Make ChannelMonitor always clonable

[rust-lightning] / lightning / src / chain / channelmonitor.rs

diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs
index e0f19f39d4761f415fb7370ba25802b3285325d0..1284553e74c4438876adfae913c2fc7519a57b69 100644 (file)
--- a/lightning/src/chain/channelmonitor.rs
+++ b/lightning/src/chain/channelmonitor.rs
@@ -71,6 +71,15 @@ use crate::sync::{Mutex, LockTestExt};
 #[must_use]
 pub struct ChannelMonitorUpdate {
        pub(crate) updates: Vec<ChannelMonitorUpdateStep>,
+       /// Historically, [`ChannelMonitor`]s didn't know their counterparty node id. However,
+       /// `ChannelManager` really wants to know it so that it can easily look up the corresponding
+       /// channel. For now, this results in a temporary map in `ChannelManager` to look up channels
+       /// by only the funding outpoint.
+       ///
+       /// To eventually remove that, we repeat the counterparty node id here so that we can upgrade
+       /// `ChannelMonitor`s to become aware of the counterparty node id if they were generated prior
+       /// to when it was stored directly in them.
+       pub(crate) counterparty_node_id: Option<PublicKey>,
        /// The sequence number of this update. Updates *must* be replayed in-order according to this
        /// sequence number (and updates may panic if they are not). The update_id values are strictly
        /// increasing and increase by one for each new update, with two exceptions specified below.
@@ -107,7 +116,9 @@ impl Writeable for ChannelMonitorUpdate {
                for update_step in self.updates.iter() {
                        update_step.write(w)?;
                }
-               write_tlv_fields!(w, {});
+               write_tlv_fields!(w, {
+                       (1, self.counterparty_node_id, option),
+               });
                Ok(())
        }
 }
@@ -122,8 +133,11 @@ impl Readable for ChannelMonitorUpdate {
                                updates.push(upd);
                        }
                }
-               read_tlv_fields!(r, {});
-               Ok(Self { update_id, updates })
+               let mut counterparty_node_id = None;
+               read_tlv_fields!(r, {
+                       (1, counterparty_node_id, option),
+               });
+               Ok(Self { update_id, counterparty_node_id, updates })
        }
 }
 
@@ -739,7 +753,7 @@ pub struct ChannelMonitor<Signer: WriteableEcdsaChannelSigner> {
        pub(super) inner: Mutex<ChannelMonitorImpl<Signer>>,
 }
 
-impl<Signer: WriteableEcdsaChannelSigner> Clone for ChannelMonitor<Signer> where Signer: Clone {
+impl<Signer: WriteableEcdsaChannelSigner> Clone for ChannelMonitor<Signer> {
        fn clone(&self) -> Self {
                let inner = self.inner.lock().unwrap().clone();
                ChannelMonitor::from_impl(inner)
@@ -1139,12 +1153,16 @@ impl<'a, L: Deref> Logger for WithChannelMonitor<'a, L> where L::Target: Logger
        }
 }
 
-impl<'a, 'b, L: Deref> WithChannelMonitor<'a, L> where L::Target: Logger {
-       pub(crate) fn from<S: WriteableEcdsaChannelSigner>(logger: &'a L, monitor: &'b ChannelMonitor<S>) -> Self {
+impl<'a, L: Deref> WithChannelMonitor<'a, L> where L::Target: Logger {
+       pub(crate) fn from<S: WriteableEcdsaChannelSigner>(logger: &'a L, monitor: &ChannelMonitor<S>) -> Self {
+               Self::from_impl(logger, &*monitor.inner.lock().unwrap())
+       }
+
+       pub(crate) fn from_impl<S: WriteableEcdsaChannelSigner>(logger: &'a L, monitor_impl: &ChannelMonitorImpl<S>) -> Self {
+               let peer_id = monitor_impl.counterparty_node_id;
+               let channel_id = Some(monitor_impl.funding_info.0.to_channel_id());
                WithChannelMonitor {
-                       logger,
-                       peer_id: monitor.get_counterparty_node_id(),
-                       channel_id: Some(monitor.get_funding_txo().0.to_channel_id()),
+                       logger, peer_id, channel_id,
                }
        }
 }
@@ -1282,9 +1300,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        )
        where L::Target: Logger
        {
-               self.inner.lock().unwrap().provide_initial_counterparty_commitment_tx(txid,
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.provide_initial_counterparty_commitment_tx(txid,
                        htlc_outputs, commitment_number, their_cur_per_commitment_point, feerate_per_kw,
-                       to_broadcaster_value_sat, to_countersignatory_value_sat, logger);
+                       to_broadcaster_value_sat, to_countersignatory_value_sat, &logger);
        }
 
        /// Informs this monitor of the latest counterparty (ie non-broadcastable) commitment transaction.
@@ -1300,8 +1320,10 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                their_per_commitment_point: PublicKey,
                logger: &L,
        ) where L::Target: Logger {
-               self.inner.lock().unwrap().provide_latest_counterparty_commitment_tx(
-                       txid, htlc_outputs, commitment_number, their_per_commitment_point, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.provide_latest_counterparty_commitment_tx(
+                       txid, htlc_outputs, commitment_number, their_per_commitment_point, &logger)
        }
 
