 let mut secp_ctx = Secp256k1::new();
1287 secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());
1289 let chan = Channel {
1292 config: LegacyChannelConfig {
1293 options: config.channel_config.clone(),
1295 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
1300 inbound_handshake_limits_override: None,
1302 channel_id: msg.temporary_channel_id,
1303 channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
1304 announcement_sigs_state: AnnouncementSigsState::NotSent,
1307 latest_monitor_update_id: 0,
1310 shutdown_scriptpubkey,
1311 destination_script: keys_provider.get_destination_script(),
1313 cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1314 cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1315 value_to_self_msat: msg.push_msat,
1317 pending_inbound_htlcs: Vec::new(),
1318 pending_outbound_htlcs: Vec::new(),
1319 holding_cell_htlc_updates: Vec::new(),
1320 pending_update_fee: None,
1321 holding_cell_update_fee: None,
1322 next_holder_htlc_id: 0,
1323 next_counterparty_htlc_id: 0,
1324 update_time_counter: 1,
1326 resend_order: RAACommitmentOrder::CommitmentFirst,
1328 monitor_pending_channel_ready: false,
1329 monitor_pending_revoke_and_ack: false,
1330 monitor_pending_commitment_signed: false,
1331 monitor_pending_forwards: Vec::new(),
1332 monitor_pending_failures: Vec::new(),
1333 monitor_pending_finalized_fulfills: Vec::new(),
1335 #[cfg(debug_assertions)]
1336 holder_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
1337 #[cfg(debug_assertions)]
1338 counterparty_max_commitment_tx_output: Mutex::new((msg.push_msat, msg.funding_satoshis * 1000 - msg.push_msat)),
1340 last_sent_closing_fee: None,
1341 pending_counterparty_closing_signed: None,
1342 closing_fee_limits: None,
1343 target_closing_feerate_sats_per_kw: None,
1345 inbound_awaiting_accept: true,
1347 funding_tx_confirmed_in: None,
1348 funding_tx_confirmation_height: 0,
1349 short_channel_id: None,
1350 channel_creation_height: current_chain_height,
1352 feerate_per_kw: msg.feerate_per_kw,
1353 channel_value_satoshis: msg.funding_satoshis,
1354 counterparty_dust_limit_satoshis: msg.dust_limit_satoshis,
1355 holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
1356 counterparty_max_htlc_value_in_flight_msat: cmp::min(msg.max_htlc_value_in_flight_msat, msg.funding_satoshis * 1000),
1357 holder_max_htlc_value_in_flight_msat: Self::get_holder_max_htlc_value_in_flight_msat(msg.funding_satoshis, &config.channel_handshake_config),
1358 counterparty_selected_channel_reserve_satoshis: Some(msg.channel_reserve_satoshis),
1359 holder_selected_channel_reserve_satoshis,
1360 counterparty_htlc_minimum_msat: msg.htlc_minimum_msat,
1361 holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
1362 counterparty_max_accepted_htlcs: msg.max_accepted_htlcs,
1363 minimum_depth: Some(cmp::max(config.channel_handshake_config.minimum_depth, 1)),
1365 counterparty_forwarding_info: None,
1367 channel_transaction_parameters: ChannelTransactionParameters {
1368 holder_pubkeys: pubkeys,
1369 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
1370 is_outbound_from_holder: false,
1371 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
1372 selected_contest_delay: msg.to_self_delay,
1373 pubkeys: counterparty_pubkeys,
1375 funding_outpoint: None,
1376 opt_anchors: if opt_anchors { Some(()) } else { None },
1378 funding_transaction: None,
1380 counterparty_cur_commitment_point: Some(msg.first_per_commitment_point),
1381 counterparty_prev_commitment_point: None,
1382 counterparty_node_id,
1384 counterparty_shutdown_scriptpubkey,
1386 commitment_secrets: CounterpartyCommitmentSecrets::new(),
1388 channel_update_status: ChannelUpdateStatus::Enabled,
1389 closing_signed_in_flight: false,
1391 announcement_sigs: None,
1393 #[cfg(any(test, fuzzing))]
1394 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
1395 #[cfg(any(test, fuzzing))]
1396 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
1398 workaround_lnd_bug_4006: None,
1400 latest_inbound_scid_alias: None,
1401 outbound_scid_alias,
1403 channel_ready_event_emitted: false,
1405 #[cfg(any(test, fuzzing))]
1406 historical_inbound_htlc_fulfills: HashSet::new(),
1414 /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
1415 /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
1416 /// the transaction. Thus, b will generally be sending a signature over such a transaction to
1417 /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
1418 /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
1420 /// @local is used only to convert relevant internal structures which refer to remote vs local
1421 /// to decide value of outputs and direction of HTLCs.
1422 /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
1423 /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
1424 /// have not yet committed it. Such HTLCs will only be included in transactions which are being
1425 /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
1426 /// which peer generated this transaction and "to whom" this transaction flows.
1428 fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
1429 where L::Target: Logger
1431 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
1432 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
1433 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
1435 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
1436 let mut remote_htlc_total_msat = 0;
1437 let mut local_htlc_total_msat = 0;
1438 let mut value_to_self_msat_offset = 0;
1440 let mut feerate_per_kw = self.feerate_per_kw;
1441 if let Some((feerate, update_state)) = self.pending_update_fee {
1442 if match update_state {
1443 // Note that these match the inclusion criteria when scanning
1444 // pending_inbound_htlcs below.
1445 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
1446 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
1447 FeeUpdateState::Outbound => { assert!(self.is_outbound()); generated_by_local },
1449 feerate_per_kw = feerate;
1453 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
1454 commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
1455 get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
1456 log_bytes!(self.channel_id), if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
1458 macro_rules! get_htlc_in_commitment {
1459 ($htlc: expr, $offered: expr) => {
1460 HTLCOutputInCommitment {
1462 amount_msat: $htlc.amount_msat,
1463 cltv_expiry: $htlc.cltv_expiry,
1464 payment_hash: $htlc.payment_hash,
1465 transaction_output_index: None
1470 macro_rules! add_htlc_output {
1471 ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
1472 if $outbound == local { // "offered HTLC output"
1473 let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
1474 let htlc_tx_fee = if self.opt_anchors() {
1477 feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000
1479 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1480 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1481 included_non_dust_htlcs.push((htlc_in_tx, $source));
1483 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1484 included_dust_htlcs.push((htlc_in_tx, $source));
1487 let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
1488 let htlc_tx_fee = if self.opt_anchors() {
1491 feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000
1493 if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
1494 log_trace!(logger, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1495 included_non_dust_htlcs.push((htlc_in_tx, $source));
1497 log_trace!(logger, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
1498 included_dust_htlcs.push((htlc_in_tx, $source));
1504 for ref htlc in self.pending_inbound_htlcs.iter() {
1505 let (include, state_name) = match htlc.state {
1506 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
1507 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
1508 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
1509 InboundHTLCState::Committed => (true, "Committed"),
1510 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
1514 add_htlc_output!(htlc, false, None, state_name);
1515 remote_htlc_total_msat += htlc.amount_msat;
1517 log_trace!(logger, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1519 &InboundHTLCState::LocalRemoved(ref reason) => {
1520 if generated_by_local {
1521 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1522 value_to_self_msat_offset += htlc.amount_msat as i64;
1531 let mut preimages: Vec<PaymentPreimage> = Vec::new();
1533 for ref htlc in self.pending_outbound_htlcs.iter() {
1534 let (include, state_name) = match htlc.state {
1535 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
1536 OutboundHTLCState::Committed => (true, "Committed"),
1537 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
1538 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
1539 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
1542 let preimage_opt = match htlc.state {
1543 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
1544 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
1545 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
1549 if let Some(preimage) = preimage_opt {
1550 preimages.push(preimage);
1554 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
1555 local_htlc_total_msat += htlc.amount_msat;
1557 log_trace!(logger, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
1559 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
1560 value_to_self_msat_offset -= htlc.amount_msat as i64;
1562 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
1563 if !generated_by_local {
1564 value_to_self_msat_offset -= htlc.amount_msat as i64;
1572 let mut value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
1573 assert!(value_to_self_msat >= 0);
1574 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
1575 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
1576 // "violate" their reserve value by couting those against it. Thus, we have to convert
1577 // everything to i64 before subtracting as otherwise we can overflow.
1578 let mut value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
1579 assert!(value_to_remote_msat >= 0);
1581 #[cfg(debug_assertions)]
1583 // Make sure that the to_self/to_remote is always either past the appropriate
1584 // channel_reserve *or* it is making progress towards it.
1585 let mut broadcaster_max_commitment_tx_output = if generated_by_local {
1586 self.holder_max_commitment_tx_output.lock().unwrap()
1588 self.counterparty_max_commitment_tx_output.lock().unwrap()
1590 debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
1591 broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
1592 debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
1593 broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
1596 let total_fee_sat = Channel::<Signer>::commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), self.channel_transaction_parameters.opt_anchors.is_some());
1597 let anchors_val = if self.channel_transaction_parameters.opt_anchors.is_some() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
1598 let (value_to_self, value_to_remote) = if self.is_outbound() {
1599 (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
1601 (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
1604 let mut value_to_a = if local { value_to_self } else { value_to_remote };
1605 let mut value_to_b = if local { value_to_remote } else { value_to_self };
1606 let (funding_pubkey_a, funding_pubkey_b) = if local {
1607 (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
1609 (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
1612 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
1613 log_trace!(logger, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
1618 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
1619 log_trace!(logger, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
1624 let num_nondust_htlcs = included_non_dust_htlcs.len();
1626 let channel_parameters =
1627 if local { self.channel_transaction_parameters.as_holder_broadcastable() }
1628 else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
1629 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
1632 self.channel_transaction_parameters.opt_anchors.is_some(),
1637 &mut included_non_dust_htlcs,
1640 let mut htlcs_included = included_non_dust_htlcs;
1641 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
1642 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
1643 htlcs_included.append(&mut included_dust_htlcs);
1645 // For the stats, trimmed-to-0 the value in msats accordingly
1646 value_to_self_msat = if (value_to_self_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_self_msat };
1647 value_to_remote_msat = if (value_to_remote_msat * 1000) < broadcaster_dust_limit_satoshis as i64 { 0 } else { value_to_remote_msat };
1655 local_balance_msat: value_to_self_msat as u64,
1656 remote_balance_msat: value_to_remote_msat as u64,
1662 fn get_closing_scriptpubkey(&self) -> Script {
1663 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
1664 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
1665 // outside of those situations will fail.
1666 self.shutdown_scriptpubkey.clone().unwrap().into_inner()
1670 fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
1675 1 + // script length (0)
1679 )*4 + // * 4 for non-witness parts
1680 2 + // witness marker and flag
1681 1 + // witness element count
1682 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script)
1683 self.get_funding_redeemscript().len() as u64 + // funding witness script
1684 2*(1 + 71); // two signatures + sighash type flags
1685 if let Some(spk) = a_scriptpubkey {
1686 ret += ((8+1) + // output values and script length
1687 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
1689 if let Some(spk) = b_scriptpubkey {
1690 ret += ((8+1) + // output values and script length
1691 spk.len() as u64) * 4; // scriptpubkey and witness multiplier
1697 fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
1698 assert!(self.pending_inbound_htlcs.is_empty());
1699 assert!(self.pending_outbound_htlcs.is_empty());
1700 assert!(self.pending_update_fee.is_none());
1702 let mut total_fee_satoshis = proposed_total_fee_satoshis;
1703 let mut value_to_holder: i64 = (self.value_to_self_msat as i64) / 1000 - if self.is_outbound() { total_fee_satoshis as i64 } else { 0 };
1704 let mut value_to_counterparty: i64 = ((self.channel_value_satoshis * 1000 - self.value_to_self_msat) as i64 / 1000) - if self.is_outbound() { 0 } else { total_fee_satoshis as i64 };
1706 if value_to_holder < 0 {
1707 assert!(self.is_outbound());
1708 total_fee_satoshis += (-value_to_holder) as u64;
1709 } else if value_to_counterparty < 0 {
1710 assert!(!self.is_outbound());
1711 total_fee_satoshis += (-value_to_counterparty) as u64;
1714 if skip_remote_output || value_to_counterparty as u64 <= self.holder_dust_limit_satoshis {
1715 value_to_counterparty = 0;
1718 if value_to_holder as u64 <= self.holder_dust_limit_satoshis {
1719 value_to_holder = 0;
1722 assert!(self.shutdown_scriptpubkey.is_some());
1723 let holder_shutdown_script = self.get_closing_scriptpubkey();
1724 let counterparty_shutdown_script = self.counterparty_shutdown_scriptpubkey.clone().unwrap();
1725 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
1727 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
1728 (closing_transaction, total_fee_satoshis)
1731 fn funding_outpoint(&self) -> OutPoint {
1732 self.channel_transaction_parameters.funding_outpoint.unwrap()
1736 /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
1737 /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
1738 /// our counterparty!)
1739 /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
1740 /// TODO Some magic rust shit to compile-time check this?
1741 fn build_holder_transaction_keys(&self, commitment_number: u64) -> Result<TxCreationKeys, ChannelError> {
1742 let per_commitment_point = self.holder_signer.get_per_commitment_point(commitment_number, &self.secp_ctx);
1743 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
1744 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1745 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1747 Ok(secp_check!(TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint), "Local tx keys generation got bogus keys".to_owned()))
1751 /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
1752 /// will sign and send to our counterparty.
1753 /// If an Err is returned, it is a ChannelError::Close (for get_outbound_funding_created)
1754 fn build_remote_transaction_keys(&self) -> Result<TxCreationKeys, ChannelError> {
1755 //TODO: Ensure that the payment_key derived here ends up in the library users' wallet as we
1756 //may see payments to it!
1757 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
1758 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
1759 let counterparty_pubkeys = self.get_counterparty_pubkeys();
1761 Ok(secp_check!(TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint), "Remote tx keys generation got bogus keys".to_owned()))
1764 /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
1765 /// pays to get_funding_redeemscript().to_v0_p2wsh()).
1766 /// Panics if called before accept_channel/new_from_req
1767 pub fn get_funding_redeemscript(&self) -> Script {
1768 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
1771 /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
1774 /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
1775 /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
1777 /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
1779 pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
1780 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
1781 where L::Target: Logger {
1782 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
1783 // (see equivalent if condition there).
1784 assert!(self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0);
1785 let mon_update_id = self.latest_monitor_update_id; // Forget the ChannelMonitor update
1786 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
1787 self.latest_monitor_update_id = mon_update_id;
1788 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
1789 assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
1793 fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
1794 // Either ChannelReady got set (which means it won't be unset) or there is no way any
1795 // caller thought we could have something claimed (cause we wouldn't have accepted in an
1796 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
1798 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
1799 panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
1801 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
1803 let payment_hash_calc = PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).into_inner());
1805 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
1806 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
1807 // these, but for now we just have to treat them as normal.
1809 let mut pending_idx = core::usize::MAX;
1810 let mut htlc_value_msat = 0;
1811 for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
1812 if htlc.htlc_id == htlc_id_arg {
1813 assert_eq!(htlc.payment_hash, payment_hash_calc);
1815 InboundHTLCState::Committed => {},
1816 InboundHTLCState::LocalRemoved(ref reason) => {
1817 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1819 log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id()));
1820 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
1822 return UpdateFulfillFetch::DuplicateClaim {};
1825 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1826 // Don't return in release mode here so that we can update channel_monitor
1830 htlc_value_msat = htlc.amount_msat;
1834 if pending_idx == core::usize::MAX {
1835 #[cfg(any(test, fuzzing))]
1836 // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
1837 // this is simply a duplicate claim, not previously failed and we lost funds.
1838 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1839 return UpdateFulfillFetch::DuplicateClaim {};
1842 // Now update local state:
1844 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
1845 // can claim it even if the channel hits the chain before we see their next commitment.
1846 self.latest_monitor_update_id += 1;
1847 let monitor_update = ChannelMonitorUpdate {
1848 update_id: self.latest_monitor_update_id,
1849 updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
1850 payment_preimage: payment_preimage_arg.clone(),
1854 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
1855 // Note that this condition is the same as the assertion in
1856 // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
1857 // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
1858 // do not not get into this branch.
1859 for pending_update in self.holding_cell_htlc_updates.iter() {
1860 match pending_update {
1861 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
1862 if htlc_id_arg == htlc_id {
1863 // Make sure we don't leave latest_monitor_update_id incremented here:
1864 self.latest_monitor_update_id -= 1;
1865 #[cfg(any(test, fuzzing))]
1866 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1867 return UpdateFulfillFetch::DuplicateClaim {};
1870 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
1871 if htlc_id_arg == htlc_id {
1872 log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", log_bytes!(self.channel_id()));
1873 // TODO: We may actually be able to switch to a fulfill here, though its
1874 // rare enough it may not be worth the complexity burden.
1875 debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
1876 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1882 log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", log_bytes!(self.channel_id()), self.channel_state);
1883 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
1884 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
1886 #[cfg(any(test, fuzzing))]
1887 self.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
1888 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1890 #[cfg(any(test, fuzzing))]
1891 self.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
1894 let htlc = &mut self.pending_inbound_htlcs[pending_idx];
1895 if let InboundHTLCState::Committed = htlc.state {
1897 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1898 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
1900 log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
1901 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
1904 UpdateFulfillFetch::NewClaim {
1907 msg: Some(msgs::UpdateFulfillHTLC {
1908 channel_id: self.channel_id(),
1909 htlc_id: htlc_id_arg,
1910 payment_preimage: payment_preimage_arg,
1915 pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> Result<UpdateFulfillCommitFetch, (ChannelError, ChannelMonitorUpdate)> where L::Target: Logger {
1916 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
1917 UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg: Some(update_fulfill_htlc) } => {
1918 let (commitment, mut additional_update) = match self.send_commitment_no_status_check(logger) {
1919 Err(e) => return Err((e, monitor_update)),
1922 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
1923 // strictly increasing by one, so decrement it here.
1924 self.latest_monitor_update_id = monitor_update.update_id;
1925 monitor_update.updates.append(&mut additional_update.updates);
1926 Ok(UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, msgs: Some((update_fulfill_htlc, commitment)) })
1928 UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None } =>
1929 Ok(UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, msgs: None }),
1930 UpdateFulfillFetch::DuplicateClaim {} => Ok(UpdateFulfillCommitFetch::DuplicateClaim {}),
1934 /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
1935 /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
1936 /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
1937 /// before we fail backwards.
1938 /// If we do fail twice, we debug_assert!(false) and return Ok(None). Thus, will always return
1939 /// Ok(_) if debug assertions are turned on or preconditions are met.
1940 pub fn get_update_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L) -> Result<Option<msgs::UpdateFailHTLC>, ChannelError> where L::Target: Logger {
1941 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
1942 panic!("Was asked to fail an HTLC when channel was not in an operational state");
1944 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
1946 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
1947 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
1948 // these, but for now we just have to treat them as normal.
1950 let mut pending_idx = core::usize::MAX;
1951 for (idx, htlc) in self.pending_inbound_htlcs.iter().enumerate() {
1952 if htlc.htlc_id == htlc_id_arg {
1954 InboundHTLCState::Committed => {},
1955 InboundHTLCState::LocalRemoved(ref reason) => {
1956 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
1958 debug_assert!(false, "Tried to fail an HTLC that was already failed");
1963 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
1964 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
1970 if pending_idx == core::usize::MAX {
1971 #[cfg(any(test, fuzzing))]
1972 // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
1973 // is simply a duplicate fail, not previously failed and we failed-back too early.
1974 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1978 // Now update local state:
1979 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
1980 for pending_update in self.holding_cell_htlc_updates.iter() {
1981 match pending_update {
1982 &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
1983 if htlc_id_arg == htlc_id {
1984 #[cfg(any(test, fuzzing))]
1985 debug_assert!(self.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
1989 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
1990 if htlc_id_arg == htlc_id {
1991 debug_assert!(false, "Tried to fail an HTLC that was already failed");
1992 return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
1998 log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, log_bytes!(self.channel_id()));
1999 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::FailHTLC {
2000 htlc_id: htlc_id_arg,
2006 log_trace!(logger, "Failing HTLC ID {} back with a update_fail_htlc message in channel {}.", htlc_id_arg, log_bytes!(self.channel_id()));
2008 let htlc = &mut self.pending_inbound_htlcs[pending_idx];
2009 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(err_packet.clone()));
2012 Ok(Some(msgs::UpdateFailHTLC {
2013 channel_id: self.channel_id(),
2014 htlc_id: htlc_id_arg,
2019 // Message handlers:
2021 pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
2022 let peer_limits = if let Some(ref limits) = self.inbound_handshake_limits_override { limits } else { default_limits };
2024 // Check sanity of message fields:
2025 if !self.is_outbound() {
2026 return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
2028 if self.channel_state != ChannelState::OurInitSent as u32 {
2029 return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
2031 if msg.dust_limit_satoshis > 21000000 * 100000000 {
2032 return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.dust_limit_satoshis)));
2034 if msg.channel_reserve_satoshis > self.channel_value_satoshis {
2035 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.channel_value_satoshis)));
2037 if msg.dust_limit_satoshis > self.holder_selected_channel_reserve_satoshis {
2038 return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.dust_limit_satoshis, self.holder_selected_channel_reserve_satoshis)));
2040 if msg.channel_reserve_satoshis > self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis {
2041 return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
2042 msg.channel_reserve_satoshis, self.channel_value_satoshis - self.holder_selected_channel_reserve_satoshis)));
2044 let full_channel_value_msat = (self.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
2045 if msg.htlc_minimum_msat >= full_channel_value_msat {
2046 return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.htlc_minimum_msat, full_channel_value_msat)));
2048 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
2049 if msg.to_self_delay > max_delay_acceptable {
2050 return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.to_self_delay)));
2052 if msg.max_accepted_htlcs < 1 {
2053 return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
2055 if msg.max_accepted_htlcs > MAX_HTLCS {
2056 return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.max_accepted_htlcs, MAX_HTLCS)));
2059 // Now check against optional parameters as set by config...
2060 if msg.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
2061 return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
2063 if msg.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
2064 return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
2066 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
2067 return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
2069 if msg.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
2070 return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
2072 if msg.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
2073 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
2075 if msg.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
2076 return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
2078 if msg.minimum_depth > peer_limits.max_minimum_depth {
2079 return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.minimum_depth)));
2082 if let Some(ty) = &msg.channel_type {
2083 if *ty != self.channel_type {
2084 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
2086 } else if their_features.supports_channel_type() {
2087 // Assume they've accepted the channel type as they said they understand it.
2089 self.channel_type = ChannelTypeFeatures::from_counterparty_init(&their_features)
2092 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
2093 match &msg.shutdown_scriptpubkey {
2094 &OptionalField::Present(ref script) => {
2095 // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
2096 if script.len() == 0 {
2099 if !script::is_bolt2_compliant(&script, their_features) {
2100 return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
2102 Some(script.clone())
2105 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
2106 &OptionalField::Absent => {
2107 return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
2112 self.counterparty_dust_limit_satoshis = msg.dust_limit_satoshis;
2113 self.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.max_htlc_value_in_flight_msat, self.channel_value_satoshis * 1000);
2114 self.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
2115 self.counterparty_htlc_minimum_msat = msg.htlc_minimum_msat;
2116 self.counterparty_max_accepted_htlcs = msg.max_accepted_htlcs;
2118 if peer_limits.trust_own_funding_0conf {
2119 self.minimum_depth = Some(msg.minimum_depth);
2121 self.minimum_depth = Some(cmp::max(1, msg.minimum_depth));
2124 let counterparty_pubkeys = ChannelPublicKeys {
2125 funding_pubkey: msg.funding_pubkey,
2126 revocation_basepoint: msg.revocation_basepoint,
2127 payment_point: msg.payment_point,
2128 delayed_payment_basepoint: msg.delayed_payment_basepoint,
2129 htlc_basepoint: msg.htlc_basepoint
2132 self.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
2133 selected_contest_delay: msg.to_self_delay,
2134 pubkeys: counterparty_pubkeys,
2137 self.counterparty_cur_commitment_point = Some(msg.first_per_commitment_point);
2138 self.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
2140 self.channel_state = ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32;
2141 self.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
2146 fn funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<(Txid, CommitmentTransaction, Signature), ChannelError> where L::Target: Logger {
2147 let funding_script = self.get_funding_redeemscript();
2149 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
2150 let initial_commitment_tx = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
2152 let trusted_tx = initial_commitment_tx.trust();
2153 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2154 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2155 // They sign the holder commitment transaction...
2156 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
2157 log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.counterparty_funding_pubkey().serialize()),
2158 encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
2159 encode::serialize_hex(&funding_script), log_bytes!(self.channel_id()));
2160 secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &sig, self.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
2163 let counterparty_keys = self.build_remote_transaction_keys()?;
2164 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2166 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2167 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2168 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2169 log_bytes!(self.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2171 let counterparty_signature = self.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
2172 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0;
2174 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
2175 Ok((counterparty_initial_bitcoin_tx.txid, initial_commitment_tx, counterparty_signature))
2178 fn counterparty_funding_pubkey(&self) -> &PublicKey {
2179 &self.get_counterparty_pubkeys().funding_pubkey
2182 pub fn funding_created<L: Deref>(&mut self, msg: &msgs::FundingCreated, best_block: BestBlock, logger: &L) -> Result<(msgs::FundingSigned, ChannelMonitor<Signer>, Option<msgs::ChannelReady>), ChannelError> where L::Target: Logger {
2183 if self.is_outbound() {
2184 return Err(ChannelError::Close("Received funding_created for an outbound channel?".to_owned()));
2186 if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
2187 // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
2188 // remember the channel, so it's safe to just send an error_message here and drop the
2190 return Err(ChannelError::Close("Received funding_created after we got the channel!".to_owned()));
2192 if self.inbound_awaiting_accept {
2193 return Err(ChannelError::Close("FundingCreated message received before the channel was accepted".to_owned()));
2195 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2196 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2197 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2198 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2201 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
2202 self.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
2203 // This is an externally observable change before we finish all our checks. In particular
2204 // funding_created_signature may fail.
2205 self.holder_signer.ready_channel(&self.channel_transaction_parameters);
2207 let (counterparty_initial_commitment_txid, initial_commitment_tx, signature) = match self.funding_created_signature(&msg.signature, logger) {
2209 Err(ChannelError::Close(e)) => {
2210 self.channel_transaction_parameters.funding_outpoint = None;
2211 return Err(ChannelError::Close(e));
2214 // The only error we know how to handle is ChannelError::Close, so we fall over here
2215 // to make sure we don't continue with an inconsistent state.
