X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fchain%2Fchannelmonitor.rs;h=0bfd944456ab6851749505350c781e8ec267d27e;hb=refs%2Fheads%2F2023-03-one-less-sig;hp=4d109294cf061e4a5a5f296ca839b1d5c778e716;hpb=66ced68ec652ff84b654bd50919a70f866418089;p=rust-lightning diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 4d109294..66ab1691 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -21,7 +21,7 @@ //! ChannelMonitors to get out of the HSM and onto monitoring devices. use bitcoin::blockdata::block::BlockHeader; -use bitcoin::blockdata::transaction::{TxOut,Transaction}; +use bitcoin::blockdata::transaction::{OutPoint as BitcoinOutPoint, TxOut, Transaction}; use bitcoin::blockdata::script::{Script, Builder}; use bitcoin::blockdata::opcodes; @@ -33,34 +33,43 @@ use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature}; use bitcoin::secp256k1::{SecretKey, PublicKey}; use bitcoin::secp256k1; -use ln::{PaymentHash, PaymentPreimage}; -use ln::msgs::DecodeError; -use ln::chan_utils; -use ln::chan_utils::{CounterpartyCommitmentSecrets, HTLCOutputInCommitment, HTLCType, ChannelTransactionParameters, HolderCommitmentTransaction}; -use ln::channelmanager::HTLCSource; -use chain; -use chain::{BestBlock, WatchedOutput}; -use chain::chaininterface::{BroadcasterInterface, FeeEstimator, LowerBoundedFeeEstimator}; -use chain::transaction::{OutPoint, TransactionData}; -use chain::keysinterface::{SpendableOutputDescriptor, StaticPaymentOutputDescriptor, DelayedPaymentOutputDescriptor, Sign, KeysInterface}; -use chain::onchaintx::OnchainTxHandler; -use chain::package::{CounterpartyOfferedHTLCOutput, CounterpartyReceivedHTLCOutput, HolderFundingOutput, HolderHTLCOutput, PackageSolvingData, PackageTemplate, RevokedOutput, RevokedHTLCOutput}; -use chain::Filter; -use util::logger::Logger; -use util::ser::{Readable, ReadableArgs, MaybeReadable, Writer, Writeable, U48, OptionDeserWrapper}; -use util::byte_utils; -use util::events::Event; - -use prelude::*; +use crate::ln::{PaymentHash, PaymentPreimage}; +use crate::ln::msgs::DecodeError; +use crate::ln::chan_utils; +use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, HTLCOutputInCommitment, HTLCClaim, ChannelTransactionParameters, HolderCommitmentTransaction}; +use crate::ln::channelmanager::{HTLCSource, SentHTLCId}; +use crate::chain; +use crate::chain::{BestBlock, WatchedOutput}; +use crate::chain::chaininterface::{BroadcasterInterface, FeeEstimator, LowerBoundedFeeEstimator}; +use crate::chain::transaction::{OutPoint, TransactionData}; +use crate::chain::keysinterface::{SpendableOutputDescriptor, StaticPaymentOutputDescriptor, DelayedPaymentOutputDescriptor, WriteableEcdsaChannelSigner, SignerProvider, EntropySource}; +#[cfg(anchors)] +use crate::chain::onchaintx::ClaimEvent; +use crate::chain::onchaintx::OnchainTxHandler; +use crate::chain::package::{CounterpartyOfferedHTLCOutput, CounterpartyReceivedHTLCOutput, HolderFundingOutput, HolderHTLCOutput, PackageSolvingData, PackageTemplate, RevokedOutput, RevokedHTLCOutput}; +use crate::chain::Filter; +use crate::util::logger::Logger; +use crate::util::ser::{Readable, ReadableArgs, RequiredWrapper, MaybeReadable, UpgradableRequired, Writer, Writeable, U48}; +use crate::util::byte_utils; +use crate::util::events::Event; +#[cfg(anchors)] +use crate::util::events::{AnchorDescriptor, HTLCDescriptor, BumpTransactionEvent}; + +use crate::prelude::*; use core::{cmp, mem}; -use io::{self, Error}; +use crate::io::{self, Error}; use core::convert::TryInto; use core::ops::Deref; -use sync::Mutex; +use crate::sync::{Mutex, LockTestExt}; -/// An update generated by the underlying Channel itself which contains some new information the -/// ChannelMonitor should be made aware of. -#[cfg_attr(any(test, fuzzing, feature = "_test_utils"), derive(PartialEq))] +/// An update generated by the underlying channel itself which contains some new information the +/// [`ChannelMonitor`] should be made aware of. +/// +/// Because this represents only a small number of updates to the underlying state, it is generally +/// much smaller than a full [`ChannelMonitor`]. However, for large single commitment transaction +/// updates (e.g. ones during which there are hundreds of HTLCs pending on the commitment +/// transaction), a single update may reach upwards of 1 MiB in serialized size. +#[cfg_attr(any(test, fuzzing, feature = "_test_utils"), derive(PartialEq, Eq))] #[derive(Clone)] #[must_use] pub struct ChannelMonitorUpdate { @@ -70,12 +79,14 @@ pub struct ChannelMonitorUpdate { /// increasing and increase by one for each new update, with one exception specified below. /// /// This sequence number is also used to track up to which points updates which returned - /// ChannelMonitorUpdateErr::TemporaryFailure have been applied to all copies of a given + /// [`ChannelMonitorUpdateStatus::InProgress`] have been applied to all copies of a given /// ChannelMonitor when ChannelManager::channel_monitor_updated is called. /// /// The only instance where update_id values are not strictly increasing is the case where we /// allow post-force-close updates with a special update ID of [`CLOSED_CHANNEL_UPDATE_ID`]. See /// its docs for more details. + /// + /// [`ChannelMonitorUpdateStatus::InProgress`]: super::ChannelMonitorUpdateStatus::InProgress pub update_id: u64, } @@ -117,7 +128,7 @@ impl Readable for ChannelMonitorUpdate { } /// An event to be processed by the ChannelManager. -#[derive(Clone, PartialEq)] +#[derive(Clone, PartialEq, Eq)] pub enum MonitorEvent { /// A monitor event containing an HTLCUpdate. HTLCEvent(HTLCUpdate), @@ -126,10 +137,10 @@ pub enum MonitorEvent { CommitmentTxConfirmed(OutPoint), /// Indicates a [`ChannelMonitor`] update has completed. See - /// [`ChannelMonitorUpdateErr::TemporaryFailure`] for more information on how this is used. + /// [`ChannelMonitorUpdateStatus::InProgress`] for more information on how this is used. /// - /// [`ChannelMonitorUpdateErr::TemporaryFailure`]: super::ChannelMonitorUpdateErr::TemporaryFailure - UpdateCompleted { + /// [`ChannelMonitorUpdateStatus::InProgress`]: super::ChannelMonitorUpdateStatus::InProgress + Completed { /// The funding outpoint of the [`ChannelMonitor`] that was updated funding_txo: OutPoint, /// The Update ID from [`ChannelMonitorUpdate::update_id`] which was applied or @@ -141,15 +152,15 @@ pub enum MonitorEvent { }, /// Indicates a [`ChannelMonitor`] update has failed. See - /// [`ChannelMonitorUpdateErr::PermanentFailure`] for more information on how this is used. + /// [`ChannelMonitorUpdateStatus::PermanentFailure`] for more information on how this is used. /// - /// [`ChannelMonitorUpdateErr::PermanentFailure`]: super::ChannelMonitorUpdateErr::PermanentFailure + /// [`ChannelMonitorUpdateStatus::PermanentFailure`]: super::ChannelMonitorUpdateStatus::PermanentFailure UpdateFailed(OutPoint), } impl_writeable_tlv_based_enum_upgradable!(MonitorEvent, - // Note that UpdateCompleted and UpdateFailed are currently never serialized to disk as they are + // Note that Completed and UpdateFailed are currently never serialized to disk as they are // generated only in ChainMonitor - (0, UpdateCompleted) => { + (0, Completed) => { (0, funding_txo, required), (2, monitor_update_id, required), }, @@ -162,7 +173,7 @@ impl_writeable_tlv_based_enum_upgradable!(MonitorEvent, /// Simple structure sent back by `chain::Watch` when an HTLC from a forward channel is detected on /// chain. Used to update the corresponding HTLC in the backward channel. Failing to pass the /// preimage claim backward will lead to loss of funds. -#[derive(Clone, PartialEq)] +#[derive(Clone, PartialEq, Eq)] pub struct HTLCUpdate { pub(crate) payment_hash: PaymentHash, pub(crate) payment_preimage: Option, @@ -228,7 +239,7 @@ pub const ANTI_REORG_DELAY: u32 = 6; pub(crate) const HTLC_FAIL_BACK_BUFFER: u32 = CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS; // TODO(devrandom) replace this with HolderCommitmentTransaction -#[derive(Clone, PartialEq)] +#[derive(Clone, PartialEq, Eq)] struct HolderSignedTx { /// txid of the transaction in tx, just used to make comparison faster txid: Txid, @@ -255,9 +266,23 @@ impl_writeable_tlv_based!(HolderSignedTx, { (14, htlc_outputs, vec_type) }); +#[cfg(anchors)] +impl HolderSignedTx { + fn non_dust_htlcs(&self) -> Vec { + self.htlc_outputs.iter().filter_map(|(htlc, _, _)| { + if let Some(_) = htlc.transaction_output_index { + Some(htlc.clone()) + } else { + None + } + }) + .collect() + } +} + /// We use this to track static counterparty commitment transaction data and to generate any /// justice or 2nd-stage preimage/timeout transactions. -#[derive(PartialEq)] +#[derive(PartialEq, Eq)] struct CounterpartyCommitmentParameters { counterparty_delayed_payment_base_key: PublicKey, counterparty_htlc_base_key: PublicKey, @@ -266,7 +291,7 @@ struct CounterpartyCommitmentParameters { impl Writeable for CounterpartyCommitmentParameters { fn write(&self, w: &mut W) -> Result<(), io::Error> { - w.write_all(&byte_utils::be64_to_array(0))?; + w.write_all(&(0 as u64).to_be_bytes())?; write_tlv_fields!(w, { (0, self.counterparty_delayed_payment_base_key, required), (2, self.counterparty_htlc_base_key, required), @@ -289,8 +314,8 @@ impl Readable for CounterpartyCommitmentParameters { } } - let mut counterparty_delayed_payment_base_key = OptionDeserWrapper(None); - let mut counterparty_htlc_base_key = OptionDeserWrapper(None); + let mut counterparty_delayed_payment_base_key = RequiredWrapper(None); + let mut counterparty_htlc_base_key = RequiredWrapper(None); let mut on_counterparty_tx_csv: u16 = 0; read_tlv_fields!