        #[cfg(test)]
@@ -1326,8 +1348,10 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                F::Target: FeeEstimator,
                L::Target: Logger,
        {
-               self.inner.lock().unwrap().provide_payment_preimage(
-                       payment_hash, payment_preimage, broadcaster, fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.provide_payment_preimage(
+                       payment_hash, payment_preimage, broadcaster, fee_estimator, &logger)
        }
 
        /// Updates a ChannelMonitor on the basis of some new information provided by the Channel
@@ -1346,7 +1370,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                F::Target: FeeEstimator,
                L::Target: Logger,
        {
-               self.inner.lock().unwrap().update_monitor(updates, broadcaster, fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.update_monitor(updates, broadcaster, fee_estimator, &logger)
        }
 
        /// Gets the update_id from the latest ChannelMonitorUpdate which was applied to this
@@ -1370,15 +1396,22 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        /// Loads the funding txo and outputs to watch into the given `chain::Filter` by repeatedly
        /// calling `chain::Filter::register_output` and `chain::Filter::register_tx` until all outputs
        /// have been registered.
-       pub fn load_outputs_to_watch<F: Deref>(&self, filter: &F) where F::Target: chain::Filter {
+       pub fn load_outputs_to_watch<F: Deref, L: Deref>(&self, filter: &F, logger: &L) 
+       where 
+               F::Target: chain::Filter, L::Target: Logger,
+       {
                let lock = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*lock);
+               log_trace!(&logger, "Registering funding outpoint {}", &lock.get_funding_txo().0);
                filter.register_tx(&lock.get_funding_txo().0.txid, &lock.get_funding_txo().1);
                for (txid, outputs) in lock.get_outputs_to_watch().iter() {
                        for (index, script_pubkey) in outputs.iter() {
                                assert!(*index <= u16::max_value() as u32);
+                               let outpoint = OutPoint { txid: *txid, index: *index as u16 };
+                               log_trace!(logger, "Registering outpoint {} with the filter for monitoring spends", outpoint);
                                filter.register_output(WatchedOutput {
                                        block_hash: None,
-                                       outpoint: OutPoint { txid: *txid, index: *index as u16 },
+                                       outpoint,
                                        script_pubkey: script_pubkey.clone(),
                                });
                        }
@@ -1525,7 +1558,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
        pub fn get_latest_holder_commitment_txn<L: Deref>(&self, logger: &L) -> Vec<Transaction>
        where L::Target: Logger {
-               self.inner.lock().unwrap().get_latest_holder_commitment_txn(logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.get_latest_holder_commitment_txn(&logger)
        }
 
        /// Unsafe test-only version of get_latest_holder_commitment_txn used by our test framework
@@ -1534,7 +1569,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        #[cfg(any(test, feature = "unsafe_revoked_tx_signing"))]
        pub fn unsafe_get_latest_holder_commitment_txn<L: Deref>(&self, logger: &L) -> Vec<Transaction>
        where L::Target: Logger {
-               self.inner.lock().unwrap().unsafe_get_latest_holder_commitment_txn(logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.unsafe_get_latest_holder_commitment_txn(&logger)
        }
 
        /// Processes transactions in a newly connected block, which may result in any of the following:
@@ -1555,15 +1592,17 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: F,
-               logger: L,
+               logger: &L,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
                F::Target: FeeEstimator,
                L::Target: Logger,
        {
-               self.inner.lock().unwrap().block_connected(
-                       header, txdata, height, broadcaster, fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.block_connected(
+                       header, txdata, height, broadcaster, fee_estimator, &logger)
        }
 
        /// Determines if the disconnected block contained any transactions of interest and updates
@@ -1574,14 +1613,16 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: F,
-               logger: L,
+               logger: &L,
        ) where
                B::Target: BroadcasterInterface,
                F::Target: FeeEstimator,
                L::Target: Logger,
        {
-               self.inner.lock().unwrap().block_disconnected(
-                       header, height, broadcaster, fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.block_disconnected(
+                       header, height, broadcaster, fee_estimator, &logger)
        }
 
        /// Processes transactions confirmed in a block with the given header and height, returning new
@@ -1598,7 +1639,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: F,
-               logger: L,
+               logger: &L,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
@@ -1606,8 +1647,10 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                L::Target: Logger,
        {
                let bounded_fee_estimator = LowerBoundedFeeEstimator::new(fee_estimator);
-               self.inner.lock().unwrap().transactions_confirmed(
-                       header, txdata, height, broadcaster, &bounded_fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.transactions_confirmed(
+                       header, txdata, height, broadcaster, &bounded_fee_estimator, &logger)
        }
 
        /// Processes a transaction that was reorganized out of the chain.
@@ -1621,15 +1664,18 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                txid: &Txid,
                broadcaster: B,
                fee_estimator: F,
-               logger: L,
+               logger: &L,
        ) where
                B::Target: BroadcasterInterface,
                F::Target: FeeEstimator,
                L::Target: Logger,
        {
                let bounded_fee_estimator = LowerBoundedFeeEstimator::new(fee_estimator);
-               self.inner.lock().unwrap().transaction_unconfirmed(
-                       txid, broadcaster, &bounded_fee_estimator, logger);
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.transaction_unconfirmed(
+                       txid, broadcaster, &bounded_fee_estimator, &logger
+               );
        }
 
