X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;ds=sidebyside;f=lightning%2Fsrc%2Fchain%2Fchannelmonitor.rs;h=413d184b598c1c01564c3f3fb9350f402b87badf;hb=cae212379371ff4d4eded0d576ea49095d7e00d3;hp=26187ce34166d5a189a48a3be2522a46a181ceba;hpb=c05347f48a4ff2789ae261ee8c8f3f4277489420;p=rust-lightning

diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs
index 26187ce3..413d184b 100644
--- a/lightning/src/chain/channelmonitor.rs
+++ b/lightning/src/chain/channelmonitor.rs
@@ -37,9 +37,9 @@ use ln::{PaymentHash, PaymentPreimage};
 use ln::msgs::DecodeError;
 use ln::chan_utils;
 use ln::chan_utils::{CounterpartyCommitmentSecrets, HTLCOutputInCommitment, HTLCType, ChannelTransactionParameters, HolderCommitmentTransaction};
-use ln::channelmanager::{BestBlock, HTLCSource};
+use ln::channelmanager::HTLCSource;
 use chain;
-use chain::WatchedOutput;
+use chain::{BestBlock, WatchedOutput};
 use chain::chaininterface::{BroadcasterInterface, FeeEstimator};
 use chain::transaction::{OutPoint, TransactionData};
 use chain::keysinterface::{SpendableOutputDescriptor, StaticPaymentOutputDescriptor, DelayedPaymentOutputDescriptor, Sign, KeysInterface};
@@ -47,16 +47,15 @@ use chain::onchaintx::OnchainTxHandler;
 use chain::package::{CounterpartyOfferedHTLCOutput, CounterpartyReceivedHTLCOutput, HolderFundingOutput, HolderHTLCOutput, PackageSolvingData, PackageTemplate, RevokedOutput, RevokedHTLCOutput};
 use chain::Filter;
 use util::logger::Logger;
-use util::ser::{Readable, ReadableArgs, MaybeReadable, Writer, Writeable, U48};
+use util::ser::{Readable, ReadableArgs, MaybeReadable, Writer, Writeable, U48, OptionDeserWrapper};
 use util::byte_utils;
 use util::events::Event;
 
 use prelude::*;
-use std::collections::{HashMap, HashSet};
 use core::{cmp, mem};
-use std::io::Error;
+use io::{self, Error};
 use core::ops::Deref;
-use std::sync::Mutex;
+use sync::Mutex;
 
 /// An update generated by the underlying Channel itself which contains some new information the
 /// ChannelMonitor should be made aware of.
@@ -89,29 +88,35 @@ pub struct ChannelMonitorUpdate {
 pub const CLOSED_CHANNEL_UPDATE_ID: u64 = core::u64::MAX;
 
 impl Writeable for ChannelMonitorUpdate {
-	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		write_ver_prefix!(w, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
 		self.update_id.write(w)?;
 		(self.updates.len() as u64).write(w)?;
 		for update_step in self.updates.iter() {
 			update_step.write(w)?;
 		}
+		write_tlv_fields!(w, {});
 		Ok(())
 	}
 }
 impl Readable for ChannelMonitorUpdate {
-	fn read<R: ::std::io::Read>(r: &mut R) -> Result<Self, DecodeError> {
+	fn read<R: io::Read>(r: &mut R) -> Result<Self, DecodeError> {
+		let _ver = read_ver_prefix!(r, SERIALIZATION_VERSION);
 		let update_id: u64 = Readable::read(r)?;
 		let len: u64 = Readable::read(r)?;
 		let mut updates = Vec::with_capacity(cmp::min(len as usize, MAX_ALLOC_SIZE / ::core::mem::size_of::<ChannelMonitorUpdateStep>()));
 		for _ in 0..len {
-			updates.push(Readable::read(r)?);
+			if let Some(upd) = MaybeReadable::read(r)? {
+				updates.push(upd);
+			}
 		}
+		read_tlv_fields!(r, {});
 		Ok(Self { update_id, updates })
 	}
 }
 
 /// An error enum representing a failure to persist a channel monitor update.
-#[derive(Clone, Debug)]
+#[derive(Clone, Copy, Debug, PartialEq)]
 pub enum ChannelMonitorUpdateErr {
 	/// Used to indicate a temporary failure (eg connection to a watchtower or remote backup of
 	/// our state failed, but is expected to succeed at some point in the future).
@@ -196,9 +201,15 @@ pub enum MonitorEvent {
 pub struct HTLCUpdate {
 	pub(crate) payment_hash: PaymentHash,
 	pub(crate) payment_preimage: Option<PaymentPreimage>,
-	pub(crate) source: HTLCSource
+	pub(crate) source: HTLCSource,
+	pub(crate) onchain_value_satoshis: Option<u64>,
 }
-impl_writeable!(HTLCUpdate, 0, { payment_hash, payment_preimage, source });
+impl_writeable_tlv_based!(HTLCUpdate, {
+	(0, payment_hash, required),
+	(1, onchain_value_satoshis, option),
+	(2, source, required),
+	(4, payment_preimage, option),
+});
 
 /// If an HTLC expires within this many blocks, don't try to claim it in a shared transaction,
 /// instead claiming it in its own individual transaction.
@@ -221,8 +232,13 @@ pub(crate) const CLTV_CLAIM_BUFFER: u32 = 18;
 /// with at worst this delay, so we are not only using this value as a mercy for them but also
 /// us as a safeguard to delay with enough time.
 pub(crate) const LATENCY_GRACE_PERIOD_BLOCKS: u32 = 3;
-/// Number of blocks we wait on seeing a HTLC output being solved before we fail corresponding inbound
-/// HTLCs. This prevents us from failing backwards and then getting a reorg resulting in us losing money.
+/// Number of blocks we wait on seeing a HTLC output being solved before we fail corresponding
+/// inbound HTLCs. This prevents us from failing backwards and then getting a reorg resulting in us
+/// losing money.
+///
+/// Note that this is a library-wide security assumption. If a reorg deeper than this number of
+/// blocks occurs, counterparties may be able to steal funds or claims made by and balances exposed
+/// by a  [`ChannelMonitor`] may be incorrect.
 // We also use this delay to be sure we can remove our in-flight claim txn from bump candidates buffer.
 // It may cause spurious generation of bumped claim txn but that's alright given the outpoint is already
 // solved by a previous claim tx. What we want to avoid is reorg evicting our claim tx and us not
@@ -261,61 +277,70 @@ struct HolderSignedTx {
 	b_htlc_key: PublicKey,
 	delayed_payment_key: PublicKey,
 	per_commitment_point: PublicKey,
-	feerate_per_kw: u32,
 	htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Signature>, Option<HTLCSource>)>,
+	to_self_value_sat: u64,
+	feerate_per_kw: u32,
 }
-
-/// We use this to track counterparty commitment transactions and htlcs outputs and
-/// use it to generate any justice or 2nd-stage preimage/timeout transactions.
+impl_writeable_tlv_based!(HolderSignedTx, {
+	(0, txid, required),
+	// Note that this is filled in with data from OnchainTxHandler if it's missing.
+	// For HolderSignedTx objects serialized with 0.0.100+, this should be filled in.
+	(1, to_self_value_sat, (default_value, u64::max_value())),
+	(2, revocation_key, required),
+	(4, a_htlc_key, required),
+	(6, b_htlc_key, required),
+	(8, delayed_payment_key, required),
+	(10, per_commitment_point, required),
+	(12, feerate_per_kw, required),
+	(14, htlc_outputs, vec_type)
+});
+
+/// We use this to track static counterparty commitment transaction data and to generate any
+/// justice or 2nd-stage preimage/timeout transactions.
 #[derive(PartialEq)]
-struct CounterpartyCommitmentTransaction {
+struct CounterpartyCommitmentParameters {
 	counterparty_delayed_payment_base_key: PublicKey,
 	counterparty_htlc_base_key: PublicKey,
 	on_counterparty_tx_csv: u16,
-	per_htlc: HashMap<Txid, Vec<HTLCOutputInCommitment>>
 }
 
-impl Writeable for CounterpartyCommitmentTransaction {
-	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		self.counterparty_delayed_payment_base_key.write(w)?;
-		self.counterparty_htlc_base_key.write(w)?;
-		w.write_all(&byte_utils::be16_to_array(self.on_counterparty_tx_csv))?;
-		w.write_all(&byte_utils::be64_to_array(self.per_htlc.len() as u64))?;
-		for (ref txid, ref htlcs) in self.per_htlc.iter() {
-			w.write_all(&txid[..])?;
-			w.write_all(&byte_utils::be64_to_array(htlcs.len() as u64))?;
-			for &ref htlc in htlcs.iter() {
-				htlc.write(w)?;
-			}
-		}
+impl Writeable for CounterpartyCommitmentParameters {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		w.write_all(&byte_utils::be64_to_array(0))?;
+		write_tlv_fields!(w, {
+			(0, self.counterparty_delayed_payment_base_key, required),
+			(2, self.counterparty_htlc_base_key, required),
+			(4, self.on_counterparty_tx_csv, required),
+		});
 		Ok(())
 	}
 }
-impl Readable for CounterpartyCommitmentTransaction {
-	fn read<R: ::std::io::Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for CounterpartyCommitmentParameters {
+	fn read<R: io::Read>(r: &mut R) -> Result<Self, DecodeError> {
 		let counterparty_commitment_transaction = {
-			let counterparty_delayed_payment_base_key = Readable::read(r)?;
-			let counterparty_htlc_base_key = Readable::read(r)?;
-			let on_counterparty_tx_csv: u16 = Readable::read(r)?;
+			// Versions prior to 0.0.100 had some per-HTLC state stored here, which is no longer
+			// used. Read it for compatibility.
 			let per_htlc_len: u64 = Readable::read(r)?;
-			let mut per_htlc = HashMap::with_capacity(cmp::min(per_htlc_len as usize, MAX_ALLOC_SIZE / 64));
 			for _  in 0..per_htlc_len {
-				let txid: Txid = Readable::read(r)?;
+				let _txid: Txid = Readable::read(r)?;
 				let htlcs_count: u64 = Readable::read(r)?;
-				let mut htlcs = Vec::with_capacity(cmp::min(htlcs_count as usize, MAX_ALLOC_SIZE / 32));
 				for _ in 0..htlcs_count {
-					let htlc = Readable::read(r)?;
-					htlcs.push(htlc);
-				}
-				if let Some(_) = per_htlc.insert(txid, htlcs) {
-					return Err(DecodeError::InvalidValue);
+					let _htlc: HTLCOutputInCommitment = Readable::read(r)?;
 				}
 			}
-			CounterpartyCommitmentTransaction {
-				counterparty_delayed_payment_base_key,
-				counterparty_htlc_base_key,
+
+			let mut counterparty_delayed_payment_base_key = OptionDeserWrapper(None);
+			let mut counterparty_htlc_base_key = OptionDeserWrapper(None);
+			let mut on_counterparty_tx_csv: u16 = 0;
+			read_tlv_fields!(r, {
+				(0, counterparty_delayed_payment_base_key, required),
+				(2, counterparty_htlc_base_key, required),
+				(4, on_counterparty_tx_csv, required),
+			});
+			CounterpartyCommitmentParameters {
+				counterparty_delayed_payment_base_key: counterparty_delayed_payment_base_key.0.unwrap(),
+				counterparty_htlc_base_key: counterparty_htlc_base_key.0.unwrap(),
 				on_counterparty_tx_csv,
-				per_htlc,
 			}
 		};
 		Ok(counterparty_commitment_transaction)
@@ -335,11 +360,28 @@ struct OnchainEventEntry {
 
 impl OnchainEventEntry {
 	fn confirmation_threshold(&self) -> u32 {
-		self.height + ANTI_REORG_DELAY - 1
+		let mut conf_threshold = self.height + ANTI_REORG_DELAY - 1;
+		match self.event {
+			OnchainEvent::MaturingOutput {
+				descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor)
+			} => {
+				// A CSV'd transaction is confirmable in block (input height) + CSV delay, which means
+				// it's broadcastable when we see the previous block.
+				conf_threshold = cmp::max(conf_threshold, self.height + descriptor.to_self_delay as u32 - 1);
+			},
+			OnchainEvent::FundingSpendConfirmation { on_local_output_csv: Some(csv), .. } |
+			OnchainEvent::HTLCSpendConfirmation { on_to_local_output_csv: Some(csv), .. } => {
+				// A CSV'd transaction is confirmable in block (input height) + CSV delay, which means
+				// it's broadcastable when we see the previous block.
+				conf_threshold = cmp::max(conf_threshold, self.height + csv as u32 - 1);
+			},
+			_ => {},
+		}
+		conf_threshold
 	}
 