2216 panic!("unexpected error type from funding_created_signature {:?}", e);
2220 let holder_commitment_tx = HolderCommitmentTransaction::new(
2221 initial_commitment_tx,
2224 &self.get_holder_pubkeys().funding_pubkey,
2225 self.counterparty_funding_pubkey()
2228 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2229 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2231 // Now that we're past error-generating stuff, update our local state:
2233 let funding_redeemscript = self.get_funding_redeemscript();
2234 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2235 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound());
2236 let shutdown_script = self.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2237 let channel_monitor = ChannelMonitor::new(self.secp_ctx.clone(), self.holder_signer.clone(),
2238 shutdown_script, self.get_holder_selected_contest_delay(),
2239 &self.destination_script, (funding_txo, funding_txo_script.clone()),
2240 &self.channel_transaction_parameters,
2241 funding_redeemscript.clone(), self.channel_value_satoshis,
2243 holder_commitment_tx, best_block, self.counterparty_node_id);
2245 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_commitment_txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
2247 self.channel_state = ChannelState::FundingSent as u32;
2248 self.channel_id = funding_txo.to_channel_id();
2249 self.cur_counterparty_commitment_transaction_number -= 1;
2250 self.cur_holder_commitment_transaction_number -= 1;
2252 log_info!(logger, "Generated funding_signed for peer for channel {}", log_bytes!(self.channel_id()));
2254 Ok((msgs::FundingSigned {
2255 channel_id: self.channel_id,
2257 }, channel_monitor, self.check_get_channel_ready(0)))
2260 /// Handles a funding_signed message from the remote end.
2261 /// If this call is successful, broadcast the funding transaction (and not before!)
2262 pub fn funding_signed<L: Deref>(&mut self, msg: &msgs::FundingSigned, best_block: BestBlock, logger: &L) -> Result<(ChannelMonitor<Signer>, Transaction, Option<msgs::ChannelReady>), ChannelError> where L::Target: Logger {
2263 if !self.is_outbound() {
2264 return Err(ChannelError::Close("Received funding_signed for an inbound channel?".to_owned()));
2266 if self.channel_state & !(ChannelState::MonitorUpdateInProgress as u32) != ChannelState::FundingCreated as u32 {
2267 return Err(ChannelError::Close("Received funding_signed in strange state!".to_owned()));
2269 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
2270 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
2271 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
2272 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
2275 let funding_script = self.get_funding_redeemscript();
2277 let counterparty_keys = self.build_remote_transaction_keys()?;
2278 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
2279 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
2280 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
2282 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
2283 log_bytes!(self.channel_id()), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
2285 let holder_signer = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
2286 let initial_commitment_tx = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
2288 let trusted_tx = initial_commitment_tx.trust();
2289 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
2290 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2291 // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
2292 if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) {
2293 return Err(ChannelError::Close("Invalid funding_signed signature from peer".to_owned()));
2297 let holder_commitment_tx = HolderCommitmentTransaction::new(
2298 initial_commitment_tx,
2301 &self.get_holder_pubkeys().funding_pubkey,
2302 self.counterparty_funding_pubkey()
2305 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, Vec::new())
2306 .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
2309 let funding_redeemscript = self.get_funding_redeemscript();
2310 let funding_txo = self.get_funding_txo().unwrap();
2311 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
2312 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound());
2313 let shutdown_script = self.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
2314 let channel_monitor = ChannelMonitor::new(self.secp_ctx.clone(), self.holder_signer.clone(),
2315 shutdown_script, self.get_holder_selected_contest_delay(),
2316 &self.destination_script, (funding_txo, funding_txo_script),
2317 &self.channel_transaction_parameters,
2318 funding_redeemscript.clone(), self.channel_value_satoshis,
2320 holder_commitment_tx, best_block, self.counterparty_node_id);
2322 channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_bitcoin_tx.txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
2324 assert_eq!(self.channel_state & (ChannelState::MonitorUpdateInProgress as u32), 0); // We have no had any monitor(s) yet to fail update!
2325 self.channel_state = ChannelState::FundingSent as u32;
2326 self.cur_holder_commitment_transaction_number -= 1;
2327 self.cur_counterparty_commitment_transaction_number -= 1;
2329 log_info!(logger, "Received funding_signed from peer for channel {}", log_bytes!(self.channel_id()));
2331 Ok((channel_monitor, self.funding_transaction.as_ref().cloned().unwrap(), self.check_get_channel_ready(0)))
2334 /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
2335 /// and the channel is now usable (and public), this may generate an announcement_signatures to
2337 pub fn channel_ready<L: Deref>(&mut self, msg: &msgs::ChannelReady, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock, logger: &L) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError> where L::Target: Logger {
2338 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2339 self.workaround_lnd_bug_4006 = Some(msg.clone());
2340 return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
2343 if let Some(scid_alias) = msg.short_channel_id_alias {
2344 if Some(scid_alias) != self.short_channel_id {
2345 // The scid alias provided can be used to route payments *from* our counterparty,
2346 // i.e. can be used for inbound payments and provided in invoices, but is not used
2347 // when routing outbound payments.
2348 self.latest_inbound_scid_alias = Some(scid_alias);
2352 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
2354 if non_shutdown_state == ChannelState::FundingSent as u32 {
2355 self.channel_state |= ChannelState::TheirChannelReady as u32;
2356 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
2357 self.channel_state = ChannelState::ChannelReady as u32 | (self.channel_state & MULTI_STATE_FLAGS);
2358 self.update_time_counter += 1;
2359 } else if self.channel_state & (ChannelState::ChannelReady as u32) != 0 ||
2360 // If we reconnected before sending our `channel_ready` they may still resend theirs:
2361 (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) ==
2362 (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32))
2364 // They probably disconnected/reconnected and re-sent the channel_ready, which is
2365 // required, or they're sending a fresh SCID alias.
2366 let expected_point =
2367 if self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
2368 // If they haven't ever sent an updated point, the point they send should match
2370 self.counterparty_cur_commitment_point
2372 // If they have sent updated points, channel_ready is always supposed to match
2373 // their "first" point, which we re-derive here.
2374 Some(PublicKey::from_secret_key(&self.secp_ctx, &SecretKey::from_slice(
2375 &self.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
2376 ).expect("We already advanced, so previous secret keys should have been validated already")))
2378 if expected_point != Some(msg.next_per_commitment_point) {
2379 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
2383 return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned()));
2386 self.counterparty_prev_commitment_point = self.counterparty_cur_commitment_point;
2387 self.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
2389 log_info!(logger, "Received channel_ready from peer for channel {}", log_bytes!(self.channel_id()));
2391 Ok(self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger))
2394 /// Returns transaction if there is pending funding transaction that is yet to broadcast
2395 pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
2396 if self.channel_state & (ChannelState::FundingCreated as u32) != 0 {
2397 self.funding_transaction.clone()
2403 /// Returns a HTLCStats about inbound pending htlcs
2404 fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2405 let mut stats = HTLCStats {
2406 pending_htlcs: self.pending_inbound_htlcs.len() as u32,
2407 pending_htlcs_value_msat: 0,
2408 on_counterparty_tx_dust_exposure_msat: 0,
2409 on_holder_tx_dust_exposure_msat: 0,
2410 holding_cell_msat: 0,
2411 on_holder_tx_holding_cell_htlcs_count: 0,
2414 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2417 let dust_buffer_feerate = self.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2418 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2419 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2421 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2422 let holder_dust_limit_success_sat = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2423 for ref htlc in self.pending_inbound_htlcs.iter() {
2424 stats.pending_htlcs_value_msat += htlc.amount_msat;
2425 if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
2426 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2428 if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
2429 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2435 /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
2436 fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2437 let mut stats = HTLCStats {
2438 pending_htlcs: self.pending_outbound_htlcs.len() as u32,
2439 pending_htlcs_value_msat: 0,
2440 on_counterparty_tx_dust_exposure_msat: 0,
2441 on_holder_tx_dust_exposure_msat: 0,
2442 holding_cell_msat: 0,
2443 on_holder_tx_holding_cell_htlcs_count: 0,
2446 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2449 let dust_buffer_feerate = self.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2450 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2451 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2453 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
2454 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
2455 for ref htlc in self.pending_outbound_htlcs.iter() {
2456 stats.pending_htlcs_value_msat += htlc.amount_msat;
2457 if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
2458 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2460 if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
2461 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2465 for update in self.holding_cell_htlc_updates.iter() {
2466 if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
2467 stats.pending_htlcs += 1;
2468 stats.pending_htlcs_value_msat += amount_msat;
2469 stats.holding_cell_msat += amount_msat;
2470 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
2471 stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
2473 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
2474 stats.on_holder_tx_dust_exposure_msat += amount_msat;
2476 stats.on_holder_tx_holding_cell_htlcs_count += 1;
2483 /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
2484 /// Doesn't bother handling the
2485 /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
2486 /// corner case properly.
2487 pub fn get_available_balances(&self) -> AvailableBalances {
2488 // Note that we have to handle overflow due to the above case.
2489 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
2491 let mut balance_msat = self.value_to_self_msat;
2492 for ref htlc in self.pending_inbound_htlcs.iter() {
2493 if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
2494 balance_msat += htlc.amount_msat;
2497 balance_msat -= outbound_stats.pending_htlcs_value_msat;
2499 let outbound_capacity_msat = cmp::max(self.value_to_self_msat as i64
2500 - outbound_stats.pending_htlcs_value_msat as i64
2501 - self.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) as i64 * 1000,
2504 inbound_capacity_msat: cmp::max(self.channel_value_satoshis as i64 * 1000
2505 - self.value_to_self_msat as i64
2506 - self.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
2507 - self.holder_selected_channel_reserve_satoshis as i64 * 1000,
2509 outbound_capacity_msat,
2510 next_outbound_htlc_limit_msat: cmp::max(cmp::min(outbound_capacity_msat as i64,
2511 self.counterparty_max_htlc_value_in_flight_msat as i64
2512 - outbound_stats.pending_htlcs_value_msat as i64),
2518 pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
2519 (self.holder_selected_channel_reserve_satoshis, self.counterparty_selected_channel_reserve_satoshis)
2522 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
2523 // Note that num_htlcs should not include dust HTLCs.
2524 fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, opt_anchors: bool) -> u64 {
2525 // Note that we need to divide before multiplying to round properly,
2526 // since the lowest denomination of bitcoin on-chain is the satoshi.
2527 (commitment_tx_base_weight(opt_anchors) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
2530 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
2531 // Note that num_htlcs should not include dust HTLCs.
2533 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, opt_anchors: bool) -> u64 {
2534 feerate_per_kw as u64 * (commitment_tx_base_weight(opt_anchors) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
2537 // Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
2538 // number of pending HTLCs that are on track to be in our next commitment tx, plus an additional
2539 // HTLC if `fee_spike_buffer_htlc` is Some, plus a new HTLC given by `new_htlc_amount`. Dust HTLCs
2541 fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
2542 assert!(self.is_outbound());
2544 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
2547 (self.feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000,
2548 self.feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000)
2550 let real_dust_limit_success_sat = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2551 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
2553 let mut addl_htlcs = 0;
2554 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
2556 HTLCInitiator::LocalOffered => {
2557 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
2561 HTLCInitiator::RemoteOffered => {
2562 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
2568 let mut included_htlcs = 0;
2569 for ref htlc in self.pending_inbound_htlcs.iter() {
2570 if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
2573 // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
2574 // transaction including this HTLC if it times out before they RAA.
2575 included_htlcs += 1;
2578 for ref htlc in self.pending_outbound_htlcs.iter() {
2579 if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
2583 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
2584 OutboundHTLCState::Committed => included_htlcs += 1,
2585 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
2586 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
2587 // transaction won't be generated until they send us their next RAA, which will mean
2588 // dropping any HTLCs in this state.
2593 for htlc in self.holding_cell_htlc_updates.iter() {
2595 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
2596 if amount_msat / 1000 < real_dust_limit_timeout_sat {
2601 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
2602 // ack we're guaranteed to never include them in commitment txs anymore.
2606 let num_htlcs = included_htlcs + addl_htlcs;
2607 let res = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs, self.opt_anchors());
2608 #[cfg(any(test, fuzzing))]
2611 if fee_spike_buffer_htlc.is_some() {
2612 fee = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs - 1, self.opt_anchors());
2614 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len()
2615 + self.holding_cell_htlc_updates.len();
2616 let commitment_tx_info = CommitmentTxInfoCached {
2618 total_pending_htlcs,
2619 next_holder_htlc_id: match htlc.origin {
2620 HTLCInitiator::LocalOffered => self.next_holder_htlc_id + 1,
2621 HTLCInitiator::RemoteOffered => self.next_holder_htlc_id,
2623 next_counterparty_htlc_id: match htlc.origin {
2624 HTLCInitiator::LocalOffered => self.next_counterparty_htlc_id,
2625 HTLCInitiator::RemoteOffered => self.next_counterparty_htlc_id + 1,
2627 feerate: self.feerate_per_kw,
2629 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2634 // Get the commitment tx fee for the remote's next commitment transaction based on the number of
2635 // pending HTLCs that are on track to be in their next commitment tx, plus an additional HTLC if
2636 // `fee_spike_buffer_htlc` is Some, plus a new HTLC given by `new_htlc_amount`. Dust HTLCs are
2638 fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
2639 assert!(!self.is_outbound());
2641 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
2644 (self.feerate_per_kw as u64 * htlc_success_tx_weight(false) / 1000,
2645 self.feerate_per_kw as u64 * htlc_timeout_tx_weight(false) / 1000)
2647 let real_dust_limit_success_sat = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
2648 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2650 let mut addl_htlcs = 0;
2651 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
2653 HTLCInitiator::LocalOffered => {
2654 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
2658 HTLCInitiator::RemoteOffered => {
2659 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
2665 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
2666 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
2667 // committed outbound HTLCs, see below.
2668 let mut included_htlcs = 0;
2669 for ref htlc in self.pending_inbound_htlcs.iter() {
2670 if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
2673 included_htlcs += 1;
2676 for ref htlc in self.pending_outbound_htlcs.iter() {
2677 if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
2680 // We only include outbound HTLCs if it will not be included in their next commitment_signed,
2681 // i.e. if they've responded to us with an RAA after announcement.
2683 OutboundHTLCState::Committed => included_htlcs += 1,
2684 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
2685 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
2690 let num_htlcs = included_htlcs + addl_htlcs;
2691 let res = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs, self.opt_anchors());
2692 #[cfg(any(test, fuzzing))]
2695 if fee_spike_buffer_htlc.is_some() {
2696 fee = Self::commit_tx_fee_msat(self.feerate_per_kw, num_htlcs - 1, self.opt_anchors());
2698 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
2699 let commitment_tx_info = CommitmentTxInfoCached {
2701 total_pending_htlcs,
2702 next_holder_htlc_id: match htlc.origin {
2703 HTLCInitiator::LocalOffered => self.next_holder_htlc_id + 1,
2704 HTLCInitiator::RemoteOffered => self.next_holder_htlc_id,
2706 next_counterparty_htlc_id: match htlc.origin {
2707 HTLCInitiator::LocalOffered => self.next_counterparty_htlc_id,
2708 HTLCInitiator::RemoteOffered => self.next_counterparty_htlc_id + 1,
2710 feerate: self.feerate_per_kw,
2712 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
2717 pub fn update_add_htlc<F, L: Deref>(&mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus, create_pending_htlc_status: F, logger: &L) -> Result<(), ChannelError>
2718 where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus, L::Target: Logger {
2719 // We can't accept HTLCs sent after we've sent a shutdown.
2720 let local_sent_shutdown = (self.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::LocalShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2721 if local_sent_shutdown {
2722 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
2724 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
2725 let remote_sent_shutdown = (self.channel_state & (ChannelState::ChannelReady as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelReady as u32);
2726 if remote_sent_shutdown {
2727 return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
2729 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2730 return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
2732 if msg.amount_msat > self.channel_value_satoshis * 1000 {
2733 return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
2735 if msg.amount_msat == 0 {
2736 return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
2738 if msg.amount_msat < self.holder_htlc_minimum_msat {
2739 return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.holder_htlc_minimum_msat, msg.amount_msat)));
2742 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
2743 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
2744 if inbound_stats.pending_htlcs + 1 > OUR_MAX_HTLCS as u32 {
2745 return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", OUR_MAX_HTLCS)));
2747 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.holder_max_htlc_value_in_flight_msat {
2748 return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.holder_max_htlc_value_in_flight_msat)));
2750 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
2751 // the reserve_satoshis we told them to always have as direct payment so that they lose
2752 // something if we punish them for broadcasting an old state).
2753 // Note that we don't really care about having a small/no to_remote output in our local
2754 // commitment transactions, as the purpose of the channel reserve is to ensure we can
2755 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
2756 // present in the next commitment transaction we send them (at least for fulfilled ones,
2757 // failed ones won't modify value_to_self).
2758 // Note that we will send HTLCs which another instance of rust-lightning would think
2759 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
2760 // Channel state once they will not be present in the next received commitment
2762 let mut removed_outbound_total_msat = 0;
2763 for ref htlc in self.pending_outbound_htlcs.iter() {
2764 if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
2765 removed_outbound_total_msat += htlc.amount_msat;
2766 } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
2767 removed_outbound_total_msat += htlc.amount_msat;
2771 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.opt_anchors() {
2774 let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
2775 (dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000,
2776 dust_buffer_feerate * htlc_success_tx_weight(false) / 1000)
2778 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.counterparty_dust_limit_satoshis;
2779 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
2780 let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
2781 if on_counterparty_tx_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
2782 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
2783 on_counterparty_tx_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat());
2784 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2788 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2789 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
2790 let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
2791 if on_holder_tx_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
2792 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
2793 on_holder_tx_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat());
2794 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2798 let pending_value_to_self_msat =
2799 self.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
2800 let pending_remote_value_msat =
2801 self.channel_value_satoshis * 1000 - pending_value_to_self_msat;
2802 if pending_remote_value_msat < msg.amount_msat {
2803 return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
2806 // Check that the remote can afford to pay for this HTLC on-chain at the current
2807 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
2808 let remote_commit_tx_fee_msat = if self.is_outbound() { 0 } else {
2809 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2810 self.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
2812 if pending_remote_value_msat - msg.amount_msat < remote_commit_tx_fee_msat {
2813 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
2816 if pending_remote_value_msat - msg.amount_msat - remote_commit_tx_fee_msat < self.holder_selected_channel_reserve_satoshis * 1000 {
2817 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
2820 if !self.is_outbound() {
2821 // `2 *` and `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
2822 // the spec because in the spec, the fee spike buffer requirement doesn't exist on the
2823 // receiver's side, only on the sender's.
2824 // Note that when we eventually remove support for fee updates and switch to anchor output
2825 // fees, we will drop the `2 *`, since we no longer be as sensitive to fee spikes. But, keep
2826 // the extra htlc when calculating the next remote commitment transaction fee as we should
2827 // still be able to afford adding this HTLC plus one more future HTLC, regardless of being
2828 // sensitive to fee spikes.
2829 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2830 let remote_fee_cost_incl_stuck_buffer_msat = 2 * self.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
2831 if pending_remote_value_msat - msg.amount_msat - self.holder_selected_channel_reserve_satoshis * 1000 < remote_fee_cost_incl_stuck_buffer_msat {
2832 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
2833 // the HTLC, i.e. its status is already set to failing.
2834 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", log_bytes!(self.channel_id()));
2835 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
2838 // Check that they won't violate our local required channel reserve by adding this HTLC.
2839 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
2840 let local_commit_tx_fee_msat = self.next_local_commit_tx_fee_msat(htlc_candidate, None);
2841 if self.value_to_self_msat < self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat {
2842 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
2845 if self.next_counterparty_htlc_id != msg.htlc_id {
2846 return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.next_counterparty_htlc_id)));
2848 if msg.cltv_expiry >= 500000000 {
2849 return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
2852 if self.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
2853 if let PendingHTLCStatus::Forward(_) = pending_forward_status {
2854 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
2858 // Now update local state:
2859 self.next_counterparty_htlc_id += 1;
2860 self.pending_inbound_htlcs.push(InboundHTLCOutput {
2861 htlc_id: msg.htlc_id,
2862 amount_msat: msg.amount_msat,
2863 payment_hash: msg.payment_hash,
2864 cltv_expiry: msg.cltv_expiry,
2865 state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
2870 /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
2872 fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
2873 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
2874 for htlc in self.pending_outbound_htlcs.iter_mut() {
2875 if htlc.htlc_id == htlc_id {
2876 let outcome = match check_preimage {
2877 None => fail_reason.into(),
2878 Some(payment_preimage) => {
2879 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
2880 if payment_hash != htlc.payment_hash {
2881 return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
2883 OutboundHTLCOutcome::Success(Some(payment_preimage))
2887 OutboundHTLCState::LocalAnnounced(_) =>
2888 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
2889 OutboundHTLCState::Committed => {
2890 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
2892 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
2893 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
2898 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
2901 pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64), ChannelError> {
2902 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2903 return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
2905 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2906 return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
2909 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat))
2912 pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2913 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2914 return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
2916 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2917 return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
2920 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2924 pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
2925 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2926 return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
2928 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2929 return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
2932 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
2936 pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<(msgs::RevokeAndACK, Option<msgs::CommitmentSigned>, ChannelMonitorUpdate), (Option<ChannelMonitorUpdate>, ChannelError)>
2937 where L::Target: Logger
2939 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
2940 return Err((None, ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned())));
2942 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
2943 return Err((None, ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned())));
2945 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.last_sent_closing_fee.is_some() {
2946 return Err((None, ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned())));
2949 let funding_script = self.get_funding_redeemscript();
2951 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number).map_err(|e| (None, e))?;
2953 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, false, logger);
2954 let commitment_txid = {
2955 let trusted_tx = commitment_stats.tx.trust();
2956 let bitcoin_tx = trusted_tx.built_transaction();
2957 let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.channel_value_satoshis);
2959 log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
2960 log_bytes!(msg.signature.serialize_compact()[..]),
2961 log_bytes!(self.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
2962 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), log_bytes!(self.channel_id()));
2963 if let Err(_) = self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.counterparty_funding_pubkey()) {
2964 return Err((None, ChannelError::Close("Invalid commitment tx signature from peer".to_owned())));
2968 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
2970 // If our counterparty updated the channel fee in this commitment transaction, check that
2971 // they can actually afford the new fee now.
2972 let update_fee = if let Some((_, update_state)) = self.pending_update_fee {
2973 update_state == FeeUpdateState::RemoteAnnounced
2976 debug_assert!(!self.is_outbound());
2977 let counterparty_reserve_we_require_msat = self.holder_selected_channel_reserve_satoshis * 1000;
2978 if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
2979 return Err((None, ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned())));
2982 #[cfg(any(test, fuzzing))]
2984 if self.is_outbound() {
2985 let projected_commit_tx_info = self.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
2986 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
2987 if let Some(info) = projected_commit_tx_info {
2988 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len()
2989 + self.holding_cell_htlc_updates.len();
2990 if info.total_pending_htlcs == total_pending_htlcs
2991 && info.next_holder_htlc_id == self.next_holder_htlc_id
2992 && info.next_counterparty_htlc_id == self.next_counterparty_htlc_id
2993 && info.feerate == self.feerate_per_kw {
2994 assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
3000 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
3001 return Err((None, ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs))));
3004 // TODO: Sadly, we pass HTLCs twice to ChannelMonitor: once via the HolderCommitmentTransaction and once via the update
3005 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
3006 for (idx, (htlc, source)) in htlcs_cloned.drain(..).enumerate() {
3007 if let Some(_) = htlc.transaction_output_index {
3008 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
3009 self.get_counterparty_selected_contest_delay().unwrap(), &htlc, self.opt_anchors(),
3010 &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
3012 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &keys);
3013 let htlc_sighashtype = if self.opt_anchors() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
3014 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
3015 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
3016 log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.serialize()),
3017 encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), log_bytes!(self.channel_id()));
3018 if let Err(_) = self.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key) {
3019 return Err((None, ChannelError::Close("Invalid HTLC tx signature from peer".to_owned())));
3021 htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source));
3023 htlcs_and_sigs.push((htlc, None, source));
3027 let holder_commitment_tx = HolderCommitmentTransaction::new(
3028 commitment_stats.tx,
3030 msg.htlc_signatures.clone(),
3031 &self.get_holder_pubkeys().funding_pubkey,
3032 self.counterparty_funding_pubkey()
3035 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number - 1, &self.secp_ctx);
3036 self.holder_signer.validate_holder_commitment(&holder_commitment_tx, commitment_stats.preimages)
3037 .map_err(|_| (None, ChannelError::Close("Failed to validate our commitment".to_owned())))?;
3038 let per_commitment_secret = self.holder_signer.release_commitment_secret(self.cur_holder_commitment_transaction_number + 1);
3040 // Update state now that we've passed all the can-fail calls...
3041 let mut need_commitment = false;
3042 if let &mut Some((_, ref mut update_state)) = &mut self.pending_update_fee {
3043 if *update_state == FeeUpdateState::RemoteAnnounced {
3044 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
3045 need_commitment = true;
3049 self.latest_monitor_update_id += 1;
3050 let mut monitor_update = ChannelMonitorUpdate {
3051 update_id: self.latest_monitor_update_id,
3052 updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
3053 commitment_tx: holder_commitment_tx,
3054 htlc_outputs: htlcs_and_sigs
3058 for htlc in self.pending_inbound_htlcs.iter_mut() {
3059 let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
3060 Some(forward_info.clone())
3062 if let Some(forward_info) = new_forward {
3063 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
3064 log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
3065 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
3066 need_commitment = true;
3069 for htlc in self.pending_outbound_htlcs.iter_mut() {
3070 if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
3071 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
3072 log_bytes!(htlc.payment_hash.0), log_bytes!(self.channel_id));
3073 // Grab the preimage, if it exists, instead of cloning
3074 let mut reason = OutboundHTLCOutcome::Success(None);
3075 mem::swap(outcome, &mut reason);
3076 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
3077 need_commitment = true;
3081 self.cur_holder_commitment_transaction_number -= 1;
3082 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
3083 // send_commitment_no_status_check() next which will reset this to RAAFirst.
3084 self.resend_order = RAACommitmentOrder::CommitmentFirst;
3086 if (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0 {
3087 // In case we initially failed monitor updating without requiring a response, we need
3088 // to make sure the RAA gets sent first.
3089 self.monitor_pending_revoke_and_ack = true;
3090 if need_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3091 // If we were going to send a commitment_signed after the RAA, go ahead and do all
3092 // the corresponding HTLC status updates so that get_last_commitment_update
3093 // includes the right HTLCs.
3094 self.monitor_pending_commitment_signed = true;
3095 let (_, mut additional_update) = self.send_commitment_no_status_check(logger).map_err(|e| (None, e))?;
3096 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3097 // strictly increasing by one, so decrement it here.
3098 self.latest_monitor_update_id = monitor_update.update_id;
3099 monitor_update.updates.append(&mut additional_update.updates);
3101 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
3102 log_bytes!(self.channel_id));
3103 return Err((Some(monitor_update), ChannelError::Ignore("Previous monitor update failure prevented generation of RAA".to_owned())));
3106 let commitment_signed = if need_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
3107 // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
3108 // we'll send one right away when we get the revoke_and_ack when we
3109 // free_holding_cell_htlcs().
3110 let (msg, mut additional_update) = self.send_commitment_no_status_check(logger).map_err(|e| (None, e))?;
3111 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3112 // strictly increasing by one, so decrement it here.