        /// Updates the monitor with the current best chain tip, returning new outputs to watch. See
@@ -1645,7 +1691,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: F,
-               logger: L,
+               logger: &L,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
@@ -1653,8 +1699,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
                L::Target: Logger,
        {
                let bounded_fee_estimator = LowerBoundedFeeEstimator::new(fee_estimator);
-               self.inner.lock().unwrap().best_block_updated(
-                       header, height, broadcaster, &bounded_fee_estimator, logger)
+               let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
+               inner.best_block_updated(
+                       header, height, broadcaster, &bounded_fee_estimator, &logger
+               )
        }
 
        /// Returns the set of txids that should be monitored for re-organization out of the chain.
@@ -1682,7 +1731,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        /// invoking this every 30 seconds, or lower if running in an environment with spotty
        /// connections, like on mobile.
        pub fn rebroadcast_pending_claims<B: Deref, F: Deref, L: Deref>(
-               &self, broadcaster: B, fee_estimator: F, logger: L,
+               &self, broadcaster: B, fee_estimator: F, logger: &L,
        )
        where
                B::Target: BroadcasterInterface,
@@ -1691,6 +1740,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitor<Signer> {
        {
                let fee_estimator = LowerBoundedFeeEstimator::new(fee_estimator);
                let mut inner = self.inner.lock().unwrap();
+               let logger = WithChannelMonitor::from_impl(logger, &*inner);
                let current_height = inner.best_block.height;
                inner.onchain_tx_handler.rebroadcast_pending_claims(
                        current_height, &broadcaster, &fee_estimator, &logger,
@@ -2255,7 +2305,7 @@ macro_rules! fail_unbroadcast_htlcs {
                                                        // broadcastable commitment transaction has the HTLC in it, but it
                                                        // cannot currently change after channel initialization, so we don't
                                                        // need to here.
-                                                       let confirmed_htlcs_iter: &mut Iterator<Item = (&HTLCOutputInCommitment, Option<&HTLCSource>)> = &mut $confirmed_htlcs_list;
+                                                       let confirmed_htlcs_iter: &mut dyn Iterator<Item = (&HTLCOutputInCommitment, Option<&HTLCSource>)> = &mut $confirmed_htlcs_list;
 
                                                        let mut matched_htlc = false;
                                                        for (ref broadcast_htlc, ref broadcast_source) in confirmed_htlcs_iter {
@@ -2399,13 +2449,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                Ok(())
        }
 
-       pub(crate) fn provide_initial_counterparty_commitment_tx<L: Deref>(
+       fn provide_initial_counterparty_commitment_tx<L: Deref>(
                &mut self, txid: Txid, htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>,
                commitment_number: u64, their_per_commitment_point: PublicKey, feerate_per_kw: u32,
-               to_broadcaster_value: u64, to_countersignatory_value: u64, logger: &L
-       )
-       where L::Target: Logger
-       {
+               to_broadcaster_value: u64, to_countersignatory_value: u64, logger: &WithChannelMonitor<L>,
+       ) where L::Target: Logger {
                self.initial_counterparty_commitment_info = Some((their_per_commitment_point.clone(),
                        feerate_per_kw, to_broadcaster_value, to_countersignatory_value));
 
@@ -2418,7 +2466,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                                their_per_commitment_point, logger);
        }
 
-       pub(crate) fn provide_latest_counterparty_commitment_tx<L: Deref>(&mut self, txid: Txid, htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>, commitment_number: u64, their_per_commitment_point: PublicKey, logger: &L) where L::Target: Logger {
+       fn provide_latest_counterparty_commitment_tx<L: Deref>(
+               &mut self, txid: Txid,
+               htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>,
+               commitment_number: u64, their_per_commitment_point: PublicKey, logger: &WithChannelMonitor<L>,
+       ) where L::Target: Logger {
                // TODO: Encrypt the htlc_outputs data with the single-hash of the commitment transaction
                // so that a remote monitor doesn't learn anything unless there is a malicious close.
                // (only maybe, sadly we cant do the same for local info, as we need to be aware of
@@ -2551,7 +2603,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
        /// commitment_tx_infos which contain the payment hash have been revoked.
        fn provide_payment_preimage<B: Deref, F: Deref, L: Deref>(
                &mut self, payment_hash: &PaymentHash, payment_preimage: &PaymentPreimage, broadcaster: &B,
-               fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
+               fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &WithChannelMonitor<L>)
        where B::Target: BroadcasterInterface,
                    F::Target: FeeEstimator,
                    L::Target: Logger,
@@ -2628,21 +2680,64 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                }
        }
 