(r, { (0, counterparty_delayed_payment_base_key, required), @@ -307,14 +332,15 @@ impl Readable for CounterpartyCommitmentParameters { } } -/// An entry for an [`OnchainEvent`], stating the block height when the event was observed and the -/// transaction causing it. +/// An entry for an [`OnchainEvent`], stating the block height and hash when the event was +/// observed, as well as the transaction causing it. /// /// Used to determine when the on-chain event can be considered safe from a chain reorganization. -#[derive(PartialEq)] +#[derive(PartialEq, Eq)] struct OnchainEventEntry { txid: Txid, height: u32, + block_hash: Option, // Added as optional, will be filled in for any entry generated on 0.0.113 or after event: OnchainEvent, transaction: Option, // Added as optional, but always filled in, in LDK 0.0.110 } @@ -353,7 +379,7 @@ type CommitmentTxCounterpartyOutputInfo = Option<(u32, u64)>; /// Upon discovering of some classes of onchain tx by ChannelMonitor, we may have to take actions on it /// once they mature to enough confirmations (ANTI_REORG_DELAY) -#[derive(PartialEq)] +#[derive(PartialEq, Eq)] enum OnchainEvent { /// An outbound HTLC failing after a transaction is confirmed. Used /// * when an outbound HTLC output is spent by us after the HTLC timed out @@ -369,6 +395,8 @@ enum OnchainEvent { /// transaction which appeared on chain. commitment_tx_output_idx: Option, }, + /// An output waiting on [`ANTI_REORG_DELAY`] confirmations before we hand the user the + /// [`SpendableOutputDescriptor`]. MaturingOutput { descriptor: SpendableOutputDescriptor, }, @@ -380,6 +408,9 @@ enum OnchainEvent { on_local_output_csv: Option, /// If the funding spend transaction was a known remote commitment transaction, we track /// the output index and amount of the counterparty's `to_self` output here. + /// + /// This allows us to generate a [`Balance::CounterpartyRevokedOutputClaimable`] for the + /// counterparty output. commitment_tx_to_counterparty_output: CommitmentTxCounterpartyOutputInfo, }, /// A spend of a commitment transaction HTLC output, set in the cases where *no* `HTLCUpdate` @@ -390,6 +421,9 @@ enum OnchainEvent { /// * an inbound HTLC is claimed by us (with a preimage). /// * a revoked-state HTLC transaction was broadcasted, which was claimed by the revocation /// signature. + /// * a revoked-state HTLC transaction was broadcasted, which was claimed by an + /// HTLC-Success/HTLC-Failure transaction (and is still claimable with a revocation + /// signature). HTLCSpendConfirmation { commitment_tx_output_idx: u32, /// If the claim was made by either party with a preimage, this is filled in @@ -407,6 +441,7 @@ impl Writeable for OnchainEventEntry { (0, self.txid, required), (1, self.transaction, option), (2, self.height, required), + (3, self.block_hash, option), (4, self.event, required), }); Ok(()) @@ -417,19 +452,17 @@ impl MaybeReadable for OnchainEventEntry { fn read(reader: &mut R) -> Result, DecodeError> { let mut txid = Txid::all_zeros(); let mut transaction = None; + let mut block_hash = None; let mut height = 0; - let mut event = None; + let mut event = UpgradableRequired(None); read_tlv_fields!(reader, { (0, txid, required), (1, transaction, option), (2, height, required), - (4, event, ignorable), + (3, block_hash, option), + (4, event, upgradable_required), }); - if let Some(ev) = event { - Ok(Some(Self { txid, transaction, height, event: ev })) - } else { - Ok(None) - } + Ok(Some(Self { txid, transaction, height, block_hash, event: _init_tlv_based_struct_field!(event, upgradable_required) })) } } @@ -455,12 +488,17 @@ impl_writeable_tlv_based_enum_upgradable!(OnchainEvent, ); -#[cfg_attr(any(test, fuzzing, feature = "_test_utils"), derive(PartialEq))] +#[cfg_attr(any(test, fuzzing, feature = "_test_utils"), derive(PartialEq, Eq))] #[derive(Clone)] pub(crate) enum ChannelMonitorUpdateStep { LatestHolderCommitmentTXInfo { commitment_tx: HolderCommitmentTransaction, + /// Note that LDK after 0.0.115 supports this only containing dust HTLCs (implying the + /// `Signature` field is never filled in). At that point, non-dust HTLCs are implied by the + /// HTLC fields in `commitment_tx` and the sources passed via `nondust_htlc_sources`. htlc_outputs: Vec<(HTLCOutputInCommitment, Option, Option)>, + claimed_htlcs: Vec<(SentHTLCId, PaymentPreimage)>, + nondust_htlc_sources: Vec, }, LatestCounterpartyCommitmentTXInfo { commitment_txid: Txid, @@ -503,7 +541,9 @@ impl ChannelMonitorUpdateStep { impl_writeable_tlv_based_enum_upgradable!(ChannelMonitorUpdateStep, (0, LatestHolderCommitmentTXInfo) => { (0, commitment_tx, required), + (1, claimed_htlcs, vec_type), (2, htlc_outputs, vec_type), + (4, nondust_htlc_sources, optional_vec), }, (1, LatestCounterpartyCommitmentTXInfo) => { (0, commitment_txid, required), @@ -569,28 +609,89 @@ pub enum Balance { /// HTLCs which we sent to our counterparty which are claimable after a timeout (less on-chain /// fees) if the counterparty does not know the preimage for the HTLCs. These are somewhat /// likely to be claimed by our counterparty before we do. - MaybeClaimableHTLCAwaitingTimeout { - /// The amount available to claim, in satoshis, excluding the on-chain fees which will be - /// required to do so. + MaybeTimeoutClaimableHTLC { + /// The amount potentially available to claim, in satoshis, excluding the on-chain fees + /// which will be required to do so. claimable_amount_satoshis: u64, /// The height at which we will be able to claim the balance if our counterparty has not /// done so. claimable_height: u32, }, + /// HTLCs which we received from our counterparty which are claimable with a preimage which we + /// do not currently have. This will only be claimable if we receive the preimage from the node + /// to which we forwarded this HTLC before the timeout. + MaybePreimageClaimableHTLC { + /// The amount potentially available to claim, in satoshis, excluding the on-chain fees + /// which will be required to do so. + claimable_amount_satoshis: u64, + /// The height at which our counterparty will be able to claim the balance if we have not + /// yet received the preimage and claimed it ourselves. + expiry_height: u32, + }, + /// The channel has been closed, and our counterparty broadcasted a revoked commitment + /// transaction. + /// + /// Thus, we're able to claim all outputs in the commitment transaction, one of which has the + /// following amount. + CounterpartyRevokedOutputClaimable { + /// The amount, in satoshis, of the output which we can claim. + /// + /// Note that for outputs from HTLC balances this may be excluding some on-chain fees that + /// were already spent. + claimable_amount_satoshis: u64, + }, } /// An HTLC which has been irrevocably resolved on-chain, and has reached ANTI_REORG_DELAY. -#[derive(PartialEq)] +#[derive(PartialEq, Eq)] struct IrrevocablyResolvedHTLC { - commitment_tx_output_idx: u32, + commitment_tx_output_idx: Option, + /// The txid of the transaction which resolved the HTLC, this may be a commitment (if the HTLC + /// was not present in the confirmed commitment transaction), HTLC-Success, or HTLC-Timeout + /// transaction. + resolving_txid: Option, // Added as optional, but always filled in, in 0.0.110 + resolving_tx: Option, /// Only set if the HTLC claim was ours using a payment preimage payment_preimage: Option, } -impl_writeable_tlv_based!(IrrevocablyResolvedHTLC, { - (0, commitment_tx_output_idx, required), - (2, payment_preimage, option), -}); +// In LDK versions prior to 0.0.111 commitment_tx_output_idx was not Option-al and +// IrrevocablyResolvedHTLC objects only existed for non-dust HTLCs. This was a bug, but to maintain +// backwards compatibility we must ensure we always write out a commitment_tx_output_idx field, +// using `u32::max_value()` as a sentinal to indicate the HTLC was dust. +impl Writeable for IrrevocablyResolvedHTLC { + fn write(&self, writer: &mut W) -> Result<(), io::Error> { + let mapped_commitment_tx_output_idx = self.commitment_tx_output_idx.unwrap_or(u32::max_value()); + write_tlv_fields!(writer, { + (0, mapped_commitment_tx_output_idx, required), + (1, self.resolving_txid, option), + (2, self.payment_preimage, option), + (3, self.resolving_tx, option), + }); + Ok(()) + } +} + +impl Readable for IrrevocablyResolvedHTLC { + fn read(reader: &mut R) -> Result { + let mut mapped_commitment_tx_output_idx = 0; + let mut resolving_txid = None; + let mut payment_preimage = None; + let mut resolving_tx = None; + read_tlv_fields!(reader, { + (0, mapped_commitment_tx_output_idx, required), + (1, resolving_txid, option), + (2, payment_preimage, option), + (3, resolving_tx, option), + }); + Ok(Self { + commitment_tx_output_idx: if mapped_commitment_tx_output_idx == u32::max_value() { None } else { Some(mapped_commitment_tx_output_idx) }, + resolving_txid, + payment_preimage, + resolving_tx, + }) + } +} /// A ChannelMonitor handles chain events (blocks connected and disconnected) and generates /// on-chain transactions to ensure no loss of funds occurs. @@ -608,14 +709,15 @@ impl_writeable_tlv_based!