3113 self.latest_monitor_update_id = monitor_update.update_id;
3114 monitor_update.updates.append(&mut additional_update.updates);
3118 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
3119 log_bytes!(self.channel_id()), if commitment_signed.is_some() { " our own commitment_signed and" } else { "" });
3121 Ok((msgs::RevokeAndACK {
3122 channel_id: self.channel_id,
3123 per_commitment_secret,
3124 next_per_commitment_point,
3125 }, commitment_signed, monitor_update))
3128 /// Public version of the below, checking relevant preconditions first.
3129 /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
3130 /// returns `(None, Vec::new())`.
3131 pub fn maybe_free_holding_cell_htlcs<L: Deref>(&mut self, logger: &L) -> Result<(Option<(msgs::CommitmentUpdate, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash)>), ChannelError> where L::Target: Logger {
3132 if self.channel_state >= ChannelState::ChannelReady as u32 &&
3133 (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)) == 0 {
3134 self.free_holding_cell_htlcs(logger)
3135 } else { Ok((None, Vec::new())) }
3138 /// Used to fulfill holding_cell_htlcs when we get a remote ack (or implicitly get it by them
3139 /// fulfilling or failing the last pending HTLC)
3140 fn free_holding_cell_htlcs<L: Deref>(&mut self, logger: &L) -> Result<(Option<(msgs::CommitmentUpdate, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash)>), ChannelError> where L::Target: Logger {
3141 assert_eq!(self.channel_state & ChannelState::MonitorUpdateInProgress as u32, 0);
3142 if self.holding_cell_htlc_updates.len() != 0 || self.holding_cell_update_fee.is_some() {
3143 log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.holding_cell_htlc_updates.len(),
3144 if self.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, log_bytes!(self.channel_id()));
3146 let mut monitor_update = ChannelMonitorUpdate {
3147 update_id: self.latest_monitor_update_id + 1, // We don't increment this yet!
3148 updates: Vec::new(),
3151 let mut htlc_updates = Vec::new();
3152 mem::swap(&mut htlc_updates, &mut self.holding_cell_htlc_updates);
3153 let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
3154 let mut update_fulfill_htlcs = Vec::with_capacity(htlc_updates.len());
3155 let mut update_fail_htlcs = Vec::with_capacity(htlc_updates.len());
3156 let mut htlcs_to_fail = Vec::new();
3157 for htlc_update in htlc_updates.drain(..) {
3158 // Note that this *can* fail, though it should be due to rather-rare conditions on
3159 // fee races with adding too many outputs which push our total payments just over
3160 // the limit. In case it's less rare than I anticipate, we may want to revisit
3161 // handling this case better and maybe fulfilling some of the HTLCs while attempting
3162 // to rebalance channels.
3163 match &htlc_update {
3164 &HTLCUpdateAwaitingACK::AddHTLC {amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet, ..} => {
3165 match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(), onion_routing_packet.clone(), logger) {
3166 Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()),
3169 ChannelError::Ignore(ref msg) => {
3170 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}",
3171 log_bytes!(payment_hash.0), msg, log_bytes!(self.channel_id()));
3172 // If we fail to send here, then this HTLC should
3173 // be failed backwards. Failing to send here
3174 // indicates that this HTLC may keep being put back
3175 // into the holding cell without ever being
3176 // successfully forwarded/failed/fulfilled, causing
3177 // our counterparty to eventually close on us.
3178 htlcs_to_fail.push((source.clone(), *payment_hash));
3181 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
3187 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
3188 // If an HTLC claim was previously added to the holding cell (via
3189 // `get_update_fulfill_htlc`, then generating the claim message itself must
3190 // not fail - any in between attempts to claim the HTLC will have resulted
3191 // in it hitting the holding cell again and we cannot change the state of a
3192 // holding cell HTLC from fulfill to anything else.
3193 let (update_fulfill_msg_option, mut additional_monitor_update) =
3194 if let UpdateFulfillFetch::NewClaim { msg, monitor_update, .. } = self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger) {
3195 (msg, monitor_update)
3196 } else { unreachable!() };
3197 update_fulfill_htlcs.push(update_fulfill_msg_option.unwrap());
3198 monitor_update.updates.append(&mut additional_monitor_update.updates);
3200 &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
3201 match self.get_update_fail_htlc(htlc_id, err_packet.clone(), logger) {
3202 Ok(update_fail_msg_option) => {
3203 // If an HTLC failure was previously added to the holding cell (via
3204 // `get_update_fail_htlc`) then generating the fail message itself
3205 // must not fail - we should never end up in a state where we
3206 // double-fail an HTLC or fail-then-claim an HTLC as it indicates
3207 // we didn't wait for a full revocation before failing.
3208 update_fail_htlcs.push(update_fail_msg_option.unwrap())
3211 if let ChannelError::Ignore(_) = e {}
3213 panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
3220 if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.holding_cell_update_fee.is_none() {
3221 return Ok((None, htlcs_to_fail));
3223 let update_fee = if let Some(feerate) = self.holding_cell_update_fee.take() {
3224 self.send_update_fee(feerate, logger)
3229 let (commitment_signed, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3230 // send_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
3231 // but we want them to be strictly increasing by one, so reset it here.
3232 self.latest_monitor_update_id = monitor_update.update_id;
3233 monitor_update.updates.append(&mut additional_update.updates);
3235 log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
3236 log_bytes!(self.channel_id()), if update_fee.is_some() { "a fee update, " } else { "" },
3237 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len());
3239 Ok((Some((msgs::CommitmentUpdate {
3241 update_fulfill_htlcs,
3243 update_fail_malformed_htlcs: Vec::new(),
3246 }, monitor_update)), htlcs_to_fail))
3248 Ok((None, Vec::new()))
3252 /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
3253 /// commitment_signed message here in case we had pending outbound HTLCs to add which were
3254 /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
3255 /// generating an appropriate error *after* the channel state has been updated based on the
3256 /// revoke_and_ack message.
3257 pub fn revoke_and_ack<L: Deref>(&mut self, msg: &msgs::RevokeAndACK, logger: &L) -> Result<RAAUpdates, ChannelError>
3258 where L::Target: Logger,
3260 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
3261 return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
3263 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3264 return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
3266 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK == BOTH_SIDES_SHUTDOWN_MASK && self.last_sent_closing_fee.is_some() {
3267 return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
3270 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
3272 if let Some(counterparty_prev_commitment_point) = self.counterparty_prev_commitment_point {
3273 if PublicKey::from_secret_key(&self.secp_ctx, &secret) != counterparty_prev_commitment_point {
3274 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
3278 if self.channel_state & ChannelState::AwaitingRemoteRevoke as u32 == 0 {
3279 // Our counterparty seems to have burned their coins to us (by revoking a state when we
3280 // haven't given them a new commitment transaction to broadcast). We should probably
3281 // take advantage of this by updating our channel monitor, sending them an error, and
3282 // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
3283 // lot of work, and there's some chance this is all a misunderstanding anyway.
3284 // We have to do *something*, though, since our signer may get mad at us for otherwise
3285 // jumping a remote commitment number, so best to just force-close and move on.
3286 return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
3289 #[cfg(any(test, fuzzing))]
3291 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
3292 *self.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
3295 self.holder_signer.validate_counterparty_revocation(
3296 self.cur_counterparty_commitment_transaction_number + 1,
3298 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
3300 self.commitment_secrets.provide_secret(self.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
3301 .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
3302 self.latest_monitor_update_id += 1;
3303 let mut monitor_update = ChannelMonitorUpdate {
3304 update_id: self.latest_monitor_update_id,
3305 updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
3306 idx: self.cur_counterparty_commitment_transaction_number + 1,
3307 secret: msg.per_commitment_secret,
3311 // Update state now that we've passed all the can-fail calls...
3312 // (note that we may still fail to generate the new commitment_signed message, but that's
3313 // OK, we step the channel here and *then* if the new generation fails we can fail the
3314 // channel based on that, but stepping stuff here should be safe either way.
3315 self.channel_state &= !(ChannelState::AwaitingRemoteRevoke as u32);
3316 self.counterparty_prev_commitment_point = self.counterparty_cur_commitment_point;
3317 self.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
3318 self.cur_counterparty_commitment_transaction_number -= 1;
3320 if self.announcement_sigs_state == AnnouncementSigsState::Committed {
3321 self.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
3324 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", log_bytes!(self.channel_id()));
3325 let mut to_forward_infos = Vec::new();
3326 let mut revoked_htlcs = Vec::new();
3327 let mut finalized_claimed_htlcs = Vec::new();
3328 let mut update_fail_htlcs = Vec::new();
3329 let mut update_fail_malformed_htlcs = Vec::new();
3330 let mut require_commitment = false;
3331 let mut value_to_self_msat_diff: i64 = 0;
3334 // Take references explicitly so that we can hold multiple references to self.
3335 let pending_inbound_htlcs: &mut Vec<_> = &mut self.pending_inbound_htlcs;
3336 let pending_outbound_htlcs: &mut Vec<_> = &mut self.pending_outbound_htlcs;
3338 // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
3339 pending_inbound_htlcs.retain(|htlc| {
3340 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3341 log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0));
3342 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3343 value_to_self_msat_diff += htlc.amount_msat as i64;
3348 pending_outbound_htlcs.retain(|htlc| {
3349 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
3350 log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
3351 if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
3352 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
3354 finalized_claimed_htlcs.push(htlc.source.clone());
3355 // They fulfilled, so we sent them money
3356 value_to_self_msat_diff -= htlc.amount_msat as i64;
3361 for htlc in pending_inbound_htlcs.iter_mut() {
3362 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
3364 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
3368 let mut state = InboundHTLCState::Committed;
3369 mem::swap(&mut state, &mut htlc.state);
3371 if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
3372 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3373 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
3374 require_commitment = true;
3375 } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
3376 match forward_info {
3377 PendingHTLCStatus::Fail(fail_msg) => {
3378 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", log_bytes!(htlc.payment_hash.0));
3379 require_commitment = true;
3381 HTLCFailureMsg::Relay(msg) => {
3382 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
3383 update_fail_htlcs.push(msg)
3385 HTLCFailureMsg::Malformed(msg) => {
3386 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
3387 update_fail_malformed_htlcs.push(msg)
3391 PendingHTLCStatus::Forward(forward_info) => {
3392 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0));
3393 to_forward_infos.push((forward_info, htlc.htlc_id));
3394 htlc.state = InboundHTLCState::Committed;
3400 for htlc in pending_outbound_htlcs.iter_mut() {
3401 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
3402 log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
3403 htlc.state = OutboundHTLCState::Committed;
3405 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
3406 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
3407 // Grab the preimage, if it exists, instead of cloning
3408 let mut reason = OutboundHTLCOutcome::Success(None);
3409 mem::swap(outcome, &mut reason);
3410 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
3411 require_commitment = true;
3415 self.value_to_self_msat = (self.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
3417 if let Some((feerate, update_state)) = self.pending_update_fee {
3418 match update_state {
3419 FeeUpdateState::Outbound => {
3420 debug_assert!(self.is_outbound());
3421 log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
3422 self.feerate_per_kw = feerate;
3423 self.pending_update_fee = None;
3425 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); },
3426 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
3427 debug_assert!(!self.is_outbound());
3428 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
3429 require_commitment = true;
3430 self.feerate_per_kw = feerate;
3431 self.pending_update_fee = None;
3436 if (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) == ChannelState::MonitorUpdateInProgress as u32 {
3437 // We can't actually generate a new commitment transaction (incl by freeing holding
3438 // cells) while we can't update the monitor, so we just return what we have.
3439 if require_commitment {
3440 self.monitor_pending_commitment_signed = true;
3441 // When the monitor updating is restored we'll call get_last_commitment_update(),
3442 // which does not update state, but we're definitely now awaiting a remote revoke
3443 // before we can step forward any more, so set it here.
3444 let (_, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3445 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3446 // strictly increasing by one, so decrement it here.
3447 self.latest_monitor_update_id = monitor_update.update_id;
3448 monitor_update.updates.append(&mut additional_update.updates);
3450 self.monitor_pending_forwards.append(&mut to_forward_infos);
3451 self.monitor_pending_failures.append(&mut revoked_htlcs);
3452 self.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
3453 log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", log_bytes!(self.channel_id()));
3454 return Ok(RAAUpdates {
3455 commitment_update: None, finalized_claimed_htlcs: Vec::new(),
3456 accepted_htlcs: Vec::new(), failed_htlcs: Vec::new(),
3458 holding_cell_failed_htlcs: Vec::new()
3462 match self.free_holding_cell_htlcs(logger)? {
3463 (Some((mut commitment_update, mut additional_update)), htlcs_to_fail) => {
3464 commitment_update.update_fail_htlcs.reserve(update_fail_htlcs.len());
3465 for fail_msg in update_fail_htlcs.drain(..) {
3466 commitment_update.update_fail_htlcs.push(fail_msg);
3468 commitment_update.update_fail_malformed_htlcs.reserve(update_fail_malformed_htlcs.len());
3469 for fail_msg in update_fail_malformed_htlcs.drain(..) {
3470 commitment_update.update_fail_malformed_htlcs.push(fail_msg);
3473 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
3474 // strictly increasing by one, so decrement it here.
3475 self.latest_monitor_update_id = monitor_update.update_id;
3476 monitor_update.updates.append(&mut additional_update.updates);
3479 commitment_update: Some(commitment_update),
3480 finalized_claimed_htlcs,
3481 accepted_htlcs: to_forward_infos,
3482 failed_htlcs: revoked_htlcs,
3484 holding_cell_failed_htlcs: htlcs_to_fail
3487 (None, htlcs_to_fail) => {
3488 if require_commitment {
3489 let (commitment_signed, mut additional_update) = self.send_commitment_no_status_check(logger)?;
3491 // send_commitment_no_status_check may bump latest_monitor_id but we want them to be
3492 // strictly increasing by one, so decrement it here.
3493 self.latest_monitor_update_id = monitor_update.update_id;
3494 monitor_update.updates.append(&mut additional_update.updates);
3496 log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed.",
3497 log_bytes!(self.channel_id()), update_fail_htlcs.len() + update_fail_malformed_htlcs.len());
3499 commitment_update: Some(msgs::CommitmentUpdate {
3500 update_add_htlcs: Vec::new(),
3501 update_fulfill_htlcs: Vec::new(),
3503 update_fail_malformed_htlcs,
3507 finalized_claimed_htlcs,
3508 accepted_htlcs: to_forward_infos, failed_htlcs: revoked_htlcs,
3509 monitor_update, holding_cell_failed_htlcs: htlcs_to_fail
3512 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary.", log_bytes!(self.channel_id()));
3514 commitment_update: None,
3515 finalized_claimed_htlcs,
3516 accepted_htlcs: to_forward_infos, failed_htlcs: revoked_htlcs,
3517 monitor_update, holding_cell_failed_htlcs: htlcs_to_fail
3524 /// Adds a pending update to this channel. See the doc for send_htlc for
3525 /// further details on the optionness of the return value.
3526 /// If our balance is too low to cover the cost of the next commitment transaction at the
3527 /// new feerate, the update is cancelled.
3528 /// You MUST call send_commitment prior to any other calls on this Channel
3529 fn send_update_fee<L: Deref>(&mut self, feerate_per_kw: u32, logger: &L) -> Option<msgs::UpdateFee> where L::Target: Logger {
3530 if !self.is_outbound() {
3531 panic!("Cannot send fee from inbound channel");
3533 if !self.is_usable() {
3534 panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
3536 if !self.is_live() {
3537 panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
3540 // Before proposing a feerate update, check that we can actually afford the new fee.
3541 let inbound_stats = self.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
3542 let outbound_stats = self.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
3543 let keys = if let Ok(keys) = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number) { keys } else { return None; };
3544 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, true, logger);
3545 let buffer_fee_msat = Channel::<Signer>::commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.opt_anchors()) * 1000;
3546 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
3547 if holder_balance_msat < buffer_fee_msat + self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
3548 //TODO: auto-close after a number of failures?
3549 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
3553 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
3554 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3555 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3556 if holder_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3557 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3560 if counterparty_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3561 log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
3565 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
3566 self.holding_cell_update_fee = Some(feerate_per_kw);
3570 debug_assert!(self.pending_update_fee.is_none());
3571 self.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
3573 Some(msgs::UpdateFee {
3574 channel_id: self.channel_id,
3579 pub fn send_update_fee_and_commit<L: Deref>(&mut self, feerate_per_kw: u32, logger: &L) -> Result<Option<(msgs::UpdateFee, msgs::CommitmentSigned, ChannelMonitorUpdate)>, ChannelError> where L::Target: Logger {
3580 match self.send_update_fee(feerate_per_kw, logger) {
3581 Some(update_fee) => {
3582 let (commitment_signed, monitor_update) = self.send_commitment_no_status_check(logger)?;
3583 Ok(Some((update_fee, commitment_signed, monitor_update)))
3589 /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
3590 /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
3592 /// No further message handling calls may be made until a channel_reestablish dance has
3594 pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) where L::Target: Logger {
3595 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
3596 if self.channel_state < ChannelState::FundingSent as u32 {
3597 self.channel_state = ChannelState::ShutdownComplete as u32;
3601 if self.channel_state & (ChannelState::PeerDisconnected as u32) == (ChannelState::PeerDisconnected as u32) {
3602 // While the below code should be idempotent, it's simpler to just return early, as
3603 // redundant disconnect events can fire, though they should be rare.
3607 if self.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.announcement_sigs_state == AnnouncementSigsState::Committed {
3608 self.announcement_sigs_state = AnnouncementSigsState::NotSent;
3611 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
3612 // will be retransmitted.
3613 self.last_sent_closing_fee = None;
3614 self.pending_counterparty_closing_signed = None;
3615 self.closing_fee_limits = None;
3617 let mut inbound_drop_count = 0;
3618 self.pending_inbound_htlcs.retain(|htlc| {
3620 InboundHTLCState::RemoteAnnounced(_) => {
3621 // They sent us an update_add_htlc but we never got the commitment_signed.
3622 // We'll tell them what commitment_signed we're expecting next and they'll drop
3623 // this HTLC accordingly
3624 inbound_drop_count += 1;
3627 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
3628 // We received a commitment_signed updating this HTLC and (at least hopefully)
3629 // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
3630 // in response to it yet, so don't touch it.
3633 InboundHTLCState::Committed => true,
3634 InboundHTLCState::LocalRemoved(_) => {
3635 // We (hopefully) sent a commitment_signed updating this HTLC (which we can
3636 // re-transmit if needed) and they may have even sent a revoke_and_ack back
3637 // (that we missed). Keep this around for now and if they tell us they missed
3638 // the commitment_signed we can re-transmit the update then.
3643 self.next_counterparty_htlc_id -= inbound_drop_count;
3645 if let Some((_, update_state)) = self.pending_update_fee {
3646 if update_state == FeeUpdateState::RemoteAnnounced {
3647 debug_assert!(!self.is_outbound());
3648 self.pending_update_fee = None;
3652 for htlc in self.pending_outbound_htlcs.iter_mut() {
3653 if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
3654 // They sent us an update to remove this but haven't yet sent the corresponding
3655 // commitment_signed, we need to move it back to Committed and they can re-send
3656 // the update upon reconnection.
3657 htlc.state = OutboundHTLCState::Committed;
3661 self.channel_state |= ChannelState::PeerDisconnected as u32;
3662 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, log_bytes!(self.channel_id()));
3665 /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
3666 /// This must be called immediately after the [`chain::Watch`] call which returned
3667 /// [`ChannelMonitorUpdateStatus::InProgress`].
3668 /// The messages which were generated with the monitor update must *not* have been sent to the
3669 /// remote end, and must instead have been dropped. They will be regenerated when
3670 /// [`Self::monitor_updating_restored`] is called.
3672 /// [`chain::Watch`]: crate::chain::Watch
3673 /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
3674 pub fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
3675 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
3676 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
3677 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
3679 self.monitor_pending_revoke_and_ack |= resend_raa;
3680 self.monitor_pending_commitment_signed |= resend_commitment;
3681 self.monitor_pending_channel_ready |= resend_channel_ready;
3682 self.monitor_pending_forwards.append(&mut pending_forwards);
3683 self.monitor_pending_failures.append(&mut pending_fails);
3684 self.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
3685 self.channel_state |= ChannelState::MonitorUpdateInProgress as u32;
3688 /// Indicates that the latest ChannelMonitor update has been committed by the client
3689 /// successfully and we should restore normal operation. Returns messages which should be sent
3690 /// to the remote side.
3691 pub fn monitor_updating_restored<L: Deref>(&mut self, logger: &L, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block_height: u32) -> MonitorRestoreUpdates where L::Target: Logger {
3692 assert_eq!(self.channel_state & ChannelState::MonitorUpdateInProgress as u32, ChannelState::MonitorUpdateInProgress as u32);
3693 self.channel_state &= !(ChannelState::MonitorUpdateInProgress as u32);
3695 // If we're past (or at) the FundingSent stage on an outbound channel, try to
3696 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
3697 // first received the funding_signed.
3698 let mut funding_broadcastable =
3699 if self.is_outbound() && self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::FundingSent as u32 {
3700 self.funding_transaction.take()
3702 // That said, if the funding transaction is already confirmed (ie we're active with a
3703 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
3704 if self.channel_state & !MULTI_STATE_FLAGS >= ChannelState::ChannelReady as u32 && self.minimum_depth != Some(0) {
3705 funding_broadcastable = None;
3708 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
3709 // (and we assume the user never directly broadcasts the funding transaction and waits for
3710 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
3711 // * an inbound channel that failed to persist the monitor on funding_created and we got
3712 // the funding transaction confirmed before the monitor was persisted, or
3713 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
3714 let channel_ready = if self.monitor_pending_channel_ready {
3715 assert!(!self.is_outbound() || self.minimum_depth == Some(0),
3716 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
3717 self.monitor_pending_channel_ready = false;
3718 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
3719 Some(msgs::ChannelReady {
3720 channel_id: self.channel_id(),
3721 next_per_commitment_point,
3722 short_channel_id_alias: Some(self.outbound_scid_alias),
3726 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, best_block_height, logger);
3728 let mut accepted_htlcs = Vec::new();
3729 mem::swap(&mut accepted_htlcs, &mut self.monitor_pending_forwards);
3730 let mut failed_htlcs = Vec::new();
3731 mem::swap(&mut failed_htlcs, &mut self.monitor_pending_failures);
3732 let mut finalized_claimed_htlcs = Vec::new();
3733 mem::swap(&mut finalized_claimed_htlcs, &mut self.monitor_pending_finalized_fulfills);
3735 if self.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
3736 self.monitor_pending_revoke_and_ack = false;
3737 self.monitor_pending_commitment_signed = false;
3738 return MonitorRestoreUpdates {
3739 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
3740 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3744 let raa = if self.monitor_pending_revoke_and_ack {
3745 Some(self.get_last_revoke_and_ack())
3747 let commitment_update = if self.monitor_pending_commitment_signed {
3748 Some(self.get_last_commitment_update(logger))
3751 self.monitor_pending_revoke_and_ack = false;
3752 self.monitor_pending_commitment_signed = false;
3753 let order = self.resend_order.clone();
3754 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
3755 log_bytes!(self.channel_id()), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
3756 if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
3757 match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
3758 MonitorRestoreUpdates {
3759 raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
3763 pub fn update_fee<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee) -> Result<(), ChannelError>
3764 where F::Target: FeeEstimator
3766 if self.is_outbound() {
3767 return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
3769 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
3770 return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
3772 Channel::<Signer>::check_remote_fee(fee_estimator, msg.feerate_per_kw)?;
3773 let feerate_over_dust_buffer = msg.feerate_per_kw > self.get_dust_buffer_feerate(None);
3775 self.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
3776 self.update_time_counter += 1;
3777 // If the feerate has increased over the previous dust buffer (note that
3778 // `get_dust_buffer_feerate` considers the `pending_update_fee` status), check that we
3779 // won't be pushed over our dust exposure limit by the feerate increase.
3780 if feerate_over_dust_buffer {
3781 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
3782 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
3783 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3784 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
3785 if holder_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3786 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
3787 msg.feerate_per_kw, holder_tx_dust_exposure)));
3789 if counterparty_tx_dust_exposure > self.get_max_dust_htlc_exposure_msat() {
3790 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
3791 msg.feerate_per_kw, counterparty_tx_dust_exposure)));
3797 fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
3798 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
3799 let per_commitment_secret = self.holder_signer.release_commitment_secret(self.cur_holder_commitment_transaction_number + 2);
3800 msgs::RevokeAndACK {
3801 channel_id: self.channel_id,
3802 per_commitment_secret,
3803 next_per_commitment_point,
3807 fn get_last_commitment_update<L: Deref>(&self, logger: &L) -> msgs::CommitmentUpdate where L::Target: Logger {
3808 let mut update_add_htlcs = Vec::new();
3809 let mut update_fulfill_htlcs = Vec::new();
3810 let mut update_fail_htlcs = Vec::new();
3811 let mut update_fail_malformed_htlcs = Vec::new();
3813 for htlc in self.pending_outbound_htlcs.iter() {
3814 if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
3815 update_add_htlcs.push(msgs::UpdateAddHTLC {
3816 channel_id: self.channel_id(),
3817 htlc_id: htlc.htlc_id,
3818 amount_msat: htlc.amount_msat,
3819 payment_hash: htlc.payment_hash,
3820 cltv_expiry: htlc.cltv_expiry,
3821 onion_routing_packet: (**onion_packet).clone(),
3826 for htlc in self.pending_inbound_htlcs.iter() {
3827 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
3829 &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
3830 update_fail_htlcs.push(msgs::UpdateFailHTLC {
3831 channel_id: self.channel_id(),
3832 htlc_id: htlc.htlc_id,
3833 reason: err_packet.clone()
3836 &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
3837 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
3838 channel_id: self.channel_id(),
3839 htlc_id: htlc.htlc_id,
3840 sha256_of_onion: sha256_of_onion.clone(),
3841 failure_code: failure_code.clone(),
3844 &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
3845 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
3846 channel_id: self.channel_id(),
3847 htlc_id: htlc.htlc_id,
3848 payment_preimage: payment_preimage.clone(),
3855 let update_fee = if self.is_outbound() && self.pending_update_fee.is_some() {
3856 Some(msgs::UpdateFee {
3857 channel_id: self.channel_id(),
3858 feerate_per_kw: self.pending_update_fee.unwrap().0,
3862 log_trace!(logger, "Regenerated latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
3863 log_bytes!(self.channel_id()), if update_fee.is_some() { " update_fee," } else { "" },
3864 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
3865 msgs::CommitmentUpdate {
3866 update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
3867 commitment_signed: self.send_commitment_no_state_update(logger).expect("It looks like we failed to re-generate a commitment_signed we had previously sent?").0,
3871 /// May panic if some calls other than message-handling calls (which will all Err immediately)
3872 /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
3874 /// Some links printed in log lines are included here to check them during build (when run with
3875 /// `cargo doc --document-private-items`):
3876 /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
3877 /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
3878 pub fn channel_reestablish<L: Deref>(&mut self, msg: &msgs::ChannelReestablish, logger: &L,
3879 node_pk: PublicKey, genesis_block_hash: BlockHash, best_block: &BestBlock)
3880 -> Result<ReestablishResponses, ChannelError> where L::Target: Logger {
3881 if self.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
3882 // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
3883 // almost certainly indicates we are going to end up out-of-sync in some way, so we
3884 // just close here instead of trying to recover.