-       pub(crate) fn broadcast_latest_holder_commitment_txn<B: Deref, L: Deref>(&mut self, broadcaster: &B, logger: &L)
-               where B::Target: BroadcasterInterface,
-                                       L::Target: Logger,
-       {
-               let commit_txs = self.get_latest_holder_commitment_txn(logger);
-               let mut txs = vec![];
-               for tx in commit_txs.iter() {
-                       log_info!(logger, "Broadcasting local {}", log_tx!(tx));
-                       txs.push(tx);
-               }
-               broadcaster.broadcast_transactions(&txs);
+       fn generate_claimable_outpoints_and_watch_outputs(&mut self) -> (Vec<PackageTemplate>, Vec<TransactionOutputs>) {
+               let funding_outp = HolderFundingOutput::build(
+                       self.funding_redeemscript.clone(),
+                       self.channel_value_satoshis,
+                       self.onchain_tx_handler.channel_type_features().clone()
+               );
+               let commitment_package = PackageTemplate::build_package(
+                       self.funding_info.0.txid.clone(), self.funding_info.0.index as u32,
+                       PackageSolvingData::HolderFundingOutput(funding_outp),
+                       self.best_block.height(), self.best_block.height()
+               );
+               let mut claimable_outpoints = vec![commitment_package];
                self.pending_monitor_events.push(MonitorEvent::HolderForceClosed(self.funding_info.0));
+               // Although we aren't signing the transaction directly here, the transaction will be signed
+               // in the claim that is queued to OnchainTxHandler. We set holder_tx_signed here to reject
+               // new channel updates.
+               self.holder_tx_signed = true;
+               let mut watch_outputs = Vec::new();
+               // We can't broadcast our HTLC transactions while the commitment transaction is
+               // unconfirmed. We'll delay doing so until we detect the confirmed commitment in
+               // `transactions_confirmed`.
+               if !self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
+                       // Because we're broadcasting a commitment transaction, we should construct the package
+                       // assuming it gets confirmed in the next block. Sadly, we have code which considers
+                       // "not yet confirmed" things as discardable, so we cannot do that here.
+                       let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(
+                               &self.current_holder_commitment_tx, self.best_block.height()
+                       );
+                       let unsigned_commitment_tx = self.onchain_tx_handler.get_unsigned_holder_commitment_tx();
+                       let new_outputs = self.get_broadcasted_holder_watch_outputs(
+                               &self.current_holder_commitment_tx, &unsigned_commitment_tx
+                       );
+                       if !new_outputs.is_empty() {
+                               watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs));
+                       }
+                       claimable_outpoints.append(&mut new_outpoints);
+               }
+               (claimable_outpoints, watch_outputs)
        }
 
-       pub fn update_monitor<B: Deref, F: Deref, L: Deref>(&mut self, updates: &ChannelMonitorUpdate, broadcaster: &B, fee_estimator: &F, logger: &L) -> Result<(), ()>
+       pub(crate) fn queue_latest_holder_commitment_txn_for_broadcast<B: Deref, F: Deref, L: Deref>(
+               &mut self, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &WithChannelMonitor<L>
+       )
+       where
+               B::Target: BroadcasterInterface,
+               F::Target: FeeEstimator,
+               L::Target: Logger,
+       {
+               let (claimable_outpoints, _) = self.generate_claimable_outpoints_and_watch_outputs();
+               self.onchain_tx_handler.update_claims_view_from_requests(
+                       claimable_outpoints, self.best_block.height(), self.best_block.height(), broadcaster,
+                       fee_estimator, logger
+               );
+       }
+
+       fn update_monitor<B: Deref, F: Deref, L: Deref>(
+               &mut self, updates: &ChannelMonitorUpdate, broadcaster: &B, fee_estimator: &F, logger: &WithChannelMonitor<L>
+       ) -> Result<(), ()>
        where B::Target: BroadcasterInterface,
                F::Target: FeeEstimator,
                L::Target: Logger,
@@ -2657,6 +2752,15 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                        log_info!(logger, "Applying update to monitor {}, bringing update_id from {} to {} with {} change(s).",
                                log_funding_info!(self), self.latest_update_id, updates.update_id, updates.updates.len());
                }
+
+               if updates.counterparty_node_id.is_some() {
+                       if self.counterparty_node_id.is_none() {
+                               self.counterparty_node_id = updates.counterparty_node_id;
+                       } else {
+                               debug_assert_eq!(self.counterparty_node_id, updates.counterparty_node_id);
+                       }
+               }
+
                // ChannelMonitor updates may be applied after force close if we receive a preimage for a
                // broadcasted commitment transaction HTLC output that we'd like to claim on-chain. If this
                // is the case, we no longer have guaranteed access to the monitor's update ID, so we use a
@@ -2727,26 +2831,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                                                        log_trace!(logger, "Avoiding commitment broadcast, already detected confirmed spend onchain");
                                                        continue;
                                                }
-                                               self.broadcast_latest_holder_commitment_txn(broadcaster, logger);
-                                               // If the channel supports anchor outputs, we'll need to emit an external
-                                               // event to be consumed such that a child transaction is broadcast with a
-                                               // high enough feerate for the parent commitment transaction to confirm.
-                                               if self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
-                                                       let funding_output = HolderFundingOutput::build(
-                                                               self.funding_redeemscript.clone(), self.channel_value_satoshis,
-                                                               self.onchain_tx_handler.channel_type_features().clone(),
-                                                       );
-                                                       let best_block_height = self.best_block.height();
-                                                       let commitment_package = PackageTemplate::build_package(
-                                                               self.funding_info.0.txid.clone(), self.funding_info.0.index as u32,
-                                                               PackageSolvingData::HolderFundingOutput(funding_output),
-                                                               best_block_height, best_block_height
-                                                       );
-                                                       self.onchain_tx_handler.update_claims_view_from_requests(
-                                                               vec![commitment_package], best_block_height, best_block_height,
-                                                               broadcaster, &bounded_fee_estimator, logger,
-                                                       );
-                                               }
+                                               self.queue_latest_holder_commitment_txn_for_broadcast(broadcaster, &bounded_fee_estimator, logger);
                                        } else if !self.holder_tx_signed {
                                                log_error!(logger, "WARNING: You have a potentially-unsafe holder commitment transaction available to broadcast");
                                                log_error!(logger, "    in channel monitor for channel {}!", &self.funding_info.0.to_channel_id());
@@ -2787,15 +2872,15 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                } else { ret }
        }
 