-	fn has_reached_confirmation_threshold(&self, height: u32) -> bool {
-		height >= self.confirmation_threshold()
+	fn has_reached_confirmation_threshold(&self, best_block: &BestBlock) -> bool {
+		best_block.height() >= self.confirmation_threshold()
 	}
 }
 
@@ -347,17 +389,99 @@ impl OnchainEventEntry {
 /// once they mature to enough confirmations (ANTI_REORG_DELAY)
 #[derive(PartialEq)]
 enum OnchainEvent {
-	/// HTLC output getting solved by a timeout, at maturation we pass upstream payment source information to solve
-	/// inbound HTLC in backward channel. Note, in case of preimage, we pass info to upstream without delay as we can
-	/// only win from it, so it's never an OnchainEvent
+	/// An outbound HTLC failing after a transaction is confirmed. Used
+	///  * when an outbound HTLC output is spent by us after the HTLC timed out
+	///  * an outbound HTLC which was not present in the commitment transaction which appeared
+	///    on-chain (either because it was not fully committed to or it was dust).
+	/// Note that this is *not* used for preimage claims, as those are passed upstream immediately,
+	/// appearing only as an `HTLCSpendConfirmation`, below.
 	HTLCUpdate {
-		htlc_update: (HTLCSource, PaymentHash),
+		source: HTLCSource,
+		payment_hash: PaymentHash,
+		onchain_value_satoshis: Option<u64>,
+		/// None in the second case, above, ie when there is no relevant output in the commitment
+		/// transaction which appeared on chain.
+		input_idx: Option<u32>,
 	},
 	MaturingOutput {
 		descriptor: SpendableOutputDescriptor,
 	},
+	/// A spend of the funding output, either a commitment transaction or a cooperative closing
+	/// transaction.
+	FundingSpendConfirmation {
+		/// The CSV delay for the output of the funding spend transaction (implying it is a local
+		/// commitment transaction, and this is the delay on the to_self output).
+		on_local_output_csv: Option<u16>,
+	},
+	/// A spend of a commitment transaction HTLC output, set in the cases where *no* `HTLCUpdate`
+	/// is constructed. This is used when
+	///  * an outbound HTLC is claimed by our counterparty with a preimage, causing us to
+	///    immediately claim the HTLC on the inbound edge and track the resolution here,
+	///  * an inbound HTLC is claimed by our counterparty (with a timeout),
+	///  * an inbound HTLC is claimed by us (with a preimage).
+	///  * a revoked-state HTLC transaction was broadcasted, which was claimed by the revocation
+	///    signature.
+	HTLCSpendConfirmation {
+		input_idx: u32,
+		/// If the claim was made by either party with a preimage, this is filled in
+		preimage: Option<PaymentPreimage>,
+		/// If the claim was made by us on an inbound HTLC against a local commitment transaction,
+		/// we set this to the output CSV value which we will have to wait until to spend the
+		/// output (and generate a SpendableOutput event).
+		on_to_local_output_csv: Option<u16>,
+	},
+}
+
+impl Writeable for OnchainEventEntry {
+	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
+		write_tlv_fields!(writer, {
+			(0, self.txid, required),
+			(2, self.height, required),
+			(4, self.event, required),
+		});
+		Ok(())
+	}
+}
+
+impl MaybeReadable for OnchainEventEntry {
+	fn read<R: io::Read>(reader: &mut R) -> Result<Option<Self>, DecodeError> {
+		let mut txid = Default::default();
+		let mut height = 0;
+		let mut event = None;
+		read_tlv_fields!(reader, {
+			(0, txid, required),
+			(2, height, required),
+			(4, event, ignorable),
+		});
+		if let Some(ev) = event {
+			Ok(Some(Self { txid, height, event: ev }))
+		} else {
+			Ok(None)
+		}
+	}
 }
 
+impl_writeable_tlv_based_enum_upgradable!(OnchainEvent,
+	(0, HTLCUpdate) => {
+		(0, source, required),
+		(1, onchain_value_satoshis, option),
+		(2, payment_hash, required),
+		(3, input_idx, option),
+	},
+	(1, MaturingOutput) => {
+		(0, descriptor, required),
+	},
+	(3, FundingSpendConfirmation) => {
+		(0, on_local_output_csv, option),
+	},
+	(5, HTLCSpendConfirmation) => {
+		(0, input_idx, required),
+		(2, preimage, option),
+		(4, on_to_local_output_csv, option),
+	},
+
+);
+
 #[cfg_attr(any(test, feature = "fuzztarget", feature = "_test_utils"), derive(PartialEq))]
 #[derive(Clone)]
 pub(crate) enum ChannelMonitorUpdateStep {
@@ -385,101 +509,103 @@ pub(crate) enum ChannelMonitorUpdateStep {
 		/// think we've fallen behind!
 		should_broadcast: bool,
 	},
+	ShutdownScript {
+		scriptpubkey: Script,
+	},
 }
 
-impl Writeable for ChannelMonitorUpdateStep {
-	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		match self {
-			&ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo { ref commitment_tx, ref htlc_outputs } => {
-				0u8.write(w)?;
-				commitment_tx.write(w)?;
-				(htlc_outputs.len() as u64).write(w)?;
-				for &(ref output, ref signature, ref source) in htlc_outputs.iter() {
-					output.write(w)?;
-					signature.write(w)?;
-					source.write(w)?;
-				}
-			}
-			&ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo { commitment_txid, ref htlc_outputs, ref commitment_number, ref their_revocation_point } => {
-				1u8.write(w)?;
-				commitment_txid.write(w)?;
-				commitment_number.write(w)?;
-				their_revocation_point.write(w)?;
-				(htlc_outputs.len() as u64).write(w)?;
-				for &(ref output, ref source) in htlc_outputs.iter() {
-					output.write(w)?;
-					source.as_ref().map(|b| b.as_ref()).write(w)?;
-				}
-			},
-			&ChannelMonitorUpdateStep::PaymentPreimage { ref payment_preimage } => {
-				2u8.write(w)?;
-				payment_preimage.write(w)?;
-			},
-			&ChannelMonitorUpdateStep::CommitmentSecret { ref idx, ref secret } => {
-				3u8.write(w)?;
-				idx.write(w)?;
-				secret.write(w)?;
-			},
-			&ChannelMonitorUpdateStep::ChannelForceClosed { ref should_broadcast } => {
-				4u8.write(w)?;
-				should_broadcast.write(w)?;
-			},
-		}
-		Ok(())
-	}
+impl_writeable_tlv_based_enum_upgradable!(ChannelMonitorUpdateStep,
+	(0, LatestHolderCommitmentTXInfo) => {
+		(0, commitment_tx, required),
+		(2, htlc_outputs, vec_type),
+	},
+	(1, LatestCounterpartyCommitmentTXInfo) => {
+		(0, commitment_txid, required),
+		(2, commitment_number, required),
+		(4, their_revocation_point, required),
+		(6, htlc_outputs, vec_type),
+	},
+	(2, PaymentPreimage) => {
+		(0, payment_preimage, required),
+	},
+	(3, CommitmentSecret) => {
+		(0, idx, required),
+		(2, secret, required),
+	},
+	(4, ChannelForceClosed) => {
+		(0, should_broadcast, required),
+	},
+	(5, ShutdownScript) => {
+		(0, scriptpubkey, required),
+	},
+);
+
+/// Details about the balance(s) available for spending once the channel appears on chain.
+///
+/// See [`ChannelMonitor::get_claimable_balances`] for more details on when these will or will not
+/// be provided.
+#[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(test, derive(PartialOrd, Ord))]
+pub enum Balance {
+	/// The channel is not yet closed (or the commitment or closing transaction has not yet
+	/// appeared in a block). The given balance is claimable (less on-chain fees) if the channel is
+	/// force-closed now.
+	ClaimableOnChannelClose {
+		/// The amount available to claim, in satoshis, excluding the on-chain fees which will be
+		/// required to do so.
+		claimable_amount_satoshis: u64,
+	},
+	/// The channel has been closed, and the given balance is ours but awaiting confirmations until
+	/// we consider it spendable.
+	ClaimableAwaitingConfirmations {
+		/// The amount available to claim, in satoshis, possibly excluding the on-chain fees which
+		/// were spent in broadcasting the transaction.
+		claimable_amount_satoshis: u64,
+		/// The height at which an [`Event::SpendableOutputs`] event will be generated for this
+		/// amount.
+		confirmation_height: u32,
+	},
+	/// The channel has been closed, and the given balance should be ours but awaiting spending
+	/// transaction confirmation. If the spending transaction does not confirm in time, it is
+	/// possible our counterparty can take the funds by broadcasting an HTLC timeout on-chain.
+	///
+	/// Once the spending transaction confirms, before it has reached enough confirmations to be
+	/// considered safe from chain reorganizations, the balance will instead be provided via
+	/// [`Balance::ClaimableAwaitingConfirmations`].
+	ContentiousClaimable {
+		/// The amount available to claim, in satoshis, excluding the on-chain fees which will be
+		/// required to do so.
+		claimable_amount_satoshis: u64,
+		/// The height at which the counterparty may be able to claim the balance if we have not
+		/// done so.
+		timeout_height: u32,
+	},
+	/// HTLCs which we sent to our counterparty which are claimable after a timeout (less on-chain
+	/// fees) if the counterparty does not know the preimage for the HTLCs. These are somewhat
+	/// likely to be claimed by our counterparty before we do.
+	MaybeClaimableHTLCAwaitingTimeout {
+		/// The amount available to claim, in satoshis, excluding the on-chain fees which will be
+		/// required to do so.
+		claimable_amount_satoshis: u64,
+		/// The height at which we will be able to claim the balance if our counterparty has not
+		/// done so.
+		claimable_height: u32,
+	},
 }
-impl Readable for ChannelMonitorUpdateStep {
-	fn read<R: ::std::io::Read>(r: &mut R) -> Result<Self, DecodeError> {
-		match Readable::read(r)? {
-			0u8 => {
-				Ok(ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
-					commitment_tx: Readable::read(r)?,
-					htlc_outputs: {
-						let len: u64 = Readable::read(r)?;
-						let mut res = Vec::new();
-						for _ in 0..len {
-							res.push((Readable::read(r)?, Readable::read(r)?, Readable::read(r)?));
-						}
-						res
-					},
-				})
-			},
-			1u8 => {
-				Ok(ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
-					commitment_txid: Readable::read(r)?,
-					commitment_number: Readable::read(r)?,
-					their_revocation_point: Readable::read(r)?,
-					htlc_outputs: {
-						let len: u64 = Readable::read(r)?;
-						let mut res = Vec::new();
-						for _ in 0..len {
-							res.push((Readable::read(r)?, <Option<HTLCSource> as Readable>::read(r)?.map(|o| Box::new(o))));
-						}
-						res
-					},
-				})
-			},
-			2u8 => {
-				Ok(ChannelMonitorUpdateStep::PaymentPreimage {
-					payment_preimage: Readable::read(r)?,
-				})
-			},
-			3u8 => {
-				Ok(ChannelMonitorUpdateStep::CommitmentSecret {
-					idx: Readable::read(r)?,
-					secret: Readable::read(r)?,
-				})
-			},
-			4u8 => {
-				Ok(ChannelMonitorUpdateStep::ChannelForceClosed {
-					should_broadcast: Readable::read(r)?
-				})
-			},
-			_ => Err(DecodeError::InvalidValue),
-		}
-	}
+
+/// An HTLC which has been irrevocably resolved on-chain, and has reached ANTI_REORG_DELAY.
+#[derive(PartialEq)]
+struct IrrevocablyResolvedHTLC {
+	input_idx: u32,
+	/// Only set if the HTLC claim was ours using a payment preimage
+	payment_preimage: Option<PaymentPreimage>,
 }
 
+impl_writeable_tlv_based!(IrrevocablyResolvedHTLC, {
+	(0, input_idx, required),
+	(2, payment_preimage, option),
+});
+
 /// A ChannelMonitor handles chain events (blocks connected and disconnected) and generates
 /// on-chain transactions to ensure no loss of funds occurs.
 ///
@@ -510,7 +636,7 @@ pub(crate) struct ChannelMonitorImpl<Signer: Sign> {
 	destination_script: Script,
 	broadcasted_holder_revokable_script: Option<(Script, PublicKey, PublicKey)>,
 	counterparty_payment_script: Script,
-	shutdown_script: Script,
+	shutdown_script: Option<Script>,
 
 	channel_keys_id: [u8; 32],
 	holder_revocation_basepoint: PublicKey,
@@ -518,7 +644,7 @@ pub(crate) struct ChannelMonitorImpl<Signer: Sign> {
 	current_counterparty_commitment_txid: Option<Txid>,
 	prev_counterparty_commitment_txid: Option<Txid>,
 