3885 return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
3888 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
3889 msg.next_local_commitment_number == 0 {
3890 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish".to_owned()));
3893 if msg.next_remote_commitment_number > 0 {
3894 match msg.data_loss_protect {
3895 OptionalField::Present(ref data_loss) => {
3896 let expected_point = self.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.secp_ctx);
3897 let given_secret = SecretKey::from_slice(&data_loss.your_last_per_commitment_secret)
3898 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
3899 if expected_point != PublicKey::from_secret_key(&self.secp_ctx, &given_secret) {
3900 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
3902 if msg.next_remote_commitment_number > INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number {
3903 macro_rules! log_and_panic {
3904 ($err_msg: expr) => {
3905 log_error!(logger, $err_msg, log_bytes!(self.channel_id), log_pubkey!(self.counterparty_node_id));
3906 panic!($err_msg, log_bytes!(self.channel_id), log_pubkey!(self.counterparty_node_id));
3909 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
3910 This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
3911 More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
3912 If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
3913 ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
3914 ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
3915 Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
3916 See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
3919 OptionalField::Absent => {}
3923 // Before we change the state of the channel, we check if the peer is sending a very old
3924 // commitment transaction number, if yes we send a warning message.
3925 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number - 1;
3926 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
3928 ChannelError::Warn(format!("Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)", msg.next_remote_commitment_number, our_commitment_transaction))
3932 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
3933 // remaining cases either succeed or ErrorMessage-fail).
3934 self.channel_state &= !(ChannelState::PeerDisconnected as u32);
3936 let shutdown_msg = if self.channel_state & (ChannelState::LocalShutdownSent as u32) != 0 {
3937 assert!(self.shutdown_scriptpubkey.is_some());
3938 Some(msgs::Shutdown {
3939 channel_id: self.channel_id,
3940 scriptpubkey: self.get_closing_scriptpubkey(),
3944 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, best_block.height(), logger);
3946 if self.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
3947 // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
3948 if self.channel_state & (ChannelState::OurChannelReady as u32) == 0 ||
3949 self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3950 if msg.next_remote_commitment_number != 0 {
3951 return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
3953 // Short circuit the whole handler as there is nothing we can resend them
3954 return Ok(ReestablishResponses {
3955 channel_ready: None,
3956 raa: None, commitment_update: None,
3957 order: RAACommitmentOrder::CommitmentFirst,
3958 shutdown_msg, announcement_sigs,
3962 // We have OurChannelReady set!
3963 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
3964 return Ok(ReestablishResponses {
3965 channel_ready: Some(msgs::ChannelReady {
3966 channel_id: self.channel_id(),
3967 next_per_commitment_point,
3968 short_channel_id_alias: Some(self.outbound_scid_alias),
3970 raa: None, commitment_update: None,
3971 order: RAACommitmentOrder::CommitmentFirst,
3972 shutdown_msg, announcement_sigs,
3976 let required_revoke = if msg.next_remote_commitment_number + 1 == INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number {
3977 // Remote isn't waiting on any RevokeAndACK from us!
3978 // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
3980 } else if msg.next_remote_commitment_number + 1 == (INITIAL_COMMITMENT_NUMBER - 1) - self.cur_holder_commitment_transaction_number {
3981 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
3982 self.monitor_pending_revoke_and_ack = true;
3985 Some(self.get_last_revoke_and_ack())
3988 return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old local commitment transaction".to_owned()));
3991 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
3992 // revoke_and_ack, not on sending commitment_signed, so we add one if have
3993 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
3994 // the corresponding revoke_and_ack back yet.
3995 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.cur_counterparty_commitment_transaction_number + if (self.channel_state & ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 };
3997 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number == 1 {
3998 // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
3999 let next_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
4000 Some(msgs::ChannelReady {
4001 channel_id: self.channel_id(),
4002 next_per_commitment_point,
4003 short_channel_id_alias: Some(self.outbound_scid_alias),
4007 if msg.next_local_commitment_number == next_counterparty_commitment_number {
4008 if required_revoke.is_some() {
4009 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.channel_id()));
4011 log_debug!(logger, "Reconnected channel {} with no loss", log_bytes!(self.channel_id()));
4014 Ok(ReestablishResponses {
4015 channel_ready, shutdown_msg, announcement_sigs,
4016 raa: required_revoke,
4017 commitment_update: None,
4018 order: self.resend_order.clone(),
4020 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
4021 if required_revoke.is_some() {
4022 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", log_bytes!(self.channel_id()));
4024 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.channel_id()));
4027 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) != 0 {
4028 self.monitor_pending_commitment_signed = true;
4029 Ok(ReestablishResponses {
4030 channel_ready, shutdown_msg, announcement_sigs,
4031 commitment_update: None, raa: None,
4032 order: self.resend_order.clone(),
4035 Ok(ReestablishResponses {
4036 channel_ready, shutdown_msg, announcement_sigs,
4037 raa: required_revoke,
4038 commitment_update: Some(self.get_last_commitment_update(logger)),
4039 order: self.resend_order.clone(),
4043 Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction".to_owned()))
4047 /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
4048 /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
4049 /// at which point they will be recalculated.
4050 fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
4052 where F::Target: FeeEstimator
4054 if let Some((min, max)) = self.closing_fee_limits { return (min, max); }
4056 // Propose a range from our current Background feerate to our Normal feerate plus our
4057 // force_close_avoidance_max_fee_satoshis.
4058 // If we fail to come to consensus, we'll have to force-close.
4059 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Background);
4060 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::Normal);
4061 let mut proposed_max_feerate = if self.is_outbound() { normal_feerate } else { u32::max_value() };
4063 // The spec requires that (when the channel does not have anchors) we only send absolute
4064 // channel fees no greater than the absolute channel fee on the current commitment
4065 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
4066 // very good reason to apply such a limit in any case. We don't bother doing so, risking
4067 // some force-closure by old nodes, but we wanted to close the channel anyway.
4069 if let Some(target_feerate) = self.target_closing_feerate_sats_per_kw {
4070 let min_feerate = if self.is_outbound() { target_feerate } else { cmp::min(self.feerate_per_kw, target_feerate) };
4071 proposed_feerate = cmp::max(proposed_feerate, min_feerate);
4072 proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
4075 // Note that technically we could end up with a lower minimum fee if one sides' balance is
4076 // below our dust limit, causing the output to disappear. We don't bother handling this
4077 // case, however, as this should only happen if a channel is closed before any (material)
4078 // payments have been made on it. This may cause slight fee overpayment and/or failure to
4079 // come to consensus with our counterparty on appropriate fees, however it should be a
4080 // relatively rare case. We can revisit this later, though note that in order to determine
4081 // if the funders' output is dust we have to know the absolute fee we're going to use.
4082 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
4083 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
4084 let proposed_max_total_fee_satoshis = if self.is_outbound() {
4085 // We always add force_close_avoidance_max_fee_satoshis to our normal
4086 // feerate-calculated fee, but allow the max to be overridden if we're using a
4087 // target feerate-calculated fee.
4088 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.config.options.force_close_avoidance_max_fee_satoshis,
4089 proposed_max_feerate as u64 * tx_weight / 1000)
4091 self.channel_value_satoshis - (self.value_to_self_msat + 999) / 1000
4094 self.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
4095 self.closing_fee_limits.clone().unwrap()
4098 /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
4099 /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
4100 /// this point if we're the funder we should send the initial closing_signed, and in any case
4101 /// shutdown should complete within a reasonable timeframe.
4102 fn closing_negotiation_ready(&self) -> bool {
4103 self.pending_inbound_htlcs.is_empty() && self.pending_outbound_htlcs.is_empty() &&
4104 self.channel_state &
4105 (BOTH_SIDES_SHUTDOWN_MASK | ChannelState::AwaitingRemoteRevoke as u32 |
4106 ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4107 == BOTH_SIDES_SHUTDOWN_MASK &&
4108 self.pending_update_fee.is_none()
4111 /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
4112 /// an Err if no progress is being made and the channel should be force-closed instead.
4113 /// Should be called on a one-minute timer.
4114 pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
4115 if self.closing_negotiation_ready() {
4116 if self.closing_signed_in_flight {
4117 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
4119 self.closing_signed_in_flight = true;
4125 pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
4126 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4127 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4128 where F::Target: FeeEstimator, L::Target: Logger
4130 if self.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
4131 return Ok((None, None));
4134 if !self.is_outbound() {
4135 if let Some(msg) = &self.pending_counterparty_closing_signed.take() {
4136 return self.closing_signed(fee_estimator, &msg);
4138 return Ok((None, None));
4141 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4143 assert!(self.shutdown_scriptpubkey.is_some());
4144 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
4145 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
4146 our_min_fee, our_max_fee, total_fee_satoshis);
4148 let sig = self.holder_signer
4149 .sign_closing_transaction(&closing_tx, &self.secp_ctx)
4150 .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
4152 self.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
4153 Ok((Some(msgs::ClosingSigned {
4154 channel_id: self.channel_id,
4155 fee_satoshis: total_fee_satoshis,
4157 fee_range: Some(msgs::ClosingSignedFeeRange {
4158 min_fee_satoshis: our_min_fee,
4159 max_fee_satoshis: our_max_fee,
4164 pub fn shutdown<K: Deref>(
4165 &mut self, keys_provider: &K, their_features: &InitFeatures, msg: &msgs::Shutdown
4166 ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
4167 where K::Target: KeysInterface
4169 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4170 return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
4172 if self.channel_state < ChannelState::FundingSent as u32 {
4173 // Spec says we should fail the connection, not the channel, but that's nonsense, there
4174 // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
4175 // can do that via error message without getting a connection fail anyway...
4176 return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
4178 for htlc in self.pending_inbound_htlcs.iter() {
4179 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
4180 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
4183 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
4185 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
4186 return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_bytes().to_hex())));
4189 if self.counterparty_shutdown_scriptpubkey.is_some() {
4190 if Some(&msg.scriptpubkey) != self.counterparty_shutdown_scriptpubkey.as_ref() {
4191 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_bytes().to_hex())));
4194 self.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
4197 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
4198 // immediately after the commitment dance, but we can send a Shutdown because we won't send
4199 // any further commitment updates after we set LocalShutdownSent.
4200 let send_shutdown = (self.channel_state & ChannelState::LocalShutdownSent as u32) != ChannelState::LocalShutdownSent as u32;
4202 let update_shutdown_script = match self.shutdown_scriptpubkey {
4205 assert!(send_shutdown);
4206 let shutdown_scriptpubkey = keys_provider.get_shutdown_scriptpubkey();
4207 if !shutdown_scriptpubkey.is_compatible(their_features) {
4208 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
4210 self.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
4215 // From here on out, we may not fail!
4217 self.channel_state |= ChannelState::RemoteShutdownSent as u32;
4218 self.update_time_counter += 1;
4220 let monitor_update = if update_shutdown_script {
4221 self.latest_monitor_update_id += 1;
4222 Some(ChannelMonitorUpdate {
4223 update_id: self.latest_monitor_update_id,
4224 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
4225 scriptpubkey: self.get_closing_scriptpubkey(),
4229 let shutdown = if send_shutdown {
4230 Some(msgs::Shutdown {
4231 channel_id: self.channel_id,
4232 scriptpubkey: self.get_closing_scriptpubkey(),
4236 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
4237 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
4238 // cell HTLCs and return them to fail the payment.
4239 self.holding_cell_update_fee = None;
4240 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
4241 self.holding_cell_htlc_updates.retain(|htlc_update| {
4243 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
4244 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
4251 self.channel_state |= ChannelState::LocalShutdownSent as u32;
4252 self.update_time_counter += 1;
4254 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
4257 fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
4258 let mut tx = closing_tx.trust().built_transaction().clone();
4260 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
4262 let funding_key = self.get_holder_pubkeys().funding_pubkey.serialize();
4263 let counterparty_funding_key = self.counterparty_funding_pubkey().serialize();
4264 let mut holder_sig = sig.serialize_der().to_vec();
4265 holder_sig.push(EcdsaSighashType::All as u8);
4266 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
4267 cp_sig.push(EcdsaSighashType::All as u8);
4268 if funding_key[..] < counterparty_funding_key[..] {
4269 tx.input[0].witness.push(holder_sig);
4270 tx.input[0].witness.push(cp_sig);
4272 tx.input[0].witness.push(cp_sig);
4273 tx.input[0].witness.push(holder_sig);
4276 tx.input[0].witness.push(self.get_funding_redeemscript().into_bytes());
4280 pub fn closing_signed<F: Deref>(
4281 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
4282 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>), ChannelError>
4283 where F::Target: FeeEstimator
4285 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != BOTH_SIDES_SHUTDOWN_MASK {
4286 return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
4288 if self.channel_state & (ChannelState::PeerDisconnected as u32) == ChannelState::PeerDisconnected as u32 {
4289 return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
4291 if !self.pending_inbound_htlcs.is_empty() || !self.pending_outbound_htlcs.is_empty() {
4292 return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
4294 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
4295 return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
4298 if self.is_outbound() && self.last_sent_closing_fee.is_none() {
4299 return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
4302 if self.channel_state & ChannelState::MonitorUpdateInProgress as u32 != 0 {
4303 self.pending_counterparty_closing_signed = Some(msg.clone());
4304 return Ok((None, None));
4307 let funding_redeemscript = self.get_funding_redeemscript();
4308 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
4309 if used_total_fee != msg.fee_satoshis {
4310 return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
4312 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis);
4314 match self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.get_counterparty_pubkeys().funding_pubkey) {
4317 // The remote end may have decided to revoke their output due to inconsistent dust
4318 // limits, so check for that case by re-checking the signature here.
4319 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
4320 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.channel_value_satoshis);
4321 secp_check!(self.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
4325 for outp in closing_tx.trust().built_transaction().output.iter() {
4326 if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
4327 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
4331 assert!(self.shutdown_scriptpubkey.is_some());
4332 if let Some((last_fee, sig)) = self.last_sent_closing_fee {
4333 if last_fee == msg.fee_satoshis {
4334 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
4335 self.channel_state = ChannelState::ShutdownComplete as u32;
4336 self.update_time_counter += 1;
4337 return Ok((None, Some(tx)));
4341 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
4343 macro_rules! propose_fee {
4344 ($new_fee: expr) => {
4345 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
4346 (closing_tx, $new_fee)
4348 self.build_closing_transaction($new_fee, false)
4351 let sig = self.holder_signer
4352 .sign_closing_transaction(&closing_tx, &self.secp_ctx)
4353 .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
4355 let signed_tx = if $new_fee == msg.fee_satoshis {
4356 self.channel_state = ChannelState::ShutdownComplete as u32;
4357 self.update_time_counter += 1;
4358 let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
4362 self.last_sent_closing_fee = Some((used_fee, sig.clone()));
4363 return Ok((Some(msgs::ClosingSigned {
4364 channel_id: self.channel_id,
4365 fee_satoshis: used_fee,
4367 fee_range: Some(msgs::ClosingSignedFeeRange {
4368 min_fee_satoshis: our_min_fee,
4369 max_fee_satoshis: our_max_fee,
4375 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
4376 if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
4377 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
4379 if max_fee_satoshis < our_min_fee {
4380 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
4382 if min_fee_satoshis > our_max_fee {
4383 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
4386 if !self.is_outbound() {
4387 // They have to pay, so pick the highest fee in the overlapping range.
4388 // We should never set an upper bound aside from their full balance
4389 debug_assert_eq!(our_max_fee, self.channel_value_satoshis - (self.value_to_self_msat + 999) / 1000);
4390 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
4392 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
4393 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
4394 msg.fee_satoshis, our_min_fee, our_max_fee)));
4396 // The proposed fee is in our acceptable range, accept it and broadcast!
4397 propose_fee!(msg.fee_satoshis);
4400 // Old fee style negotiation. We don't bother to enforce whether they are complying
4401 // with the "making progress" requirements, we just comply and hope for the best.
4402 if let Some((last_fee, _)) = self.last_sent_closing_fee {
4403 if msg.fee_satoshis > last_fee {
4404 if msg.fee_satoshis < our_max_fee {
4405 propose_fee!(msg.fee_satoshis);
4406 } else if last_fee < our_max_fee {
4407 propose_fee!(our_max_fee);
4409 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
4412 if msg.fee_satoshis > our_min_fee {
4413 propose_fee!(msg.fee_satoshis);
4414 } else if last_fee > our_min_fee {
4415 propose_fee!(our_min_fee);
4417 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
4421 if msg.fee_satoshis < our_min_fee {
4422 propose_fee!(our_min_fee);
4423 } else if msg.fee_satoshis > our_max_fee {
4424 propose_fee!(our_max_fee);
4426 propose_fee!(msg.fee_satoshis);
4432 // Public utilities:
4434 pub fn channel_id(&self) -> [u8; 32] {
4438 pub fn minimum_depth(&self) -> Option<u32> {
4442 /// Gets the "user_id" value passed into the construction of this channel. It has no special
4443 /// meaning and exists only to allow users to have a persistent identifier of a channel.
4444 pub fn get_user_id(&self) -> u128 {
4448 /// Gets the channel's type
4449 pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
4453 /// Guaranteed to be Some after both ChannelReady messages have been exchanged (and, thus,
4454 /// is_usable() returns true).
4455 /// Allowed in any state (including after shutdown)
4456 pub fn get_short_channel_id(&self) -> Option<u64> {
4457 self.short_channel_id
4460 /// Allowed in any state (including after shutdown)
4461 pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
4462 self.latest_inbound_scid_alias
4465 /// Allowed in any state (including after shutdown)
4466 pub fn outbound_scid_alias(&self) -> u64 {
4467 self.outbound_scid_alias
4469 /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
4470 /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases.
4471 pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
4472 assert_eq!(self.outbound_scid_alias, 0);
4473 self.outbound_scid_alias = outbound_scid_alias;
4476 /// Returns the funding_txo we either got from our peer, or were given by
4477 /// get_outbound_funding_created.
4478 pub fn get_funding_txo(&self) -> Option<OutPoint> {
4479 self.channel_transaction_parameters.funding_outpoint
4482 /// Returns the block hash in which our funding transaction was confirmed.
4483 pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
4484 self.funding_tx_confirmed_in
4487 fn get_holder_selected_contest_delay(&self) -> u16 {
4488 self.channel_transaction_parameters.holder_selected_contest_delay
4491 fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
4492 &self.channel_transaction_parameters.holder_pubkeys
4495 pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
4496 self.channel_transaction_parameters.counterparty_parameters
4497 .as_ref().map(|params| params.selected_contest_delay)
4500 fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
4501 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
4504 /// Allowed in any state (including after shutdown)
4505 pub fn get_counterparty_node_id(&self) -> PublicKey {
4506 self.counterparty_node_id
4509 /// Allowed in any state (including after shutdown)
4510 pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
4511 self.holder_htlc_minimum_msat
4514 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
4515 pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
4516 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
4519 /// Allowed in any state (including after shutdown)
4520 pub fn get_announced_htlc_max_msat(&self) -> u64 {
4522 // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
4523 // to use full capacity. This is an effort to reduce routing failures, because in many cases
4524 // channel might have been used to route very small values (either by honest users or as DoS).
4525 self.channel_value_satoshis * 1000 * 9 / 10,
4527 self.counterparty_max_htlc_value_in_flight_msat
4531 /// Allowed in any state (including after shutdown)
4532 pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
4533 self.counterparty_htlc_minimum_msat
4536 /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
4537 pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
4538 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
4541 fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
4542 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
4543 let holder_reserve = self.holder_selected_channel_reserve_satoshis;
4545 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
4546 party_max_htlc_value_in_flight_msat
4551 pub fn get_value_satoshis(&self) -> u64 {
4552 self.channel_value_satoshis
4555 pub fn get_fee_proportional_millionths(&self) -> u32 {
4556 self.config.options.forwarding_fee_proportional_millionths
4559 pub fn get_cltv_expiry_delta(&self) -> u16 {
4560 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
4563 pub fn get_max_dust_htlc_exposure_msat(&self) -> u64 {
4564 self.config.options.max_dust_htlc_exposure_msat
4567 /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
4568 pub fn prev_config(&self) -> Option<ChannelConfig> {
4569 self.prev_config.map(|prev_config| prev_config.0)
4572 // Checks whether we should emit a `ChannelReady` event.
4573 pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
4574 self.is_usable() && !self.channel_ready_event_emitted
4577 // Remembers that we already emitted a `ChannelReady` event.
4578 pub(crate) fn set_channel_ready_event_emitted(&mut self) {
4579 self.channel_ready_event_emitted = true;
4582 /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
4583 /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
4584 /// no longer be considered when forwarding HTLCs.
4585 pub fn maybe_expire_prev_config(&mut self) {
4586 if self.prev_config.is_none() {
4589 let prev_config = self.prev_config.as_mut().unwrap();
4591 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
4592 self.prev_config = None;
4596 /// Returns the current [`ChannelConfig`] applied to the channel.
4597 pub fn config(&self) -> ChannelConfig {
4601 /// Updates the channel's config. A bool is returned indicating whether the config update
4602 /// applied resulted in a new ChannelUpdate message.
4603 pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
4604 let did_channel_update =
4605 self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
4606 self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
4607 self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
4608 if did_channel_update {
4609 self.prev_config = Some((self.config.options, 0));
4610 // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
4611 // policy change to propagate throughout the network.
4612 self.update_time_counter += 1;
4614 self.config.options = *config;
4618 fn internal_htlc_satisfies_config(
4619 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
4620 ) -> Result<(), (&'static str, u16)> {
4621 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
4622 .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
4623 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
4624 (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
4626 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
4627 0x1000 | 12, // fee_insufficient
4630 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
4632 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
4633 0x1000 | 13, // incorrect_cltv_expiry
4639 /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
4640 /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
4641 /// unsuccessful, falls back to the previous one if one exists.
4642 pub fn htlc_satisfies_config(
4643 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
4644 ) -> Result<(), (&'static str, u16)> {
4645 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.config())
4647 if let Some(prev_config) = self.prev_config() {
4648 self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
4655 pub fn get_feerate(&self) -> u32 {
4659 pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
4660 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
4661 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
4662 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
4663 // more dust balance if the feerate increases when we have several HTLCs pending
4664 // which are near the dust limit.
4665 let mut feerate_per_kw = self.feerate_per_kw;
4666 // If there's a pending update fee, use it to ensure we aren't under-estimating
4667 // potential feerate updates coming soon.
4668 if let Some((feerate, _)) = self.pending_update_fee {
4669 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
4671 if let Some(feerate) = outbound_feerate_update {
4672 feerate_per_kw = cmp::max(feerate_per_kw, feerate);
4674 cmp::max(2530, feerate_per_kw * 1250 / 1000)
4677 pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
4678 self.cur_holder_commitment_transaction_number + 1
4681 pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
4682 self.cur_counterparty_commitment_transaction_number + 1 - if self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32) != 0 { 1 } else { 0 }
4685 pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
4686 self.cur_counterparty_commitment_transaction_number + 2
4690 pub fn get_signer(&self) -> &Signer {
4695 pub fn get_value_stat(&self) -> ChannelValueStat {
4697 value_to_self_msat: self.value_to_self_msat,
4698 channel_value_msat: self.channel_value_satoshis * 1000,
4699 channel_reserve_msat: self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
4700 pending_outbound_htlcs_amount_msat: self.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4701 pending_inbound_htlcs_amount_msat: self.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
4702 holding_cell_outbound_amount_msat: {
4704 for h in self.holding_cell_htlc_updates.iter() {
4706 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
4714 counterparty_max_htlc_value_in_flight_msat: self.counterparty_max_htlc_value_in_flight_msat,
4715 counterparty_dust_limit_msat: self.counterparty_dust_limit_satoshis * 1000,
4719 /// Allowed in any state (including after shutdown)
4720 pub fn get_update_time_counter(&self) -> u32 {
4721 self.update_time_counter
4724 pub fn get_latest_monitor_update_id(&self) -> u64 {
4725 self.latest_monitor_update_id
4728 pub fn should_announce(&self) -> bool {
4729 self.config.announced_channel
4732 pub fn is_outbound(&self) -> bool {
4733 self.channel_transaction_parameters.is_outbound_from_holder
4736 /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
4737 /// Allowed in any state (including after shutdown)
4738 pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
4739 self.config.options.forwarding_fee_base_msat
4742 /// Returns true if we've ever received a message from the remote end for this Channel
4743 pub fn have_received_message(&self) -> bool {
4744 self.channel_state > (ChannelState::OurInitSent as u32)
4747 /// Returns true if this channel is fully established and not known to be closing.
4748 /// Allowed in any state (including after shutdown)
4749 pub fn is_usable(&self) -> bool {
4750 let mask = ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK;
4751 (self.channel_state & mask) == (ChannelState::ChannelReady as u32) && !self.monitor_pending_channel_ready
4754 /// Returns true if this channel is currently available for use. This is a superset of
4755 /// is_usable() and considers things like the channel being temporarily disabled.
4756 /// Allowed in any state (including after shutdown)
4757 pub fn is_live(&self) -> bool {
4758 self.is_usable() && (self.channel_state & (ChannelState::PeerDisconnected as u32) == 0)
4761 /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
4762 /// Allowed in any state (including after shutdown)
4763 pub fn is_awaiting_monitor_update(&self) -> bool {
4764 (self.channel_state & ChannelState::MonitorUpdateInProgress as u32) != 0
4767 /// Returns true if funding_created was sent/received.
4768 pub fn is_funding_initiated(&self) -> bool {
4769 self.channel_state >= ChannelState::FundingSent as u32
4772 /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
4773 /// If the channel is outbound, this implies we have not yet broadcasted the funding
4774 /// transaction. If the channel is inbound, this implies simply that the channel has not
4776 pub fn is_awaiting_initial_mon_persist(&self) -> bool {
4777 if !self.is_awaiting_monitor_update() { return false; }
4778 if self.channel_state &
4779 !(ChannelState::TheirChannelReady as u32 | ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32)
4780 == ChannelState::FundingSent as u32 {
4781 // If we're not a 0conf channel, we'll be waiting on a monitor update with only
4782 // FundingSent set, though our peer could have sent their channel_ready.
4783 debug_assert!(self.minimum_depth.unwrap_or(1) > 0);
4786 if self.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
4787 self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4788 // If we're a 0-conf channel, we'll move beyond FundingSent immediately even while
4789 // waiting for the initial monitor persistence. Thus, we check if our commitment
4790 // transaction numbers have both been iterated only exactly once (for the
4791 // funding_signed), and we're awaiting monitor update.
4793 // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
4794 // only way to get an awaiting-monitor-update state during initial funding is if the
4795 // initial monitor persistence is still pending).
4797 // Because deciding we're awaiting initial broadcast spuriously could result in
4798 // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
4799 // we hard-assert here, even in production builds.