(IrrevocablyResolvedHTLC, { /// the "reorg path" (ie disconnecting blocks until you find a common ancestor from both the /// returned block hash and the the current chain and then reconnecting blocks to get to the /// best chain) upon deserializing the object! -pub struct ChannelMonitor { +pub struct ChannelMonitor { #[cfg(test)] pub(crate) inner: Mutex>, #[cfg(not(test))] inner: Mutex>, } -pub(crate) struct ChannelMonitorImpl { +#[derive(PartialEq)] +pub(crate) struct ChannelMonitorImpl { latest_update_id: u64, commitment_transaction_number_obscure_factor: u64, @@ -655,6 +757,8 @@ pub(crate) struct ChannelMonitorImpl { /// Serialized to disk but should generally not be sent to Watchtowers. counterparty_hash_commitment_number: HashMap, + counterparty_fulfilled_htlcs: HashMap, + // We store two holder commitment transactions to avoid any race conditions where we may update // some monitors (potentially on watchtowers) but then fail to update others, resulting in the // various monitors for one channel being out of sync, and us broadcasting a holder @@ -723,13 +827,23 @@ pub(crate) struct ChannelMonitorImpl { // of block connection between ChannelMonitors and the ChannelManager. funding_spend_seen: bool, + /// Set to `Some` of the confirmed transaction spending the funding input of the channel after + /// reaching `ANTI_REORG_DELAY` confirmations. funding_spend_confirmed: Option, + confirmed_commitment_tx_counterparty_output: CommitmentTxCounterpartyOutputInfo, /// The set of HTLCs which have been either claimed or failed on chain and have reached /// the requisite confirmations on the claim/fail transaction (either ANTI_REORG_DELAY or the /// spending CSV for revocable outputs). htlcs_resolved_on_chain: Vec, + /// The set of `SpendableOutput` events which we have already passed upstream to be claimed. + /// These are tracked explicitly to ensure that we don't generate the same events redundantly + /// if users duplicatively confirm old transactions. Specifically for transactions claiming a + /// revoked remote outpoint we otherwise have no tracking at all once they've reached + /// [`ANTI_REORG_DELAY`], so we have to track them here. + spendable_txids_confirmed: Vec, + // We simply modify best_block in Channel's block_connected so that serialization is // consistent but hopefully the users' copy handles block_connected in a consistent way. // (we do *not*, however, update them in update_monitor to ensure any local user copies keep @@ -739,72 +853,24 @@ pub(crate) struct ChannelMonitorImpl { /// The node_id of our counterparty counterparty_node_id: Option, - - secp_ctx: Secp256k1, //TODO: dedup this a bit... } /// Transaction outputs to watch for on-chain spends. pub type TransactionOutputs = (Txid, Vec<(u32, TxOut)>); -#[cfg(any(test, fuzzing, feature = "_test_utils"))] -/// Used only in testing and fuzzing to check serialization roundtrips don't change the underlying -/// object -impl PartialEq for ChannelMonitor { +impl PartialEq for ChannelMonitor where Signer: PartialEq { fn eq(&self, other: &Self) -> bool { - let inner = self.inner.lock().unwrap(); - let other = other.inner.lock().unwrap(); - inner.eq(&other) + // We need some kind of total lockorder. Absent a better idea, we sort by position in + // memory and take locks in that order (assuming that we can't move within memory while a + // lock is held). + let ord = ((self as *const _) as usize) < ((other as *const _) as usize); + let a = if ord { self.inner.unsafe_well_ordered_double_lock_self() } else { other.inner.unsafe_well_ordered_double_lock_self() }; + let b = if ord { other.inner.unsafe_well_ordered_double_lock_self() } else { self.inner.unsafe_well_ordered_double_lock_self() }; + a.eq(&b) } } -#[cfg(any(test, fuzzing, feature = "_test_utils"))] -/// Used only in testing and fuzzing to check serialization roundtrips don't change the underlying -/// object -impl PartialEq for ChannelMonitorImpl { - fn eq(&self, other: &Self) -> bool { - if self.latest_update_id != other.latest_update_id || - self.commitment_transaction_number_obscure_factor != other.commitment_transaction_number_obscure_factor || - self.destination_script != other.destination_script || - self.broadcasted_holder_revokable_script != other.broadcasted_holder_revokable_script || - self.counterparty_payment_script != other.counterparty_payment_script || - self.channel_keys_id != other.channel_keys_id || - self.holder_revocation_basepoint != other.holder_revocation_basepoint || - self.funding_info != other.funding_info || - self.current_counterparty_commitment_txid != other.current_counterparty_commitment_txid || - self.prev_counterparty_commitment_txid != other.prev_counterparty_commitment_txid || - self.counterparty_commitment_params != other.counterparty_commitment_params || - self.funding_redeemscript != other.funding_redeemscript || - self.channel_value_satoshis != other.channel_value_satoshis || - self.their_cur_per_commitment_points != other.their_cur_per_commitment_points || - self.on_holder_tx_csv != other.on_holder_tx_csv || - self.commitment_secrets != other.commitment_secrets || - self.counterparty_claimable_outpoints != other.counterparty_claimable_outpoints || - self.counterparty_commitment_txn_on_chain != other.counterparty_commitment_txn_on_chain || - self.counterparty_hash_commitment_number != other.counterparty_hash_commitment_number || - self.prev_holder_signed_commitment_tx != other.prev_holder_signed_commitment_tx || - self.current_counterparty_commitment_number != other.current_counterparty_commitment_number || - self.current_holder_commitment_number != other.current_holder_commitment_number || - self.current_holder_commitment_tx != other.current_holder_commitment_tx || - self.payment_preimages != other.payment_preimages || - self.pending_monitor_events != other.pending_monitor_events || - self.pending_events.len() != other.pending_events.len() || // We trust events to round-trip properly - self.onchain_events_awaiting_threshold_conf != other.onchain_events_awaiting_threshold_conf || - self.outputs_to_watch != other.outputs_to_watch || - self.lockdown_from_offchain != other.lockdown_from_offchain || - self.holder_tx_signed != other.holder_tx_signed || - self.funding_spend_seen != other.funding_spend_seen || - self.funding_spend_confirmed != other.funding_spend_confirmed || - self.confirmed_commitment_tx_counterparty_output != other.confirmed_commitment_tx_counterparty_output || - self.htlcs_resolved_on_chain != other.htlcs_resolved_on_chain - { - false - } else { - true - } - } -} - -impl Writeable for ChannelMonitor { +impl Writeable for ChannelMonitor { fn write(&self, writer: &mut W) -> Result<(), Error> { self.inner.lock().unwrap().write(writer) } @@ -814,7 +880,7 @@ impl Writeable for ChannelMonitor { const SERIALIZATION_VERSION: u8 = 1; const MIN_SERIALIZATION_VERSION: u8 = 1; -impl Writeable for ChannelMonitorImpl { +impl Writeable for ChannelMonitorImpl { fn write(&self, writer: &mut W) -> Result<(), Error> { write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION); @@ -842,7 +908,7 @@ impl Writeable for ChannelMonitorImpl { self.channel_keys_id.write(writer)?; self.holder_revocation_basepoint.write(writer)?; writer.write_all(&self.funding_info.0.txid[..])?; - writer.write_all(&byte_utils::be16_to_array(self.funding_info.0.index))?; + writer.write_all(&self.funding_info.0.index.to_be_bytes())?; self.funding_info.1.write(writer)?; self.current_counterparty_commitment_txid.write(writer)?; self.prev_counterparty_commitment_txid.write(writer)?; @@ -869,24 +935,24 @@ impl Writeable for ChannelMonitorImpl { }, } - writer.write_all(&byte_utils::be16_to_array(self.on_holder_tx_csv))?; + writer.write_all(&self.on_holder_tx_csv.to_be_bytes())?; self.commitment_secrets.write(writer)?; macro_rules! serialize_htlc_in_commitment { ($htlc_output: expr) => { writer.write_all(&[$htlc_output.offered as u8; 1])?; - writer.write_all(&byte_utils::be64_to_array($htlc_output.amount_msat))?; - writer.write_all(&byte_utils::be32_to_array($htlc_output.cltv_expiry))?; + writer.write_all(&$htlc_output.amount_msat.to_be_bytes())?; + writer.write_all(&$htlc_output.cltv_expiry.to_be_bytes())?; writer.write_all(&$htlc_output.payment_hash.0[..])?; $htlc_output.transaction_output_index.write(writer)?; } } - writer.write_all(&byte_utils::be64_to_array(self.counterparty_claimable_outpoints.len() as u64))?; + writer.write_all(&(self.counterparty_claimable_outpoints.len() as u64).to_be_bytes())?; for (ref txid, ref htlc_infos) in self.counterparty_claimable_outpoints.iter() { writer.write_all(&txid[..])?; - writer.write_all(&byte_utils::be64_to_array(htlc_infos.len() as u64))?; + writer.write_all(&(htlc_infos.len() as u64).to_be_bytes())?; for &(ref htlc_output, ref htlc_source) in htlc_infos.iter() { debug_assert!(htlc_source.is_none() || Some(**txid) == self.current_counterparty_commitment_txid || Some(**txid) == self.prev_counterparty_commitment_txid, @@ -896,13 +962,13 @@ impl Writeable for ChannelMonitorImpl { } } - writer.write_all(&byte_utils::be64_to_array(self.counterparty_commitment_txn_on_chain.len() as u64))?; + writer.write_all(&(self.counterparty_commitment_txn_on_chain.len() as u64).to_be_bytes())?; for (ref txid, commitment_number) in self.counterparty_commitment_txn_on_chain.iter() { writer.write_all(&txid[..])?; writer.write_all(&byte_utils::be48_to_array(*commitment_number))?; } - writer.write_all(&byte_utils::be64_to_array(self.counterparty_hash_commitment_number.len() as u64))?; + writer.write_all(&(self.counterparty_hash_commitment_number.len() as u64).to_be_bytes())?; for (ref payment_hash, commitment_number) in self.counterparty_hash_commitment_number.iter() { writer.write_all(&payment_hash.0[..])?; writer.write_all(&byte_utils::be48_to_array(*commitment_number))?; @@ -920,7 +986,7 @@ impl Writeable for ChannelMonitorImpl { writer.write_all(&byte_utils::be48_to_array(self.current_counterparty_commitment_number))?; writer.write_all(&byte_utils::be48_to_array(self.current_holder_commitment_number))?; - writer.write_all(&byte_utils::be64_to_array(self.payment_preimages.len() as u64))?; + writer.write_all(&(self.payment_preimages.len() as u64).to_be_bytes())?; for payment_preimage in self.payment_preimages.values() { writer.write_all(&payment_preimage.0[..])