-	counterparty_tx_cache: CounterpartyCommitmentTransaction,
+	counterparty_commitment_params: CounterpartyCommitmentParameters,
 	funding_redeemscript: Script,
 	channel_value_satoshis: u64,
 	// first is the idx of the first of the two revocation points
@@ -527,6 +653,9 @@ pub(crate) struct ChannelMonitorImpl<Signer: Sign> {
 	on_holder_tx_csv: u16,
 
 	commitment_secrets: CounterpartyCommitmentSecrets,
+	/// The set of outpoints in each counterparty commitment transaction. We always need at least
+	/// the payment hash from `HTLCOutputInCommitment` to claim even a revoked commitment
+	/// transaction broadcast as we need to be able to construct the witness script in all cases.
 	counterparty_claimable_outpoints: HashMap<Txid, Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>>,
 	/// We cannot identify HTLC-Success or HTLC-Timeout transactions by themselves on the chain.
 	/// Nor can we figure out their commitment numbers without the commitment transaction they are
@@ -589,6 +718,12 @@ pub(crate) struct ChannelMonitorImpl<Signer: Sign> {
 	// remote monitor out-of-order with regards to the block view.
 	holder_tx_signed: bool,
 
+	funding_spend_confirmed: Option<Txid>,
+	/// The set of HTLCs which have been either claimed or failed on chain and have reached
+	/// the requisite confirmations on the claim/fail transaction (either ANTI_REORG_DELAY or the
+	/// spending CSV for revocable outputs).
+	htlcs_resolved_on_chain: Vec<IrrevocablyResolvedHTLC>,
+
 	// We simply modify best_block in Channel's block_connected so that serialization is
 	// consistent but hopefully the users' copy handles block_connected in a consistent way.
 	// (we do *not*, however, update them in update_monitor to ensure any local user copies keep
@@ -628,7 +763,7 @@ impl<Signer: Sign> PartialEq for ChannelMonitorImpl<Signer> {
 			self.funding_info != other.funding_info ||
 			self.current_counterparty_commitment_txid != other.current_counterparty_commitment_txid ||
 			self.prev_counterparty_commitment_txid != other.prev_counterparty_commitment_txid ||
-			self.counterparty_tx_cache != other.counterparty_tx_cache ||
+			self.counterparty_commitment_params != other.counterparty_commitment_params ||
 			self.funding_redeemscript != other.funding_redeemscript ||
 			self.channel_value_satoshis != other.channel_value_satoshis ||
 			self.their_cur_revocation_points != other.their_cur_revocation_points ||
@@ -647,7 +782,9 @@ impl<Signer: Sign> PartialEq for ChannelMonitorImpl<Signer> {
 			self.onchain_events_awaiting_threshold_conf != other.onchain_events_awaiting_threshold_conf ||
 			self.outputs_to_watch != other.outputs_to_watch ||
 			self.lockdown_from_offchain != other.lockdown_from_offchain ||
-			self.holder_tx_signed != other.holder_tx_signed
+			self.holder_tx_signed != other.holder_tx_signed ||
+			self.funding_spend_confirmed != other.funding_spend_confirmed ||
+			self.htlcs_resolved_on_chain != other.htlcs_resolved_on_chain
 		{
 			false
 		} else {
@@ -662,6 +799,7 @@ impl<Signer: Sign> Writeable for ChannelMonitor<Signer> {
 	}
 }
 
+// These are also used for ChannelMonitorUpdate, above.
 const SERIALIZATION_VERSION: u8 = 1;
 const MIN_SERIALIZATION_VERSION: u8 = 1;
 
@@ -685,7 +823,10 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 		}
 
 		self.counterparty_payment_script.write(writer)?;
-		self.shutdown_script.write(writer)?;
+		match &self.shutdown_script {
+			Some(script) => script.write(writer)?,
+			None => Script::new().write(writer)?,
+		}
 
 		self.channel_keys_id.write(writer)?;
 		self.holder_revocation_basepoint.write(writer)?;
@@ -695,7 +836,7 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 		self.current_counterparty_commitment_txid.write(writer)?;
 		self.prev_counterparty_commitment_txid.write(writer)?;
 
-		self.counterparty_tx_cache.write(writer)?;
+		self.counterparty_commitment_params.write(writer)?;
 		self.funding_redeemscript.write(writer)?;
 		self.channel_value_satoshis.write(writer)?;
 
@@ -753,38 +894,14 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 			writer.write_all(&byte_utils::be48_to_array(*commitment_number))?;
 		}
 
-		macro_rules! serialize_holder_tx {
-			($holder_tx: expr) => {
-				$holder_tx.txid.write(writer)?;
-				writer.write_all(&$holder_tx.revocation_key.serialize())?;
-				writer.write_all(&$holder_tx.a_htlc_key.serialize())?;
-				writer.write_all(&$holder_tx.b_htlc_key.serialize())?;
-				writer.write_all(&$holder_tx.delayed_payment_key.serialize())?;
-				writer.write_all(&$holder_tx.per_commitment_point.serialize())?;
-
-				writer.write_all(&byte_utils::be32_to_array($holder_tx.feerate_per_kw))?;
-				writer.write_all(&byte_utils::be64_to_array($holder_tx.htlc_outputs.len() as u64))?;
-				for &(ref htlc_output, ref sig, ref htlc_source) in $holder_tx.htlc_outputs.iter() {
-					serialize_htlc_in_commitment!(htlc_output);
-					if let &Some(ref their_sig) = sig {
-						1u8.write(writer)?;
-						writer.write_all(&their_sig.serialize_compact())?;
-					} else {
-						0u8.write(writer)?;
-					}
-					htlc_source.write(writer)?;
-				}
-			}
-		}
-
 		if let Some(ref prev_holder_tx) = self.prev_holder_signed_commitment_tx {
 			writer.write_all(&[1; 1])?;
-			serialize_holder_tx!(prev_holder_tx);
+			prev_holder_tx.write(writer)?;
 		} else {
 			writer.write_all(&[0; 1])?;
 		}
 
-		serialize_holder_tx!(self.current_holder_commitment_tx);
+		self.current_holder_commitment_tx.write(writer)?;
 
 		writer.write_all(&byte_utils::be48_to_array(self.current_counterparty_commitment_number))?;
 		writer.write_all(&byte_utils::be48_to_array(self.current_holder_commitment_number))?;
@@ -815,19 +932,7 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 
 		writer.write_all(&byte_utils::be64_to_array(self.onchain_events_awaiting_threshold_conf.len() as u64))?;
 		for ref entry in self.onchain_events_awaiting_threshold_conf.iter() {
-			entry.txid.write(writer)?;
-			writer.write_all(&byte_utils::be32_to_array(entry.height))?;
-			match entry.event {
-				OnchainEvent::HTLCUpdate { ref htlc_update } => {
-					0u8.write(writer)?;
-					htlc_update.0.write(writer)?;
-					htlc_update.1.write(writer)?;
-				},
-				OnchainEvent::MaturingOutput { ref descriptor } => {
-					1u8.write(writer)?;
-					descriptor.write(writer)?;
-				},
-			}
+			entry.write(writer)?;
 		}
 
 		(self.outputs_to_watch.len() as u64).write(writer)?;
@@ -844,14 +949,17 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 		self.lockdown_from_offchain.write(writer)?;
 		self.holder_tx_signed.write(writer)?;
 
-		write_tlv_fields!(writer, {}, {});
+		write_tlv_fields!(writer, {
+			(1, self.funding_spend_confirmed, option),
+			(3, self.htlcs_resolved_on_chain, vec_type),
+		});
 
 		Ok(())
 	}
 }
 
 impl<Signer: Sign> ChannelMonitor<Signer> {
-	pub(crate) fn new(secp_ctx: Secp256k1<secp256k1::All>, keys: Signer, shutdown_pubkey: &PublicKey,
+	pub(crate) fn new(secp_ctx: Secp256k1<secp256k1::All>, keys: Signer, shutdown_script: Option<Script>,
 	                  on_counterparty_tx_csv: u16, destination_script: &Script, funding_info: (OutPoint, Script),
 	                  channel_parameters: &ChannelTransactionParameters,
 	                  funding_redeemscript: Script, channel_value_satoshis: u64,
@@ -860,15 +968,13 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 	                  best_block: BestBlock) -> ChannelMonitor<Signer> {
 
 		assert!(commitment_transaction_number_obscure_factor <= (1 << 48));
-		let our_channel_close_key_hash = WPubkeyHash::hash(&shutdown_pubkey.serialize());
-		let shutdown_script = Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_close_key_hash[..]).into_script();
 		let payment_key_hash = WPubkeyHash::hash(&keys.pubkeys().payment_point.serialize());
 		let counterparty_payment_script = Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&payment_key_hash[..]).into_script();
 
 		let counterparty_channel_parameters = channel_parameters.counterparty_parameters.as_ref().unwrap();
 		let counterparty_delayed_payment_base_key = counterparty_channel_parameters.pubkeys.delayed_payment_basepoint;
 		let counterparty_htlc_base_key = counterparty_channel_parameters.pubkeys.htlc_basepoint;
-		let counterparty_tx_cache = CounterpartyCommitmentTransaction { counterparty_delayed_payment_base_key, counterparty_htlc_base_key, on_counterparty_tx_csv, per_htlc: HashMap::new() };
+		let counterparty_commitment_params = CounterpartyCommitmentParameters { counterparty_delayed_payment_base_key, counterparty_htlc_base_key, on_counterparty_tx_csv };
 
 		let channel_keys_id = keys.channel_keys_id();
 		let holder_revocation_basepoint = keys.pubkeys().revocation_basepoint;
@@ -886,8 +992,9 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 				b_htlc_key: tx_keys.countersignatory_htlc_key,
 				delayed_payment_key: tx_keys.broadcaster_delayed_payment_key,
 				per_commitment_point: tx_keys.per_commitment_point,
-				feerate_per_kw: trusted_tx.feerate_per_kw(),
 				htlc_outputs: Vec::new(), // There are never any HTLCs in the initial commitment transactions
+				to_self_value_sat: initial_holder_commitment_tx.to_broadcaster_value_sat(),
+				feerate_per_kw: trusted_tx.feerate_per_kw(),
 			};
 			(holder_commitment_tx, trusted_tx.commitment_number())
 		};
@@ -915,7 +1022,7 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 				current_counterparty_commitment_txid: None,
 				prev_counterparty_commitment_txid: None,
 
-				counterparty_tx_cache,
+				counterparty_commitment_params,
 				funding_redeemscript,
 				channel_value_satoshis,
 				their_cur_revocation_points: None,
@@ -943,6 +1050,8 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 
 				lockdown_from_offchain: false,
 				holder_tx_signed: false,
+				funding_spend_confirmed: None,
+				htlcs_resolved_on_chain: Vec::new(),
 