4800 if self.is_outbound() { assert!(self.funding_transaction.is_some()); }
4801 assert!(self.monitor_pending_channel_ready);
4802 assert_eq!(self.latest_monitor_update_id, 0);
4808 /// Returns true if our channel_ready has been sent
4809 pub fn is_our_channel_ready(&self) -> bool {
4810 (self.channel_state & ChannelState::OurChannelReady as u32) != 0 || self.channel_state >= ChannelState::ChannelReady as u32
4813 /// Returns true if our peer has either initiated or agreed to shut down the channel.
4814 pub fn received_shutdown(&self) -> bool {
4815 (self.channel_state & ChannelState::RemoteShutdownSent as u32) != 0
4818 /// Returns true if we either initiated or agreed to shut down the channel.
4819 pub fn sent_shutdown(&self) -> bool {
4820 (self.channel_state & ChannelState::LocalShutdownSent as u32) != 0
4823 /// Returns true if this channel is fully shut down. True here implies that no further actions
4824 /// may/will be taken on this channel, and thus this object should be freed. Any future changes
4825 /// will be handled appropriately by the chain monitor.
4826 pub fn is_shutdown(&self) -> bool {
4827 if (self.channel_state & ChannelState::ShutdownComplete as u32) == ChannelState::ShutdownComplete as u32 {
4828 assert!(self.channel_state == ChannelState::ShutdownComplete as u32);
4833 pub fn channel_update_status(&self) -> ChannelUpdateStatus {
4834 self.channel_update_status
4837 pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
4838 self.update_time_counter += 1;
4839 self.channel_update_status = status;
4842 fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
4844 // * always when a new block/transactions are confirmed with the new height
4845 // * when funding is signed with a height of 0
4846 if self.funding_tx_confirmation_height == 0 && self.minimum_depth != Some(0) {
4850 let funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1;
4851 if funding_tx_confirmations <= 0 {
4852 self.funding_tx_confirmation_height = 0;
4855 if funding_tx_confirmations < self.minimum_depth.unwrap_or(0) as i64 {
4859 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
4860 let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
4861 self.channel_state |= ChannelState::OurChannelReady as u32;
4863 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::TheirChannelReady as u32) {
4864 self.channel_state = ChannelState::ChannelReady as u32 | (self.channel_state & MULTI_STATE_FLAGS);
4865 self.update_time_counter += 1;
4867 } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurChannelReady as u32) {
4868 // We got a reorg but not enough to trigger a force close, just ignore.
4871 if self.funding_tx_confirmation_height != 0 && self.channel_state < ChannelState::ChannelReady as u32 {
4872 // We should never see a funding transaction on-chain until we've received
4873 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
4874 // an inbound channel - before that we have no known funding TXID). The fuzzer,
4875 // however, may do this and we shouldn't treat it as a bug.
4876 #[cfg(not(fuzzing))]
4877 panic!("Started confirming a channel in a state pre-FundingSent: {}.\n\
4878 Do NOT broadcast a funding transaction manually - let LDK do it for you!",
4879 self.channel_state);
4881 // We got a reorg but not enough to trigger a force close, just ignore.
4885 if need_commitment_update {
4886 if self.channel_state & (ChannelState::MonitorUpdateInProgress as u32) == 0 {
4887 if self.channel_state & (ChannelState::PeerDisconnected as u32) == 0 {
4888 let next_per_commitment_point =
4889 self.holder_signer.get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.secp_ctx);
4890 return Some(msgs::ChannelReady {
4891 channel_id: self.channel_id,
4892 next_per_commitment_point,
4893 short_channel_id_alias: Some(self.outbound_scid_alias),
4897 self.monitor_pending_channel_ready = true;
4903 /// When a transaction is confirmed, we check whether it is or spends the funding transaction
4904 /// In the first case, we store the confirmation height and calculating the short channel id.
4905 /// In the second, we simply return an Err indicating we need to be force-closed now.
4906 pub fn transactions_confirmed<L: Deref>(&mut self, block_hash: &BlockHash, height: u32,
4907 txdata: &TransactionData, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L)
4908 -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
4909 if let Some(funding_txo) = self.get_funding_txo() {
4910 for &(index_in_block, tx) in txdata.iter() {
4911 // Check if the transaction is the expected funding transaction, and if it is,
4912 // check that it pays the right amount to the right script.
4913 if self.funding_tx_confirmation_height == 0 {
4914 if tx.txid() == funding_txo.txid {
4915 let txo_idx = funding_txo.index as usize;
4916 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.get_funding_redeemscript().to_v0_p2wsh() ||
4917 tx.output[txo_idx].value != self.channel_value_satoshis {
4918 if self.is_outbound() {
4919 // If we generated the funding transaction and it doesn't match what it
4920 // should, the client is really broken and we should just panic and
4921 // tell them off. That said, because hash collisions happen with high
4922 // probability in fuzzing mode, if we're fuzzing we just close the
4923 // channel and move on.
4924 #[cfg(not(fuzzing))]
4925 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4927 self.update_time_counter += 1;
4928 let err_reason = "funding tx had wrong script/value or output index";
4929 return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
4931 if self.is_outbound() {
4932 for input in tx.input.iter() {
4933 if input.witness.is_empty() {
4934 // We generated a malleable funding transaction, implying we've
4935 // just exposed ourselves to funds loss to our counterparty.
4936 #[cfg(not(fuzzing))]
4937 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
4941 self.funding_tx_confirmation_height = height;
4942 self.funding_tx_confirmed_in = Some(*block_hash);
4943 self.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
4944 Ok(scid) => Some(scid),
4945 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
4949 // If we allow 1-conf funding, we may need to check for channel_ready here and
4950 // send it immediately instead of waiting for a best_block_updated call (which
4951 // may have already happened for this block).
4952 if let Some(channel_ready) = self.check_get_channel_ready(height) {
4953 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id));
4954 let announcement_sigs = self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger);
4955 return Ok((Some(channel_ready), announcement_sigs));
4958 for inp in tx.input.iter() {
4959 if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
4960 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, log_bytes!(self.channel_id()));
4961 return Err(ClosureReason::CommitmentTxConfirmed);
4969 /// When a new block is connected, we check the height of the block against outbound holding
4970 /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
4971 /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
4972 /// handled by the ChannelMonitor.
4974 /// If we return Err, the channel may have been closed, at which point the standard
4975 /// requirements apply - no calls may be made except those explicitly stated to be allowed
4978 /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
4980 pub fn best_block_updated<L: Deref>(&mut self, height: u32, highest_header_time: u32, genesis_block_hash: BlockHash, node_pk: PublicKey, logger: &L)
4981 -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
4982 self.do_best_block_updated(height, highest_header_time, Some((genesis_block_hash, node_pk)), logger)
4985 fn do_best_block_updated<L: Deref>(&mut self, height: u32, highest_header_time: u32, genesis_node_pk: Option<(BlockHash, PublicKey)>, logger: &L)
4986 -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason> where L::Target: Logger {
4987 let mut timed_out_htlcs = Vec::new();
4988 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
4989 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
4991 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
4992 self.holding_cell_htlc_updates.retain(|htlc_update| {
4994 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
4995 if *cltv_expiry <= unforwarded_htlc_cltv_limit {
4996 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
5004 self.update_time_counter = cmp::max(self.update_time_counter, highest_header_time);
5006 if let Some(channel_ready) = self.check_get_channel_ready(height) {
5007 let announcement_sigs = if let Some((genesis_block_hash, node_pk)) = genesis_node_pk {
5008 self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger)
5010 log_info!(logger, "Sending a channel_ready to our peer for channel {}", log_bytes!(self.channel_id));
5011 return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
5014 let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
5015 if non_shutdown_state >= ChannelState::ChannelReady as u32 ||
5016 (non_shutdown_state & ChannelState::OurChannelReady as u32) == ChannelState::OurChannelReady as u32 {
5017 let mut funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1;
5018 if self.funding_tx_confirmation_height == 0 {
5019 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
5020 // zero if it has been reorged out, however in either case, our state flags
5021 // indicate we've already sent a channel_ready
5022 funding_tx_confirmations = 0;
5025 // If we've sent channel_ready (or have both sent and received channel_ready), and
5026 // the funding transaction has become unconfirmed,
5027 // close the channel and hope we can get the latest state on chain (because presumably
5028 // the funding transaction is at least still in the mempool of most nodes).
5030 // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
5031 // 0-conf channel, but not doing so may lead to the
5032 // `ChannelManager::short_to_chan_info` map being inconsistent, so we currently have
5034 if funding_tx_confirmations == 0 && self.funding_tx_confirmed_in.is_some() {
5035 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
5036 self.minimum_depth.unwrap(), funding_tx_confirmations);
5037 return Err(ClosureReason::ProcessingError { err: err_reason });
5039 } else if !self.is_outbound() && self.funding_tx_confirmed_in.is_none() &&
5040 height >= self.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
5041 log_info!(logger, "Closing channel {} due to funding timeout", log_bytes!(self.channel_id));
5042 // If funding_tx_confirmed_in is unset, the channel must not be active
5043 assert!(non_shutdown_state <= ChannelState::ChannelReady as u32);
5044 assert_eq!(non_shutdown_state & ChannelState::OurChannelReady as u32, 0);
5045 return Err(ClosureReason::FundingTimedOut);
5048 let announcement_sigs = if let Some((genesis_block_hash, node_pk)) = genesis_node_pk {
5049 self.get_announcement_sigs(node_pk, genesis_block_hash, height, logger)
5051 Ok((None, timed_out_htlcs, announcement_sigs))
5054 /// Indicates the funding transaction is no longer confirmed in the main chain. This may
5055 /// force-close the channel, but may also indicate a harmless reorganization of a block or two
5056 /// before the channel has reached channel_ready and we can just wait for more blocks.
5057 pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
5058 if self.funding_tx_confirmation_height != 0 {
5059 // We handle the funding disconnection by calling best_block_updated with a height one
5060 // below where our funding was connected, implying a reorg back to conf_height - 1.
5061 let reorg_height = self.funding_tx_confirmation_height - 1;
5062 // We use the time field to bump the current time we set on channel updates if its
5063 // larger. If we don't know that time has moved forward, we can just set it to the last
5064 // time we saw and it will be ignored.
5065 let best_time = self.update_time_counter;
5066 match self.do_best_block_updated(reorg_height, best_time, None, logger) {
5067 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
5068 assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
5069 assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
5070 assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
5076 // We never learned about the funding confirmation anyway, just ignore
5081 // Methods to get unprompted messages to send to the remote end (or where we already returned
5082 // something in the handler for the message that prompted this message):
5084 pub fn get_open_channel(&self, chain_hash: BlockHash) -> msgs::OpenChannel {
5085 if !self.is_outbound() {
5086 panic!("Tried to open a channel for an inbound channel?");
5088 if self.channel_state != ChannelState::OurInitSent as u32 {
5089 panic!("Cannot generate an open_channel after we've moved forward");
5092 if self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5093 panic!("Tried to send an open_channel for a channel that has already advanced");
5096 let first_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
5097 let keys = self.get_holder_pubkeys();
5101 temporary_channel_id: self.channel_id,
5102 funding_satoshis: self.channel_value_satoshis,
5103 push_msat: self.channel_value_satoshis * 1000 - self.value_to_self_msat,
5104 dust_limit_satoshis: self.holder_dust_limit_satoshis,
5105 max_htlc_value_in_flight_msat: self.holder_max_htlc_value_in_flight_msat,
5106 channel_reserve_satoshis: self.holder_selected_channel_reserve_satoshis,
5107 htlc_minimum_msat: self.holder_htlc_minimum_msat,
5108 feerate_per_kw: self.feerate_per_kw as u32,
5109 to_self_delay: self.get_holder_selected_contest_delay(),
5110 max_accepted_htlcs: OUR_MAX_HTLCS,
5111 funding_pubkey: keys.funding_pubkey,
5112 revocation_basepoint: keys.revocation_basepoint,
5113 payment_point: keys.payment_point,
5114 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5115 htlc_basepoint: keys.htlc_basepoint,
5116 first_per_commitment_point,
5117 channel_flags: if self.config.announced_channel {1} else {0},
5118 shutdown_scriptpubkey: OptionalField::Present(match &self.shutdown_scriptpubkey {
5119 Some(script) => script.clone().into_inner(),
5120 None => Builder::new().into_script(),
5122 channel_type: Some(self.channel_type.clone()),
5126 pub fn inbound_is_awaiting_accept(&self) -> bool {
5127 self.inbound_awaiting_accept
5130 /// Sets this channel to accepting 0conf, must be done before `get_accept_channel`
5131 pub fn set_0conf(&mut self) {
5132 assert!(self.inbound_awaiting_accept);
5133 self.minimum_depth = Some(0);
5136 /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
5137 /// should be sent back to the counterparty node.
5139 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5140 pub fn accept_inbound_channel(&mut self, user_id: u128) -> msgs::AcceptChannel {
5141 if self.is_outbound() {
5142 panic!("Tried to send accept_channel for an outbound channel?");
5144 if self.channel_state != (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32) {
5145 panic!("Tried to send accept_channel after channel had moved forward");
5147 if self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5148 panic!("Tried to send an accept_channel for a channel that has already advanced");
5150 if !self.inbound_awaiting_accept {
5151 panic!("The inbound channel has already been accepted");
5154 self.user_id = user_id;
5155 self.inbound_awaiting_accept = false;
5157 self.generate_accept_channel_message()
5160 /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
5161 /// inbound channel. If the intention is to accept an inbound channel, use
5162 /// [`Channel::accept_inbound_channel`] instead.
5164 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5165 fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
5166 let first_per_commitment_point = self.holder_signer.get_per_commitment_point(self.cur_holder_commitment_transaction_number, &self.secp_ctx);
5167 let keys = self.get_holder_pubkeys();
5169 msgs::AcceptChannel {
5170 temporary_channel_id: self.channel_id,
5171 dust_limit_satoshis: self.holder_dust_limit_satoshis,
5172 max_htlc_value_in_flight_msat: self.holder_max_htlc_value_in_flight_msat,
5173 channel_reserve_satoshis: self.holder_selected_channel_reserve_satoshis,
5174 htlc_minimum_msat: self.holder_htlc_minimum_msat,
5175 minimum_depth: self.minimum_depth.unwrap(),
5176 to_self_delay: self.get_holder_selected_contest_delay(),
5177 max_accepted_htlcs: OUR_MAX_HTLCS,
5178 funding_pubkey: keys.funding_pubkey,
5179 revocation_basepoint: keys.revocation_basepoint,
5180 payment_point: keys.payment_point,
5181 delayed_payment_basepoint: keys.delayed_payment_basepoint,
5182 htlc_basepoint: keys.htlc_basepoint,
5183 first_per_commitment_point,
5184 shutdown_scriptpubkey: OptionalField::Present(match &self.shutdown_scriptpubkey {
5185 Some(script) => script.clone().into_inner(),
5186 None => Builder::new().into_script(),
5188 channel_type: Some(self.channel_type.clone()),
5192 /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
5193 /// inbound channel without accepting it.
5195 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
5197 pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
5198 self.generate_accept_channel_message()
5201 /// If an Err is returned, it is a ChannelError::Close (for get_outbound_funding_created)
5202 fn get_outbound_funding_created_signature<L: Deref>(&mut self, logger: &L) -> Result<Signature, ChannelError> where L::Target: Logger {
5203 let counterparty_keys = self.build_remote_transaction_keys()?;
5204 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
5205 Ok(self.holder_signer.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), &self.secp_ctx)
5206 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?.0)
5209 /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
5210 /// a funding_created message for the remote peer.
5211 /// Panics if called at some time other than immediately after initial handshake, if called twice,
5212 /// or if called on an inbound channel.
5213 /// Note that channel_id changes during this call!
5214 /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
5215 /// If an Err is returned, it is a ChannelError::Close.
5216 pub fn get_outbound_funding_created<L: Deref>(&mut self, funding_transaction: Transaction, funding_txo: OutPoint, logger: &L) -> Result<msgs::FundingCreated, ChannelError> where L::Target: Logger {
5217 if !self.is_outbound() {
5218 panic!("Tried to create outbound funding_created message on an inbound channel!");
5220 if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
5221 panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
5223 if self.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
5224 self.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
5225 self.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
5226 panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
5229 self.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
5230 self.holder_signer.ready_channel(&self.channel_transaction_parameters);
5232 let signature = match self.get_outbound_funding_created_signature(logger) {
5235 log_error!(logger, "Got bad signatures: {:?}!", e);
5236 self.channel_transaction_parameters.funding_outpoint = None;
5241 let temporary_channel_id = self.channel_id;
5243 // Now that we're past error-generating stuff, update our local state:
5245 self.channel_state = ChannelState::FundingCreated as u32;
5246 self.channel_id = funding_txo.to_channel_id();
5247 self.funding_transaction = Some(funding_transaction);
5249 Ok(msgs::FundingCreated {
5250 temporary_channel_id,
5251 funding_txid: funding_txo.txid,
5252 funding_output_index: funding_txo.index,
5257 /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
5258 /// announceable and available for use (have exchanged ChannelReady messages in both
5259 /// directions). Should be used for both broadcasted announcements and in response to an
5260 /// AnnouncementSignatures message from the remote peer.
5262 /// Will only fail if we're not in a state where channel_announcement may be sent (including
5265 /// This will only return ChannelError::Ignore upon failure.
5266 fn get_channel_announcement(&self, node_id: PublicKey, chain_hash: BlockHash) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> {
5267 if !self.config.announced_channel {
5268 return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
5270 if !self.is_usable() {
5271 return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
5274 let were_node_one = node_id.serialize()[..] < self.counterparty_node_id.serialize()[..];
5276 let msg = msgs::UnsignedChannelAnnouncement {
5277 features: channelmanager::provided_channel_features(),
5279 short_channel_id: self.get_short_channel_id().unwrap(),
5280 node_id_1: if were_node_one { node_id } else { self.get_counterparty_node_id() },
5281 node_id_2: if were_node_one { self.get_counterparty_node_id() } else { node_id },
5282 bitcoin_key_1: if were_node_one { self.get_holder_pubkeys().funding_pubkey } else { self.counterparty_funding_pubkey().clone() },
5283 bitcoin_key_2: if were_node_one { self.counterparty_funding_pubkey().clone() } else { self.get_holder_pubkeys().funding_pubkey },
5284 excess_data: Vec::new(),
5290 fn get_announcement_sigs<L: Deref>(&mut self, node_pk: PublicKey, genesis_block_hash: BlockHash, best_block_height: u32, logger: &L)
5291 -> Option<msgs::AnnouncementSignatures> where L::Target: Logger {
5292 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5296 if !self.is_usable() {
5300 if self.channel_state & ChannelState::PeerDisconnected as u32 != 0 {
5301 log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
5305 if self.announcement_sigs_state != AnnouncementSigsState::NotSent {
5309 log_trace!(logger, "Creating an announcement_signatures message for channel {}", log_bytes!(self.channel_id()));
5310 let announcement = match self.get_channel_announcement(node_pk, genesis_block_hash) {
5313 log_trace!(logger, "Cannot create an announcement_signatures as channel is not public.");
5317 let (our_node_sig, our_bitcoin_sig) = match self.holder_signer.sign_channel_announcement(&announcement, &self.secp_ctx) {
5319 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
5324 self.announcement_sigs_state = AnnouncementSigsState::MessageSent;
5326 Some(msgs::AnnouncementSignatures {
5327 channel_id: self.channel_id(),
5328 short_channel_id: self.get_short_channel_id().unwrap(),
5329 node_signature: our_node_sig,
5330 bitcoin_signature: our_bitcoin_sig,
5334 /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
5336 fn sign_channel_announcement(&self, our_node_id: PublicKey, announcement: msgs::UnsignedChannelAnnouncement) -> Result<msgs::ChannelAnnouncement, ChannelError> {
5337 if let Some((their_node_sig, their_bitcoin_sig)) = self.announcement_sigs {
5338 let were_node_one = announcement.node_id_1 == our_node_id;
5340 let (our_node_sig, our_bitcoin_sig) = self.holder_signer.sign_channel_announcement(&announcement, &self.secp_ctx)
5341 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
5342 Ok(msgs::ChannelAnnouncement {
5343 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
5344 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
5345 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
5346 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
5347 contents: announcement,
5350 Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
5354 /// Processes an incoming announcement_signatures message, providing a fully-signed
5355 /// channel_announcement message which we can broadcast and storing our counterparty's
5356 /// signatures for later reconstruction/rebroadcast of the channel_announcement.
5357 pub fn announcement_signatures(&mut self, our_node_id: PublicKey, chain_hash: BlockHash, best_block_height: u32, msg: &msgs::AnnouncementSignatures) -> Result<msgs::ChannelAnnouncement, ChannelError> {
5358 let announcement = self.get_channel_announcement(our_node_id.clone(), chain_hash)?;
5360 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
5362 if self.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.get_counterparty_node_id()).is_err() {
5363 return Err(ChannelError::Close(format!(
5364 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
5365 &announcement, self.get_counterparty_node_id())));
5367 if self.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.counterparty_funding_pubkey()).is_err() {
5368 return Err(ChannelError::Close(format!(
5369 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
5370 &announcement, self.counterparty_funding_pubkey())));
5373 self.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
5374 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5375 return Err(ChannelError::Ignore(
5376 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
5379 self.sign_channel_announcement(our_node_id, announcement)
5382 /// Gets a signed channel_announcement for this channel, if we previously received an
5383 /// announcement_signatures from our counterparty.
5384 pub fn get_signed_channel_announcement(&self, our_node_id: PublicKey, chain_hash: BlockHash, best_block_height: u32) -> Option<msgs::ChannelAnnouncement> {
5385 if self.funding_tx_confirmation_height == 0 || self.funding_tx_confirmation_height + 5 > best_block_height {
5388 let announcement = match self.get_channel_announcement(our_node_id.clone(), chain_hash) {
5390 Err(_) => return None,
5392 match self.sign_channel_announcement(our_node_id, announcement) {
5393 Ok(res) => Some(res),
5398 /// May panic if called on a channel that wasn't immediately-previously
5399 /// self.remove_uncommitted_htlcs_and_mark_paused()'d
5400 pub fn get_channel_reestablish<L: Deref>(&self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
5401 assert_eq!(self.channel_state & ChannelState::PeerDisconnected as u32, ChannelState::PeerDisconnected as u32);
5402 assert_ne!(self.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
5403 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
5404 // current to_remote balances. However, it no longer has any use, and thus is now simply
5405 // set to a dummy (but valid, as required by the spec) public key.
5406 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
5407 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
5408 // valid, and valid in fuzzing mode's arbitrary validity criteria:
5409 let mut pk = [2; 33]; pk[1] = 0xff;
5410 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
5411 let data_loss_protect = if self.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
5412 let remote_last_secret = self.commitment_secrets.get_secret(self.cur_counterparty_commitment_transaction_number + 2).unwrap();
5413 log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), log_bytes!(self.channel_id()));
5414 OptionalField::Present(DataLossProtect {
5415 your_last_per_commitment_secret: remote_last_secret,
5416 my_current_per_commitment_point: dummy_pubkey
5419 log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", log_bytes!(self.channel_id()));
5420 OptionalField::Present(DataLossProtect {
5421 your_last_per_commitment_secret: [0;32],
5422 my_current_per_commitment_point: dummy_pubkey,
5425 msgs::ChannelReestablish {
5426 channel_id: self.channel_id(),
5427 // The protocol has two different commitment number concepts - the "commitment
5428 // transaction number", which starts from 0 and counts up, and the "revocation key
5429 // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
5430 // commitment transaction numbers by the index which will be used to reveal the
5431 // revocation key for that commitment transaction, which means we have to convert them
5432 // to protocol-level commitment numbers here...
5434 // next_local_commitment_number is the next commitment_signed number we expect to
5435 // receive (indicating if they need to resend one that we missed).
5436 next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.cur_holder_commitment_transaction_number,
5437 // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
5438 // receive, however we track it by the next commitment number for a remote transaction
5439 // (which is one further, as they always revoke previous commitment transaction, not
5440 // the one we send) so we have to decrement by 1. Note that if
5441 // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
5442 // dropped this channel on disconnect as it hasn't yet reached FundingSent so we can't
5444 next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.cur_counterparty_commitment_transaction_number - 1,
5450 // Send stuff to our remote peers:
5452 /// Adds a pending outbound HTLC to this channel, note that you probably want
5453 /// send_htlc_and_commit instead cause you'll want both messages at once.
5455 /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
5457 /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
5458 /// wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
5460 /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
5461 /// we may not yet have sent the previous commitment update messages and will need to
5462 /// regenerate them.
5464 /// You MUST call send_commitment prior to calling any other methods on this Channel!
5466 /// If an Err is returned, it's a ChannelError::Ignore!
5467 pub fn send_htlc<L: Deref>(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource, onion_routing_packet: msgs::OnionPacket, logger: &L) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError> where L::Target: Logger {
5468 if (self.channel_state & (ChannelState::ChannelReady as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelReady as u32) {
5469 return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
5471 let channel_total_msat = self.channel_value_satoshis * 1000;
5472 if amount_msat > channel_total_msat {
5473 return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
5476 if amount_msat == 0 {
5477 return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
5480 if amount_msat < self.counterparty_htlc_minimum_msat {
5481 return Err(ChannelError::Ignore(format!("Cannot send less than their minimum HTLC value ({})", self.counterparty_htlc_minimum_msat)));
5484 if (self.channel_state & (ChannelState::PeerDisconnected as u32)) != 0 {
5485 // Note that this should never really happen, if we're !is_live() on receipt of an
5486 // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
5487 // the user to send directly into a !is_live() channel. However, if we
5488 // disconnected during the time the previous hop was doing the commitment dance we may
5489 // end up getting here after the forwarding delay. In any case, returning an
5490 // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
5491 return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
5494 let inbound_stats = self.get_inbound_pending_htlc_stats(None);
5495 let outbound_stats = self.get_outbound_pending_htlc_stats(None);
5496 if outbound_stats.pending_htlcs + 1 > self.counterparty_max_accepted_htlcs as u32 {
5497 return Err(ChannelError::Ignore(format!("Cannot push more than their max accepted HTLCs ({})", self.counterparty_max_accepted_htlcs)));
5499 // Check their_max_htlc_value_in_flight_msat
5500 if outbound_stats.pending_htlcs_value_msat + amount_msat > self.counterparty_max_htlc_value_in_flight_msat {
5501 return Err(ChannelError::Ignore(format!("Cannot send value that would put us over the max HTLC value in flight our peer will accept ({})", self.counterparty_max_htlc_value_in_flight_msat)));
5504 let keys = self.build_holder_transaction_keys(self.cur_holder_commitment_transaction_number)?;
5505 let commitment_stats = self.build_commitment_transaction(self.cur_holder_commitment_transaction_number, &keys, true, true, logger);
5506 if !self.is_outbound() {
5507 // Check that we won't violate the remote channel reserve by adding this HTLC.