?; } @@ -941,15 +1007,15 @@ impl Writeable for ChannelMonitorImpl { } } - writer.write_all(&byte_utils::be64_to_array(self.pending_events.len() as u64))?; + writer.write_all(&(self.pending_events.len() as u64).to_be_bytes())?; for event in self.pending_events.iter() { event.write(writer)?; } self.best_block.block_hash().write(writer)?; - writer.write_all(&byte_utils::be32_to_array(self.best_block.height()))?; + writer.write_all(&self.best_block.height().to_be_bytes())?; - writer.write_all(&byte_utils::be64_to_array(self.onchain_events_awaiting_threshold_conf.len() as u64))?; + writer.write_all(&(self.onchain_events_awaiting_threshold_conf.len() as u64).to_be_bytes())?; for ref entry in self.onchain_events_awaiting_threshold_conf.iter() { entry.write(writer)?; } @@ -975,13 +1041,15 @@ impl Writeable for ChannelMonitorImpl { (7, self.funding_spend_seen, required), (9, self.counterparty_node_id, option), (11, self.confirmed_commitment_tx_counterparty_output, option), + (13, self.spendable_txids_confirmed, vec_type), + (15, self.counterparty_fulfilled_htlcs, required), }); Ok(()) } } -impl ChannelMonitor { +impl ChannelMonitor { /// For lockorder enforcement purposes, we need to have a single site which constructs the /// `inner` mutex, otherwise cases where we lock two monitors at the same time (eg in our /// PartialEq implementation) we may decide a lockorder violation has occurred. @@ -1031,7 +1099,7 @@ impl ChannelMonitor { let onchain_tx_handler = OnchainTxHandler::new(destination_script.clone(), keys, - channel_parameters.clone(), initial_holder_commitment_tx, secp_ctx.clone()); + channel_parameters.clone(), initial_holder_commitment_tx, secp_ctx); let mut outputs_to_watch = HashMap::new(); outputs_to_watch.insert(funding_info.0.txid, vec![(funding_info.0.index as u32, funding_info.1.clone())]); @@ -1062,6 +1130,7 @@ impl ChannelMonitor { counterparty_claimable_outpoints: HashMap::new(), counterparty_commitment_txn_on_chain: HashMap::new(), counterparty_hash_commitment_number: HashMap::new(), + counterparty_fulfilled_htlcs: HashMap::new(), prev_holder_signed_commitment_tx: None, current_holder_commitment_tx: holder_commitment_tx, @@ -1083,11 +1152,10 @@ impl ChannelMonitor { funding_spend_confirmed: None, confirmed_commitment_tx_counterparty_output: None, htlcs_resolved_on_chain: Vec::new(), + spendable_txids_confirmed: Vec::new(), best_block, counterparty_node_id: Some(counterparty_node_id), - - secp_ctx, }) } @@ -1117,7 +1185,7 @@ impl ChannelMonitor { &self, holder_commitment_tx: HolderCommitmentTransaction, htlc_outputs: Vec<(HTLCOutputInCommitment, Option, Option)>, ) -> Result<(), ()> { - self.inner.lock().unwrap().provide_latest_holder_commitment_tx(holder_commitment_tx, htlc_outputs).map_err(|_| ()) + self.inner.lock().unwrap().provide_latest_holder_commitment_tx(holder_commitment_tx, htlc_outputs, &Vec::new(), Vec::new()).map_err(|_| ()) } /// This is used to provide payment preimage(s) out-of-band during startup without updating the @@ -1146,7 +1214,7 @@ impl ChannelMonitor { B::Target: BroadcasterInterface, L::Target: Logger, { - self.inner.lock().unwrap().broadcast_latest_holder_commitment_txn(broadcaster, logger) + self.inner.lock().unwrap().broadcast_latest_holder_commitment_txn(broadcaster, logger); } /// Updates a ChannelMonitor on the basis of some new information provided by the Channel @@ -1213,9 +1281,11 @@ impl ChannelMonitor { /// Gets the list of pending events which were generated by previous actions, clearing the list /// in the process. /// - /// This is called by ChainMonitor::get_and_clear_pending_events() and is equivalent to - /// EventsProvider::get_and_clear_pending_events() except that it requires &mut self as we do - /// no internal locking in ChannelMonitors. + /// This is called by the [`EventsProvider::process_pending_events`] implementation for + /// [`ChainMonitor`]. + /// + /// [`EventsProvider::process_pending_events`]: crate::util::events::EventsProvider::process_pending_events + /// [`ChainMonitor`]: crate::chain::chainmonitor::ChainMonitor pub fn get_and_clear_pending_events(&self) -> Vec { self.inner.lock().unwrap().get_and_clear_pending_events() } @@ -1241,14 +1311,20 @@ impl ChannelMonitor { } /// Used by ChannelManager deserialization to broadcast the latest holder state if its copy of - /// the Channel was out-of-date. You may use it to get a broadcastable holder toxic tx in case of - /// fallen-behind, i.e when receiving a channel_reestablish with a proof that our counterparty side knows - /// a higher revocation secret than the holder commitment number we are aware of. Broadcasting these - /// transactions are UNSAFE, as they allow counterparty side to punish you. Nevertheless you may want to - /// broadcast them if counterparty don't close channel with his higher commitment transaction after a - /// substantial amount of time (a month or even a year) to get back funds. Best may be to contact - /// out-of-band the other node operator to coordinate with him if option is available to you. - /// In any-case, choice is up to the user. + /// the Channel was out-of-date. + /// + /// You may also use this to broadcast the latest local commitment transaction, either because + /// a monitor update failed with [`ChannelMonitorUpdateStatus::PermanentFailure`] or because we've + /// fallen behind (i.e. we've received proof that our counterparty side knows a revocation + /// secret we gave them that they shouldn't know). + /// + /// Broadcasting these transactions in the second case is UNSAFE, as they allow counterparty + /// side to punish you. Nevertheless you may want to broadcast them if counterparty doesn't + /// close channel with their commitment transaction after a substantial amount of time. Best + /// may be to contact the other node operator out-of-band to coordinate other options available + /// to you. In any-case, the choice is up to you. + /// + /// [`ChannelMonitorUpdateStatus::PermanentFailure`]: super::ChannelMonitorUpdateStatus::PermanentFailure pub fn get_latest_holder_commitment_txn(&self, logger: &L) -> Vec where L::Target: Logger { self.inner.lock().unwrap().get_latest_holder_commitment_txn(logger) @@ -1384,11 +1460,11 @@ impl ChannelMonitor { } /// Returns the set of txids that should be monitored for re-organization out of the chain. - pub fn get_relevant_txids(&self) -> Vec { + pub fn get_relevant_txids(&self) -> Vec<(Txid, Option)> { let inner = self.inner.lock().unwrap(); - let mut txids: Vec = inner.onchain_events_awaiting_threshold_conf + let mut txids: Vec<(Txid, Option)> = inner.onchain_events_awaiting_threshold_conf .iter() - .map(|entry| entry.txid) + .map(|entry| (entry.txid, entry.block_hash)) .chain(inner.onchain_tx_handler.get_relevant_txids().into_iter()) .collect(); txids.sort_unstable(); @@ -1401,7 +1477,172 @@ impl ChannelMonitor { pub fn current_best_block(&self) -> BestBlock { self.inner.lock().unwrap().best_block.clone() } +} +impl ChannelMonitorImpl { + /// Helper for get_claimable_balances which does the work for an individual HTLC, generating up + /// to one `Balance` for the HTLC. + fn get_htlc_balance(&self, htlc: &HTLCOutputInCommitment, holder_commitment: bool, + counterparty_revoked_commitment: bool, confirmed_txid: Option) + -> Option { + let htlc_commitment_tx_output_idx = + if let Some(v) = htlc.transaction_output_index { v } else { return None; }; + + let mut htlc_spend_txid_opt = None; + let mut htlc_spend_tx_opt = None; + let mut holder_timeout_spend_pending = None; + let mut htlc_spend_pending = None; + let mut holder_delayed_output_pending = None; + for event in self.onchain_events_awaiting_threshold_conf.iter() { + match event.event { + OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } + if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = Some(&event.txid); + debug_assert!(htlc_spend_tx_opt.is_none()); + htlc_spend_tx_opt = event.transaction.as_ref(); + debug_assert!(holder_timeout_spend_pending.is_none()); + debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); + holder_timeout_spend_pending = Some(event.confirmation_threshold()); + }, + OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } + if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = Some(&event.txid); + debug_assert!(htlc_spend_tx_opt.is_none()); + htlc_spend_tx_opt = event.transaction.as_ref(); + debug_assert!(htlc_spend_pending.is_none()); + htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); + }, + OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor) } + if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx => { + debug_assert!(holder_delayed_output_pending.is_none()); + holder_delayed_output_pending = Some(event.confirmation_threshold()); + }, + _ => {}, + } + } + let htlc_resolved = self.htlcs_resolved_on_chain.iter() + .find(|v| if v.commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = v.resolving_txid.as_ref(); + debug_assert!(htlc_spend_tx_opt.is_none()); + htlc_spend_tx_opt = v.resolving_tx.as_ref(); + true + } else { false }); + debug_assert!(holder_timeout_spend_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); + + let htlc_commitment_outpoint = BitcoinOutPoint::new(confirmed_txid.unwrap(), htlc_commitment_tx_output_idx); + let htlc_output_to_spend = + if let Some(txid) = htlc_spend_txid_opt { + // Because HTLC transactions either only have 1 input and 1 output (pre-anchors) or + // are signed with SIGHASH_SINGLE|ANYONECANPAY under BIP-0143 (post-anchors), we can + // locate the correct output by ensuring its adjacent input spends the HTLC output + // in the commitment. + if let Some(ref tx) = htlc_spend_tx_opt { + let htlc_input_idx_opt = tx.input.iter().enumerate() + .find(|(_, input)| input.previous_output == htlc_commitment_outpoint) + .map(|(idx, _)| idx as u32); + debug_assert!