- log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, 0);
- let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, tx.output[0].value, self.counterparty_commitment_params.on_counterparty_tx_csv);
- let justice_package = PackageTemplate::build_package(htlc_txid, 0, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height);
- let claimable_outpoints = vec!(justice_package);
- let outputs = vec![(0, tx.output[0].clone())];
- (claimable_outpoints, Some((htlc_txid, outputs)))
+ let htlc_txid = tx.txid();
+ let mut claimable_outpoints = vec![];
+ let mut outputs_to_watch = None;
+ // Previously, we would only claim HTLCs from revoked HTLC transactions if they had 1 input
+ // with a witness of 5 elements and 1 output. This wasn't enough for anchor outputs, as the
+ // counterparty can now aggregate multiple HTLCs into a single transaction thanks to
+ // `SIGHASH_SINGLE` remote signatures, leading us to not claim any HTLCs upon seeing a
+ // confirmed revoked HTLC transaction (for more details, see
+ // https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-April/003561.html).
+ //
+ // We make sure we're not vulnerable to this case by checking all inputs of the transaction,
+ // and claim those which spend the commitment transaction, have a witness of 5 elements, and
+ // have a corresponding output at the same index within the transaction.
+ for (idx, input) in tx.input.iter().enumerate() {
+ if input.previous_output.txid == *commitment_txid && input.witness.len() == 5 && tx.output.get(idx).is_some() {
+ log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, idx);
+ let revk_outp = RevokedOutput::build(
+ per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key,
+ self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key,
+ tx.output[idx].value, self.counterparty_commitment_params.on_counterparty_tx_csv
+ );
+ let justice_package = PackageTemplate::build_package(
+ htlc_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp),
+ height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height
+ );
+ claimable_outpoints.push(justice_package);
+ if outputs_to_watch.is_none() {
+ outputs_to_watch = Some((htlc_txid, vec![]));
+ }
+ outputs_to_watch.as_mut().unwrap().1.push((idx as u32, tx.output[idx].clone()));
+ }
+ }
+ (claimable_outpoints, outputs_to_watch)