5508 let htlc_candidate = HTLCCandidate::new(amount_msat, HTLCInitiator::LocalOffered);
5509 let counterparty_commit_tx_fee_msat = self.next_remote_commit_tx_fee_msat(htlc_candidate, None);
5510 let holder_selected_chan_reserve_msat = self.holder_selected_channel_reserve_satoshis * 1000;
5511 if commitment_stats.remote_balance_msat < counterparty_commit_tx_fee_msat + holder_selected_chan_reserve_msat {
5512 return Err(ChannelError::Ignore("Cannot send value that would put counterparty balance under holder-announced channel reserve value".to_owned()));
5516 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if self.opt_anchors() {
5519 let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
5520 (dust_buffer_feerate * htlc_success_tx_weight(false) / 1000,
5521 dust_buffer_feerate * htlc_timeout_tx_weight(false) / 1000)
5523 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.counterparty_dust_limit_satoshis;
5524 if amount_msat / 1000 < exposure_dust_limit_success_sats {
5525 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + amount_msat;
5526 if on_counterparty_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
5527 return Err(ChannelError::Ignore(format!("Cannot send value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
5528 on_counterparty_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat())));
5532 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
5533 if amount_msat / 1000 < exposure_dust_limit_timeout_sats {
5534 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + amount_msat;
5535 if on_holder_dust_htlc_exposure_msat > self.get_max_dust_htlc_exposure_msat() {
5536 return Err(ChannelError::Ignore(format!("Cannot send value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
5537 on_holder_dust_htlc_exposure_msat, self.get_max_dust_htlc_exposure_msat())));
5541 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
5542 if holder_balance_msat < amount_msat {
5543 return Err(ChannelError::Ignore(format!("Cannot send value that would overdraw remaining funds. Amount: {}, pending value to self {}", amount_msat, holder_balance_msat)));
5546 // `2 *` and extra HTLC are for the fee spike buffer.
5547 let commit_tx_fee_msat = if self.is_outbound() {
5548 let htlc_candidate = HTLCCandidate::new(amount_msat, HTLCInitiator::LocalOffered);
5549 FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE * self.next_local_commit_tx_fee_msat(htlc_candidate, Some(()))
5551 if holder_balance_msat - amount_msat < commit_tx_fee_msat {
5552 return Err(ChannelError::Ignore(format!("Cannot send value that would not leave enough to pay for fees. Pending value to self: {}. local_commit_tx_fee {}", holder_balance_msat, commit_tx_fee_msat)));
5555 // Check self.counterparty_selected_channel_reserve_satoshis (the amount we must keep as
5556 // reserve for the remote to have something to claim if we misbehave)
5557 let chan_reserve_msat = self.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000;
5558 if holder_balance_msat - amount_msat - commit_tx_fee_msat < chan_reserve_msat {
5559 return Err(ChannelError::Ignore(format!("Cannot send value that would put our balance under counterparty-announced channel reserve value ({})", chan_reserve_msat)));
5562 // Now update local state:
5563 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0 {
5564 self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
5569 onion_routing_packet,
5574 self.pending_outbound_htlcs.push(OutboundHTLCOutput {
5575 htlc_id: self.next_holder_htlc_id,
5577 payment_hash: payment_hash.clone(),
5579 state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
5583 let res = msgs::UpdateAddHTLC {
5584 channel_id: self.channel_id,
5585 htlc_id: self.next_holder_htlc_id,
5589 onion_routing_packet,
5591 self.next_holder_htlc_id += 1;
5596 /// Creates a signed commitment transaction to send to the remote peer.
5597 /// Always returns a ChannelError::Close if an immediately-preceding (read: the
5598 /// last call to this Channel) send_htlc returned Ok(Some(_)) and there is an Err.
5599 /// May panic if called except immediately after a successful, Ok(Some(_))-returning send_htlc.
5600 pub fn send_commitment<L: Deref>(&mut self, logger: &L) -> Result<(msgs::CommitmentSigned, ChannelMonitorUpdate), ChannelError> where L::Target: Logger {
5601 if (self.channel_state & (ChannelState::ChannelReady as u32)) != (ChannelState::ChannelReady as u32) {
5602 panic!("Cannot create commitment tx until channel is fully established");
5604 if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) {
5605 panic!("Cannot create commitment tx until remote revokes their previous commitment");
5607 if (self.channel_state & (ChannelState::PeerDisconnected as u32)) == (ChannelState::PeerDisconnected as u32) {
5608 panic!("Cannot create commitment tx while disconnected, as send_htlc will have returned an Err so a send_commitment precondition has been violated");
5610 if (self.channel_state & (ChannelState::MonitorUpdateInProgress as u32)) == (ChannelState::MonitorUpdateInProgress as u32) {
5611 panic!("Cannot create commitment tx while awaiting monitor update unfreeze, as send_htlc will have returned an Err so a send_commitment precondition has been violated");
5613 let mut have_updates = self.is_outbound() && self.pending_update_fee.is_some();
5614 for htlc in self.pending_outbound_htlcs.iter() {
5615 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5616 have_updates = true;
5618 if have_updates { break; }
5620 for htlc in self.pending_inbound_htlcs.iter() {
5621 if let InboundHTLCState::LocalRemoved(_) = htlc.state {
5622 have_updates = true;
5624 if have_updates { break; }
5627 panic!("Cannot create commitment tx until we have some updates to send");
5629 self.send_commitment_no_status_check(logger)
5631 /// Only fails in case of bad keys
5632 fn send_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> Result<(msgs::CommitmentSigned, ChannelMonitorUpdate), ChannelError> where L::Target: Logger {
5633 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
5634 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
5635 // fail to generate this, we still are at least at a position where upgrading their status
5637 for htlc in self.pending_inbound_htlcs.iter_mut() {
5638 let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
5639 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
5641 if let Some(state) = new_state {
5642 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5646 for htlc in self.pending_outbound_htlcs.iter_mut() {
5647 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
5648 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
5649 // Grab the preimage, if it exists, instead of cloning
5650 let mut reason = OutboundHTLCOutcome::Success(None);
5651 mem::swap(outcome, &mut reason);
5652 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
5655 if let Some((feerate, update_state)) = self.pending_update_fee {
5656 if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
5657 debug_assert!(!self.is_outbound());
5658 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
5659 self.feerate_per_kw = feerate;
5660 self.pending_update_fee = None;
5663 self.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
5665 let (res, counterparty_commitment_txid, htlcs) = match self.send_commitment_no_state_update(logger) {
5666 Ok((res, (counterparty_commitment_tx, mut htlcs))) => {
5667 // Update state now that we've passed all the can-fail calls...
5668 let htlcs_no_ref: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
5669 htlcs.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
5670 (res, counterparty_commitment_tx, htlcs_no_ref)
5672 Err(e) => return Err(e),
5675 if self.announcement_sigs_state == AnnouncementSigsState::MessageSent {
5676 self.announcement_sigs_state = AnnouncementSigsState::Committed;
5679 self.latest_monitor_update_id += 1;
5680 let monitor_update = ChannelMonitorUpdate {
5681 update_id: self.latest_monitor_update_id,
5682 updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
5683 commitment_txid: counterparty_commitment_txid,
5684 htlc_outputs: htlcs.clone(),
5685 commitment_number: self.cur_counterparty_commitment_transaction_number,
5686 their_per_commitment_point: self.counterparty_cur_commitment_point.unwrap()
5689 self.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
5690 Ok((res, monitor_update))
5693 /// Only fails in case of bad keys. Used for channel_reestablish commitment_signed generation
5694 /// when we shouldn't change HTLC/channel state.
5695 fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
5696 let counterparty_keys = self.build_remote_transaction_keys()?;
5697 let commitment_stats = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
5698 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
5699 let (signature, htlc_signatures);
5701 #[cfg(any(test, fuzzing))]
5703 if !self.is_outbound() {
5704 let projected_commit_tx_info = self.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
5705 *self.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
5706 if let Some(info) = projected_commit_tx_info {
5707 let total_pending_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
5708 if info.total_pending_htlcs == total_pending_htlcs
5709 && info.next_holder_htlc_id == self.next_holder_htlc_id
5710 && info.next_counterparty_htlc_id == self.next_counterparty_htlc_id
5711 && info.feerate == self.feerate_per_kw {
5712 let actual_fee = Self::commit_tx_fee_msat(self.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.opt_anchors());
5713 assert_eq!(actual_fee, info.fee);
5720 let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
5721 for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
5725 let res = self.holder_signer.sign_counterparty_commitment(&commitment_stats.tx, commitment_stats.preimages, &self.secp_ctx)
5726 .map_err(|_| ChannelError::Close("Failed to get signatures for new commitment_signed".to_owned()))?;
5728 htlc_signatures = res.1;
5730 log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
5731 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
5732 &counterparty_commitment_txid, encode::serialize_hex(&self.get_funding_redeemscript()),
5733 log_bytes!(signature.serialize_compact()[..]), log_bytes!(self.channel_id()));
5735 for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
5736 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
5737 encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.get_holder_selected_contest_delay(), htlc, self.opt_anchors(), &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
5738 encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, self.opt_anchors(), &counterparty_keys)),
5739 log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()),
5740 log_bytes!(htlc_sig.serialize_compact()[..]), log_bytes!(self.channel_id()));
5744 Ok((msgs::CommitmentSigned {
5745 channel_id: self.channel_id,
5748 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
5751 /// Adds a pending outbound HTLC to this channel, and creates a signed commitment transaction
5752 /// to send to the remote peer in one go.
5753 /// Shorthand for calling send_htlc() followed by send_commitment(), see docs on those for
5755 pub fn send_htlc_and_commit<L: Deref>(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource, onion_routing_packet: msgs::OnionPacket, logger: &L) -> Result<Option<(msgs::UpdateAddHTLC, msgs::CommitmentSigned, ChannelMonitorUpdate)>, ChannelError> where L::Target: Logger {
5756 match self.send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, logger)? {
5757 Some(update_add_htlc) => {
5758 let (commitment_signed, monitor_update) = self.send_commitment_no_status_check(logger)?;
5759 Ok(Some((update_add_htlc, commitment_signed, monitor_update)))
5765 /// Get forwarding information for the counterparty.
5766 pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
5767 self.counterparty_forwarding_info.clone()
5770 pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<(), ChannelError> {
5771 if msg.contents.htlc_minimum_msat >= self.channel_value_satoshis * 1000 {
5772 return Err(ChannelError::Close("Minimum htlc value is greater than channel value".to_string()));
5774 self.counterparty_forwarding_info = Some(CounterpartyForwardingInfo {
5775 fee_base_msat: msg.contents.fee_base_msat,
5776 fee_proportional_millionths: msg.contents.fee_proportional_millionths,
5777 cltv_expiry_delta: msg.contents.cltv_expiry_delta
5783 /// Begins the shutdown process, getting a message for the remote peer and returning all
5784 /// holding cell HTLCs for payment failure.
5785 pub fn get_shutdown<K: Deref>(&mut self, keys_provider: &K, their_features: &InitFeatures, target_feerate_sats_per_kw: Option<u32>)
5786 -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
5787 where K::Target: KeysInterface {
5788 for htlc in self.pending_outbound_htlcs.iter() {
5789 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
5790 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
5793 if self.channel_state & BOTH_SIDES_SHUTDOWN_MASK != 0 {
5794 if (self.channel_state & ChannelState::LocalShutdownSent as u32) == ChannelState::LocalShutdownSent as u32 {
5795 return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
5797 else if (self.channel_state & ChannelState::RemoteShutdownSent as u32) == ChannelState::RemoteShutdownSent as u32 {
5798 return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
5801 assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
5802 if self.channel_state & (ChannelState::PeerDisconnected as u32 | ChannelState::MonitorUpdateInProgress as u32) != 0 {
5803 return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
5806 let update_shutdown_script = match self.shutdown_scriptpubkey {
5809 let shutdown_scriptpubkey = keys_provider.get_shutdown_scriptpubkey();
5810 if !shutdown_scriptpubkey.is_compatible(their_features) {
5811 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
5813 self.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5818 // From here on out, we may not fail!
5819 self.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
5820 if self.channel_state < ChannelState::FundingSent as u32 {
5821 self.channel_state = ChannelState::ShutdownComplete as u32;
5823 self.channel_state |= ChannelState::LocalShutdownSent as u32;
5825 self.update_time_counter += 1;
5827 let monitor_update = if update_shutdown_script {
5828 self.latest_monitor_update_id += 1;
5829 Some(ChannelMonitorUpdate {
5830 update_id: self.latest_monitor_update_id,
5831 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5832 scriptpubkey: self.get_closing_scriptpubkey(),
5836 let shutdown = msgs::Shutdown {
5837 channel_id: self.channel_id,
5838 scriptpubkey: self.get_closing_scriptpubkey(),
5841 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
5842 // our shutdown until we've committed all of the pending changes.
5843 self.holding_cell_update_fee = None;
5844 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
5845 self.holding_cell_htlc_updates.retain(|htlc_update| {
5847 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5848 dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5855 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5858 /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
5859 /// shutdown of this channel - no more calls into this Channel may be made afterwards except
5860 /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
5861 /// Also returns the list of payment_hashes for channels which we can safely fail backwards
5862 /// immediately (others we will have to allow to time out).
5863 pub fn force_shutdown(&mut self, should_broadcast: bool) -> (Option<(OutPoint, ChannelMonitorUpdate)>, Vec<(HTLCSource, PaymentHash, PublicKey, [u8; 32])>) {
5864 // Note that we MUST only generate a monitor update that indicates force-closure - we're
5865 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
5866 // being fully configured in some cases. Thus, its likely any monitor events we generate will
5867 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
5868 assert!(self.channel_state != ChannelState::ShutdownComplete as u32);
5870 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
5871 // return them to fail the payment.
5872 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
5873 let counterparty_node_id = self.get_counterparty_node_id();
5874 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
5876 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
5877 dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
5882 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
5883 // If we haven't yet exchanged funding signatures (ie channel_state < FundingSent),
5884 // returning a channel monitor update here would imply a channel monitor update before
5885 // we even registered the channel monitor to begin with, which is invalid.
5886 // Thus, if we aren't actually at a point where we could conceivably broadcast the
5887 // funding transaction, don't return a funding txo (which prevents providing the
5888 // monitor update to the user, even if we return one).
5889 // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
5890 if self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::ChannelReady as u32 | ChannelState::ShutdownComplete as u32) != 0 {
5891 self.latest_monitor_update_id += 1;
5892 Some((funding_txo, ChannelMonitorUpdate {
5893 update_id: self.latest_monitor_update_id,
5894 updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
5899 self.channel_state = ChannelState::ShutdownComplete as u32;
5900 self.update_time_counter += 1;
5901 (monitor_update, dropped_outbound_htlcs)
5905 const SERIALIZATION_VERSION: u8 = 2;
5906 const MIN_SERIALIZATION_VERSION: u8 = 2;
5908 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
5914 impl Writeable for ChannelUpdateStatus {
5915 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
5916 // We only care about writing out the current state as it was announced, ie only either
5917 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
5918 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
5920 ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
5921 ChannelUpdateStatus::DisabledStaged => 0u8.write(writer)?,
5922 ChannelUpdateStatus::EnabledStaged => 1u8.write(writer)?,
5923 ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
5929 impl Readable for ChannelUpdateStatus {
5930 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
5931 Ok(match <u8 as Readable>::read(reader)? {
5932 0 => ChannelUpdateStatus::Enabled,
5933 1 => ChannelUpdateStatus::Disabled,
5934 _ => return Err(DecodeError::InvalidValue),
5939 impl Writeable for AnnouncementSigsState {
5940 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
5941 // We only care about writing out the current state as if we had just disconnected, at
5942 // which point we always set anything but AnnouncementSigsReceived to NotSent.
5944 AnnouncementSigsState::NotSent => 0u8.write(writer),
5945 AnnouncementSigsState::MessageSent => 0u8.write(writer),
5946 AnnouncementSigsState::Committed => 0u8.write(writer),
5947 AnnouncementSigsState::PeerReceived => 1u8.write(writer),
5952 impl Readable for AnnouncementSigsState {
5953 fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
5954 Ok(match <u8 as Readable>::read(reader)? {
5955 0 => AnnouncementSigsState::NotSent,
5956 1 => AnnouncementSigsState::PeerReceived,
5957 _ => return Err(DecodeError::InvalidValue),
5962 impl<Signer: Sign> Writeable for Channel<Signer> {
5963 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
5964 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
5967 write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
5969 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
5970 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
5971 // the low bytes now and the optional high bytes later.
5972 let user_id_low = self.user_id as u64;
5973 user_id_low.write(writer)?;
5975 // Version 1 deserializers expected to read parts of the config object here. Version 2
5976 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
5977 // `minimum_depth` we simply write dummy values here.
5978 writer.write_all(&[0; 8])?;
5980 self.channel_id.write(writer)?;
5981 (self.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
5982 self.channel_value_satoshis.write(writer)?;
5984 self.latest_monitor_update_id.write(writer)?;
5986 let mut key_data = VecWriter(Vec::new());
5987 self.holder_signer.write(&mut key_data)?;
5988 assert!(key_data.0.len() < core::usize::MAX);
5989 assert!(key_data.0.len() < core::u32::MAX as usize);
5990 (key_data.0.len() as u32).write(writer)?;
5991 writer.write_all(&key_data.0[..])?;
5993 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
5994 // deserialized from that format.
5995 match self.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
5996 Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
5997 None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
5999 self.destination_script.write(writer)?;
6001 self.cur_holder_commitment_transaction_number.write(writer)?;
6002 self.cur_counterparty_commitment_transaction_number.write(writer)?;
6003 self.value_to_self_msat.write(writer)?;
6005 let mut dropped_inbound_htlcs = 0;
6006 for htlc in self.pending_inbound_htlcs.iter() {
6007 if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
6008 dropped_inbound_htlcs += 1;
6011 (self.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
6012 for htlc in self.pending_inbound_htlcs.iter() {
6013 if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
6016 htlc.htlc_id.write(writer)?;
6017 htlc.amount_msat.write(writer)?;
6018 htlc.cltv_expiry.write(writer)?;
6019 htlc.payment_hash.write(writer)?;
6021 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
6022 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
6024 htlc_state.write(writer)?;
6026 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
6028 htlc_state.write(writer)?;
6030 &InboundHTLCState::Committed => {
6033 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
6035 removal_reason.write(writer)?;
6040 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
6042 (self.pending_outbound_htlcs.len() as u64).write(writer)?;
6043 for htlc in self.pending_outbound_htlcs.iter() {
6044 htlc.htlc_id.write(writer)?;
6045 htlc.amount_msat.write(writer)?;
6046 htlc.cltv_expiry.write(writer)?;
6047 htlc.payment_hash.write(writer)?;
6048 htlc.source.write(writer)?;
6050 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
6052 onion_packet.write(writer)?;
6054 &OutboundHTLCState::Committed => {
6057 &OutboundHTLCState::RemoteRemoved(_) => {
6058 // Treat this as a Committed because we haven't received the CS - they'll
6059 // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
6062 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
6064 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6065 preimages.push(preimage);
6067 let reason: Option<&HTLCFailReason> = outcome.into();
6068 reason.write(writer)?;
6070 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
6072 if let OutboundHTLCOutcome::Success(preimage) = outcome {
6073 preimages.push(preimage);
6075 let reason: Option<&HTLCFailReason> = outcome.into();
6076 reason.write(writer)?;
6081 (self.holding_cell_htlc_updates.len() as u64).write(writer)?;
6082 for update in self.holding_cell_htlc_updates.iter() {
6084 &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet } => {
6086 amount_msat.write(writer)?;
6087 cltv_expiry.write(writer)?;
6088 payment_hash.write(writer)?;
6089 source.write(writer)?;
6090 onion_routing_packet.write(writer)?;
6092 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
6094 payment_preimage.write(writer)?;
6095 htlc_id.write(writer)?;
6097 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
6099 htlc_id.write(writer)?;
6100 err_packet.write(writer)?;
6105 match self.resend_order {
6106 RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
6107 RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
6110 self.monitor_pending_channel_ready.write(writer)?;
6111 self.monitor_pending_revoke_and_ack.write(writer)?;
6112 self.monitor_pending_commitment_signed.write(writer)?;
6114 (self.monitor_pending_forwards.len() as u64).write(writer)?;
6115 for &(ref pending_forward, ref htlc_id) in self.monitor_pending_forwards.iter() {
6116 pending_forward.write(writer)?;
6117 htlc_id.write(writer)?;
6120 (self.monitor_pending_failures.len() as u64).write(writer)?;
6121 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.monitor_pending_failures.iter() {
6122 htlc_source.write(writer)?;
6123 payment_hash.write(writer)?;
6124 fail_reason.write(writer)?;
6127 if self.is_outbound() {
6128 self.pending_update_fee.map(|(a, _)| a).write(writer)?;
6129 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.pending_update_fee {
6130 Some(feerate).write(writer)?;
6132 // As for inbound HTLCs, if the update was only announced and never committed in a
6133 // commitment_signed, drop it.
6134 None::<u32>.write(writer)?;
6136 self.holding_cell_update_fee.write(writer)?;
6138 self.next_holder_htlc_id.write(writer)?;
6139 (self.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
6140 self.update_time_counter.write(writer)?;
6141 self.feerate_per_kw.write(writer)?;
6143 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6144 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6145 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6146 // consider the stale state on reload.
6149 self.funding_tx_confirmed_in.write(writer)?;
6150 self.funding_tx_confirmation_height.write(writer)?;
6151 self.short_channel_id.write(writer)?;
6153 self.counterparty_dust_limit_satoshis.write(writer)?;
6154 self.holder_dust_limit_satoshis.write(writer)?;
6155 self.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
6157 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6158 self.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
6160 self.counterparty_htlc_minimum_msat.write(writer)?;
6161 self.holder_htlc_minimum_msat.write(writer)?;
6162 self.counterparty_max_accepted_htlcs.write(writer)?;
6164 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
6165 self.minimum_depth.unwrap_or(0).write(writer)?;
6167 match &self.counterparty_forwarding_info {
6170 info.fee_base_msat.write(writer)?;
6171 info.fee_proportional_millionths.write(writer)?;
6172 info.cltv_expiry_delta.write(writer)?;
6174 None => 0u8.write(writer)?
6177 self.channel_transaction_parameters.write(writer)?;
6178 self.funding_transaction.write(writer)?;
6180 self.counterparty_cur_commitment_point.write(writer)?;
6181 self.counterparty_prev_commitment_point.write(writer)?;
6182 self.counterparty_node_id.write(writer)?;
6184 self.counterparty_shutdown_scriptpubkey.write(writer)?;
6186 self.commitment_secrets.write(writer)?;
6188 self.channel_update_status.write(writer)?;
6190 #[cfg(any(test, fuzzing))]
6191 (self.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
6192 #[cfg(any(test, fuzzing))]
6193 for htlc in self.historical_inbound_htlc_fulfills.iter() {
6194 htlc.write(writer)?;
6197 // If the channel type is something other than only-static-remote-key, then we need to have
6198 // older clients fail to deserialize this channel at all. If the type is
6199 // only-static-remote-key, we simply consider it "default" and don't write the channel type
6201 let chan_type = if self.channel_type != ChannelTypeFeatures::only_static_remote_key() {
6202 Some(&self.channel_type) } else { None };
6204 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
6205 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
6206 // a different percentage of the channel value then 10%, which older versions of LDK used
6207 // to set it to before the percentage was made configurable.
6208 let serialized_holder_selected_reserve =
6209 if self.holder_selected_channel_reserve_satoshis != Self::get_legacy_default_holder_selected_channel_reserve_satoshis(self.channel_value_satoshis)
6210 { Some(self.holder_selected_channel_reserve_satoshis) } else { None };
6212 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
6213 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
6214 let serialized_holder_htlc_max_in_flight =
6215 if self.holder_max_htlc_value_in_flight_msat != Self::get_holder_max_htlc_value_in_flight_msat(self.channel_value_satoshis, &old_max_in_flight_percent_config)
6216 { Some(self.holder_max_htlc_value_in_flight_msat) } else { None };
6218 let channel_ready_event_emitted = Some(self.channel_ready_event_emitted);
6220 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6221 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
6222 // we write the high bytes as an option here.
6223 let user_id_high_opt = Some((self.user_id >> 64) as u64);
6225 write_tlv_fields!(writer, {
6226 (0, self.announcement_sigs, option),
6227 // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
6228 // default value instead of being Option<>al. Thus, to maintain compatibility we write
6229 // them twice, once with their original default values above, and once as an option
6230 // here. On the read side, old versions will simply ignore the odd-type entries here,
6231 // and new versions map the default values to None and allow the TLV entries here to
6233 (1, self.minimum_depth, option),
6234 (2, chan_type, option),
6235 (3, self.counterparty_selected_channel_reserve_satoshis, option),
6236 (4, serialized_holder_selected_reserve, option),
6237 (5, self.config, required),
6238 (6, serialized_holder_htlc_max_in_flight, option),
6239 (7, self.shutdown_scriptpubkey, option),
6240 (9, self.target_closing_feerate_sats_per_kw, option),
6241 (11, self.monitor_pending_finalized_fulfills, vec_type),
6242 (13, self.channel_creation_height, required),
6243 (15, preimages, vec_type),
6244 (17, self.announcement_sigs_state, required),
6245 (19, self.latest_inbound_scid_alias, option),
6246 (21, self.outbound_scid_alias, required),
6247 (23, channel_ready_event_emitted, option),
6248 (25, user_id_high_opt, option),
6255 const MAX_ALLOC_SIZE: usize = 64*1024;
6256 impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInterface>::Signer>
6257 where K::Target: KeysInterface {
6258 fn read<R : io::Read>(reader: &mut R, args: (&'a K, u32)) -> Result<Self, DecodeError> {
6259 let (keys_source, serialized_height) = args;
6260 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
6262 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
6263 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
6264 // the low bytes now and the high bytes later.
6265 let user_id_low: u64 = Readable::read(reader)?;
6267 let mut config = Some(LegacyChannelConfig::default());
6269 // Read the old serialization of the ChannelConfig from version 0.0.98.
6270 config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
6271 config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
6272 config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
6273 config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
6275 // Read the 8 bytes of backwards-compatibility ChannelConfig data.