(htlc_input_idx_opt.is_some()); + BitcoinOutPoint::new(*txid, htlc_input_idx_opt.unwrap_or(0)) + } else { + debug_assert!(!self.onchain_tx_handler.opt_anchors()); + BitcoinOutPoint::new(*txid, 0) + } + } else { + htlc_commitment_outpoint + }; + let htlc_output_spend_pending = self.onchain_tx_handler.is_output_spend_pending(&htlc_output_to_spend); + + if let Some(conf_thresh) = holder_delayed_output_pending { + debug_assert!(holder_commitment); + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else if htlc_resolved.is_some() && !htlc_output_spend_pending { + // Funding transaction spends should be fully confirmed by the time any + // HTLC transactions are resolved, unless we're talking about a holder + // commitment tx, whose resolution is delayed until the CSV timeout is + // reached, even though HTLCs may be resolved after only + // ANTI_REORG_DELAY confirmations. + debug_assert!(holder_commitment || self.funding_spend_confirmed.is_some()); + } else if counterparty_revoked_commitment { + let htlc_output_claim_pending = self.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { .. } + } = &event.event { + if event.transaction.as_ref().map(|tx| tx.input.iter().any(|inp| { + if let Some(htlc_spend_txid) = htlc_spend_txid_opt { + tx.txid() == *htlc_spend_txid || inp.previous_output.txid == *htlc_spend_txid + } else { + Some(inp.previous_output.txid) == confirmed_txid && + inp.previous_output.vout == htlc_commitment_tx_output_idx + } + })).unwrap_or(false) { + Some(()) + } else { None } + } else { None } + }); + if htlc_output_claim_pending.is_some() { + // We already push `Balance`s onto the `res` list for every + // `StaticOutput` in a `MaturingOutput` in the revoked + // counterparty commitment transaction case generally, so don't + // need to do so again here. + } else { + debug_assert!(holder_timeout_spend_pending.is_none(), + "HTLCUpdate OnchainEvents should never appear for preimage claims"); + debug_assert!(!htlc.offered || htlc_spend_pending.is_none() || !htlc_spend_pending.unwrap().1, + "We don't (currently) generate preimage claims against revoked outputs, where did you get one?!"); + return Some(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + }); + } + } else if htlc.offered == holder_commitment { + // If the payment was outbound, check if there's an HTLCUpdate + // indicating we have spent this HTLC with a timeout, claiming it back + // and awaiting confirmations on it. + if let Some(conf_thresh) = holder_timeout_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::MaybeTimeoutClaimableHTLC { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } + } else if self.payment_preimages.get(&htlc.payment_hash).is_some() { + // Otherwise (the payment was inbound), only expose it as claimable if + // we know the preimage. + // Note that if there is a pending claim, but it did not use the + // preimage, we lost funds to our counterparty! We will then continue + // to show it as ContentiousClaimable until ANTI_REORG_DELAY. + debug_assert!(holder_timeout_spend_pending.is_none()); + if let Some((conf_thresh, true)) = htlc_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::ContentiousClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + timeout_height: htlc.cltv_expiry, + }); + } + } else if htlc_resolved.is_none() { + return Some(Balance::MaybePreimageClaimableHTLC { + claimable_amount_satoshis: htlc.amount_msat / 1000, + expiry_height: htlc.cltv_expiry, + }); + } + None + } +} + +impl ChannelMonitor { /// Gets the balances in this channel which are either claimable by us if we were to /// force-close the channel now or which are claimable on-chain (possibly awaiting /// confirmation). @@ -1411,9 +1652,9 @@ impl ChannelMonitor { /// balance, or until our counterparty has claimed the balance and accrued several /// confirmations on the claim transaction. /// - /// Note that the balances available when you or your counterparty have broadcasted revoked - /// state(s) may not be fully captured here. - // TODO, fix that ^ + /// Note that for `ChannelMonitors` which track a channel which went on-chain with versions of + /// LDK prior to 0.0.111, balances may not be fully captured if our counterparty broadcasted + /// a revoked state. /// /// See [`Balance`] for additional details on the types of claimable balances which /// may be returned here and their meanings. @@ -1422,9 +1663,13 @@ impl ChannelMonitor { let us = self.inner.lock().unwrap(); let mut confirmed_txid = us.funding_spend_confirmed; + let mut confirmed_counterparty_output = us.confirmed_commitment_tx_counterparty_output; let mut pending_commitment_tx_conf_thresh = None; let funding_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { + if let OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } = + event.event + { + confirmed_counterparty_output = commitment_tx_to_counterparty_output; Some((event.txid, event.confirmation_threshold())) } else { None } }); @@ -1436,71 +1681,12 @@ impl ChannelMonitor { } macro_rules! walk_htlcs { - ($holder_commitment: expr, $htlc_iter: expr) => { + ($holder_commitment: expr, $counterparty_revoked_commitment: expr, $htlc_iter: expr) => { for htlc in $htlc_iter { - if let Some(htlc_commitment_tx_output_idx) = htlc.transaction_output_index { - if let Some(conf_thresh) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::MaturingOutput { descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) } = &event.event { - if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx { Some(event.confirmation_threshold()) } else { None } - } else { None } - }) { - debug_assert!($holder_commitment); - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else if us.htlcs_resolved_on_chain.iter().any(|v| v.commitment_tx_output_idx == htlc_commitment_tx_output_idx) { - // Funding transaction spends should be fully confirmed by the time any - // HTLC transactions are resolved, unless we're talking about a holder - // commitment tx, whose resolution is delayed until the CSV timeout is - // reached, even though HTLCs may be resolved after only - // ANTI_REORG_DELAY confirmations. - debug_assert!($holder_commitment || us.funding_spend_confirmed.is_some()); - } else if htlc.offered == $holder_commitment { - // If the payment was outbound, check if there's an HTLCUpdate - // indicating we have spent this HTLC with a timeout, claiming it back - // and awaiting confirmations on it. - let htlc_update_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCUpdate { commitment_tx_output_idx: Some(commitment_tx_output_idx), .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some(event.confirmation_threshold()) } else { None } - } else { None } - }); - if let Some(conf_thresh) = htlc_update_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { - claimable_amount_satoshis: htlc.amount_msat / 1000, - claimable_height: htlc.cltv_expiry, - }); - } - } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { - // Otherwise (the payment was inbound), only expose it as claimable if - // we know the preimage. - // Note that if there is a pending claim, but it did not use the - // preimage, we lost funds to our counterparty! We will then continue - // to show it as ContentiousClaimable until ANTI_REORG_DELAY. - let htlc_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some((event.confirmation_threshold(), preimage.is_some())) - } else { None } - } else { None } - }); - if let Some((conf_thresh, true)) = htlc_spend_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::ContentiousClaimable { - claimable_amount_satoshis: htlc.amount_msat / 1000, - timeout_height: htlc.cltv_expiry, - }); - } + if htlc.transaction_output_index.is_some() { + + if let Some(bal) = us.get_htlc_balance(htlc, $holder_commitment, $counterparty_revoked_commitment, confirmed_txid) { + res.push(bal); } } } @@ -1509,8 +1695,8 @@ impl ChannelMonitor { if let Some(txid) = confirmed_txid { let mut found_commitment_tx = false; - if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { - walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().map(|(a, _)| a)); + if let Some(counterparty_tx_htlcs) = us.counterparty_claimable_outpoints.get(&txid) { + // First look for the to_remote output back to us. if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { if let Some(value) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { if let OnchainEvent::MaturingOutput { @@ -1529,9 +1715,50 @@ impl ChannelMonitor { // confirmation with the same height or have never met our dust amount. } } + if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { + walk_htlcs!(false, false, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + } else { + walk_htlcs!