 				best_block,
 
@@ -1245,6 +1354,255 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 		txids.dedup();
 		txids
 	}
+
+	/// Gets the latest best block which was connected either via the [`chain::Listen`] or
+	/// [`chain::Confirm`] interfaces.
+	pub fn current_best_block(&self) -> BestBlock {
+		self.inner.lock().unwrap().best_block.clone()
+	}
+
+	/// Gets the balances in this channel which are either claimable by us if we were to
+	/// force-close the channel now or which are claimable on-chain (possibly awaiting
+	/// confirmation).
+	///
+	/// Any balances in the channel which are available on-chain (excluding on-chain fees) are
+	/// included here until an [`Event::SpendableOutputs`] event has been generated for the
+	/// balance, or until our counterparty has claimed the balance and accrued several
+	/// confirmations on the claim transaction.
+	///
+	/// Note that the balances available when you or your counterparty have broadcasted revoked
+	/// state(s) may not be fully captured here.
+	// TODO, fix that ^
+	///
+	/// See [`Balance`] for additional details on the types of claimable balances which
+	/// may be returned here and their meanings.
+	pub fn get_claimable_balances(&self) -> Vec<Balance> {
+		let mut res = Vec::new();
+		let us = self.inner.lock().unwrap();
+
+		let mut confirmed_txid = us.funding_spend_confirmed;
+		let mut pending_commitment_tx_conf_thresh = None;
+		let funding_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| {
+			if let OnchainEvent::FundingSpendConfirmation { .. } = event.event {
+				Some((event.txid, event.confirmation_threshold()))
+			} else { None }
+		});
+		if let Some((txid, conf_thresh)) = funding_spend_pending {
+			debug_assert!(us.funding_spend_confirmed.is_none(),
+				"We have a pending funding spend awaiting anti-reorg confirmation, we can't have confirmed it already!");
+			confirmed_txid = Some(txid);
+			pending_commitment_tx_conf_thresh = Some(conf_thresh);
+		}
+
+		macro_rules! walk_htlcs {
+			($holder_commitment: expr, $htlc_iter: expr) => {
+				for htlc in $htlc_iter {
+					if let Some(htlc_input_idx) = htlc.transaction_output_index {
+						if us.htlcs_resolved_on_chain.iter().any(|v| v.input_idx == htlc_input_idx) {
+							assert!(us.funding_spend_confirmed.is_some());
+						} else if htlc.offered == $holder_commitment {
+							// If the payment was outbound, check if there's an HTLCUpdate
+							// indicating we have spent this HTLC with a timeout, claiming it back
+							// and awaiting confirmations on it.
+							let htlc_update_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| {
+								if let OnchainEvent::HTLCUpdate { input_idx: Some(input_idx), .. } = event.event {
+									if input_idx == htlc_input_idx { Some(event.confirmation_threshold()) } else { None }
+								} else { None }
+							});
+							if let Some(conf_thresh) = htlc_update_pending {
+								res.push(Balance::ClaimableAwaitingConfirmations {
+									claimable_amount_satoshis: htlc.amount_msat / 1000,
+									confirmation_height: conf_thresh,
+								});
+							} else {
+								res.push(Balance::MaybeClaimableHTLCAwaitingTimeout {
+									claimable_amount_satoshis: htlc.amount_msat / 1000,
+									claimable_height: htlc.cltv_expiry,
+								});
+							}
+						} else if us.payment_preimages.get(&htlc.payment_hash).is_some() {
+							// Otherwise (the payment was inbound), only expose it as claimable if
+							// we know the preimage.
+							// Note that if there is a pending claim, but it did not use the
+							// preimage, we lost funds to our counterparty! We will then continue
+							// to show it as ContentiousClaimable until ANTI_REORG_DELAY.
+							let htlc_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| {
+								if let OnchainEvent::HTLCSpendConfirmation { input_idx, preimage, .. } = event.event {
+									if input_idx == htlc_input_idx {
+										Some((event.confirmation_threshold(), preimage.is_some()))
+									} else { None }
+								} else { None }
+							});
+							if let Some((conf_thresh, true)) = htlc_spend_pending {
+								res.push(Balance::ClaimableAwaitingConfirmations {
+									claimable_amount_satoshis: htlc.amount_msat / 1000,
+									confirmation_height: conf_thresh,
+								});
+							} else {
+								res.push(Balance::ContentiousClaimable {
+									claimable_amount_satoshis: htlc.amount_msat / 1000,
+									timeout_height: htlc.cltv_expiry,
+								});
+							}
+						}
+					}
+				}
+			}
+		}
+
+		if let Some(txid) = confirmed_txid {
+			let mut found_commitment_tx = false;
+			if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid {
+				walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().map(|(a, _)| a));
+				if let Some(conf_thresh) = pending_commitment_tx_conf_thresh {
+					if let Some(value) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| {
+						if let OnchainEvent::MaturingOutput {
+							descriptor: SpendableOutputDescriptor::StaticPaymentOutput(descriptor)
+						} = &event.event {
+							Some(descriptor.output.value)
+						} else { None }
+					}) {
+						res.push(Balance::ClaimableAwaitingConfirmations {
+							claimable_amount_satoshis: value,
+							confirmation_height: conf_thresh,
+						});
+					} else {
+						// If a counterparty commitment transaction is awaiting confirmation, we
+						// should either have a StaticPaymentOutput MaturingOutput event awaiting
+						// confirmation with the same height or have never met our dust amount.
+					}
+				}
+				found_commitment_tx = true;
+			} else if txid == us.current_holder_commitment_tx.txid {
+				walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a));
+				if let Some(conf_thresh) = pending_commitment_tx_conf_thresh {
+					res.push(Balance::ClaimableAwaitingConfirmations {
+						claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat,
+						confirmation_height: conf_thresh,
+					});
+				}
+				found_commitment_tx = true;
+			} else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx {
+				if txid == prev_commitment.txid {
+					walk_htlcs!(true, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a));
+					if let Some(conf_thresh) = pending_commitment_tx_conf_thresh {
+						res.push(Balance::ClaimableAwaitingConfirmations {
+							claimable_amount_satoshis: prev_commitment.to_self_value_sat,
+							confirmation_height: conf_thresh,
+						});
+					}
+					found_commitment_tx = true;
+				}
+			}
+			if !found_commitment_tx {
+				if let Some(conf_thresh) = pending_commitment_tx_conf_thresh {
+					// We blindly assume this is a cooperative close transaction here, and that
+					// neither us nor our counterparty misbehaved. At worst we've under-estimated
+					// the amount we can claim as we'll punish a misbehaving counterparty.
+					res.push(Balance::ClaimableAwaitingConfirmations {
+						claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat,
+						confirmation_height: conf_thresh,
+					});
+				}
+			}
+			// TODO: Add logic to provide claimable balances for counterparty broadcasting revoked
+			// outputs.
+		} else {
+			let mut claimable_inbound_htlc_value_sat = 0;
+			for (htlc, _, _) in us.current_holder_commitment_tx.htlc_outputs.iter() {
+				if htlc.transaction_output_index.is_none() { continue; }
+				if htlc.offered {
+					res.push(Balance::MaybeClaimableHTLCAwaitingTimeout {
+						claimable_amount_satoshis: htlc.amount_msat / 1000,
+						claimable_height: htlc.cltv_expiry,
+					});
+				} else if us.payment_preimages.get(&htlc.payment_hash).is_some() {
+					claimable_inbound_htlc_value_sat += htlc.amount_msat / 1000;
+				}
+			}
+			res.push(Balance::ClaimableOnChannelClose {
+				claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat + claimable_inbound_htlc_value_sat,
+			});
+		}
+
+		res
+	}
+}
+
+/// Compares a broadcasted commitment transaction's HTLCs with those in the latest state,
+/// failing any HTLCs which didn't make it into the broadcasted commitment transaction back
+/// after ANTI_REORG_DELAY blocks.
+///
+/// We always compare against the set of HTLCs in counterparty commitment transactions, as those
+/// are the commitment transactions which are generated by us. The off-chain state machine in
+/// `Channel` will automatically resolve any HTLCs which were never included in a commitment
+/// transaction when it detects channel closure, but it is up to us to ensure any HTLCs which were
+/// included in a remote commitment transaction are failed back if they are not present in the
+/// broadcasted commitment transaction.
+///
+/// Specifically, the removal process for HTLCs in `Channel` is always based on the counterparty
+/// sending a `revoke_and_ack`, which causes us to clear `prev_counterparty_commitment_txid`. Thus,
+/// as long as we examine both the current counterparty commitment transaction and, if it hasn't
+/// been revoked yet, the previous one, we we will never "forget" to resolve an HTLC.
+macro_rules! fail_unbroadcast_htlcs {
+	($self: expr, $commitment_tx_type: expr, $commitment_tx_conf_height: expr, $confirmed_htlcs_list: expr, $logger: expr) => { {
+		macro_rules! check_htlc_fails {
+			($txid: expr, $commitment_tx: expr) => {
+				if let Some(ref latest_outpoints) = $self.counterparty_claimable_outpoints.get($txid) {
+					for &(ref htlc, ref source_option) in latest_outpoints.iter() {
+						if let &Some(ref source) = source_option {
+							// Check if the HTLC is present in the commitment transaction that was
+							// broadcast, but not if it was below the dust limit, which we should
+							// fail backwards immediately as there is no way for us to learn the
+							// payment_preimage.
+							// Note that if the dust limit were allowed to change between
+							// commitment transactions we'd want to be check whether *any*
+							// broadcastable commitment transaction has the HTLC in it, but it
+							// cannot currently change after channel initialization, so we don't
+							// need to here.
+							let confirmed_htlcs_iter: &mut Iterator<Item = (&HTLCOutputInCommitment, Option<&HTLCSource>)> = &mut $confirmed_htlcs_list;
+							let mut matched_htlc = false;
+							for (ref broadcast_htlc, ref broadcast_source) in confirmed_htlcs_iter {
+								if broadcast_htlc.transaction_output_index.is_some() && Some(&**source) == *broadcast_source {
+									matched_htlc = true;
+									break;
+								}
+							}
+							if matched_htlc { continue; }
+							$self.onchain_events_awaiting_threshold_conf.retain(|ref entry| {
+								if entry.height != $commitment_tx_conf_height { return true; }
+								match entry.event {
+									OnchainEvent::HTLCUpdate { source: ref update_source, .. } => {
+										*update_source != **source
+									},
+									_ => true,
+								}
+							});
+							let entry = OnchainEventEntry {
+								txid: *$txid,
+								height: $commitment_tx_conf_height,
+								event: OnchainEvent::HTLCUpdate {
+									source: (**source).clone(),
+									payment_hash: htlc.payment_hash.clone(),
+									onchain_value_satoshis: Some(htlc.amount_msat / 1000),
+									input_idx: None,
+								},
+							};
+							log_trace!($logger, "Failing HTLC with payment_hash {} from {} counterparty commitment tx due to broadcast of {} commitment transaction, waiting for confirmation (at height {})",
+								log_bytes!(htlc.payment_hash.0), $commitment_tx, $commitment_tx_type, entry.confirmation_threshold());
+							$self.onchain_events_awaiting_threshold_conf.push(entry);
+						}
+					}
+				}
+			}
+		}
+		if let Some(ref txid) = $self.current_counterparty_commitment_txid {
+			check_htlc_fails!(txid, "current");
+		}
+		if let Some(ref txid) = $self.prev_counterparty_commitment_txid {
+			check_htlc_fails!(txid, "previous");
+		}
+	} }
 }
 
 impl<Signer: Sign> ChannelMonitorImpl<Signer> {
@@ -1338,7 +1696,6 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				htlcs.push(htlc.0);
 			}
 		}
-		self.counterparty_tx_cache.per_htlc.insert(txid, htlcs);
 	}
 
 	/// Informs this monitor of the latest holder (ie broadcastable) commitment transaction. The
@@ -1360,8 +1717,9 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				b_htlc_key: tx_keys.countersignatory_htlc_key,
 				delayed_payment_key: tx_keys.broadcaster_delayed_payment_key,
 				per_commitment_point: tx_keys.per_commitment_point,
-				feerate_per_kw: trusted_tx.feerate_per_kw(),
 				htlc_outputs,
+				to_self_value_sat: holder_commitment_tx.to_broadcaster_value_sat(),
+				feerate_per_kw: trusted_tx.feerate_per_kw(),
 			}
 		};
 		self.onchain_tx_handler.provide_latest_holder_tx(holder_commitment_tx);
@@ -1387,7 +1745,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		macro_rules! claim_htlcs {
 			($commitment_number: expr, $txid: expr) => {
 				let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs($commitment_number, $txid, None);
-				self.onchain_tx_handler.update_claims_view(&Vec::new(), htlc_claim_reqs, self.best_block.height(), broadcaster, fee_estimator, logger);
+				self.onchain_tx_handler.update_claims_view(&Vec::new(), htlc_claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger);
 			}
 		}
 		if let Some(txid) = self.current_counterparty_commitment_txid {
@@ -1409,11 +1767,14 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		// *we* sign a holder commitment transaction, not when e.g. a watchtower broadcasts one of our
 		// holder commitment transactions.
 		if self.broadcasted_holder_revokable_script.is_some() {
-			let (claim_reqs, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, 0);
-			self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), broadcaster, fee_estimator, logger);
+			// Assume that the broadcasted commitment transaction confirmed in the current best
+			// block. Even if not, its a reasonable metric for the bump criteria on the HTLC
+			// transactions.
+			let (claim_reqs, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height());
+			self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger);
 			if let Some(ref tx) = self.prev_holder_signed_commitment_tx {
-				let (claim_reqs, _) = self.get_broadcasted_holder_claims(&tx, 0);
-				self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), broadcaster, fee_estimator, logger);
+				let (claim_reqs, _) = self.get_broadcasted_holder_claims(&tx, self.best_block.height());
+				self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger);
 			}
 		}
 	}
@@ -1479,7 +1840,13 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 						// shouldn't print the scary warning above.
 						log_info!(logger, "Channel off-chain state closed after we broadcasted our latest commitment transaction.");
 					}
-				}
+				},
+				ChannelMonitorUpdateStep::ShutdownScript { scriptpubkey } => {
+					log_trace!(logger, "Updating ChannelMonitor with shutdown script");
+					if let Some(shutdown_script) = self.shutdown_script.replace(scriptpubkey.clone()) {
+						panic!("Attempted to replace shutdown script {} with {}", shutdown_script, scriptpubkey);
+					}
+				},
 			}
 		}
 		self.latest_update_id = updates.update_id;
@@ -1563,16 +1930,16 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret));
 			let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
 			let revocation_pubkey = ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint));
-			let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.counterparty_tx_cache.counterparty_delayed_payment_base_key));
+			let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.counterparty_commitment_params.counterparty_delayed_payment_base_key));
 