6276 let mut _val: u64 = Readable::read(reader)?;
6279 let channel_id = Readable::read(reader)?;
6280 let channel_state = Readable::read(reader)?;
6281 let channel_value_satoshis = Readable::read(reader)?;
6283 let latest_monitor_update_id = Readable::read(reader)?;
6285 let keys_len: u32 = Readable::read(reader)?;
6286 let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
6287 while keys_data.len() != keys_len as usize {
6288 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6289 let mut data = [0; 1024];
6290 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
6291 reader.read_exact(read_slice)?;
6292 keys_data.extend_from_slice(read_slice);
6294 let holder_signer = keys_source.read_chan_signer(&keys_data)?;
6296 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
6297 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
6298 Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
6301 let destination_script = Readable::read(reader)?;
6303 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
6304 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
6305 let value_to_self_msat = Readable::read(reader)?;
6307 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
6308 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
6309 for _ in 0..pending_inbound_htlc_count {
6310 pending_inbound_htlcs.push(InboundHTLCOutput {
6311 htlc_id: Readable::read(reader)?,
6312 amount_msat: Readable::read(reader)?,
6313 cltv_expiry: Readable::read(reader)?,
6314 payment_hash: Readable::read(reader)?,
6315 state: match <u8 as Readable>::read(reader)? {
6316 1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
6317 2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
6318 3 => InboundHTLCState::Committed,
6319 4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
6320 _ => return Err(DecodeError::InvalidValue),
6325 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
6326 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
6327 for _ in 0..pending_outbound_htlc_count {
6328 pending_outbound_htlcs.push(OutboundHTLCOutput {
6329 htlc_id: Readable::read(reader)?,
6330 amount_msat: Readable::read(reader)?,
6331 cltv_expiry: Readable::read(reader)?,
6332 payment_hash: Readable::read(reader)?,
6333 source: Readable::read(reader)?,
6334 state: match <u8 as Readable>::read(reader)? {
6335 0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
6336 1 => OutboundHTLCState::Committed,
6338 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6339 OutboundHTLCState::RemoteRemoved(option.into())
6342 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6343 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
6346 let option: Option<HTLCFailReason> = Readable::read(reader)?;
6347 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
6349 _ => return Err(DecodeError::InvalidValue),
6354 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
6355 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, OUR_MAX_HTLCS as usize*2));
6356 for _ in 0..holding_cell_htlc_update_count {
6357 holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
6358 0 => HTLCUpdateAwaitingACK::AddHTLC {
6359 amount_msat: Readable::read(reader)?,
6360 cltv_expiry: Readable::read(reader)?,
6361 payment_hash: Readable::read(reader)?,
6362 source: Readable::read(reader)?,
6363 onion_routing_packet: Readable::read(reader)?,
6365 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
6366 payment_preimage: Readable::read(reader)?,
6367 htlc_id: Readable::read(reader)?,
6369 2 => HTLCUpdateAwaitingACK::FailHTLC {
6370 htlc_id: Readable::read(reader)?,
6371 err_packet: Readable::read(reader)?,
6373 _ => return Err(DecodeError::InvalidValue),
6377 let resend_order = match <u8 as Readable>::read(reader)? {
6378 0 => RAACommitmentOrder::CommitmentFirst,
6379 1 => RAACommitmentOrder::RevokeAndACKFirst,
6380 _ => return Err(DecodeError::InvalidValue),
6383 let monitor_pending_channel_ready = Readable::read(reader)?;
6384 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
6385 let monitor_pending_commitment_signed = Readable::read(reader)?;
6387 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
6388 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, OUR_MAX_HTLCS as usize));
6389 for _ in 0..monitor_pending_forwards_count {
6390 monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
6393 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
6394 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, OUR_MAX_HTLCS as usize));
6395 for _ in 0..monitor_pending_failures_count {
6396 monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
6399 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
6401 let holding_cell_update_fee = Readable::read(reader)?;
6403 let next_holder_htlc_id = Readable::read(reader)?;
6404 let next_counterparty_htlc_id = Readable::read(reader)?;
6405 let update_time_counter = Readable::read(reader)?;
6406 let feerate_per_kw = Readable::read(reader)?;
6408 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
6409 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
6410 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
6411 // consider the stale state on reload.
6412 match <u8 as Readable>::read(reader)? {
6415 let _: u32 = Readable::read(reader)?;
6416 let _: u64 = Readable::read(reader)?;
6417 let _: Signature = Readable::read(reader)?;
6419 _ => return Err(DecodeError::InvalidValue),
6422 let funding_tx_confirmed_in = Readable::read(reader)?;
6423 let funding_tx_confirmation_height = Readable::read(reader)?;
6424 let short_channel_id = Readable::read(reader)?;
6426 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
6427 let holder_dust_limit_satoshis = Readable::read(reader)?;
6428 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
6429 let mut counterparty_selected_channel_reserve_satoshis = None;
6431 // Read the old serialization from version 0.0.98.
6432 counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
6434 // Read the 8 bytes of backwards-compatibility data.
6435 let _dummy: u64 = Readable::read(reader)?;
6437 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
6438 let holder_htlc_minimum_msat = Readable::read(reader)?;
6439 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
6441 let mut minimum_depth = None;
6443 // Read the old serialization from version 0.0.98.
6444 minimum_depth = Some(Readable::read(reader)?);
6446 // Read the 4 bytes of backwards-compatibility data.
6447 let _dummy: u32 = Readable::read(reader)?;
6450 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
6452 1 => Some(CounterpartyForwardingInfo {
6453 fee_base_msat: Readable::read(reader)?,
6454 fee_proportional_millionths: Readable::read(reader)?,
6455 cltv_expiry_delta: Readable::read(reader)?,
6457 _ => return Err(DecodeError::InvalidValue),
6460 let channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
6461 let funding_transaction = Readable::read(reader)?;
6463 let counterparty_cur_commitment_point = Readable::read(reader)?;
6465 let counterparty_prev_commitment_point = Readable::read(reader)?;
6466 let counterparty_node_id = Readable::read(reader)?;
6468 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
6469 let commitment_secrets = Readable::read(reader)?;
6471 let channel_update_status = Readable::read(reader)?;
6473 #[cfg(any(test, fuzzing))]
6474 let mut historical_inbound_htlc_fulfills = HashSet::new();
6475 #[cfg(any(test, fuzzing))]
6477 let htlc_fulfills_len: u64 = Readable::read(reader)?;
6478 for _ in 0..htlc_fulfills_len {
6479 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
6483 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
6484 Some((feerate, if channel_parameters.is_outbound_from_holder {
6485 FeeUpdateState::Outbound
6487 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
6493 let mut announcement_sigs = None;
6494 let mut target_closing_feerate_sats_per_kw = None;
6495 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
6496 let mut holder_selected_channel_reserve_satoshis = Some(Self::get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
6497 let mut holder_max_htlc_value_in_flight_msat = Some(Self::get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
6498 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
6499 // only, so we default to that if none was written.
6500 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
6501 let mut channel_creation_height = Some(serialized_height);
6502 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
6504 // If we read an old Channel, for simplicity we just treat it as "we never sent an
6505 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
6506 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
6507 let mut latest_inbound_scid_alias = None;
6508 let mut outbound_scid_alias = None;
6509 let mut channel_ready_event_emitted = None;
6511 let mut user_id_high_opt: Option<u64> = None;
6513 read_tlv_fields!(reader, {
6514 (0, announcement_sigs, option),
6515 (1, minimum_depth, option),
6516 (2, channel_type, option),
6517 (3, counterparty_selected_channel_reserve_satoshis, option),
6518 (4, holder_selected_channel_reserve_satoshis, option),
6519 (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
6520 (6, holder_max_htlc_value_in_flight_msat, option),
6521 (7, shutdown_scriptpubkey, option),
6522 (9, target_closing_feerate_sats_per_kw, option),
6523 (11, monitor_pending_finalized_fulfills, vec_type),
6524 (13, channel_creation_height, option),
6525 (15, preimages_opt, vec_type),
6526 (17, announcement_sigs_state, option),
6527 (19, latest_inbound_scid_alias, option),
6528 (21, outbound_scid_alias, option),
6529 (23, channel_ready_event_emitted, option),
6530 (25, user_id_high_opt, option),
6533 if let Some(preimages) = preimages_opt {
6534 let mut iter = preimages.into_iter();
6535 for htlc in pending_outbound_htlcs.iter_mut() {
6537 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
6538 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
6540 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
6541 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
6546 // We expect all preimages to be consumed above
6547 if iter.next().is_some() {
6548 return Err(DecodeError::InvalidValue);
6552 let chan_features = channel_type.as_ref().unwrap();
6553 if chan_features.supports_unknown_bits() || chan_features.requires_unknown_bits() {
6554 // If the channel was written by a new version and negotiated with features we don't
6555 // understand yet, refuse to read it.
6556 return Err(DecodeError::UnknownRequiredFeature);
6559 if channel_parameters.opt_anchors.is_some() {
6560 // Relax this check when ChannelTypeFeatures supports anchors.
6561 return Err(DecodeError::InvalidValue);
6564 let mut secp_ctx = Secp256k1::new();
6565 secp_ctx.seeded_randomize(&keys_source.get_secure_random_bytes());
6567 // `user_id` used to be a single u64 value. In order to remain backwards
6568 // compatible with versions prior to 0.0.113, the u128 is serialized as two
6569 // separate u64 values.
6570 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
6575 config: config.unwrap(),
6579 // Note that we don't care about serializing handshake limits as we only ever serialize
6580 // channel data after the handshake has completed.
6581 inbound_handshake_limits_override: None,
6585 announcement_sigs_state: announcement_sigs_state.unwrap(),
6587 channel_value_satoshis,
6589 latest_monitor_update_id,
6592 shutdown_scriptpubkey,
6595 cur_holder_commitment_transaction_number,
6596 cur_counterparty_commitment_transaction_number,
6599 pending_inbound_htlcs,
6600 pending_outbound_htlcs,
6601 holding_cell_htlc_updates,
6605 monitor_pending_channel_ready,
6606 monitor_pending_revoke_and_ack,
6607 monitor_pending_commitment_signed,
6608 monitor_pending_forwards,
6609 monitor_pending_failures,
6610 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
6613 holding_cell_update_fee,
6614 next_holder_htlc_id,
6615 next_counterparty_htlc_id,
6616 update_time_counter,
6619 #[cfg(debug_assertions)]
6620 holder_max_commitment_tx_output: Mutex::new((0, 0)),
6621 #[cfg(debug_assertions)]
6622 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
6624 last_sent_closing_fee: None,
6625 pending_counterparty_closing_signed: None,
6626 closing_fee_limits: None,
6627 target_closing_feerate_sats_per_kw,
6629 inbound_awaiting_accept: false,
6631 funding_tx_confirmed_in,
6632 funding_tx_confirmation_height,
6634 channel_creation_height: channel_creation_height.unwrap(),
6636 counterparty_dust_limit_satoshis,
6637 holder_dust_limit_satoshis,
6638 counterparty_max_htlc_value_in_flight_msat,
6639 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
6640 counterparty_selected_channel_reserve_satoshis,
6641 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
6642 counterparty_htlc_minimum_msat,
6643 holder_htlc_minimum_msat,
6644 counterparty_max_accepted_htlcs,
6647 counterparty_forwarding_info,
6649 channel_transaction_parameters: channel_parameters,
6650 funding_transaction,
6652 counterparty_cur_commitment_point,
6653 counterparty_prev_commitment_point,
6654 counterparty_node_id,
6656 counterparty_shutdown_scriptpubkey,
6660 channel_update_status,
6661 closing_signed_in_flight: false,
6665 #[cfg(any(test, fuzzing))]
6666 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
6667 #[cfg(any(test, fuzzing))]
6668 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
6670 workaround_lnd_bug_4006: None,
6672 latest_inbound_scid_alias,
6673 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
6674 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
6676 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
6678 #[cfg(any(test, fuzzing))]
6679 historical_inbound_htlc_fulfills,
6681 channel_type: channel_type.unwrap(),
6689 use bitcoin::blockdata::script::{Script, Builder};
6690 use bitcoin::blockdata::transaction::{Transaction, TxOut};
6691 use bitcoin::blockdata::constants::genesis_block;
6692 use bitcoin::blockdata::opcodes;
6693 use bitcoin::network::constants::Network;
6695 use crate::ln::PaymentHash;
6696 use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
6697 use crate::ln::channel::{Channel, InboundHTLCOutput, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator};
6698 use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
6699 use crate::ln::features::ChannelTypeFeatures;
6700 use crate::ln::msgs::{ChannelUpdate, DataLossProtect, DecodeError, OptionalField, UnsignedChannelUpdate, MAX_VALUE_MSAT};
6701 use crate::ln::script::ShutdownScript;
6702 use crate::ln::chan_utils;
6703 use crate::ln::chan_utils::{htlc_success_tx_weight, htlc_timeout_tx_weight};
6704 use crate::chain::BestBlock;
6705 use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
6706 use crate::chain::keysinterface::{InMemorySigner, Recipient, KeyMaterial, KeysInterface};
6707 use crate::chain::transaction::OutPoint;
6708 use crate::util::config::UserConfig;
6709 use crate::util::enforcing_trait_impls::EnforcingSigner;
6710 use crate::util::errors::APIError;
6711 use crate::util::test_utils;
6712 use crate::util::test_utils::OnGetShutdownScriptpubkey;
6713 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature, Scalar};
6714 use bitcoin::secp256k1::ffi::Signature as FFISignature;
6715 use bitcoin::secp256k1::{SecretKey,PublicKey};
6716 use bitcoin::secp256k1::ecdh::SharedSecret;
6717 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
6718 use bitcoin::hashes::sha256::Hash as Sha256;
6719 use bitcoin::hashes::Hash;
6720 use bitcoin::hash_types::WPubkeyHash;
6721 use bitcoin::bech32::u5;
6722 use bitcoin::PackedLockTime;
6723 use bitcoin::util::address::WitnessVersion;
6724 use crate::prelude::*;
6726 struct TestFeeEstimator {
6729 impl FeeEstimator for TestFeeEstimator {
6730 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
6736 fn test_max_funding_satoshis_no_wumbo() {
6737 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
6738 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
6739 "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
6743 fn test_no_fee_check_overflow() {
6744 // Previously, calling `check_remote_fee` with a fee of 0xffffffff would overflow in
6745 // arithmetic, causing a panic with debug assertions enabled.
6746 let fee_est = TestFeeEstimator { fee_est: 42 };
6747 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
6748 assert!(Channel::<InMemorySigner>::check_remote_fee(&bounded_fee_estimator, u32::max_value()).is_err());
6752 signer: InMemorySigner,
6754 impl KeysInterface for Keys {
6755 type Signer = InMemorySigner;
6757 fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { panic!(); }
6758 fn ecdh(&self, _recipient: Recipient, _other_key: &PublicKey, _tweak: Option<&Scalar>) -> Result<SharedSecret, ()> { panic!(); }
6759 fn get_inbound_payment_key_material(&self) -> KeyMaterial { panic!(); }
6760 fn get_destination_script(&self) -> Script {
6761 let secp_ctx = Secp256k1::signing_only();
6762 let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
6763 let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
6764 Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&channel_monitor_claim_key_hash[..]).into_script()
6767 fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {
6768 let secp_ctx = Secp256k1::signing_only();
6769 let channel_close_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
6770 ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key))
6773 fn get_channel_signer(&self, _inbound: bool, _channel_value_satoshis: u64) -> InMemorySigner {
6776 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
6777 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::Signer, DecodeError> { panic!(); }
6778 fn sign_invoice(&self, _hrp_bytes: &[u8], _invoice_data: &[u5], _recipient: Recipient) -> Result<RecoverableSignature, ()> { panic!(); }
6781 #[cfg(not(feature = "grind_signatures"))]
6782 fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
6783 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode(hex).unwrap()[..]).unwrap())
6787 fn upfront_shutdown_script_incompatibility() {
6788 let features = channelmanager::provided_init_features().clear_shutdown_anysegwit();
6789 let non_v0_segwit_shutdown_script =
6790 ShutdownScript::new_witness_program(WitnessVersion::V16, &[0, 40]).unwrap();
6792 let seed = [42; 32];
6793 let network = Network::Testnet;
6794 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6795 keys_provider.expect(OnGetShutdownScriptpubkey {
6796 returns: non_v0_segwit_shutdown_script.clone(),
6799 let secp_ctx = Secp256k1::new();
6800 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6801 let config = UserConfig::default();
6802 match Channel::<EnforcingSigner>::new_outbound(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42) {
6803 Err(APIError::IncompatibleShutdownScript { script }) => {
6804 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
6806 Err(e) => panic!("Unexpected error: {:?}", e),
6807 Ok(_) => panic!("Expected error"),
6811 // Check that, during channel creation, we use the same feerate in the open channel message
6812 // as we do in the Channel object creation itself.
6814 fn test_open_channel_msg_fee() {
6815 let original_fee = 253;
6816 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
6817 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
6818 let secp_ctx = Secp256k1::new();
6819 let seed = [42; 32];
6820 let network = Network::Testnet;
6821 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6823 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6824 let config = UserConfig::default();
6825 let node_a_chan = Channel::<EnforcingSigner>::new_outbound(&bounded_fee_estimator, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6827 // Now change the fee so we can check that the fee in the open_channel message is the
6828 // same as the old fee.
6829 fee_est.fee_est = 500;
6830 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
6831 assert_eq!(open_channel_msg.feerate_per_kw, original_fee);
6835 fn test_holder_vs_counterparty_dust_limit() {
6836 // Test that when calculating the local and remote commitment transaction fees, the correct
6837 // dust limits are used.
6838 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
6839 let secp_ctx = Secp256k1::new();
6840 let seed = [42; 32];
6841 let network = Network::Testnet;
6842 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6843 let logger = test_utils::TestLogger::new();
6845 // Go through the flow of opening a channel between two nodes, making sure
6846 // they have different dust limits.
6848 // Create Node A's channel pointing to Node B's pubkey
6849 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6850 let config = UserConfig::default();
6851 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6853 // Create Node B's channel by receiving Node A's open_channel message
6854 // Make sure A's dust limit is as we expect.
6855 let open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
6856 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
6857 let mut node_b_chan = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
6859 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
6860 let mut accept_channel_msg = node_b_chan.accept_inbound_channel(0);
6861 accept_channel_msg.dust_limit_satoshis = 546;
6862 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features()).unwrap();
6863 node_a_chan.holder_dust_limit_satoshis = 1560;
6865 // Put some inbound and outbound HTLCs in A's channel.
6866 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
6867 node_a_chan.pending_inbound_htlcs.push(InboundHTLCOutput {
6869 amount_msat: htlc_amount_msat,
6870 payment_hash: PaymentHash(Sha256::hash(&[42; 32]).into_inner()),
6871 cltv_expiry: 300000000,
6872 state: InboundHTLCState::Committed,
6875 node_a_chan.pending_outbound_htlcs.push(OutboundHTLCOutput {
6877 amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
6878 payment_hash: PaymentHash(Sha256::hash(&[43; 32]).into_inner()),
6879 cltv_expiry: 200000000,
6880 state: OutboundHTLCState::Committed,
6881 source: HTLCSource::OutboundRoute {
6883 session_priv: SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
6884 first_hop_htlc_msat: 548,
6885 payment_id: PaymentId([42; 32]),
6886 payment_secret: None,
6887 payment_params: None,
6891 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
6892 // the dust limit check.
6893 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
6894 let local_commit_tx_fee = node_a_chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6895 let local_commit_fee_0_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(node_a_chan.feerate_per_kw, 0, node_a_chan.opt_anchors());
6896 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
6898 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
6899 // of the HTLCs are seen to be above the dust limit.
6900 node_a_chan.channel_transaction_parameters.is_outbound_from_holder = false;
6901 let remote_commit_fee_3_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(node_a_chan.feerate_per_kw, 3, node_a_chan.opt_anchors());
6902 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
6903 let remote_commit_tx_fee = node_a_chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
6904 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
6908 fn test_timeout_vs_success_htlc_dust_limit() {
6909 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
6910 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
6911 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
6912 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
6913 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
6914 let secp_ctx = Secp256k1::new();
6915 let seed = [42; 32];
6916 let network = Network::Testnet;
6917 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6919 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6920 let config = UserConfig::default();
6921 let mut chan = Channel::<EnforcingSigner>::new_outbound(&fee_est, &&keys_provider, node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6923 let commitment_tx_fee_0_htlcs = Channel::<EnforcingSigner>::commit_tx_fee_msat(chan.feerate_per_kw, 0, chan.opt_anchors());
6924 let commitment_tx_fee_1_htlc = Channel::<EnforcingSigner>::commit_tx_fee_msat(chan.feerate_per_kw, 1, chan.opt_anchors());
6926 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
6927 // counted as dust when it shouldn't be.
6928 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.opt_anchors()) / 1000) + chan.holder_dust_limit_satoshis + 1) * 1000;
6929 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
6930 let commitment_tx_fee = chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6931 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
6933 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
6934 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.opt_anchors()) / 1000) + chan.holder_dust_limit_satoshis - 1) * 1000;
6935 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
6936 let commitment_tx_fee = chan.next_local_commit_tx_fee_msat(htlc_candidate, None);
6937 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
6939 chan.channel_transaction_parameters.is_outbound_from_holder = false;
6941 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
6942 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.opt_anchors()) / 1000) + chan.counterparty_dust_limit_satoshis + 1) * 1000;
6943 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
6944 let commitment_tx_fee = chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
6945 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
6947 // If swapped: this HTLC would be counted as dust when it shouldn't be.
6948 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.opt_anchors()) / 1000) + chan.counterparty_dust_limit_satoshis - 1) * 1000;
6949 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
6950 let commitment_tx_fee = chan.next_remote_commit_tx_fee_msat(htlc_candidate, None);
6951 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
6955 fn channel_reestablish_no_updates() {
6956 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
6957 let logger = test_utils::TestLogger::new();
6958 let secp_ctx = Secp256k1::new();
6959 let seed = [42; 32];
6960 let network = Network::Testnet;
6961 let best_block = BestBlock::from_genesis(network);
6962 let chain_hash = best_block.block_hash();
6963 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
6965 // Go through the flow of opening a channel between two nodes.
6967 // Create Node A's channel pointing to Node B's pubkey
6968 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
6969 let config = UserConfig::default();
6970 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
6972 // Create Node B's channel by receiving Node A's open_channel message
6973 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
6974 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
6975 let mut node_b_chan = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42).unwrap();
6977 // Node B --> Node A: accept channel
6978 let accept_channel_msg = node_b_chan.accept_inbound_channel(0);
6979 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features()).unwrap();
6981 // Node A --> Node B: funding created
6982 let output_script = node_a_chan.get_funding_redeemscript();
6983 let tx = Transaction { version: 1, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: vec![TxOut {
6984 value: 10000000, script_pubkey: output_script.clone(),
6986 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
6987 let funding_created_msg = node_a_chan.get_outbound_funding_created(tx.clone(), funding_outpoint, &&logger).unwrap();
6988 let (funding_signed_msg, _, _) = node_b_chan.funding_created(&funding_created_msg, best_block, &&logger).unwrap();
6990 // Node B --> Node A: funding signed
6991 let _ = node_a_chan.funding_signed(&funding_signed_msg, best_block, &&logger);
6993 // Now disconnect the two nodes and check that the commitment point in
6994 // Node B's channel_reestablish message is sane.
6995 node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
6996 let msg = node_b_chan.get_channel_reestablish(&&logger);
6997 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
6998 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
6999 match msg.data_loss_protect {
7000 OptionalField::Present(DataLossProtect { your_last_per_commitment_secret, .. }) => {
7001 assert_eq!(your_last_per_commitment_secret, [0; 32]);
7006 // Check that the commitment point in Node A's channel_reestablish message
7008 node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger);
7009 let msg = node_a_chan.get_channel_reestablish(&&logger);
7010 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
7011 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
7012 match msg.data_loss_protect {
7013 OptionalField::Present(DataLossProtect { your_last_per_commitment_secret, .. }) => {
7014 assert_eq!(your_last_per_commitment_secret, [0; 32]);
7021 fn test_configured_holder_max_htlc_value_in_flight() {
7022 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7023 let logger = test_utils::TestLogger::new();
7024 let secp_ctx = Secp256k1::new();
7025 let seed = [42; 32];
7026 let network = Network::Testnet;
7027 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7028 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7029 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7031 let mut config_2_percent = UserConfig::default();
7032 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
7033 let mut config_99_percent = UserConfig::default();
7034 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
7035 let mut config_0_percent = UserConfig::default();
7036 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
7037 let mut config_101_percent = UserConfig::default();
7038 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
7040 // Test that `new_outbound` creates a channel with the correct value for
7041 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7042 // which is set to the lower bound + 1 (2%) of the `channel_value`.
7043 let chan_1 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_2_percent, 0, 42).unwrap();
7044 let chan_1_value_msat = chan_1.channel_value_satoshis * 1000;
7045 assert_eq!(chan_1.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
7047 // Test with the upper bound - 1 of valid values (99%).
7048 let chan_2 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_99_percent, 0, 42).unwrap();
7049 let chan_2_value_msat = chan_2.channel_value_satoshis * 1000;
7050 assert_eq!(chan_2.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
7052 let chan_1_open_channel_msg = chan_1.get_open_channel(genesis_block(network).header.block_hash());
7054 // Test that `new_from_req` creates a channel with the correct value for
7055 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
7056 // which is set to the lower bound - 1 (2%) of the `channel_value`.
7057 let chan_3 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, 42).unwrap();
7058 let chan_3_value_msat = chan_3.channel_value_satoshis * 1000;
7059 assert_eq!(chan_3.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
7061 // Test with the upper bound - 1 of valid values (99%).
7062 let chan_4 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, 42).unwrap();
7063 let chan_4_value_msat = chan_4.channel_value_satoshis * 1000;
7064 assert_eq!(chan_4.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
7066 // Test that `new_outbound` uses the lower bound of the configurable percentage values (1%)
7067 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7068 let chan_5 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_0_percent, 0, 42).unwrap();
7069 let chan_5_value_msat = chan_5.channel_value_satoshis * 1000;
7070 assert_eq!(chan_5.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
7072 // Test that `new_outbound` uses the upper bound of the configurable percentage values
7073 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7075 let chan_6 = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config_101_percent, 0, 42).unwrap();
7076 let chan_6_value_msat = chan_6.channel_value_satoshis * 1000;
7077 assert_eq!(chan_6.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
7079 // Test that `new_from_req` uses the lower bound of the configurable percentage values (1%)
7080 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
7081 let chan_7 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, 42).unwrap();
7082 let chan_7_value_msat = chan_7.channel_value_satoshis * 1000;
7083 assert_eq!(chan_7.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
7085 // Test that `new_from_req` uses the upper bound of the configurable percentage values
7086 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
7088 let chan_8 = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, 42).unwrap();
7089 let chan_8_value_msat = chan_8.channel_value_satoshis * 1000;
7090 assert_eq!(chan_8.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
7094 fn test_configured_holder_selected_channel_reserve_satoshis() {
7096 // Test that `new_outbound` and `new_from_req` create a channel with the correct
7097 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
7098 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
7100 // Test with valid but unreasonably high channel reserves
7101 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
7102 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
7103 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
7105 // Test with calculated channel reserve less than lower bound
7106 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
7107 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
7109 // Test with invalid channel reserves since sum of both is greater than or equal
7111 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
7112 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
7115 fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
7116 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
7117 let logger = test_utils::TestLogger::new();
7118 let secp_ctx = Secp256k1::new();
7119 let seed = [42; 32];
7120 let network = Network::Testnet;
7121 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7122 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7123 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7126 let mut outbound_node_config = UserConfig::default();
7127 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7128 let chan = Channel::<EnforcingSigner>::new_outbound(&&fee_est, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42).unwrap();
7130 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
7131 assert_eq!(chan.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
7133 let chan_open_channel_msg = chan.get_open_channel(genesis_block(network).header.block_hash());
7134 let mut inbound_node_config = UserConfig::default();
7135 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
7137 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
7138 let chan_inbound_node = Channel::<EnforcingSigner>::new_from_req(&&fee_est, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42).unwrap();
7140 let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
7142 assert_eq!(chan_inbound_node.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
7143 assert_eq!(chan_inbound_node.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
7145 // Channel Negotiations failed
7146 let result = Channel::<EnforcingSigner>::new_from_req(&&fee_est, &&keys_provider, inbound_node_id, &channelmanager::provided_init_features(), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, 42);
7147 assert!(result.is_err());
7152 fn channel_update() {
7153 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7154 let secp_ctx = Secp256k1::new();
7155 let seed = [42; 32];
7156 let network = Network::Testnet;
7157 let chain_hash = genesis_block(network).header.block_hash();
7158 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7160 // Create a channel.