(false, true, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + // The counterparty broadcasted a revoked state! + // Look for any StaticOutputs first, generating claimable balances for those. + // If any match the confirmed counterparty revoked to_self output, skip + // generating a CounterpartyRevokedOutputClaimable. + let mut spent_counterparty_output = false; + for event in us.onchain_events_awaiting_threshold_conf.iter() { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { output, .. } + } = &event.event { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: output.value, + confirmation_height: event.confirmation_threshold(), + }); + if let Some(confirmed_to_self_idx) = confirmed_counterparty_output.map(|(idx, _)| idx) { + if event.transaction.as_ref().map(|tx| + tx.input.iter().any(|inp| inp.previous_output.vout == confirmed_to_self_idx) + ).unwrap_or(false) { + spent_counterparty_output = true; + } + } + } + } + + if spent_counterparty_output { + } else if let Some((confirmed_to_self_idx, amt)) = confirmed_counterparty_output { + let output_spendable = us.onchain_tx_handler + .is_output_spend_pending(&BitcoinOutPoint::new(txid, confirmed_to_self_idx)); + if output_spendable { + res.push(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: amt, + }); + } + } else { + // Counterparty output is missing, either it was broadcasted on a + // previous version of LDK or the counterparty hadn't met dust. + } + } found_commitment_tx = true; } else if txid == us.current_holder_commitment_tx.txid { - walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat, @@ -1541,7 +1768,7 @@ impl ChannelMonitor { found_commitment_tx = true; } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { if txid == prev_commitment.txid { - walk_htlcs!(true, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: prev_commitment.to_self_value_sat, @@ -1562,19 +1789,24 @@ impl ChannelMonitor { }); } } - // TODO: Add logic to provide claimable balances for counterparty broadcasting revoked - // outputs. } else { let mut claimable_inbound_htlc_value_sat = 0; for (htlc, _, _) in us.current_holder_commitment_tx.htlc_outputs.iter() { if htlc.transaction_output_index.is_none() { continue; } if htlc.offered { - res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { + res.push(Balance::MaybeTimeoutClaimableHTLC { claimable_amount_satoshis: htlc.amount_msat / 1000, claimable_height: htlc.cltv_expiry, }); } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { claimable_inbound_htlc_value_sat += htlc.amount_msat / 1000; + } else { + // As long as the HTLC is still in our latest commitment state, treat + // it as potentially claimable, even if it has long-since expired. + res.push(Balance::MaybePreimageClaimableHTLC { + claimable_amount_satoshis: htlc.amount_msat / 1000, + expiry_height: htlc.cltv_expiry, + }); } } res.push(Balance::ClaimableOnChannelClose { @@ -1585,16 +1817,71 @@ impl ChannelMonitor { res } - /// Gets the set of outbound HTLCs which are pending resolution in this channel. - /// This is used to reconstruct pending outbound payments on restart in the ChannelManager. - pub(crate) fn get_pending_outbound_htlcs(&self) -> HashMap { + /// Gets the set of outbound HTLCs which can be (or have been) resolved by this + /// `ChannelMonitor`. This is used to determine if an HTLC was removed from the channel prior + /// to the `ChannelManager` having been persisted. + /// + /// This is similar to [`Self::get_pending_or_resolved_outbound_htlcs`] except it includes + /// HTLCs which were resolved on-chain (i.e. where the final HTLC resolution was done by an + /// event from this `ChannelMonitor`). + pub(crate) fn get_all_current_outbound_htlcs(&self) -> HashMap)> { let mut res = HashMap::new(); + // Just examine the available counterparty commitment transactions. See docs on + // `fail_unbroadcast_htlcs`, below, for justification. + let us = self.inner.lock().unwrap(); + macro_rules! walk_counterparty_commitment { + ($txid: expr) => { + if let Some(ref latest_outpoints) = us.counterparty_claimable_outpoints.get($txid) { + for &(ref htlc, ref source_option) in latest_outpoints.iter() { + if let &Some(ref source) = source_option { + res.insert((**source).clone(), (htlc.clone(), + us.counterparty_fulfilled_htlcs.get(&SentHTLCId::from_source(source)).cloned())); + } + } + } + } + } + if let Some(ref txid) = us.current_counterparty_commitment_txid { + walk_counterparty_commitment!(txid); + } + if let Some(ref txid) = us.prev_counterparty_commitment_txid { + walk_counterparty_commitment!(txid); + } + res + } + + /// Gets the set of outbound HTLCs which are pending resolution in this channel or which were + /// resolved with a preimage from our counterparty. + /// + /// This is used to reconstruct pending outbound payments on restart in the ChannelManager. + /// + /// Currently, the preimage is unused, however if it is present in the relevant internal state + /// an HTLC is always included even if it has been resolved. + pub(crate) fn get_pending_or_resolved_outbound_htlcs(&self) -> HashMap)> { let us = self.inner.lock().unwrap(); + // We're only concerned with the confirmation count of HTLC transactions, and don't + // actually care how many confirmations a commitment transaction may or may not have. Thus, + // we look for either a FundingSpendConfirmation event or a funding_spend_confirmed. + let confirmed_txid = us.funding_spend_confirmed.or_else(|| { + us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { + Some(event.txid) + } else { None } + }) + }); + if confirmed_txid.is_none() { + // If we have not seen a commitment transaction on-chain (ie the channel is not yet + // closed), just get the full set. + mem::drop(us); + return self.get_all_current_outbound_htlcs(); + } + + let mut res = HashMap::new(); macro_rules! walk_htlcs { ($holder_commitment: expr, $htlc_iter: expr) => { for (htlc, source) in $htlc_iter { - if us.htlcs_resolved_on_chain.iter().any(|v| Some(v.commitment_tx_output_idx) == htlc.transaction_output_index) { + if us.htlcs_resolved_on_chain.iter().any(|v| v.commitment_tx_output_idx == htlc.transaction_output_index) { // We should assert that funding_spend_confirmed is_some() here, but we // have some unit tests which violate HTLC transaction CSVs entirely and // would fail. @@ -1618,62 +1905,32 @@ impl ChannelMonitor { Some(commitment_tx_output_idx) == htlc.transaction_output_index } else { false } }); - if !htlc_update_confd { - res.insert(source.clone(), htlc.clone()); + let counterparty_resolved_preimage_opt = + us.counterparty_fulfilled_htlcs.get(&SentHTLCId::from_source(source)).cloned(); + if !htlc_update_confd || counterparty_resolved_preimage_opt.is_some() { + res.insert(source.clone(), (htlc.clone(), counterparty_resolved_preimage_opt)); } } } } } - // We're only concerned with the confirmation count of HTLC transactions, and don't - // actually care how many confirmations a commitment transaction may or may not have. Thus, - // we look for either a FundingSpendConfirmation event or a funding_spend_confirmed. - let confirmed_txid = us.funding_spend_confirmed.or_else(|| { - us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { - Some(event.txid) + let txid = confirmed_txid.unwrap(); + if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { + walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().filter_map(|(a, b)| { + if let &Some(ref source) = b { + Some((a, &**source)) } else { None } - }) - }); - if let Some(txid) = confirmed_txid { - if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { - walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().filter_map(|(a, b)| { - if let &Some(ref source) = b { - Some((a, &**source)) - } else { None } - })); - } else if txid == us.current_holder_commitment_tx.txid { - walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().filter_map(|(a, _, c)| { + })); + } else if txid == us.current_holder_commitment_tx.txid { + walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().filter_map(|(a, _, c)| { + if let Some(source) = c { Some((a, source)) } else { None } + })); + } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { + if txid == prev_commitment.txid { + walk_htlcs!(true, prev_commitment.htlc_outputs.iter().filter_map(|(a, _, c)| { if let Some(source) = c { Some((a, source)) } else { None } })); - } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { - if txid == prev_commitment.txid { - walk_htlcs!(true, prev_commitment.htlc_outputs.iter().filter_map(|(a, _, c)| { - if let Some(source) = c { Some((a, source)) } else { None } - })); - } - } - } else { - // If we have not seen a commitment transaction on-chain (ie the channel is not yet - // closed), just examine the available counterparty commitment transactions. See docs - // on `fail_unbroadcast_htlcs`, below, for justification. - macro_rules! walk_counterparty_commitment { - ($txid: expr) => { - if let Some(ref latest_outpoints) = us.counterparty_claimable_outpoints.get($txid) { - for &(ref htlc, ref source_option) in latest_outpoints.iter() { - if let &Some(ref source) = source_option { - res.insert((**source).clone(), htlc.clone()); - } - } - } - } - } - if let Some(ref txid) = us.current_counterparty_commitment_txid { - walk_counterparty_commitment!(txid); - } - if let Some(ref txid) = us.prev_counterparty_commitment_txid { - walk_counterparty_commitment!(txid); } } @@ -1702,7 +1959,7 @@ impl ChannelMonitor { /// been revoked yet, the previous one, we we will never "forget" to resolve an HTLC. macro_rules! fail_unbroadcast_htlcs { ($self: expr, $commitment_tx_type: expr, $commitment_txid_confirmed: expr, $commitment_tx_confirmed: expr, - $commitment_tx_conf_height: expr, $confirmed_htlcs_list: expr, $logger: expr) => { { + $commitment_tx_conf_height: expr, $commitment_tx_conf_hash: expr, $confirmed_htlcs_list: expr, $logger: expr) => { { debug_assert_eq!