-       pub fn get_latest_update_id(&self) -> u64 {
+       fn get_latest_update_id(&self) -> u64 {
                self.latest_update_id
        }
 
-       pub fn get_funding_txo(&self) -> &(OutPoint, ScriptBuf) {
+       fn get_funding_txo(&self) -> &(OutPoint, ScriptBuf) {
                &self.funding_info
        }
 
-       pub fn get_outputs_to_watch(&self) -> &HashMap<Txid, Vec<(u32, ScriptBuf)>> {
+       fn get_outputs_to_watch(&self) -> &HashMap<Txid, Vec<(u32, ScriptBuf)>> {
                // If we've detected a counterparty commitment tx on chain, we must include it in the set
                // of outputs to watch for spends of, otherwise we're likely to lose user funds. Because
                // its trivial to do, double-check that here.
@@ -2805,7 +2890,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                &self.outputs_to_watch
        }
 
-       pub fn get_and_clear_pending_monitor_events(&mut self) -> Vec<MonitorEvent> {
+       fn get_and_clear_pending_monitor_events(&mut self) -> Vec<MonitorEvent> {
                let mut ret = Vec::new();
                mem::swap(&mut ret, &mut self.pending_monitor_events);
                ret
@@ -2880,7 +2965,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                ret
        }
 
-       pub(crate) fn initial_counterparty_commitment_tx(&mut self) -> Option<CommitmentTransaction> {
+       fn initial_counterparty_commitment_tx(&mut self) -> Option<CommitmentTransaction> {
                let (their_per_commitment_point, feerate_per_kw, to_broadcaster_value,
                        to_countersignatory_value) = self.initial_counterparty_commitment_info?;
                let htlc_outputs = vec![];
@@ -2914,7 +2999,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                        channel_parameters)
        }
 
-       pub(crate) fn counterparty_commitment_txs_from_update(&self, update: &ChannelMonitorUpdate) -> Vec<CommitmentTransaction> {
+       fn counterparty_commitment_txs_from_update(&self, update: &ChannelMonitorUpdate) -> Vec<CommitmentTransaction> {
                update.updates.iter().filter_map(|update| {
                        match update {
                                &ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo { commitment_txid,
@@ -2940,7 +3025,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                }).collect()
        }
 
-       pub(crate) fn sign_to_local_justice_tx(
+       fn sign_to_local_justice_tx(
                &self, mut justice_tx: Transaction, input_idx: usize, value: u64, commitment_number: u64
        ) -> Result<Transaction, ()> {
                let secret = self.get_secret(commitment_number).ok_or(())?;
@@ -2968,15 +3053,15 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                self.commitment_secrets.get_secret(idx)
        }
 
-       pub(crate) fn get_min_seen_secret(&self) -> u64 {
+       fn get_min_seen_secret(&self) -> u64 {
                self.commitment_secrets.get_min_seen_secret()
        }
 
-       pub(crate) fn get_cur_counterparty_commitment_number(&self) -> u64 {
+       fn get_cur_counterparty_commitment_number(&self) -> u64 {
                self.current_counterparty_commitment_number
        }
 
-       pub(crate) fn get_cur_holder_commitment_number(&self) -> u64 {
+       fn get_cur_holder_commitment_number(&self) -> u64 {
                self.current_holder_commitment_number
        }
 
@@ -3323,7 +3408,61 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                }
        }
 