7161 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7162 let config = UserConfig::default();
7163 let mut node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
7164 assert!(node_a_chan.counterparty_forwarding_info.is_none());
7165 assert_eq!(node_a_chan.holder_htlc_minimum_msat, 1); // the default
7166 assert!(node_a_chan.counterparty_forwarding_info().is_none());
7168 // Make sure that receiving a channel update will update the Channel as expected.
7169 let update = ChannelUpdate {
7170 contents: UnsignedChannelUpdate {
7172 short_channel_id: 0,
7175 cltv_expiry_delta: 100,
7176 htlc_minimum_msat: 5,
7177 htlc_maximum_msat: MAX_VALUE_MSAT,
7179 fee_proportional_millionths: 11,
7180 excess_data: Vec::new(),
7182 signature: Signature::from(unsafe { FFISignature::new() })
7184 node_a_chan.channel_update(&update).unwrap();
7186 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
7187 // change our official htlc_minimum_msat.
7188 assert_eq!(node_a_chan.holder_htlc_minimum_msat, 1);
7189 match node_a_chan.counterparty_forwarding_info() {
7191 assert_eq!(info.cltv_expiry_delta, 100);
7192 assert_eq!(info.fee_base_msat, 110);
7193 assert_eq!(info.fee_proportional_millionths, 11);
7195 None => panic!("expected counterparty forwarding info to be Some")
7199 #[cfg(not(feature = "grind_signatures"))]
7201 fn outbound_commitment_test() {
7202 use bitcoin::util::sighash;
7203 use bitcoin::consensus::encode::serialize;
7204 use bitcoin::blockdata::transaction::EcdsaSighashType;
7205 use bitcoin::hashes::hex::FromHex;
7206 use bitcoin::hash_types::Txid;
7207 use bitcoin::secp256k1::Message;
7208 use crate::chain::keysinterface::BaseSign;
7209 use crate::ln::PaymentPreimage;
7210 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
7211 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
7212 use crate::util::logger::Logger;
7213 use crate::sync::Arc;
7215 // Test vectors from BOLT 3 Appendices C and F (anchors):
7216 let feeest = TestFeeEstimator{fee_est: 15000};
7217 let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
7218 let secp_ctx = Secp256k1::new();
7220 let mut signer = InMemorySigner::new(
7222 SecretKey::from_slice(&hex::decode("4242424242424242424242424242424242424242424242424242424242424242").unwrap()[..]).unwrap(),
7223 SecretKey::from_slice(&hex::decode("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
7224 SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
7225 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
7226 SecretKey::from_slice(&hex::decode("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
7227 SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
7229 // These aren't set in the test vectors:
7230 [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
7235 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
7236 hex::decode("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
7237 let keys_provider = Keys { signer: signer.clone() };
7239 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7240 let mut config = UserConfig::default();
7241 config.channel_handshake_config.announced_channel = false;
7242 let mut chan = Channel::<InMemorySigner>::new_outbound(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(), 10_000_000, 100000, 42, &config, 0, 42).unwrap(); // Nothing uses their network key in this test
7243 chan.holder_dust_limit_satoshis = 546;
7244 chan.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
7246 let funding_info = OutPoint{ txid: Txid::from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
7248 let counterparty_pubkeys = ChannelPublicKeys {
7249 funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
7250 revocation_basepoint: PublicKey::from_slice(&hex::decode("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap(),
7251 payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
7252 delayed_payment_basepoint: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
7253 htlc_basepoint: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444")
7255 chan.channel_transaction_parameters.counterparty_parameters = Some(
7256 CounterpartyChannelTransactionParameters {
7257 pubkeys: counterparty_pubkeys.clone(),
7258 selected_contest_delay: 144
7260 chan.channel_transaction_parameters.funding_outpoint = Some(funding_info);
7261 signer.ready_channel(&chan.channel_transaction_parameters);
7263 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
7264 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
7266 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
7267 hex::decode("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
7269 assert_eq!(counterparty_pubkeys.htlc_basepoint.serialize()[..],
7270 hex::decode("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
7272 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
7273 // derived from a commitment_seed, so instead we copy it here and call
7274 // build_commitment_transaction.
7275 let delayed_payment_base = &chan.holder_signer.pubkeys().delayed_payment_basepoint;
7276 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
7277 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
7278 let htlc_basepoint = &chan.holder_signer.pubkeys().htlc_basepoint;
7279 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint).unwrap();
7281 macro_rules! test_commitment {
7282 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
7283 chan.channel_transaction_parameters.opt_anchors = None;
7284 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, false, $($remain)*);
7288 macro_rules! test_commitment_with_anchors {
7289 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
7290 chan.channel_transaction_parameters.opt_anchors = Some(());
7291 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, true, $($remain)*);
7295 macro_rules! test_commitment_common {
7296 ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
7297 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
7299 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
7300 let mut commitment_stats = chan.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
7302 let htlcs = commitment_stats.htlcs_included.drain(..)
7303 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
7305 (commitment_stats.tx, htlcs)
7307 let trusted_tx = commitment_tx.trust();
7308 let unsigned_tx = trusted_tx.built_transaction();
7309 let redeemscript = chan.get_funding_redeemscript();
7310 let counterparty_signature = Signature::from_der(&hex::decode($counterparty_sig_hex).unwrap()[..]).unwrap();
7311 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.channel_value_satoshis);
7312 log_trace!(logger, "unsigned_tx = {}", hex::encode(serialize(&unsigned_tx.transaction)));
7313 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
7315 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
7316 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
7317 let mut counterparty_htlc_sigs = Vec::new();
7318 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
7320 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
7321 per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
7322 counterparty_htlc_sigs.push(remote_signature);
7324 assert_eq!(htlcs.len(), per_htlc.len());
7326 let holder_commitment_tx = HolderCommitmentTransaction::new(
7327 commitment_tx.clone(),
7328 counterparty_signature,
7329 counterparty_htlc_sigs,
7330 &chan.holder_signer.pubkeys().funding_pubkey,
7331 chan.counterparty_funding_pubkey()
7333 let (holder_sig, htlc_sigs) = signer.sign_holder_commitment_and_htlcs(&holder_commitment_tx, &secp_ctx).unwrap();
7334 assert_eq!(Signature::from_der(&hex::decode($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
7336 let funding_redeemscript = chan.get_funding_redeemscript();
7337 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
7338 assert_eq!(serialize(&tx)[..], hex::decode($tx_hex).unwrap()[..], "tx");
7340 // ((htlc, counterparty_sig), (index, holder_sig))
7341 let mut htlc_sig_iter = holder_commitment_tx.htlcs().iter().zip(&holder_commitment_tx.counterparty_htlc_sigs).zip(htlc_sigs.iter().enumerate());
7344 log_trace!(logger, "verifying htlc {}", $htlc_idx);
7345 let remote_signature = Signature::from_der(&hex::decode($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
7347 let ref htlc = htlcs[$htlc_idx];
7348 let htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.feerate_per_kw,
7349 chan.get_counterparty_selected_contest_delay().unwrap(),
7350 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
7351 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
7352 let htlc_sighashtype = if $opt_anchors { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
7353 let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
7354 assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key).is_ok(), "verify counterparty htlc sig");
7356 let mut preimage: Option<PaymentPreimage> = None;
7359 let out = PaymentHash(Sha256::hash(&[i; 32]).into_inner());
7360 if out == htlc.payment_hash {
7361 preimage = Some(PaymentPreimage([i; 32]));
7365 assert!(preimage.is_some());
7368 let htlc_sig = htlc_sig_iter.next().unwrap();
7369 let num_anchors = if $opt_anchors { 2 } else { 0 };
7370 assert_eq!((htlc_sig.0).0.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
7372 let signature = Signature::from_der(&hex::decode($htlc_sig_hex).unwrap()[..]).unwrap();
7373 assert_eq!(signature, *(htlc_sig.1).1, "htlc sig");
7374 let index = (htlc_sig.1).0;
7375 let channel_parameters = chan.channel_transaction_parameters.as_holder_broadcastable();
7376 let trusted_tx = holder_commitment_tx.trust();
7377 log_trace!(logger, "htlc_tx = {}", hex::encode(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))));
7378 assert_eq!(serialize(&trusted_tx.get_signed_htlc_tx(&channel_parameters, index, &(htlc_sig.0).1, (htlc_sig.1).1, &preimage))[..],
7379 hex::decode($htlc_tx_hex).unwrap()[..], "htlc tx");
7381 assert!(htlc_sig_iter.next().is_none());
7385 // simple commitment tx with no HTLCs
7386 chan.value_to_self_msat = 7000000000;
7388 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
7389 "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
7390 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7392 // anchors: simple commitment tx with no HTLCs
7393 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
7394 "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
7395 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7397 chan.pending_inbound_htlcs.push({
7398 let mut out = InboundHTLCOutput{
7400 amount_msat: 1000000,
7402 payment_hash: PaymentHash([0; 32]),
7403 state: InboundHTLCState::Committed,
7405 out.payment_hash.0 = Sha256::hash(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).into_inner();
7408 chan.pending_inbound_htlcs.push({
7409 let mut out = InboundHTLCOutput{
7411 amount_msat: 2000000,
7413 payment_hash: PaymentHash([0; 32]),
7414 state: InboundHTLCState::Committed,
7416 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
7419 chan.pending_outbound_htlcs.push({
7420 let mut out = OutboundHTLCOutput{
7422 amount_msat: 2000000,
7424 payment_hash: PaymentHash([0; 32]),
7425 state: OutboundHTLCState::Committed,
7426 source: HTLCSource::dummy(),
7428 out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
7431 chan.pending_outbound_htlcs.push({
7432 let mut out = OutboundHTLCOutput{
7434 amount_msat: 3000000,
7436 payment_hash: PaymentHash([0; 32]),
7437 state: OutboundHTLCState::Committed,
7438 source: HTLCSource::dummy(),
7440 out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
7443 chan.pending_inbound_htlcs.push({
7444 let mut out = InboundHTLCOutput{
7446 amount_msat: 4000000,
7448 payment_hash: PaymentHash([0; 32]),
7449 state: InboundHTLCState::Committed,
7451 out.payment_hash.0 = Sha256::hash(&hex::decode("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).into_inner();
7455 // commitment tx with all five HTLCs untrimmed (minimum feerate)
7456 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7457 chan.feerate_per_kw = 0;
7459 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
7460 "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
7461 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7464 "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
7465 "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
7466 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
7469 "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
7470 "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
7471 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7474 "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
7475 "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
7476 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7479 "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
7480 "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
7481 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7484 "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
7485 "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
7486 "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7489 // commitment tx with seven outputs untrimmed (maximum feerate)
7490 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7491 chan.feerate_per_kw = 647;
7493 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
7494 "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
7495 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7498 "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
7499 "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
7500 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
7503 "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
7504 "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
7505 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7508 "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
7509 "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
7510 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7513 "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
7514 "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
7515 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7518 "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
7519 "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
7520 "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7523 // commitment tx with six outputs untrimmed (minimum feerate)
7524 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7525 chan.feerate_per_kw = 648;
7527 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
7528 "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
7529 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7532 "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
7533 "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
7534 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7537 "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
7538 "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
7539 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7542 "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
7543 "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
7544 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7547 "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
7548 "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
7549 "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7552 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
7553 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7554 chan.feerate_per_kw = 645;
7555 chan.holder_dust_limit_satoshis = 1001;
7557 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
7558 "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
7559 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7562 "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
7563 "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
7564 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
7567 "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
7568 "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
7569 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
7572 "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
7573 "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
7574 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
7577 "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
7578 "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
7579 "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7582 // commitment tx with six outputs untrimmed (maximum feerate)
7583 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7584 chan.feerate_per_kw = 2069;
7585 chan.holder_dust_limit_satoshis = 546;
7587 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
7588 "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
7589 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7592 "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
7593 "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
7594 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7597 "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
7598 "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
7599 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7602 "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
7603 "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
7604 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7607 "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
7608 "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
7609 "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7612 // commitment tx with five outputs untrimmed (minimum feerate)
7613 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7614 chan.feerate_per_kw = 2070;
7616 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
7617 "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
7618 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7621 "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
7622 "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
7623 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7626 "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
7627 "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
7628 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7631 "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
7632 "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
7633 "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7636 // commitment tx with five outputs untrimmed (maximum feerate)
7637 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7638 chan.feerate_per_kw = 2194;
7640 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
7641 "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
7642 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7645 "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
7646 "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
7647 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
7650 "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
7651 "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
7652 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7655 "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
7656 "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
7657 "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7660 // commitment tx with four outputs untrimmed (minimum feerate)
7661 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7662 chan.feerate_per_kw = 2195;
7664 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
7665 "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
7666 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7669 "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
7670 "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
7671 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7674 "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
7675 "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
7676 "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7679 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
7680 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7681 chan.feerate_per_kw = 2185;
7682 chan.holder_dust_limit_satoshis = 2001;
7684 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
7685 "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
7686 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7689 "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
7690 "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
7691 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
7694 "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
7695 "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
7696 "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7699 // commitment tx with four outputs untrimmed (maximum feerate)
7700 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7701 chan.feerate_per_kw = 3702;
7702 chan.holder_dust_limit_satoshis = 546;
7704 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
7705 "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
7706 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7709 "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
7710 "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
7711 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
7714 "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
7715 "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
7716 "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7719 // commitment tx with three outputs untrimmed (minimum feerate)
7720 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7721 chan.feerate_per_kw = 3703;
7723 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
7724 "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
7725 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7728 "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
7729 "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
7730 "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7733 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
7734 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7735 chan.feerate_per_kw = 3687;
7736 chan.holder_dust_limit_satoshis = 3001;
7738 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
7739 "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
7740 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7743 "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
7744 "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
7745 "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
7748 // commitment tx with three outputs untrimmed (maximum feerate)
7749 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7750 chan.feerate_per_kw = 4914;
7751 chan.holder_dust_limit_satoshis = 546;
7753 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
7754 "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
7755 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7758 "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
7759 "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
7760 "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
7763 // commitment tx with two outputs untrimmed (minimum feerate)
7764 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7765 chan.feerate_per_kw = 4915;
7766 chan.holder_dust_limit_satoshis = 546;
7768 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
7769 "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
7770 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7772 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
7773 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7774 chan.feerate_per_kw = 4894;
7775 chan.holder_dust_limit_satoshis = 4001;
7777 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
7778 "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
7779 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7781 // commitment tx with two outputs untrimmed (maximum feerate)
7782 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7783 chan.feerate_per_kw = 9651180;
7784 chan.holder_dust_limit_satoshis = 546;
7786 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
7787 "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
7788 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7790 // commitment tx with one output untrimmed (minimum feerate)
7791 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7792 chan.feerate_per_kw = 9651181;
7794 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
7795 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
7796 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7798 // anchors: commitment tx with one output untrimmed (minimum dust limit)
7799 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7800 chan.feerate_per_kw = 6216010;
7801 chan.holder_dust_limit_satoshis = 4001;
7803 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
7804 "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
7805 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7807 // commitment tx with fee greater than funder amount
7808 chan.value_to_self_msat = 6993000000; // 7000000000 - 7000000
7809 chan.feerate_per_kw = 9651936;
7810 chan.holder_dust_limit_satoshis = 546;
7812 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
7813 "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
7814 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
7816 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
7817 chan.value_to_self_msat = 7_000_000_000 - 2_000_000;
7818 chan.feerate_per_kw = 253;
7819 chan.pending_inbound_htlcs.clear();
7820 chan.pending_inbound_htlcs.push({
7821 let mut out = InboundHTLCOutput{
7823 amount_msat: 2000000,
7825 payment_hash: PaymentHash([0; 32]),
7826 state: InboundHTLCState::Committed,
7828 out.payment_hash.0 = Sha256::hash(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).into_inner();
7831 chan.pending_outbound_htlcs.clear();
7832 chan.pending_outbound_htlcs.push({
7833 let mut out = OutboundHTLCOutput{
7835 amount_msat: 5000000,
7837 payment_hash: PaymentHash([0; 32]),
7838 state: OutboundHTLCState::Committed,
7839 source: HTLCSource::dummy(),
7841 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
7844 chan.pending_outbound_htlcs.push({
7845 let mut out = OutboundHTLCOutput{
7847 amount_msat: 5000000,
7849 payment_hash: PaymentHash([0; 32]),
7850 state: OutboundHTLCState::Committed,
7851 source: HTLCSource::dummy(),
7853 out.payment_hash.0 = Sha256::hash(&hex::decode("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).into_inner();
7857 test_commitment!("30440220048705bec5288d28b3f29344b8d124853b1af423a568664d2c6f02c8ea886525022060f998a461052a2476b912db426ea2a06700953a241135c7957f2e79bc222df9",
7858 "3045022100c4f1d60b6fca9febc8b39de1a31e84c5f7c4b41c97239ef05f4350aa484c6b5e02200c5134ac8b20eb7a29d0dd4a501f6aa8fefb8489171f4cb408bd2a32324ab03f",
7859 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a79f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c4f1d60b6fca9febc8b39de1a31e84c5f7c4b41c97239ef05f4350aa484c6b5e02200c5134ac8b20eb7a29d0dd4a501f6aa8fefb8489171f4cb408bd2a32324ab03f014730440220048705bec5288d28b3f29344b8d124853b1af423a568664d2c6f02c8ea886525022060f998a461052a2476b912db426ea2a06700953a241135c7957f2e79bc222df901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7862 "304502210081cbb94121761d34c189cd4e6a281feea6f585060ad0ba2632e8d6b3c6bb8a6c02201007981bbd16539d63df2805b5568f1f5688cd2a885d04706f50db9b77ba13c6",
7863 "304502210090ed76aeb21b53236a598968abc66e2024691d07b62f53ddbeca8f93144af9c602205f873af5a0c10e62690e9aba09740550f194a9dc455ba4c1c23f6cde7704674c",
7864 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc34000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050048304502210081cbb94121761d34c189cd4e6a281feea6f585060ad0ba2632e8d6b3c6bb8a6c02201007981bbd16539d63df2805b5568f1f5688cd2a885d04706f50db9b77ba13c60148304502210090ed76aeb21b53236a598968abc66e2024691d07b62f53ddbeca8f93144af9c602205f873af5a0c10e62690e9aba09740550f194a9dc455ba4c1c23f6cde7704674c012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
7866 "304402201d0f09d2bf7bc245a4f17980e1e9164290df16c70c6a2ff1592f5030d6108581022061e744a7dc151b36bf0aff7a4f1812ba90b8b03633bb979a270d19858fd960c5",
7867 "30450221009aef000d2e843a4202c1b1a2bf554abc9a7902bf49b2cb0759bc507456b7ebad02204e7c3d193ede2fd2b4cd6b39f51a920e581e35575e357e44d7b699c40ce61d39",
7868 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc3401000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402201d0f09d2bf7bc245a4f17980e1e9164290df16c70c6a2ff1592f5030d6108581022061e744a7dc151b36bf0aff7a4f1812ba90b8b03633bb979a270d19858fd960c5014830450221009aef000d2e843a4202c1b1a2bf554abc9a7902bf49b2cb0759bc507456b7ebad02204e7c3d193ede2fd2b4cd6b39f51a920e581e35575e357e44d7b699c40ce61d3901008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
7870 "30440220010bf035d5823596e50dce2076a4d9f942d8d28031c9c428b901a02b6b8140de02203250e8e4a08bc5b4ecdca4d0eedf98223e02e3ac1c0206b3a7ffdb374aa21e5f",
7871 "30440220073de0067b88e425b3018b30366bfeda0ccb703118ccd3d02ead08c0f53511d002203fac50ac0e4cf8a3af0b4b1b12e801650591f748f8ddf1e089c160f10b69e511",
7872 "0200000000010189a326e23addc28323dbadcb4e71c2c17088b6e8fa184103e552f44075dddc3402000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220010bf035d5823596e50dce2076a4d9f942d8d28031c9c428b901a02b6b8140de02203250e8e4a08bc5b4ecdca4d0eedf98223e02e3ac1c0206b3a7ffdb374aa21e5f014730440220073de0067b88e425b3018b30366bfeda0ccb703118ccd3d02ead08c0f53511d002203fac50ac0e4cf8a3af0b4b1b12e801650591f748f8ddf1e089c160f10b69e51101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
7875 test_commitment_with_anchors!("3045022100c592f6b80d35b4f5d1e3bc9788f51141a0065be6013bad53a1977f7c444651660220278ac06ead9016bfb8dc476f186eabace2b02793b2f308442f5b0d5f24a68948",
7876 "3045022100c37ac4fc8538677631230c4b286f36b6f54c51fb4b34ef0bd0ba219ba47452630220278e09a745454ea380f3694392ed113762c68dd209b48360f547541088be9e45",
7877 "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aae9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c37ac4fc8538677631230c4b286f36b6f54c51fb4b34ef0bd0ba219ba47452630220278e09a745454ea380f3694392ed113762c68dd209b48360f547541088be9e4501483045022100c592f6b80d35b4f5d1e3bc9788f51141a0065be6013bad53a1977f7c444651660220278ac06ead9016bfb8dc476f186eabace2b02793b2f308442f5b0d5f24a6894801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
7880 "3045022100de8a0649d54fd2e4fc04502c77df9b65da839bbd01854f818f129338b99564b2022009528dbb12c00e874cb2149b1dccc600c69ea5e4042ebf584984fcb029c2d1ec",
7881 "304402203e7c2622fa3ca29355d37a0ea991bfd7cdb54e6122a1d98d3229d092131f55cd022055263f7f8f32f4cd2f86da63ca106bd7badf0b19ee9833d80cd3b9216eeafd74",
7882 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe2902000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100de8a0649d54fd2e4fc04502c77df9b65da839bbd01854f818f129338b99564b2022009528dbb12c00e874cb2149b1dccc600c69ea5e4042ebf584984fcb029c2d1ec8347304402203e7c2622fa3ca29355d37a0ea991bfd7cdb54e6122a1d98d3229d092131f55cd022055263f7f8f32f4cd2f86da63ca106bd7badf0b19ee9833d80cd3b9216eeafd74012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
7884 "3045022100de6eee8474376ea316d007b33103b4543a46bdf6fda5cbd5902b28a5bc14584f022002989e7b4f7813b77acbe4babcf96d7ffbbe0bf14cba24672364f8e591479edb",
7885 "3045022100c10688346a9d84647bde7027da07f0d79c6d4129307e4c6c9aea7bdbf25ac3350220269104209793c32c47491698c4e46ebea9c3293a1e4403f9abda39f79698f6b5",
7886 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe290300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100de6eee8474376ea316d007b33103b4543a46bdf6fda5cbd5902b28a5bc14584f022002989e7b4f7813b77acbe4babcf96d7ffbbe0bf14cba24672364f8e591479edb83483045022100c10688346a9d84647bde7027da07f0d79c6d4129307e4c6c9aea7bdbf25ac3350220269104209793c32c47491698c4e46ebea9c3293a1e4403f9abda39f79698f6b501008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
7888 "3045022100fe87da8124ceecbcabb9d599c5339f40277c7c7406514fafbccbf180c7c09cf40220429c7fb6d0fd3705e931ab1219ab0432af38ae4d676008cc1964fbeb8cd35d2e",
7889 "3044022040ac769a851da31d8e4863e5f94719204f716c82a1ce6d6c52193d9a33b84bce022035df97b078ce80f20dca2109e4c6075af0b50148811452e7290e68b2680fced4",
7890 "02000000000101aa443fb63abc1e8c754f98a7b96c27cb02b21d891d1242a16b630dc32c2afe290400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fe87da8124ceecbcabb9d599c5339f40277c7c7406514fafbccbf180c7c09cf40220429c7fb6d0fd3705e931ab1219ab0432af38ae4d676008cc1964fbeb8cd35d2e83473044022040ac769a851da31d8e4863e5f94719204f716c82a1ce6d6c52193d9a33b84bce022035df97b078ce80f20dca2109e4c6075af0b50148811452e7290e68b2680fced401008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
7895 fn test_per_commitment_secret_gen() {
7896 // Test vectors from BOLT 3 Appendix D:
7898 let mut seed = [0; 32];
7899 seed[0..32].clone_from_slice(&hex::decode("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
7900 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
7901 hex::decode("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
7903 seed[0..32].clone_from_slice(&hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
7904 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
7905 hex::decode("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
7907 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
7908 hex::decode("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
7910 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
7911 hex::decode("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
7913 seed[0..32].clone_from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
7914 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
7915 hex::decode("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
7919 fn test_key_derivation() {
7920 // Test vectors from BOLT 3 Appendix E:
7921 let secp_ctx = Secp256k1::new();
7923 let base_secret = SecretKey::from_slice(&hex::decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
7924 let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
7926 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
7927 assert_eq!(base_point.serialize()[..], hex::decode("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
7929 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
7930 assert_eq!(per_commitment_point.serialize()[..], hex::decode("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
7932 assert_eq!(chan_utils::derive_public_key(&secp_ctx, &per_commitment_point, &base_point).unwrap().serialize()[..],
7933 hex::decode("0235f2dbfaa89b57ec7b055afe29849ef7ddfeb1cefdb9ebdc43f5494984db29e5").unwrap()[..]);
7935 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret).unwrap(),
7936 SecretKey::from_slice(&hex::decode("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
7938 assert_eq!(chan_utils::derive_public_revocation_key(&secp_ctx, &per_commitment_point, &base_point).unwrap().serialize()[..],
7939 hex::decode("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
7941 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret).unwrap(),
7942 SecretKey::from_slice(&hex::decode("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
7946 fn test_zero_conf_channel_type_support() {
7947 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
7948 let secp_ctx = Secp256k1::new();
7949 let seed = [42; 32];
7950 let network = Network::Testnet;
7951 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
7952 let logger = test_utils::TestLogger::new();
7954 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
7955 let config = UserConfig::default();
7956 let node_a_chan = Channel::<EnforcingSigner>::new_outbound(&feeest, &&keys_provider,
7957 node_b_node_id, &channelmanager::provided_init_features(), 10000000, 100000, 42, &config, 0, 42).unwrap();
7959 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
7960 channel_type_features.set_zero_conf_required();
7962 let mut open_channel_msg = node_a_chan.get_open_channel(genesis_block(network).header.block_hash());
7963 open_channel_msg.channel_type = Some(channel_type_features);
7964 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
7965 let res = Channel::<EnforcingSigner>::new_from_req(&feeest, &&keys_provider,
7966 node_b_node_id, &channelmanager::provided_init_features(), &open_channel_msg, 7, &config, 0, &&logger, 42);
7967 assert!(res.is_ok());
projects / rust-lightning / blob