($commitment_tx_confirmed.txid(), $commitment_txid_confirmed); macro_rules! check_htlc_fails { @@ -1733,6 +1990,9 @@ macro_rules! fail_unbroadcast_htlcs { } } if matched_htlc { continue; } + if $self.counterparty_fulfilled_htlcs.get(&SentHTLCId::from_source(source)).is_some() { + continue; + } $self.onchain_events_awaiting_threshold_conf.retain(|ref entry| { if entry.height != $commitment_tx_conf_height { return true; } match entry.event { @@ -1746,6 +2006,7 @@ macro_rules! fail_unbroadcast_htlcs { txid: $commitment_txid_confirmed, transaction: Some($commitment_tx_confirmed.clone()), height: $commitment_tx_conf_height, + block_hash: Some(*$commitment_tx_conf_hash), event: OnchainEvent::HTLCUpdate { source: (**source).clone(), payment_hash: htlc.payment_hash.clone(), @@ -1791,7 +2052,7 @@ pub fn deliberately_bogus_accepted_htlc_witness() -> Vec> { vec![Vec::new(), Vec::new(), Vec::new(), Vec::new(), deliberately_bogus_accepted_htlc_witness_program().into()].into() } -impl ChannelMonitorImpl { +impl ChannelMonitorImpl { /// Inserts a revocation secret into this channel monitor. Prunes old preimages if neither /// needed by holder commitment transactions HTCLs nor by counterparty ones. Unless we haven't already seen /// counterparty commitment transaction's secret, they are de facto pruned (we can use revocation key). @@ -1803,8 +2064,23 @@ impl ChannelMonitorImpl { // Prune HTLCs from the previous counterparty commitment tx so we don't generate failure/fulfill // events for now-revoked/fulfilled HTLCs. if let Some(txid) = self.prev_counterparty_commitment_txid.take() { - for &mut (_, ref mut source) in self.counterparty_claimable_outpoints.get_mut(&txid).unwrap() { - *source = None; + if self.current_counterparty_commitment_txid.unwrap() != txid { + let cur_claimables = self.counterparty_claimable_outpoints.get( + &self.current_counterparty_commitment_txid.unwrap()).unwrap(); + for (_, ref source_opt) in self.counterparty_claimable_outpoints.get(&txid).unwrap() { + if let Some(source) = source_opt { + if !cur_claimables.iter() + .any(|(_, cur_source_opt)| cur_source_opt == source_opt) + { + self.counterparty_fulfilled_htlcs.remove(&SentHTLCId::from_source(source)); + } + } + } + for &mut (_, ref mut source_opt) in self.counterparty_claimable_outpoints.get_mut(&txid).unwrap() { + *source_opt = None; + } + } else { + assert!(cfg!(fuzzing), "Commitment txids are unique outside of fuzzing, where hashes can collide"); } } @@ -1889,28 +2165,83 @@ impl ChannelMonitorImpl { /// is important that any clones of this channel monitor (including remote clones) by kept /// up-to-date as our holder commitment transaction is updated. /// Panics if set_on_holder_tx_csv has never been called. - fn provide_latest_holder_commitment_tx(&mut self, holder_commitment_tx: HolderCommitmentTransaction, htlc_outputs: Vec<(HTLCOutputInCommitment, Option, Option)>) -> Result<(), &'static str> { - // block for Rust 1.34 compat - let mut new_holder_commitment_tx = { - let trusted_tx = holder_commitment_tx.trust(); - let txid = trusted_tx.txid(); - let tx_keys = trusted_tx.keys(); - self.current_holder_commitment_number = trusted_tx.commitment_number(); - HolderSignedTx { - txid, - revocation_key: tx_keys.revocation_key, - a_htlc_key: tx_keys.broadcaster_htlc_key, - b_htlc_key: tx_keys.countersignatory_htlc_key, - delayed_payment_key: tx_keys.broadcaster_delayed_payment_key, - per_commitment_point: tx_keys.per_commitment_point, - htlc_outputs, - to_self_value_sat: holder_commitment_tx.to_broadcaster_value_sat(), - feerate_per_kw: trusted_tx.feerate_per_kw(), + fn provide_latest_holder_commitment_tx(&mut self, holder_commitment_tx: HolderCommitmentTransaction, mut htlc_outputs: Vec<(HTLCOutputInCommitment, Option, Option)>, claimed_htlcs: &[(SentHTLCId, PaymentPreimage)], nondust_htlc_sources: Vec) -> Result<(), &'static str> { + if htlc_outputs.iter().any(|(_, s, _)| s.is_some()) { + // If we have non-dust HTLCs in htlc_outputs, ensure they match the HTLCs in the + // `holder_commitment_tx`. In the future, we'll no longer provide the redundant data + // and just pass in source data via `nondust_htlc_sources`. + debug_assert_eq!(htlc_outputs.iter().filter(|(_, s, _)| s.is_some()).count(), holder_commitment_tx.trust().htlcs().len()); + for (a, b) in htlc_outputs.iter().filter(|(_, s, _)| s.is_some()).map(|(h, _, _)| h).zip(holder_commitment_tx.trust().htlcs().iter()) { + debug_assert_eq!(a, b); + } + debug_assert_eq!(htlc_outputs.iter().filter(|(_, s, _)| s.is_some()).count(), holder_commitment_tx.counterparty_htlc_sigs.len()); + for (a, b) in htlc_outputs.iter().filter_map(|(_, s, _)| s.as_ref()).zip(holder_commitment_tx.counterparty_htlc_sigs.iter()) { + debug_assert_eq!(a, b); } + debug_assert!(nondust_htlc_sources.is_empty()); + } else { + // If we don't have any non-dust HTLCs in htlc_outputs, assume they were all passed via + // `nondust_htlc_sources`, building up the final htlc_outputs by combining + // `nondust_htlc_sources` and the `holder_commitment_tx` + #[cfg(debug_assertions)] { + let mut prev = -1; + for htlc in holder_commitment_tx.trust().htlcs().iter() { + assert!(htlc.transaction_output_index.unwrap() as i32 > prev); + prev = htlc.transaction_output_index.unwrap() as i32; + } + } + debug_assert!(htlc_outputs.iter().all(|(htlc, _, _)| htlc.transaction_output_index.is_none())); + debug_assert!(htlc_outputs.iter().all(|(_, sig_opt, _)| sig_opt.is_none())); + debug_assert_eq!(holder_commitment_tx.trust().htlcs().len(), holder_commitment_tx.counterparty_htlc_sigs.len()); + + let mut sources_iter = nondust_htlc_sources.into_iter(); + + for (htlc, counterparty_sig) in holder_commitment_tx.trust().htlcs().iter() + .zip(holder_commitment_tx.counterparty_htlc_sigs.iter()) + { + if htlc.offered { + let source = sources_iter.next().expect("Non-dust HTLC sources didn't match commitment tx"); + #[cfg(debug_assertions)] { + assert!(source.possibly_matches_output(htlc)); + } + htlc_outputs.push((htlc.clone(), Some(counterparty_sig.clone()), Some(source))); + } else { + htlc_outputs.push((htlc.clone(), Some(counterparty_sig.clone()), None)); + } + } + debug_assert!(sources_iter.next().is_none()); + } + + let trusted_tx = holder_commitment_tx.trust(); + let txid = trusted_tx.txid(); + let tx_keys = trusted_tx.keys(); + self.current_holder_commitment_number = trusted_tx.commitment_number(); + let mut new_holder_commitment_tx = HolderSignedTx { + txid, + revocation_key: tx_keys.revocation_key, + a_htlc_key: tx_keys.broadcaster_htlc_key, + b_htlc_key: tx_keys.countersignatory_htlc_key, + delayed_payment_key: tx_keys.broadcaster_delayed_payment_key, + per_commitment_point: tx_keys.per_commitment_point, + htlc_outputs, + to_self_value_sat: holder_commitment_tx.to_broadcaster_value_sat(), + feerate_per_kw: trusted_tx.feerate_per_kw(), }; self.onchain_tx_handler.provide_latest_holder_tx(holder_commitment_tx); mem::swap(&mut new_holder_commitment_tx, &mut self.current_holder_commitment_tx); self.prev_holder_signed_commitment_tx = Some(new_holder_commitment_tx); + for (claimed_htlc_id, claimed_preimage) in claimed_htlcs { + #[cfg(debug_assertions)] { + let cur_counterparty_htlcs = self.counterparty_claimable_outpoints.get( + &self.current_counterparty_commitment_txid.unwrap()).unwrap(); + assert!(cur_counterparty_htlcs.iter().any(|(_, source_opt)| { + if let Some(source) = source_opt { + SentHTLCId::from_source(source) == *claimed_htlc_id + } else { false } + })); + } + self.counterparty_fulfilled_htlcs.insert(*claimed_htlc_id, *claimed_preimage); + } if self.holder_tx_signed { return Err("Latest holder commitment signed has already been signed, update is rejected"); } @@ -1933,7 +2264,7 @@ impl ChannelMonitorImpl { macro_rules! claim_htlcs { ($commitment_number: expr, $txid: expr) => { let (htlc_claim_reqs, _) = self.get_counterparty_output_claim_info($commitment_number, $txid, None); - self.onchain_tx_handler.update_claims_view(&Vec::new(), htlc_claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); + self.onchain_tx_handler.update_claims_view_from_requests(htlc_claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); } } if let Some(txid) = self.current_counterparty_commitment_txid { @@ -1959,10 +2290,10 @@ impl ChannelMonitorImpl { // block. Even if not, its a reasonable metric for the bump criteria on the HTLC // transactions. let (claim_reqs, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height()); - self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); + self.onchain_tx_handler.update_claims_view_from_requests(claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); if let Some(ref tx) = self.prev_holder_signed_commitment_tx { let (claim_reqs, _) = self.get_broadcasted_holder_claims(&tx, self.best_block.height()); - self.onchain_tx_handler.update_claims_view(&Vec::new(), claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); + self.onchain_tx_handler.update_claims_view_from_requests(claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); } } } @@ -2002,12 +2333,13 @@ impl ChannelMonitorImpl { panic!("Attempted to apply ChannelMonitorUpdates out of order, check the update_id before passing an update to update_monitor!"); } let mut ret = Ok(()); + let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&*fee_estimator); for update in updates.updates.iter() { match update { - ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo { commitment_tx, htlc_outputs } => { + ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo { commitment_tx, htlc_outputs, claimed_htlcs, nondust_htlc_sources } => { log_trace!(logger, "Updating ChannelMonitor with latest holder commitment transaction info"); if self.lockdown_from_offchain { panic!(); } - if let Err(e) = self.provide_latest_holder_commitment_tx(commitment_tx.clone(), htlc_outputs.clone()) { + if let Err(e) = self.provide_latest_holder_commitment_tx(commitment_tx.clone(), htlc_outputs.clone(), &claimed_htlcs, nondust_htlc_sources.clone()) { log_error!