-       pub fn get_latest_holder_commitment_txn<L: Deref>(&mut self, logger: &L) -> Vec<Transaction> where L::Target: Logger {
+       /// Cancels any existing pending claims for a commitment that previously confirmed and has now
+       /// been replaced by another.
+       pub fn cancel_prev_commitment_claims<L: Deref>(
+               &mut self, logger: &L, confirmed_commitment_txid: &Txid
+       ) where L::Target: Logger {
+               for (counterparty_commitment_txid, _) in &self.counterparty_commitment_txn_on_chain {
+                       // Cancel any pending claims for counterparty commitments we've seen confirm.
+                       if counterparty_commitment_txid == confirmed_commitment_txid {
+                               continue;
+                       }
+                       for (htlc, _) in self.counterparty_claimable_outpoints.get(counterparty_commitment_txid).unwrap_or(&vec![]) {
+                               log_trace!(logger, "Canceling claims for previously confirmed counterparty commitment {}",
+                                       counterparty_commitment_txid);
+                               let mut outpoint = BitcoinOutPoint { txid: *counterparty_commitment_txid, vout: 0 };
+                               if let Some(vout) = htlc.transaction_output_index {
+                                       outpoint.vout = vout;
+                                       self.onchain_tx_handler.abandon_claim(&outpoint);
+                               }
+                       }
+               }
+               if self.holder_tx_signed {
+                       // If we've signed, we may have broadcast either commitment (prev or current), and
+                       // attempted to claim from it immediately without waiting for a confirmation.
+                       if self.current_holder_commitment_tx.txid != *confirmed_commitment_txid {
+                               log_trace!(logger, "Canceling claims for previously broadcast holder commitment {}",
+                                       self.current_holder_commitment_tx.txid);
+                               let mut outpoint = BitcoinOutPoint { txid: self.current_holder_commitment_tx.txid, vout: 0 };
+                               for (htlc, _, _) in &self.current_holder_commitment_tx.htlc_outputs {
+                                       if let Some(vout) = htlc.transaction_output_index {
+                                               outpoint.vout = vout;
+                                               self.onchain_tx_handler.abandon_claim(&outpoint);
+                                       }
+                               }
+                       }
+                       if let Some(prev_holder_commitment_tx) = &self.prev_holder_signed_commitment_tx {
+                               if prev_holder_commitment_tx.txid != *confirmed_commitment_txid {
+                                       log_trace!(logger, "Canceling claims for previously broadcast holder commitment {}",
+                                               prev_holder_commitment_tx.txid);
+                                       let mut outpoint = BitcoinOutPoint { txid: prev_holder_commitment_tx.txid, vout: 0 };
+                                       for (htlc, _, _) in &prev_holder_commitment_tx.htlc_outputs {
+                                               if let Some(vout) = htlc.transaction_output_index {
+                                                       outpoint.vout = vout;
+                                                       self.onchain_tx_handler.abandon_claim(&outpoint);
+                                               }
+                                       }
+                               }
+                       }
+               } else {
+                       // No previous claim.
+               }
+       }
+
+       fn get_latest_holder_commitment_txn<L: Deref>(
+               &mut self, logger: &WithChannelMonitor<L>,
+       ) -> Vec<Transaction> where L::Target: Logger {
                log_debug!(logger, "Getting signed latest holder commitment transaction!");
                self.holder_tx_signed = true;
                let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript);
@@ -3362,7 +3501,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
        #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
        /// Note that this includes possibly-locktimed-in-the-future transactions!
-       fn unsafe_get_latest_holder_commitment_txn<L: Deref>(&mut self, logger: &L) -> Vec<Transaction> where L::Target: Logger {
+       fn unsafe_get_latest_holder_commitment_txn<L: Deref>(
+               &mut self, logger: &WithChannelMonitor<L>
+       ) -> Vec<Transaction> where L::Target: Logger {
                log_debug!(logger, "Getting signed copy of latest holder commitment transaction!");
                let commitment_tx = self.onchain_tx_handler.get_fully_signed_copy_holder_tx(&self.funding_redeemscript);
                let txid = commitment_tx.txid();
@@ -3389,10 +3530,13 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                holder_transactions
        }
 
-       pub fn block_connected<B: Deref, F: Deref, L: Deref>(&mut self, header: &Header, txdata: &TransactionData, height: u32, broadcaster: B, fee_estimator: F, logger: L) -> Vec<TransactionOutputs>
+       fn block_connected<B: Deref, F: Deref, L: Deref>(
+               &mut self, header: &Header, txdata: &TransactionData, height: u32, broadcaster: B,
+               fee_estimator: F, logger: &WithChannelMonitor<L>,
+       ) -> Vec<TransactionOutputs>
                where B::Target: BroadcasterInterface,
-                     F::Target: FeeEstimator,
-                                       L::Target: Logger,
+                       F::Target: FeeEstimator,
+                       L::Target: Logger,
        {
                let block_hash = header.block_hash();
                self.best_block = BestBlock::new(block_hash, height);
@@ -3407,7 +3551,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: &LowerBoundedFeeEstimator<F>,
-               logger: L,
+               logger: &WithChannelMonitor<L>,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
@@ -3418,9 +3562,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
                if height > self.best_block.height() {
                        self.best_block = BestBlock::new(block_hash, height);
-                       self.block_confirmed(height, block_hash, vec![], vec![], vec![], &broadcaster, &fee_estimator, &logger)
+                       log_trace!(logger, "Connecting new block {} at height {}", block_hash, height);
+                       self.block_confirmed(height, block_hash, vec![], vec![], vec![], &broadcaster, &fee_estimator, logger)
                } else if block_hash != self.best_block.block_hash() {
                        self.best_block = BestBlock::new(block_hash, height);
+                       log_trace!(logger, "Best block re-orged, replaced with new block {} at height {}", block_hash, height);
                        self.onchain_events_awaiting_threshold_conf.retain(|ref entry| entry.height <= height);
                        self.onchain_tx_handler.block_disconnected(height + 1, broadcaster, fee_estimator, logger);
                        Vec::new()
@@ -3434,7 +3580,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                height: u32,
                broadcaster: B,
                fee_estimator: &LowerBoundedFeeEstimator<F>,
-               logger: L,
+               logger: &WithChannelMonitor<L>,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
@@ -3457,6 +3603,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                let mut claimable_outpoints = Vec::new();
                'tx_iter: for tx in &txn_matched {
                        let txid = tx.txid();
+                       log_trace!(logger, "Transaction {} confirmed in block {}", txid , block_hash);
                        // If a transaction has already been confirmed, ensure we don't bother processing it duplicatively.
                        if Some(txid) == self.funding_spend_confirmed {
                                log_debug!(logger, "Skipping redundant processing of funding-spend tx {} as it was previously confirmed", txid);
@@ -3528,6 +3675,10 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                                                        commitment_tx_to_counterparty_output,
                                                },
                                        });
+                                       // Now that we've detected a confirmed commitment transaction, attempt to cancel
+                                       // pending claims for any commitments that were previously confirmed such that
+                                       // we don't continue claiming inputs that no longer exist.
+                                       self.cancel_prev_commitment_claims(&logger, &txid);
                                }
                        }
                        if tx.input.len() >= 1 {
@@ -3551,9 +3702,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                                                break;
                                        }
                                }
-                               self.is_resolving_htlc_output(&tx, height, &block_hash, &logger);
+                               self.is_resolving_htlc_output(&tx, height, &block_hash, logger);
 