-			let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.counterparty_tx_cache.on_counterparty_tx_csv, &delayed_key);
+			let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.counterparty_commitment_params.on_counterparty_tx_csv, &delayed_key);
 			let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh();
 
 			// First, process non-htlc outputs (to_holder & to_counterparty)
 			for (idx, outp) in tx.output.iter().enumerate() {
 				if outp.script_pubkey == revokeable_p2wsh {
-					let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_tx_cache.counterparty_delayed_payment_base_key, self.counterparty_tx_cache.counterparty_htlc_base_key, per_commitment_key, outp.value, self.counterparty_tx_cache.on_counterparty_tx_csv);
-					let justice_package = PackageTemplate::build_package(commitment_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_tx_cache.on_counterparty_tx_csv as u32, true, height);
+					let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, outp.value, self.counterparty_commitment_params.on_counterparty_tx_csv);
+					let justice_package = PackageTemplate::build_package(commitment_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height);
 					claimable_outpoints.push(justice_package);
 				}
 			}
@@ -1585,7 +1952,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 								tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 {
 							return (claimable_outpoints, (commitment_txid, watch_outputs)); // Corrupted per_commitment_data, fuck this user
 						}
-						let revk_htlc_outp = RevokedHTLCOutput::build(per_commitment_point, self.counterparty_tx_cache.counterparty_delayed_payment_base_key, self.counterparty_tx_cache.counterparty_htlc_base_key, per_commitment_key, htlc.amount_msat / 1000, htlc.clone());
+						let revk_htlc_outp = RevokedHTLCOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, htlc.amount_msat / 1000, htlc.clone());
 						let justice_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, PackageSolvingData::RevokedHTLCOutput(revk_htlc_outp), htlc.cltv_expiry, true, height);
 						claimable_outpoints.push(justice_package);
 					}
@@ -1595,47 +1962,13 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			// Last, track onchain revoked commitment transaction and fail backward outgoing HTLCs as payment path is broken
 			if !claimable_outpoints.is_empty() || per_commitment_option.is_some() { // ie we're confident this is actually ours
 				// We're definitely a counterparty commitment transaction!
-				log_trace!(logger, "Got broadcast of revoked counterparty commitment transaction, going to generate general spend tx with {} inputs", claimable_outpoints.len());
+				log_error!(logger, "Got broadcast of revoked counterparty commitment transaction, going to generate general spend tx with {} inputs", claimable_outpoints.len());
 				for (idx, outp) in tx.output.iter().enumerate() {
 					watch_outputs.push((idx as u32, outp.clone()));
 				}
 				self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number);
 
-				macro_rules! check_htlc_fails {
-					($txid: expr, $commitment_tx: expr) => {
-						if let Some(ref outpoints) = self.counterparty_claimable_outpoints.get($txid) {
-							for &(ref htlc, ref source_option) in outpoints.iter() {
-								if let &Some(ref source) = source_option {
-									self.onchain_events_awaiting_threshold_conf.retain(|ref entry| {
-										if entry.height != height { return true; }
-										match entry.event {
-											 OnchainEvent::HTLCUpdate { ref htlc_update } => {
-												 htlc_update.0 != **source
-											 },
-											 _ => true,
-										}
-									});
-									let entry = OnchainEventEntry {
-										txid: *$txid,
-										height,
-										event: OnchainEvent::HTLCUpdate {
-											htlc_update: ((**source).clone(), htlc.payment_hash.clone())
-										},
-									};
-									log_info!(logger, "Failing HTLC with payment_hash {} from {} counterparty commitment tx due to broadcast of revoked counterparty commitment transaction, waiting for confirmation (at height {})", log_bytes!(htlc.payment_hash.0), $commitment_tx, entry.confirmation_threshold());
-									self.onchain_events_awaiting_threshold_conf.push(entry);
-								}
-							}
-						}
-					}
-				}
-				if let Some(ref txid) = self.current_counterparty_commitment_txid {
-					check_htlc_fails!(txid, "current");
-				}
-				if let Some(ref txid) = self.prev_counterparty_commitment_txid {
-					check_htlc_fails!(txid, "counterparty");
-				}
-				// No need to check holder commitment txn, symmetric HTLCSource must be present as per-htlc data on counterparty commitment tx
+				fail_unbroadcast_htlcs!(self, "revoked counterparty", height, [].iter().map(|a| *a), logger);
 			}
 		} else if let Some(per_commitment_data) = per_commitment_option {
 			// While this isn't useful yet, there is a potential race where if a counterparty
@@ -1650,55 +1983,8 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			}
 			self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number);
 
-			log_trace!(logger, "Got broadcast of non-revoked counterparty commitment transaction {}", commitment_txid);
-
-			macro_rules! check_htlc_fails {
-				($txid: expr, $commitment_tx: expr, $id: tt) => {
-					if let Some(ref latest_outpoints) = self.counterparty_claimable_outpoints.get($txid) {
-						$id: for &(ref htlc, ref source_option) in latest_outpoints.iter() {
-							if let &Some(ref source) = source_option {
-								// Check if the HTLC is present in the commitment transaction that was
-								// broadcast, but not if it was below the dust limit, which we should
-								// fail backwards immediately as there is no way for us to learn the
-								// payment_preimage.
-								// Note that if the dust limit were allowed to change between
-								// commitment transactions we'd want to be check whether *any*
-								// broadcastable commitment transaction has the HTLC in it, but it
-								// cannot currently change after channel initialization, so we don't
-								// need to here.
-								for &(ref broadcast_htlc, ref broadcast_source) in per_commitment_data.iter() {
-									if broadcast_htlc.transaction_output_index.is_some() && Some(source) == broadcast_source.as_ref() {
-										continue $id;
-									}
-								}
-								log_trace!(logger, "Failing HTLC with payment_hash {} from {} counterparty commitment tx due to broadcast of counterparty commitment transaction", log_bytes!(htlc.payment_hash.0), $commitment_tx);
-								self.onchain_events_awaiting_threshold_conf.retain(|ref entry| {
-									if entry.height != height { return true; }
-									match entry.event {
-										 OnchainEvent::HTLCUpdate { ref htlc_update } => {
-											 htlc_update.0 != **source
-										 },
-										 _ => true,
-									}
-								});
-								self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry {
-									txid: *$txid,
-									height,
-									event: OnchainEvent::HTLCUpdate {
-										htlc_update: ((**source).clone(), htlc.payment_hash.clone())
-									},
-								});
-							}
-						}
-					}
-				}
-			}
-			if let Some(ref txid) = self.current_counterparty_commitment_txid {
-				check_htlc_fails!(txid, "current", 'current_loop);
-			}
-			if let Some(ref txid) = self.prev_counterparty_commitment_txid {
-				check_htlc_fails!(txid, "previous", 'prev_loop);
-			}
+			log_info!(logger, "Got broadcast of non-revoked counterparty commitment transaction {}", commitment_txid);
+			fail_unbroadcast_htlcs!(self, "counterparty", height, per_commitment_data.iter().map(|(a, b)| (a, b.as_ref().map(|b| b.as_ref()))), logger);
 
 			let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs(commitment_number, commitment_txid, Some(tx));
 			for req in htlc_claim_reqs {
@@ -1734,7 +2020,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 							}
 							let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None };
 							if preimage.is_some() || !htlc.offered {
-								let counterparty_htlc_outp = if htlc.offered { PackageSolvingData::CounterpartyOfferedHTLCOutput(CounterpartyOfferedHTLCOutput::build(*revocation_point, self.counterparty_tx_cache.counterparty_delayed_payment_base_key, self.counterparty_tx_cache.counterparty_htlc_base_key, preimage.unwrap(), htlc.clone())) } else { PackageSolvingData::CounterpartyReceivedHTLCOutput(CounterpartyReceivedHTLCOutput::build(*revocation_point, self.counterparty_tx_cache.counterparty_delayed_payment_base_key, self.counterparty_tx_cache.counterparty_htlc_base_key, htlc.clone())) };
+								let counterparty_htlc_outp = if htlc.offered { PackageSolvingData::CounterpartyOfferedHTLCOutput(CounterpartyOfferedHTLCOutput::build(*revocation_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, preimage.unwrap(), htlc.clone())) } else { PackageSolvingData::CounterpartyReceivedHTLCOutput(CounterpartyReceivedHTLCOutput::build(*revocation_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, htlc.clone())) };
 								let aggregation = if !htlc.offered { false } else { true };
 								let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0);
 								claimable_outpoints.push(counterparty_package);
@@ -1767,9 +2053,9 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret));
 		let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key);
 
-		log_trace!(logger, "Counterparty HTLC broadcast {}:{}", htlc_txid, 0);
-		let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_tx_cache.counterparty_delayed_payment_base_key, self.counterparty_tx_cache.counterparty_htlc_base_key, per_commitment_key, tx.output[0].value, self.counterparty_tx_cache.on_counterparty_tx_csv);
-		let justice_package = PackageTemplate::build_package(htlc_txid, 0, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_tx_cache.on_counterparty_tx_csv as u32, true, height);
+		log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, 0);
+		let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, tx.output[0].value, self.counterparty_commitment_params.on_counterparty_tx_csv);
+		let justice_package = PackageTemplate::build_package(htlc_txid, 0, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height);
 		let claimable_outpoints = vec!(justice_package);
 		let outputs = vec![(0, tx.output[0].clone())];
 		(claimable_outpoints, Some((htlc_txid, outputs)))
@@ -1778,7 +2064,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 	// Returns (1) `PackageTemplate`s that can be given to the OnChainTxHandler, so that the handler can
 	// broadcast transactions claiming holder HTLC commitment outputs and (2) a holder revokable
 	// script so we can detect whether a holder transaction has been seen on-chain.
-	fn get_broadcasted_holder_claims(&self, holder_tx: &HolderSignedTx, height: u32) -> (Vec<PackageTemplate>, Option<(Script, PublicKey, PublicKey)>) {
+	fn get_broadcasted_holder_claims(&self, holder_tx: &HolderSignedTx, conf_height: u32) -> (Vec<PackageTemplate>, Option<(Script, PublicKey, PublicKey)>) {
 		let mut claim_requests = Vec::with_capacity(holder_tx.htlc_outputs.len());
 
 		let redeemscript = chan_utils::get_revokeable_redeemscript(&holder_tx.revocation_key, self.on_holder_tx_csv, &holder_tx.delayed_payment_key);
@@ -1797,7 +2083,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 						};
 						HolderHTLCOutput::build_accepted(payment_preimage, htlc.amount_msat)
 					};
-				let htlc_package = PackageTemplate::build_package(holder_tx.txid, transaction_output_index, PackageSolvingData::HolderHTLCOutput(htlc_output), height, false, height);
+				let htlc_package = PackageTemplate::build_package(holder_tx.txid, transaction_output_index, PackageSolvingData::HolderHTLCOutput(htlc_output), htlc.cltv_expiry, false, conf_height);
 				claim_requests.push(htlc_package);
 			}
 		}
@@ -1819,32 +2105,12 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 	/// Attempts to claim any claimable HTLCs in a commitment transaction which was not (yet)
 	/// revoked using data in holder_claimable_outpoints.
 	/// Should not be used if check_spend_revoked_transaction succeeds.
-	fn check_spend_holder_transaction<L: Deref>(&mut self, tx: &Transaction, height: u32, logger: &L) -> (Vec<PackageTemplate>, TransactionOutputs) where L::Target: Logger {
+	/// Returns None unless the transaction is definitely one of our commitment transactions.
+	fn check_spend_holder_transaction<L: Deref>(&mut self, tx: &Transaction, height: u32, logger: &L) -> Option<(Vec<PackageTemplate>, TransactionOutputs)> where L::Target: Logger {
 		let commitment_txid = tx.txid();
 		let mut claim_requests = Vec::new();
 		let mut watch_outputs = Vec::new();
 
