- } else if (self.channel_state & (ChannelState::ChannelFunded as u32) != 0 &&
- // Note that funding_signed/funding_created will have decremented both by 1!
- self.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
- self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1) ||
- // If we reconnected before sending our funding locked they may still resend theirs:
- (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) ==
- (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32)) {
- if self.counterparty_cur_commitment_point != Some(msg.next_per_commitment_point) {
+ } else if self.channel_state & (ChannelState::ChannelFunded as u32) != 0 ||
+ // If we reconnected before sending our funding locked they may still resend theirs:
+ (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) ==
+ (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32))
+ {
+ // They probably disconnected/reconnected and re-sent the funding_locked, which is
+ // required, or they're sending a fresh SCID alias.
+ let expected_point =
+ if self.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
+ // If they haven't ever sent an updated point, the point they send should match
+ // the current one.
+ self.counterparty_cur_commitment_point
+ } else {
+ // If they have sent updated points, funding_locked is always supposed to match
+ // their "first" point, which we re-derive here.
+ Some(PublicKey::from_secret_key(&self.secp_ctx, &SecretKey::from_slice(
+ &self.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
+ ).expect("We already advanced, so previous secret keys should have been validated already")))
+ };
+ if expected_point != Some(msg.next_per_commitment_point) {