-                               self.check_tx_and_push_spendable_outputs(&tx, height, &block_hash, &logger);
+                               self.check_tx_and_push_spendable_outputs(&tx, height, &block_hash, logger);
                        }
                }
 
@@ -3561,7 +3712,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                        self.best_block = BestBlock::new(block_hash, height);
                }
 
-               self.block_confirmed(height, block_hash, txn_matched, watch_outputs, claimable_outpoints, &broadcaster, &fee_estimator, &logger)
+               self.block_confirmed(height, block_hash, txn_matched, watch_outputs, claimable_outpoints, &broadcaster, &fee_estimator, logger)
        }
 
        /// Update state for new block(s)/transaction(s) confirmed. Note that the caller must update
@@ -3581,7 +3732,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                mut claimable_outpoints: Vec<PackageTemplate>,
                broadcaster: &B,
                fee_estimator: &LowerBoundedFeeEstimator<F>,
-               logger: &L,
+               logger: &WithChannelMonitor<L>,
        ) -> Vec<TransactionOutputs>
        where
                B::Target: BroadcasterInterface,
@@ -3593,29 +3744,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
                let should_broadcast = self.should_broadcast_holder_commitment_txn(logger);
                if should_broadcast {
-                       let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone(), self.channel_value_satoshis, self.onchain_tx_handler.channel_type_features().clone());
-                       let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), self.best_block.height());
-                       claimable_outpoints.push(commitment_package);
-                       self.pending_monitor_events.push(MonitorEvent::HolderForceClosed(self.funding_info.0));
-                       // Although we aren't signing the transaction directly here, the transaction will be signed
-                       // in the claim that is queued to OnchainTxHandler. We set holder_tx_signed here to reject
-                       // new channel updates.
-                       self.holder_tx_signed = true;
-                       // We can't broadcast our HTLC transactions while the commitment transaction is
-                       // unconfirmed. We'll delay doing so until we detect the confirmed commitment in
-                       // `transactions_confirmed`.
-                       if !self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
-                               // Because we're broadcasting a commitment transaction, we should construct the package
-                               // assuming it gets confirmed in the next block. Sadly, we have code which considers
-                               // "not yet confirmed" things as discardable, so we cannot do that here.
-                               let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height());
-                               let unsigned_commitment_tx = self.onchain_tx_handler.get_unsigned_holder_commitment_tx();
-                               let new_outputs = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, &unsigned_commitment_tx);
-                               if !new_outputs.is_empty() {
-                                       watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs));
-                               }
-                               claimable_outpoints.append(&mut new_outpoints);
-                       }
+                       let (mut new_outpoints, mut new_outputs) = self.generate_claimable_outpoints_and_watch_outputs();
+                       claimable_outpoints.append(&mut new_outpoints);
+                       watch_outputs.append(&mut new_outputs);
                }
 
                // Find which on-chain events have reached their confirmation threshold.
@@ -3726,10 +3857,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                watch_outputs
        }
 
-       pub fn block_disconnected<B: Deref, F: Deref, L: Deref>(&mut self, header: &Header, height: u32, broadcaster: B, fee_estimator: F, logger: L)
-               where B::Target: BroadcasterInterface,
-                     F::Target: FeeEstimator,
-                     L::Target: Logger,
+       fn block_disconnected<B: Deref, F: Deref, L: Deref>(
+               &mut self, header: &Header, height: u32, broadcaster: B, fee_estimator: F, logger: &WithChannelMonitor<L>
+       ) where B::Target: BroadcasterInterface,
+               F::Target: FeeEstimator,
+               L::Target: Logger,
        {
                log_trace!(logger, "Block {} at height {} disconnected", header.block_hash(), height);
 