-		macro_rules! wait_threshold_conf {
-			($source: expr, $commitment_tx: expr, $payment_hash: expr) => {
-				self.onchain_events_awaiting_threshold_conf.retain(|ref entry| {
-					if entry.height != height { return true; }
-					match entry.event {
-						 OnchainEvent::HTLCUpdate { ref htlc_update } => {
-							 htlc_update.0 != $source
-						 },
-						 _ => true,
-					}
-				});
-				let entry = OnchainEventEntry {
-					txid: commitment_txid,
-					height,
-					event: OnchainEvent::HTLCUpdate { htlc_update: ($source, $payment_hash) },
-				};
-				log_trace!(logger, "Failing HTLC with payment_hash {} from {} holder commitment tx due to broadcast of transaction, waiting confirmation (at height{})", log_bytes!($payment_hash.0), $commitment_tx, entry.confirmation_threshold());
-				self.onchain_events_awaiting_threshold_conf.push(entry);
-			}
-		}
-
 		macro_rules! append_onchain_update {
 			($updates: expr, $to_watch: expr) => {
 				claim_requests = $updates.0;
@@ -1858,44 +2124,31 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 
 		if self.current_holder_commitment_tx.txid == commitment_txid {
 			is_holder_tx = true;
-			log_trace!(logger, "Got latest holder commitment tx broadcast, searching for available HTLCs to claim");
+			log_info!(logger, "Got broadcast of latest holder commitment tx {}, searching for available HTLCs to claim", commitment_txid);
 			let res = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, height);
 			let mut to_watch = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, tx);
 			append_onchain_update!(res, to_watch);
+			fail_unbroadcast_htlcs!(self, "latest holder", height, self.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, c)| (a, c.as_ref())), logger);
 		} else if let &Some(ref holder_tx) = &self.prev_holder_signed_commitment_tx {
 			if holder_tx.txid == commitment_txid {
 				is_holder_tx = true;
-				log_trace!(logger, "Got previous holder commitment tx broadcast, searching for available HTLCs to claim");
+				log_info!(logger, "Got broadcast of previous holder commitment tx {}, searching for available HTLCs to claim", commitment_txid);
 				let res = self.get_broadcasted_holder_claims(holder_tx, height);
 				let mut to_watch = self.get_broadcasted_holder_watch_outputs(holder_tx, tx);
 				append_onchain_update!(res, to_watch);
-			}
-		}
-
-		macro_rules! fail_dust_htlcs_after_threshold_conf {
-			($holder_tx: expr) => {
-				for &(ref htlc, _, ref source) in &$holder_tx.htlc_outputs {
-					if htlc.transaction_output_index.is_none() {
-						if let &Some(ref source) = source {
-							wait_threshold_conf!(source.clone(), "lastest", htlc.payment_hash.clone());
-						}
-					}
-				}
+				fail_unbroadcast_htlcs!(self, "previous holder", height, holder_tx.htlc_outputs.iter().map(|(a, _, c)| (a, c.as_ref())), logger);
 			}
 		}
 
 		if is_holder_tx {
-			fail_dust_htlcs_after_threshold_conf!(self.current_holder_commitment_tx);
-			if let &Some(ref holder_tx) = &self.prev_holder_signed_commitment_tx {
-				fail_dust_htlcs_after_threshold_conf!(holder_tx);
-			}
+			Some((claim_requests, (commitment_txid, watch_outputs)))
+		} else {
+			None
 		}
-
-		(claim_requests, (commitment_txid, watch_outputs))
 	}
 
 	pub fn get_latest_holder_commitment_txn<L: Deref>(&mut self, logger: &L) -> Vec<Transaction> where L::Target: Logger {
-		log_trace!(logger, "Getting signed latest holder commitment transaction!");
+		log_debug!(logger, "Getting signed latest holder commitment transaction!");
 		self.holder_tx_signed = true;
 		let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript);
 		let txid = commitment_tx.txid();
@@ -1910,7 +2163,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				} else if htlc.0.cltv_expiry > self.best_block.height() + 1 {
 					// Don't broadcast HTLC-Timeout transactions immediately as they don't meet the
 					// current locktime requirements on-chain. We will broadcast them in
-					// `block_confirmed` when `would_broadcast_at_height` returns true.
+					// `block_confirmed` when `should_broadcast_holder_commitment_txn` returns true.
 					// Note that we add + 1 as transactions are broadcastable when they can be
 					// confirmed in the next block.
 					continue;
@@ -1929,7 +2182,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 	#[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
 	/// Note that this includes possibly-locktimed-in-the-future transactions!
 	fn unsafe_get_latest_holder_commitment_txn<L: Deref>(&mut self, logger: &L) -> Vec<Transaction> where L::Target: Logger {
-		log_trace!(logger, "Getting signed copy of latest holder commitment transaction!");
+		log_debug!(logger, "Getting signed copy of latest holder commitment transaction!");
 		let commitment_tx = self.onchain_tx_handler.get_fully_signed_copy_holder_tx(&self.funding_redeemscript);
 		let txid = commitment_tx.txid();
 		let mut holder_transactions = vec![commitment_tx];
@@ -1956,7 +2209,6 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 					L::Target: Logger,
 	{
 		let block_hash = header.block_hash();
-		log_trace!(logger, "New best block {} at height {}", block_hash, height);
 		self.best_block = BestBlock::new(block_hash, height);
 
 		self.transactions_confirmed(header, txdata, height, broadcaster, fee_estimator, logger)
@@ -1976,17 +2228,16 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		L::Target: Logger,
 	{
 		let block_hash = header.block_hash();
-		log_trace!(logger, "New best block {} at height {}", block_hash, height);
 
 		if height > self.best_block.height() {
 			self.best_block = BestBlock::new(block_hash, height);
-			self.block_confirmed(height, vec![], vec![], vec![], broadcaster, fee_estimator, logger)
-		} else {
+			self.block_confirmed(height, vec![], vec![], vec![], &broadcaster, &fee_estimator, &logger)
+		} else if block_hash != self.best_block.block_hash() {
 			self.best_block = BestBlock::new(block_hash, height);
 			self.onchain_events_awaiting_threshold_conf.retain(|ref entry| entry.height <= height);
 			self.onchain_tx_handler.block_disconnected(height + 1, broadcaster, fee_estimator, logger);
 			Vec::new()
-		}
+		} else { Vec::new() }
 	}
 
 	fn transactions_confirmed<B: Deref, F: Deref, L: Deref>(
@@ -2014,7 +2265,6 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		}
 
 		let block_hash = header.block_hash();
-		log_trace!(logger, "Block {} at height {} connected with {} txn matched", block_hash, height, txn_matched.len());
 
 		let mut watch_outputs = Vec::new();
 		let mut claimable_outpoints = Vec::new();
@@ -2026,20 +2276,32 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				// filters.
 				let prevout = &tx.input[0].previous_output;
 				if prevout.txid == self.funding_info.0.txid && prevout.vout == self.funding_info.0.index as u32 {
+					let mut balance_spendable_csv = None;
+					log_info!(logger, "Channel closed by funding output spend in txid {}.", log_bytes!(tx.txid()));
 					if (tx.input[0].sequence >> 8*3) as u8 == 0x80 && (tx.lock_time >> 8*3) as u8 == 0x20 {
 						let (mut new_outpoints, new_outputs) = self.check_spend_counterparty_transaction(&tx, height, &logger);
 						if !new_outputs.1.is_empty() {
 							watch_outputs.push(new_outputs);
 						}
+						claimable_outpoints.append(&mut new_outpoints);
 						if new_outpoints.is_empty() {
-							let (mut new_outpoints, new_outputs) = self.check_spend_holder_transaction(&tx, height, &logger);
-							if !new_outputs.1.is_empty() {
-								watch_outputs.push(new_outputs);
+							if let Some((mut new_outpoints, new_outputs)) = self.check_spend_holder_transaction(&tx, height, &logger) {
+								if !new_outputs.1.is_empty() {
+									watch_outputs.push(new_outputs);
+								}
+								claimable_outpoints.append(&mut new_outpoints);
+								balance_spendable_csv = Some(self.on_holder_tx_csv);
 							}
-							claimable_outpoints.append(&mut new_outpoints);
 						}
-						claimable_outpoints.append(&mut new_outpoints);
 					}
+					let txid = tx.txid();
+					self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry {
+						txid,
+						height: height,
+						event: OnchainEvent::FundingSpendConfirmation {
+							on_local_output_csv: balance_spendable_csv,
+						},
+					});
 				} else {
 					if let Some(&commitment_number) = self.counterparty_commitment_txn_on_chain.get(&prevout.txid) {
 						let (mut new_outpoints, new_outputs_option) = self.check_spend_counterparty_htlc(&tx, commitment_number, height, &logger);
@@ -2058,33 +2320,50 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			self.is_paying_spendable_output(&tx, height, &logger);
 		}
 
-		self.block_confirmed(height, txn_matched, watch_outputs, claimable_outpoints, broadcaster, fee_estimator, logger)
+		if height > self.best_block.height() {
+			self.best_block = BestBlock::new(block_hash, height);
+		}
+
+		self.block_confirmed(height, txn_matched, watch_outputs, claimable_outpoints, &broadcaster, &fee_estimator, &logger)
 	}
 
+	/// Update state for new block(s)/transaction(s) confirmed. Note that the caller must update
+	/// `self.best_block` before calling if a new best blockchain tip is available. More
+	/// concretely, `self.best_block` must never be at a lower height than `conf_height`, avoiding
+	/// complexity especially in `OnchainTx::update_claims_view`.
+	///
+	/// `conf_height` should be set to the height at which any new transaction(s)/block(s) were
+	/// confirmed at, even if it is not the current best height.
 	fn block_confirmed<B: Deref, F: Deref, L: Deref>(
 		&mut self,
-		height: u32,
+		conf_height: u32,
 		txn_matched: Vec<&Transaction>,
 		mut watch_outputs: Vec<TransactionOutputs>,
 		mut claimable_outpoints: Vec<PackageTemplate>,
-		broadcaster: B,
-		fee_estimator: F,
-		logger: L,
+		broadcaster: &B,
+		fee_estimator: &F,
+		logger: &L,
 	) -> Vec<TransactionOutputs>
 	where
 		B::Target: BroadcasterInterface,
 		F::Target: FeeEstimator,
 		L::Target: Logger,
 	{
-		let should_broadcast = self.would_broadcast_at_height(height, &logger);
+		log_trace!(logger, "Processing {} matched transactions for block at height {}.", txn_matched.len(), conf_height);
+		debug_assert!(self.best_block.height() >= conf_height);
+
+		let should_broadcast = self.should_broadcast_holder_commitment_txn(logger);
 		if should_broadcast {
 			let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone());
-			let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), height, false, height);
+			let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), false, self.best_block.height());
 			claimable_outpoints.push(commitment_package);
 			self.pending_monitor_events.push(MonitorEvent::CommitmentTxBroadcasted(self.funding_info.0));
 			let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript);
 			self.holder_tx_signed = true;
-			let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, height);
+			// Because we're broadcasting a commitment transaction, we should construct the package
+			// assuming it gets confirmed in the next block. Sadly, we have code which considers
+			// "not yet confirmed" things as discardable, so we cannot do that here.
+			let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height());
 			let new_outputs = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, &commitment_tx);
 			if !new_outputs.is_empty() {
 				watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs));
@@ -2097,7 +2376,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			self.onchain_events_awaiting_threshold_conf.drain(..).collect::<Vec<_>>();
 		let mut onchain_events_reaching_threshold_conf = Vec::new();
 		for entry in onchain_events_awaiting_threshold_conf {
-			if entry.has_reached_confirmation_threshold(height) {
+			if entry.has_reached_confirmation_threshold(&self.best_block) {
 				onchain_events_reaching_threshold_conf.push(entry);
 			} else {
 				self.onchain_events_awaiting_threshold_conf.push(entry);
@@ -2109,8 +2388,8 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		let unmatured_htlcs: Vec<_> = self.onchain_events_awaiting_threshold_conf
 			.iter()
 			.filter_map(|entry| match &entry.event {
-				OnchainEvent::HTLCUpdate { htlc_update } => Some(htlc_update.0.clone()),
-				OnchainEvent::MaturingOutput { .. } => None,
+				OnchainEvent::HTLCUpdate { source, .. } => Some(source),
+				_ => None,
 			})
 			.collect();
 		#[cfg(debug_assertions)]
@@ -2119,40 +2398,50 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		// Produce actionable events from on-chain events having reached their threshold.
 		for entry in onchain_events_reaching_threshold_conf.drain(..) {
 			match entry.event {
-				OnchainEvent::HTLCUpdate { htlc_update } => {
+				OnchainEvent::HTLCUpdate { ref source, payment_hash, onchain_value_satoshis, input_idx } => {
 					// Check for duplicate HTLC resolutions.
 					#[cfg(debug_assertions)]
 					{
 						debug_assert!(
-							unmatured_htlcs.iter().find(|&htlc| htlc == &htlc_update.0).is_none(),
+							unmatured_htlcs.iter().find(|&htlc| htlc == &source).is_none(),
 							"An unmature HTLC transaction conflicts with a maturing one; failed to \
 							 call either transaction_unconfirmed for the conflicting transaction \
 							 or block_disconnected for a block containing it.");
 						debug_assert!(
-							matured_htlcs.iter().find(|&htlc| htlc == &htlc_update.0).is_none(),
+							matured_htlcs.iter().find(|&htlc| htlc == source).is_none(),
 							"A matured HTLC transaction conflicts with a maturing one; failed to \
 							 call either transaction_unconfirmed for the conflicting transaction \
 							 or block_disconnected for a block containing it.");
-						matured_htlcs.push(htlc_update.0.clone());
+						matured_htlcs.push(source.clone());
 					}
 
