Prevent any update of local commitment transaction once signed

[rust-lightning] / lightning / src / ln / onchaintx.rs

diff --git a/lightning/src/ln/onchaintx.rs b/lightning/src/ln/onchaintx.rs
index 40d9f18abb71efc445acb26218a6c4e89a3cc99b..d0d1f29e691f5ea5118d0a06b2e5bf4030fd73aa 100644 (file)
--- a/lightning/src/ln/onchaintx.rs
+++ b/lightning/src/ln/onchaintx.rs
@@ -15,7 +15,7 @@ use secp256k1;
 
 use ln::msgs::DecodeError;
 use ln::channelmonitor::{ANTI_REORG_DELAY, CLTV_SHARED_CLAIM_BUFFER, InputMaterial, ClaimRequest};
-use ln::chan_utils::HTLCType;
+use ln::chan_utils::{HTLCType, LocalCommitmentTransaction};
 use chain::chaininterface::{FeeEstimator, BroadcasterInterface, ConfirmationTarget, MIN_RELAY_FEE_SAT_PER_1000_WEIGHT};
 use chain::keysinterface::ChannelKeys;
 use util::logger::Logger;
@@ -141,6 +141,9 @@ macro_rules! subtract_high_prio_fee {
 /// do RBF bumping if possible.
 pub struct OnchainTxHandler<ChanSigner: ChannelKeys> {
        destination_script: Script,
+       funding_redeemscript: Script,
+       local_commitment: Option<LocalCommitmentTransaction>,
+       prev_local_commitment: Option<LocalCommitmentTransaction>,
 
        key_storage: ChanSigner,
 
@@ -180,6 +183,9 @@ pub struct OnchainTxHandler<ChanSigner: ChannelKeys> {
 impl<ChanSigner: ChannelKeys + Writeable> OnchainTxHandler<ChanSigner> {
        pub(crate) fn write<W: Writer>(&self, writer: &mut W) -> Result<(), ::std::io::Error> {
                self.destination_script.write(writer)?;
+               self.funding_redeemscript.write(writer)?;
+               self.local_commitment.write(writer)?;
+               self.prev_local_commitment.write(writer)?;
 
                self.key_storage.write(writer)?;
 
@@ -221,6 +227,9 @@ impl<ChanSigner: ChannelKeys + Writeable> OnchainTxHandler<ChanSigner> {
 impl<ChanSigner: ChannelKeys + Readable> ReadableArgs<Arc<Logger>> for OnchainTxHandler<ChanSigner> {
        fn read<R: ::std::io::Read>(reader: &mut R, logger: Arc<Logger>) -> Result<Self, DecodeError> {
                let destination_script = Readable::read(reader)?;
+               let funding_redeemscript = Readable::read(reader)?;
+               let local_commitment = Readable::read(reader)?;
+               let prev_local_commitment = Readable::read(reader)?;
 
                let key_storage = Readable::read(reader)?;
 
@@ -269,6 +278,9 @@ impl<ChanSigner: ChannelKeys + Readable> ReadableArgs<Arc<Logger>> for OnchainTx
 
                Ok(OnchainTxHandler {
                        destination_script,
+                       funding_redeemscript,
+                       local_commitment,
+                       prev_local_commitment,
                        key_storage,
                        claimable_outpoints,
                        pending_claim_requests,
@@ -280,12 +292,15 @@ impl<ChanSigner: ChannelKeys + Readable> ReadableArgs<Arc<Logger>> for OnchainTx
 }
 
 impl<ChanSigner: ChannelKeys> OnchainTxHandler<ChanSigner> {
-       pub(super) fn new(destination_script: Script, keys: ChanSigner, logger: Arc<Logger>) -> Self {
+       pub(super) fn new(destination_script: Script, keys: ChanSigner, funding_redeemscript: Script, logger: Arc<Logger>) -> Self {
 
                let key_storage = keys;
 
                OnchainTxHandler {
                        destination_script,
+                       funding_redeemscript,
+                       local_commitment: None,
+                       prev_local_commitment: None,
                        key_storage,
                        pending_claim_requests: HashMap::new(),
                        claimable_outpoints: HashMap::new(),
@@ -709,4 +724,18 @@ impl<ChanSigner: ChannelKeys> OnchainTxHandler<ChanSigner> {
                        self.pending_claim_requests.remove(&req);
                }
        }
+
+       pub(super) fn provide_latest_local_tx(&mut self, tx: LocalCommitmentTransaction) -> Result<(), ()> {
+               // To prevent any unsafe state discrepancy between offchain and onchain, once local
+               // commitment transaction has been signed due to an event (either block height for
+               // HTLC-timeout or channel force-closure), don't allow any further update of local
+               // commitment transaction view to avoid delivery of revocation secret to counterparty
+               // for the aformentionned signed transaction.
+               if let Some(ref local_commitment) = self.local_commitment {
+                       if local_commitment.has_local_sig() { return Err(()) }
+               }
+               self.prev_local_commitment = self.local_commitment.take();
+               self.local_commitment = Some(tx);
+               Ok(())
+       }
 }