@@ -3749,7 +3881,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                txid: &Txid,
                broadcaster: B,
                fee_estimator: &LowerBoundedFeeEstimator<F>,
-               logger: L,
+               logger: &WithChannelMonitor<L>,
        ) where
                B::Target: BroadcasterInterface,
                F::Target: FeeEstimator,
@@ -3828,7 +3960,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
                false
        }
 
-       fn should_broadcast_holder_commitment_txn<L: Deref>(&self, logger: &L) -> bool where L::Target: Logger {
+       fn should_broadcast_holder_commitment_txn<L: Deref>(
+               &self, logger: &WithChannelMonitor<L>
+       ) -> bool where L::Target: Logger {
                // There's no need to broadcast our commitment transaction if we've seen one confirmed (even
                // with 1 confirmation) as it'll be rejected as duplicate/conflicting.
                if self.funding_spend_confirmed.is_some() ||
@@ -3904,7 +4038,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
        /// Check if any transaction broadcasted is resolving HTLC output by a success or timeout on a holder
        /// or counterparty commitment tx, if so send back the source, preimage if found and payment_hash of resolved HTLC
-       fn is_resolving_htlc_output<L: Deref>(&mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L) where L::Target: Logger {
+       fn is_resolving_htlc_output<L: Deref>(
+               &mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &WithChannelMonitor<L>,
+       ) where L::Target: Logger {
                'outer_loop: for input in &tx.input {
                        let mut payment_data = None;
                        let htlc_claim = HTLCClaim::from_witness(&input.witness);
@@ -4145,7 +4281,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
        /// Checks if the confirmed transaction is paying funds back to some address we can assume to
        /// own.
        fn check_tx_and_push_spendable_outputs<L: Deref>(
-               &mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L,
+               &mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &WithChannelMonitor<L>,
        ) where L::Target: Logger {
                for spendable_output in self.get_spendable_outputs(tx) {
                        let entry = OnchainEventEntry {
@@ -4168,11 +4304,11 @@ where
        L::Target: Logger,
 {
        fn filtered_block_connected(&self, header: &Header, txdata: &TransactionData, height: u32) {
-               self.0.block_connected(header, txdata, height, &*self.1, &*self.2, &WithChannelMonitor::from(&self.3, &self.0));
+               self.0.block_connected(header, txdata, height, &*self.1, &*self.2, &self.3);
        }
 
        fn block_disconnected(&self, header: &Header, height: u32) {
-               self.0.block_disconnected(header, height, &*self.1, &*self.2, &WithChannelMonitor::from(&self.3, &self.0));
+               self.0.block_disconnected(header, height, &*self.1, &*self.2, &self.3);
        }
 }
 
@@ -4184,15 +4320,15 @@ where
        L::Target: Logger,
 {
        fn transactions_confirmed(&self, header: &Header, txdata: &TransactionData, height: u32) {
-               self.0.transactions_confirmed(header, txdata, height, &*self.1, &*self.2, &WithChannelMonitor::from(&self.3, &self.0));
+               self.0.transactions_confirmed(header, txdata, height, &*self.1, &*self.2, &self.3);
        }
 
        fn transaction_unconfirmed(&self, txid: &Txid) {
-               self.0.transaction_unconfirmed(txid, &*self.1, &*self.2, &WithChannelMonitor::from(&self.3, &self.0));
+               self.0.transaction_unconfirmed(txid, &*self.1, &*self.2, &self.3);
        }
 
        fn best_block_updated(&self, header: &Header, height: u32) {
-               self.0.best_block_updated(header, height, &*self.1, &*self.2, &WithChannelMonitor::from(&self.3, &self.0));
+               self.0.best_block_updated(header, height, &*self.1, &*self.2, &self.3);
        }
 
        fn get_relevant_txids(&self) -> Vec<(Txid, u32, Option<BlockHash>)> {
@@ -4202,8 +4338,8 @@ where
 
 const MAX_ALLOC_SIZE: usize = 64*1024;
 
-impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP)>
-               for (BlockHash, ChannelMonitor<SP::EcdsaSigner>) {
+impl<'a, 'b, ES: EntropySource, Signer: WriteableEcdsaChannelSigner, SP: SignerProvider<EcdsaSigner=Signer>> ReadableArgs<(&'a ES, &'b SP)>
+               for (BlockHash, ChannelMonitor<Signer>) {
        fn read<R: io::Read>(reader: &mut R, args: (&'a ES, &'b SP)) -> Result<Self, DecodeError> {
                macro_rules! unwrap_obj {
                        ($key: expr) => {
@@ -4672,7 +4808,7 @@ mod tests {
                                preimages_slice_to_htlcs!($preimages_slice).into_iter().map(|(htlc, _)| (htlc, None)).collect()
                        }
                }
-               let dummy_sig = crate::util::crypto::sign(&secp_ctx,
+               let dummy_sig = crate::crypto::utils::sign(&secp_ctx,
                        &bitcoin::secp256k1::Message::from_slice(&[42; 32]).unwrap(),
                        &SecretKey::from_slice(&[42; 32]).unwrap());