-					log_trace!(logger, "HTLC {} failure update has got enough confirmations to be passed upstream", log_bytes!((htlc_update.1).0));
+					log_debug!(logger, "HTLC {} failure update has got enough confirmations to be passed upstream", log_bytes!(payment_hash.0));
 					self.pending_monitor_events.push(MonitorEvent::HTLCEvent(HTLCUpdate {
-						payment_hash: htlc_update.1,
+						payment_hash,
 						payment_preimage: None,
-						source: htlc_update.0,
+						source: source.clone(),
+						onchain_value_satoshis,
 					}));
+					if let Some(idx) = input_idx {
+						self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { input_idx: idx, payment_preimage: None });
+					}
 				},
 				OnchainEvent::MaturingOutput { descriptor } => {
-					log_trace!(logger, "Descriptor {} has got enough confirmations to be passed upstream", log_spendable!(descriptor));
+					log_debug!(logger, "Descriptor {} has got enough confirmations to be passed upstream", log_spendable!(descriptor));
 					self.pending_events.push(Event::SpendableOutputs {
 						outputs: vec![descriptor]
 					});
-				}
+				},
+				OnchainEvent::HTLCSpendConfirmation { input_idx, preimage, .. } => {
+					self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { input_idx, payment_preimage: preimage });
+				},
+				OnchainEvent::FundingSpendConfirmation { .. } => {
+					self.funding_spend_confirmed = Some(entry.txid);
+				},
 			}
 		}
 
-		self.onchain_tx_handler.update_claims_view(&txn_matched, claimable_outpoints, height, &&*broadcaster, &&*fee_estimator, &&*logger);
+		self.onchain_tx_handler.update_claims_view(&txn_matched, claimable_outpoints, conf_height, self.best_block.height(), broadcaster, fee_estimator, logger);
 
 		// Determine new outputs to watch by comparing against previously known outputs to watch,
 		// updating the latter in the process.
@@ -2254,7 +2543,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		false
 	}
 
-	fn would_broadcast_at_height<L: Deref>(&self, height: u32, logger: &L) -> bool where L::Target: Logger {
+	fn should_broadcast_holder_commitment_txn<L: Deref>(&self, logger: &L) -> bool where L::Target: Logger {
 		// We need to consider all HTLCs which are:
 		//  * in any unrevoked counterparty commitment transaction, as they could broadcast said
 		//    transactions and we'd end up in a race, or
@@ -2265,6 +2554,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		// to the source, and if we don't fail the channel we will have to ensure that the next
 		// updates that peer sends us are update_fails, failing the channel if not. It's probably
 		// easier to just fail the channel as this case should be rare enough anyway.
+		let height = self.best_block.height();
 		macro_rules! scan_commitment {
 			($htlcs: expr, $holder_tx: expr) => {
 				for ref htlc in $htlcs {
@@ -2325,15 +2615,32 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 			let revocation_sig_claim = (input.witness.len() == 3 && HTLCType::scriptlen_to_htlctype(input.witness[2].len()) == Some(HTLCType::OfferedHTLC) && input.witness[1].len() == 33)
 				|| (input.witness.len() == 3 && HTLCType::scriptlen_to_htlctype(input.witness[2].len()) == Some(HTLCType::AcceptedHTLC) && input.witness[1].len() == 33);
 			let accepted_preimage_claim = input.witness.len() == 5 && HTLCType::scriptlen_to_htlctype(input.witness[4].len()) == Some(HTLCType::AcceptedHTLC);
-			let offered_preimage_claim = input.witness.len() == 3 && HTLCType::scriptlen_to_htlctype(input.witness[2].len()) == Some(HTLCType::OfferedHTLC);
+			let accepted_timeout_claim = input.witness.len() == 3 && HTLCType::scriptlen_to_htlctype(input.witness[2].len()) == Some(HTLCType::AcceptedHTLC) && !revocation_sig_claim;
+			let offered_preimage_claim = input.witness.len() == 3 && HTLCType::scriptlen_to_htlctype(input.witness[2].len()) == Some(HTLCType::OfferedHTLC) && !revocation_sig_claim;
+			let offered_timeout_claim = input.witness.len() == 5 && HTLCType::scriptlen_to_htlctype(input.witness[4].len()) == Some(HTLCType::OfferedHTLC);
+
+			let mut payment_preimage = PaymentPreimage([0; 32]);
+			if accepted_preimage_claim {
+				payment_preimage.0.copy_from_slice(&input.witness[3]);
+			} else if offered_preimage_claim {
+				payment_preimage.0.copy_from_slice(&input.witness[1]);
+			}
 
 			macro_rules! log_claim {
 				($tx_info: expr, $holder_tx: expr, $htlc: expr, $source_avail: expr) => {
-					// We found the output in question, but aren't failing it backwards
-					// as we have no corresponding source and no valid counterparty commitment txid
-					// to try a weak source binding with same-hash, same-value still-valid offered HTLC.
-					// This implies either it is an inbound HTLC or an outbound HTLC on a revoked transaction.
 					let outbound_htlc = $holder_tx == $htlc.offered;
+					// HTLCs must either be claimed by a matching script type or through the
+					// revocation path:
+					#[cfg(not(fuzzing))] // Note that the fuzzer is not bound by pesky things like "signatures"
+					debug_assert!(!$htlc.offered || offered_preimage_claim || offered_timeout_claim || revocation_sig_claim);
+					#[cfg(not(fuzzing))] // Note that the fuzzer is not bound by pesky things like "signatures"
+					debug_assert!($htlc.offered || accepted_preimage_claim || accepted_timeout_claim || revocation_sig_claim);
+					// Further, only exactly one of the possible spend paths should have been
+					// matched by any HTLC spend:
+					#[cfg(not(fuzzing))] // Note that the fuzzer is not bound by pesky things like "signatures"
+					debug_assert_eq!(accepted_preimage_claim as u8 + accepted_timeout_claim as u8 +
+					                 offered_preimage_claim as u8 + offered_timeout_claim as u8 +
+					                 revocation_sig_claim as u8, 1);
 					if ($holder_tx && revocation_sig_claim) ||
 							(outbound_htlc && !$source_avail && (accepted_preimage_claim || offered_preimage_claim)) {
 						log_error!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}!",
@@ -2356,7 +2663,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 							if pending_htlc.payment_hash == $htlc_output.payment_hash && pending_htlc.amount_msat == $htlc_output.amount_msat {
 								if let &Some(ref source) = pending_source {
 									log_claim!("revoked counterparty commitment tx", false, pending_htlc, true);
-									payment_data = Some(((**source).clone(), $htlc_output.payment_hash));
+									payment_data = Some(((**source).clone(), $htlc_output.payment_hash, $htlc_output.amount_msat));
 									break;
 								}
 							}
@@ -2376,15 +2683,39 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 								// transaction. This implies we either learned a preimage, the HTLC
 								// has timed out, or we screwed up. In any case, we should now
 								// resolve the source HTLC with the original sender.
-								payment_data = Some(((*source).clone(), htlc_output.payment_hash));
+								payment_data = Some(((*source).clone(), htlc_output.payment_hash, htlc_output.amount_msat));
 							} else if !$holder_tx {
-									check_htlc_valid_counterparty!(self.current_counterparty_commitment_txid, htlc_output);
+								check_htlc_valid_counterparty!(self.current_counterparty_commitment_txid, htlc_output);
 								if payment_data.is_none() {
 									check_htlc_valid_counterparty!(self.prev_counterparty_commitment_txid, htlc_output);
 								}
 							}
 							if payment_data.is_none() {
 								log_claim!($tx_info, $holder_tx, htlc_output, false);
+								let outbound_htlc = $holder_tx == htlc_output.offered;
+								if !outbound_htlc || revocation_sig_claim {
+									self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry {
+										txid: tx.txid(), height,
+										event: OnchainEvent::HTLCSpendConfirmation {
+											input_idx: input.previous_output.vout,
+											preimage: if accepted_preimage_claim || offered_preimage_claim {
+												Some(payment_preimage) } else { None },
+											// If this is a payment to us (!outbound_htlc, above),
+											// wait for the CSV delay before dropping the HTLC from
+											// claimable balance if the claim was an HTLC-Success
+											// transaction.
+											on_to_local_output_csv: if accepted_preimage_claim {
+												Some(self.on_holder_tx_csv) } else { None },
+										},
+									});
+								} else {
+									// Outbound claims should always have payment_data, unless
+									// we've already failed the HTLC as the commitment transaction
+									// which was broadcasted was revoked. In that case, we should
+									// spend the HTLC output here immediately, and expose that fact
+									// as a Balance, something which we do not yet do.
+									// TODO: Track the above as claimable!
+								}
 								continue 'outer_loop;
 							}
 						}
@@ -2409,16 +2740,24 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 
 			// Check that scan_commitment, above, decided there is some source worth relaying an
 			// HTLC resolution backwards to and figure out whether we learned a preimage from it.
-			if let Some((source, payment_hash)) = payment_data {
-				let mut payment_preimage = PaymentPreimage([0; 32]);
+			if let Some((source, payment_hash, amount_msat)) = payment_data {
 				if accepted_preimage_claim {
 					if !self.pending_monitor_events.iter().any(
 						|update| if let &MonitorEvent::HTLCEvent(ref upd) = update { upd.source == source } else { false }) {
-						payment_preimage.0.copy_from_slice(&input.witness[3]);
+						self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry {
+							txid: tx.txid(),
+							height,
+							event: OnchainEvent::HTLCSpendConfirmation {
+								input_idx: input.previous_output.vout,
+								preimage: Some(payment_preimage),
+								on_to_local_output_csv: None,
+							},
+						});
 						self.pending_monitor_events.push(MonitorEvent::HTLCEvent(HTLCUpdate {
 							source,
 							payment_preimage: Some(payment_preimage),
-							payment_hash
+							payment_hash,
+							onchain_value_satoshis: Some(amount_msat / 1000),
 						}));
 					}
 				} else if offered_preimage_claim {
@@ -2426,29 +2765,42 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 						|update| if let &MonitorEvent::HTLCEvent(ref upd) = update {
 							upd.source == source
 						} else { false }) {
-						payment_preimage.0.copy_from_slice(&input.witness[1]);
+						self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry {
+							txid: tx.txid(),
+							height,
+							event: OnchainEvent::HTLCSpendConfirmation {
+								input_idx: input.previous_output.vout,
+								preimage: Some(payment_preimage),
+								on_to_local_output_csv: None,
+							},
+						});
 						self.pending_monitor_events.push(MonitorEvent::HTLCEvent(HTLCUpdate {
 							source,
 							payment_preimage: Some(payment_preimage),
-							payment_hash
+							payment_hash,
+							onchain_value_satoshis: Some(amount_msat / 1000),
 						}));
 					}
 				} else {
 					self.onchain_events_awaiting_threshold_conf.retain(|ref entry| {
 						if entry.height != height { return true; }
 						match entry.event {
-							 OnchainEvent::HTLCUpdate { ref htlc_update } => {
-								 htlc_update.0 != source
-							 },
-							 _ => true,
+							OnchainEvent::HTLCUpdate { source: ref htlc_source, .. } => {
+								*htlc_source != source
+							},
+							_ => true,
 						}
 					});
 					let entry = OnchainEventEntry {
 						txid: tx.txid(),
 						height,
-						event: OnchainEvent::HTLCUpdate { htlc_update: (source, payment_hash) },
+						event: OnchainEvent::HTLCUpdate {
+							source, payment_hash,
+							onchain_value_satoshis: Some(amount_msat / 1000),
+							input_idx: Some(input.previous_output.vout),
+						},
 					};
-					log_info!(logger, "Failing HTLC with payment_hash {} timeout by a spend tx, waiting for confirmation (at height{})", log_bytes!(payment_hash.0), entry.confirmation_threshold());
+					log_info!(logger, "Failing HTLC with payment_hash {} timeout by a spend tx, waiting for confirmation (at height {})", log_bytes!(payment_hash.0), entry.confirmation_threshold());
 					self.onchain_events_awaiting_threshold_conf.push(entry);
 				}
 			}
@@ -2479,7 +2831,8 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 					output: outp.clone(),
 				});
 				break;
-			} else if let Some(ref broadcasted_holder_revokable_script) = self.broadcasted_holder_revokable_script {
+			}
+			if let Some(ref broadcasted_holder_revokable_script) = self.broadcasted_holder_revokable_script {
 				if broadcasted_holder_revokable_script.0 == outp.script_pubkey {
 					spendable_output =  Some(SpendableOutputDescriptor::DelayedPaymentOutput(DelayedPaymentOutputDescriptor {
 						outpoint: OutPoint { txid: tx.txid(), index: i as u16 },
@@ -2492,7 +2845,8 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 					}));
 					break;
 				}
-			} else if self.counterparty_payment_script == outp.script_pubkey {
+			}
+			if self.counterparty_payment_script == outp.script_pubkey {
 				spendable_output = Some(SpendableOutputDescriptor::StaticPaymentOutput(StaticPaymentOutputDescriptor {
 					outpoint: OutPoint { txid: tx.txid(), index: i as u16 },
 					output: outp.clone(),
@@ -2500,11 +2854,13 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 					channel_value_satoshis: self.channel_value_satoshis,
 				}));
 				break;
-			} else if outp.script_pubkey == self.shutdown_script {
+			}
+			if self.shutdown_script.as_ref() == Some(&outp.script_pubkey) {
 				spendable_output = Some(SpendableOutputDescriptor::StaticOutput {
 					outpoint: OutPoint { txid: tx.txid(), index: i as u16 },
 					output: outp.clone(),
 				});
+				break;
 			}
 		}
 		if let Some(spendable_output) = spendable_output {
@@ -2513,7 +2869,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				height: height,
 				event: OnchainEvent::MaturingOutput { descriptor: spendable_output.clone() },
 			};
-			log_trace!(logger, "Maturing {} until {}", log_spendable!(spendable_output), entry.confirmation_threshold());
+			log_info!(logger, "Received spendable output {}, spendable at height {}", log_spendable!(spendable_output), entry.confirmation_threshold());
 			self.onchain_events_awaiting_threshold_conf.push(entry);
 		}
 	}
@@ -2609,7 +2965,7 @@ const MAX_ALLOC_SIZE: usize = 64*1024;
 
 impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 		for (BlockHash, ChannelMonitor<Signer>) {
-	fn read<R: ::std::io::Read>(reader: &mut R, keys_manager: &'a K) -> Result<Self, DecodeError> {
+	fn read<R: io::Read>(reader: &mut R, keys_manager: &'a K) -> Result<Self, DecodeError> {
 		macro_rules! unwrap_obj {
 			($key: expr) => {
 				match $key {
@@ -2636,7 +2992,10 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 			_ => return Err(DecodeError::InvalidValue),
 		};
 		let counterparty_payment_script = Readable::read(reader)?;
-		let shutdown_script = Readable::read(reader)?;
+		let shutdown_script = {
+			let script = <Script as Readable>::read(reader)?;
+			if script.is_empty() { None } else { Some(script) }
+		};
 
 		let channel_keys_id = Readable::read(reader)?;
 		let holder_revocation_basepoint = Readable::read(reader)?;
@@ -2650,7 +3009,7 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 		let current_counterparty_commitment_txid = Readable::read(reader)?;
 		let prev_counterparty_commitment_txid = Readable::read(reader)?;
 
-		let counterparty_tx_cache = Readable::read(reader)?;
+		let counterparty_commitment_params = Readable::read(reader)?;
 		let funding_redeemscript = Readable::read(reader)?;
 		let channel_value_satoshis = Readable::read(reader)?;
 
@@ -2723,46 +3082,15 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 			}
 		}
 
-		macro_rules! read_holder_tx {
-			() => {
-				{
-					let txid = Readable::read(reader)?;
-					let revocation_key = Readable::read(reader)?;
-					let a_htlc_key = Readable::read(reader)?;
-					let b_htlc_key = Readable::read(reader)?;
-					let delayed_payment_key = Readable::read(reader)?;
-					let per_commitment_point = Readable::read(reader)?;
-					let feerate_per_kw: u32 = Readable::read(reader)?;
-
-					let htlcs_len: u64 = Readable::read(reader)?;
-					let mut htlcs = Vec::with_capacity(cmp::min(htlcs_len as usize, MAX_ALLOC_SIZE / 128));
-					for _ in 0..htlcs_len {
-						let htlc = read_htlc_in_commitment!();
-						let sigs = match <u8 as Readable>::read(reader)? {
-							0 => None,
-							1 => Some(Readable::read(reader)?),
-							_ => return Err(DecodeError::InvalidValue),
-						};
-						htlcs.push((htlc, sigs, Readable::read(reader)?));
-					}
-
-					HolderSignedTx {
-						txid,
-						revocation_key, a_htlc_key, b_htlc_key, delayed_payment_key, per_commitment_point, feerate_per_kw,
-						htlc_outputs: htlcs
-					}
-				}
-			}
-		}
-
-		let prev_holder_signed_commitment_tx = match <u8 as Readable>::read(reader)? {
-			0 => None,
-			1 => {
-				Some(read_holder_tx!())
-			},
-			_ => return Err(DecodeError::InvalidValue),
-		};
-		let current_holder_commitment_tx = read_holder_tx!();
+		let mut prev_holder_signed_commitment_tx: Option<HolderSignedTx> =
+			match <u8 as Readable>::read(reader)? {
+				0 => None,
+				1 => {
+					Some(Readable::read(reader)?)
+				},
+				_ => return Err(DecodeError::InvalidValue),
+			};
+		let mut current_holder_commitment_tx: HolderSignedTx = Readable::read(reader)?;
 
 		let current_counterparty_commitment_number = <U48 as Readable>::read(reader)?.0;
 		let current_holder_commitment_number = <U48 as Readable>::read(reader)?.0;
@@ -2801,25 +3129,9 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 		let waiting_threshold_conf_len: u64 = Readable::read(reader)?;
 		let mut onchain_events_awaiting_threshold_conf = Vec::with_capacity(cmp::min(waiting_threshold_conf_len as usize, MAX_ALLOC_SIZE / 128));
 		for _ in 0..waiting_threshold_conf_len {
-			let txid = Readable::read(reader)?;
-			let height = Readable::read(reader)?;
-			let event = match <u8 as Readable>::read(reader)? {
-				0 => {
-					let htlc_source = Readable::read(reader)?;
-					let hash = Readable::read(reader)?;
-					OnchainEvent::HTLCUpdate {
-						htlc_update: (htlc_source, hash)
-					}
-				},
-				1 => {
-					let descriptor = Readable::read(reader)?;
-					OnchainEvent::MaturingOutput {
-						descriptor
-					}
-				},
-				_ => return Err(DecodeError::InvalidValue),
-			};
-			onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid, height, event });
+			if let Some(val) = MaybeReadable::read(reader)? {
+				onchain_events_awaiting_threshold_conf.push(val);
+			}
 		}
 
 		let outputs_to_watch_len: u64 = Readable::read(reader)?;
@@ -2835,12 +3147,34 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 				return Err(DecodeError::InvalidValue);
 			}
 		}
-		let onchain_tx_handler = ReadableArgs::read(reader, keys_manager)?;
+		let onchain_tx_handler: OnchainTxHandler<Signer> = ReadableArgs::read(reader, keys_manager)?;
 
 		let lockdown_from_offchain = Readable::read(reader)?;
 		let holder_tx_signed = Readable::read(reader)?;
 
-		read_tlv_fields!(reader, {}, {});
+		if let Some(prev_commitment_tx) = prev_holder_signed_commitment_tx.as_mut() {
+			let prev_holder_value = onchain_tx_handler.get_prev_holder_commitment_to_self_value();
+			if prev_holder_value.is_none() { return Err(DecodeError::InvalidValue); }
+			if prev_commitment_tx.to_self_value_sat == u64::max_value() {
+				prev_commitment_tx.to_self_value_sat = prev_holder_value.unwrap();
+			} else if prev_commitment_tx.to_self_value_sat != prev_holder_value.unwrap() {
+				return Err(DecodeError::InvalidValue);
+			}
+		}
+
+		let cur_holder_value = onchain_tx_handler.get_cur_holder_commitment_to_self_value();
+		if current_holder_commitment_tx.to_self_value_sat == u64::max_value() {
+			current_holder_commitment_tx.to_self_value_sat = cur_holder_value;
+		} else if current_holder_commitment_tx.to_self_value_sat != cur_holder_value {
+			return Err(DecodeError::InvalidValue);
+		}
+
+		let mut funding_spend_confirmed = None;
+		let mut htlcs_resolved_on_chain = Some(Vec::new());
+		read_tlv_fields!(reader, {
+			(1, funding_spend_confirmed, option),
+			(3, htlcs_resolved_on_chain, vec_type),
+		});
 
 		let mut secp_ctx = Secp256k1::new();
 		secp_ctx.seeded_randomize(&keys_manager.get_secure_random_bytes());
@@ -2861,7 +3195,7 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 				current_counterparty_commitment_txid,
 				prev_counterparty_commitment_txid,
 
-				counterparty_tx_cache,
+				counterparty_commitment_params,
 				funding_redeemscript,
 				channel_value_satoshis,
 				their_cur_revocation_points,
@@ -2889,6 +3223,8 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 
 				lockdown_from_offchain,
 				holder_tx_signed,
+				funding_spend_confirmed,
+				htlcs_resolved_on_chain: htlcs_resolved_on_chain.unwrap(),
 
 				best_block,
 
@@ -2911,17 +3247,18 @@ mod tests {
 	use bitcoin::hash_types::Txid;
 	use bitcoin::network::constants::Network;
 	use hex;
+	use chain::BestBlock;
 	use chain::channelmonitor::ChannelMonitor;
 	use chain::package::{WEIGHT_OFFERED_HTLC, WEIGHT_RECEIVED_HTLC, WEIGHT_REVOKED_OFFERED_HTLC, WEIGHT_REVOKED_RECEIVED_HTLC, WEIGHT_REVOKED_OUTPUT};
 	use chain::transaction::OutPoint;
 	use ln::{PaymentPreimage, PaymentHash};
-	use ln::channelmanager::BestBlock;
 	use ln::chan_utils;
 	use ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, ChannelTransactionParameters, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
+	use ln::script::ShutdownScript;
 	use util::test_utils::{TestLogger, TestBroadcaster, TestFeeEstimator};
 	use bitcoin::secp256k1::key::{SecretKey,PublicKey};
 	use bitcoin::secp256k1::Secp256k1;
-	use std::sync::{Arc, Mutex};
+	use sync::{Arc, Mutex};
 	use chain::keysinterface::InMemorySigner;
 	use prelude::*;
 
@@ -2930,7 +3267,7 @@ mod tests {
 		let secp_ctx = Secp256k1::new();
 		let logger = Arc::new(TestLogger::new());
 		let broadcaster = Arc::new(TestBroadcaster{txn_broadcasted: Mutex::new(Vec::new()), blocks: Arc::new(Mutex::new(Vec::new()))});
-		let fee_estimator = Arc::new(TestFeeEstimator { sat_per_kw: 253 });
+		let fee_estimator = Arc::new(TestFeeEstimator { sat_per_kw: Mutex::new(253) });
 
 		let dummy_key = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
 		let dummy_tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() };
@@ -3011,9 +3348,10 @@ mod tests {
 		};
 		// Prune with one old state and a holder commitment tx holding a few overlaps with the
 		// old state.
+		let shutdown_pubkey = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
 		let best_block = BestBlock::from_genesis(Network::Testnet);
 		let monitor = ChannelMonitor::new(Secp256k1::new(), keys,
-		                                  &PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap()), 0, &Script::new(),
+		                                  Some(ShutdownScript::new_p2wpkh_from_pubkey(shutdown_pubkey).into_inner()), 0, &Script::new(),
 		                                  (OutPoint { txid: Txid::from_slice(&[43; 32]).unwrap(), index: 0 }, Script::new()),
 		                                  &channel_parameters,
 		                                  Script::new(), 46, 0,