(logger, "Providing latest holder commitment transaction failed/was refused:"); log_error!(logger, " {}", e); ret = Err(()); @@ -2019,7 +2351,6 @@ impl ChannelMonitorImpl { }, ChannelMonitorUpdateStep::PaymentPreimage { payment_preimage } => { log_trace!(logger, "Updating ChannelMonitor with payment preimage"); - let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&*fee_estimator); self.provide_payment_preimage(&PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner()), &payment_preimage, broadcaster, &bounded_fee_estimator, logger) }, ChannelMonitorUpdateStep::CommitmentSecret { idx, secret } => { @@ -2034,9 +2365,41 @@ impl ChannelMonitorImpl { log_trace!(logger, "Updating ChannelMonitor: channel force closed, should broadcast: {}", should_broadcast); self.lockdown_from_offchain = true; if *should_broadcast { + // There's no need to broadcast our commitment transaction if we've seen one + // confirmed (even with 1 confirmation) as it'll be rejected as + // duplicate/conflicting. + let detected_funding_spend = self.funding_spend_confirmed.is_some() || + self.onchain_events_awaiting_threshold_conf.iter().find(|event| match event.event { + OnchainEvent::FundingSpendConfirmation { .. } => true, + _ => false, + }).is_some(); + if detected_funding_spend { + continue; + } self.broadcast_latest_holder_commitment_txn(broadcaster, logger); + // If the channel supports anchor outputs, we'll need to emit an external + // event to be consumed such that a child transaction is broadcast with a + // high enough feerate for the parent commitment transaction to confirm. + if self.onchain_tx_handler.opt_anchors() { + let funding_output = HolderFundingOutput::build( + self.funding_redeemscript.clone(), self.channel_value_satoshis, + self.onchain_tx_handler.opt_anchors(), + ); + let best_block_height = self.best_block.height(); + let commitment_package = PackageTemplate::build_package( + self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, + PackageSolvingData::HolderFundingOutput(funding_output), + best_block_height, false, best_block_height, + ); + self.onchain_tx_handler.update_claims_view_from_requests( + vec![commitment_package], best_block_height, best_block_height, + broadcaster, &bounded_fee_estimator, logger, + ); + } } else if !self.holder_tx_signed { - log_error!(logger, "You have a toxic holder commitment transaction avaible in channel monitor, read comment in ChannelMonitor::get_latest_holder_commitment_txn to be informed of manual action to take"); + log_error!(logger, "WARNING: You have a potentially-unsafe holder commitment transaction available to broadcast"); + log_error!(logger, " in channel monitor for channel {}!", log_bytes!(self.funding_info.0.to_channel_id())); + log_error!(logger, " Read the docs for ChannelMonitor::get_latest_holder_commitment_txn and take manual action!"); } else { // If we generated a MonitorEvent::CommitmentTxConfirmed, the ChannelManager // will still give us a ChannelForceClosed event with !should_broadcast, but we @@ -2087,6 +2450,55 @@ impl ChannelMonitorImpl { pub fn get_and_clear_pending_events(&mut self) -> Vec { let mut ret = Vec::new(); mem::swap(&mut ret, &mut self.pending_events); + #[cfg(anchors)] + for claim_event in self.onchain_tx_handler.get_and_clear_pending_claim_events().drain(..) { + match claim_event { + ClaimEvent::BumpCommitment { + package_target_feerate_sat_per_1000_weight, commitment_tx, anchor_output_idx, + } => { + let commitment_txid = commitment_tx.txid(); + debug_assert_eq!(self.current_holder_commitment_tx.txid, commitment_txid); + let pending_htlcs = self.current_holder_commitment_tx.non_dust_htlcs(); + let commitment_tx_fee_satoshis = self.channel_value_satoshis - + commitment_tx.output.iter().fold(0u64, |sum, output| sum + output.value); + ret.push(Event::BumpTransaction(BumpTransactionEvent::ChannelClose { + package_target_feerate_sat_per_1000_weight, + commitment_tx, + commitment_tx_fee_satoshis, + anchor_descriptor: AnchorDescriptor { + channel_keys_id: self.channel_keys_id, + channel_value_satoshis: self.channel_value_satoshis, + outpoint: BitcoinOutPoint { + txid: commitment_txid, + vout: anchor_output_idx, + }, + }, + pending_htlcs, + })); + }, + ClaimEvent::BumpHTLC { + target_feerate_sat_per_1000_weight, htlcs, + } => { + let mut htlc_descriptors = Vec::with_capacity(htlcs.len()); + for htlc in htlcs { + htlc_descriptors.push(HTLCDescriptor { + channel_keys_id: self.channel_keys_id, + channel_value_satoshis: self.channel_value_satoshis, + channel_parameters: self.onchain_tx_handler.channel_transaction_parameters.clone(), + commitment_txid: htlc.commitment_txid, + per_commitment_number: htlc.per_commitment_number, + htlc: htlc.htlc, + preimage: htlc.preimage, + counterparty_sig: htlc.counterparty_sig, + }); + } + ret.push(Event::BumpTransaction(BumpTransactionEvent::HTLCResolution { + target_feerate_sat_per_1000_weight, + htlc_descriptors, + })); + } + } + } ret } @@ -2115,7 +2527,7 @@ impl ChannelMonitorImpl { /// Returns packages to claim the revoked output(s), as well as additional outputs to watch and /// general information about the output that is to the counterparty in the commitment /// transaction. - fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) + fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L) -> (Vec, TransactionOutputs, CommitmentTxCounterpartyOutputInfo) where L::Target: Logger { // Most secp and related errors trying to create keys means we have no hope of constructing @@ -2140,9 +2552,9 @@ impl ChannelMonitorImpl { if commitment_number >= self.get_min_seen_secret() { let secret = self.get_secret(commitment_number).unwrap(); let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret)); - let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key); - let revocation_pubkey = ignore_error!(chan_utils::derive_public_revocation_key(&self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint)); - let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.counterparty_commitment_params.counterparty_delayed_payment_base_key)); + let per_commitment_point = PublicKey::from_secret_key(&self.onchain_tx_handler.secp_ctx, &per_commitment_key); + let revocation_pubkey = chan_utils::derive_public_revocation_key(&self.onchain_tx_handler.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint); + let delayed_key = chan_utils::derive_public_key(&self.onchain_tx_handler.secp_ctx, &PublicKey::from_secret_key(&self.onchain_tx_handler.secp_ctx, &per_commitment_key), &self.counterparty_commitment_params.counterparty_delayed_payment_base_key); let revokeable_redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.counterparty_commitment_params.on_counterparty_tx_csv, &delayed_key); let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh(); @@ -2186,13 +2598,13 @@ impl ChannelMonitorImpl { if let Some(per_commitment_data) = per_commitment_option { fail_unbroadcast_htlcs!(self, "revoked_counterparty", commitment_txid, tx, height, - per_commitment_data.iter().map(|(htlc, htlc_source)| + block_hash, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); } else { debug_assert!(false, "We should have per-commitment option for any recognized old commitment txn"); fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, tx, height, - [].iter().map(|reference| *reference), logger); + block_hash, [].iter().map(|reference| *reference), logger); } } } else if let Some(per_commitment_data) = per_commitment_option { @@ -2209,7 +2621,7 @@ impl ChannelMonitorImpl { self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number); log_info!(logger, "Got broadcast of non-revoked counterparty commitment transaction {}", commitment_txid); - fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, tx, height, + fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, tx, height, block_hash, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); @@ -2254,31 +2666,18 @@ impl ChannelMonitorImpl { } else { return (claimable_outpoints, to_counterparty_output_info); }; if let Some(transaction) = tx { - let revokeable_p2wsh_opt = - if let Ok(revocation_pubkey) = chan_utils::derive_public_revocation_key( - &self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint) - { - if let Ok(delayed_key) = chan_utils::derive_public_key(&self.secp_ctx, - &per_commitment_point, - &self.counterparty_commitment_params.counterparty_delayed_payment_base_key) - { - Some(chan_utils::get_revokeable_redeemscript(&revocation_pubkey, - self.counterparty_commitment_params.on_counterparty_tx_csv, - &delayed_key).to_v0_p2wsh()) - } else { - debug_assert!(false, "Failed to derive a delayed payment key for a commitment state we accepted"); - None - } - } else { - debug_assert!(false, "Failed to derive a revocation pubkey key for a commitment state we accepted"); - None - }; - if let Some(revokeable_p2wsh) = revokeable_p2wsh_opt { - for (idx, outp) in transaction.output.iter().enumerate() { - if outp.script_pubkey == revokeable_p2wsh { - to_counterparty_output_info = - Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); - } + let revocation_pubkey = chan_utils::derive_public_revocation_key( + &self.onchain_tx_handler.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint); + let delayed_key = chan_utils::derive_public_key(&self.onchain_tx_handler.secp_ctx, + &per_commitment_point, + &self.counterparty_commitment_params.counterparty_delayed_payment_base_key); + let revokeable_p2wsh = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, + self.counterparty_commitment_params.on_counterparty_tx_csv, + &delayed_key).to_v0_p2wsh(); + for (idx, outp) in transaction.output.iter().enumerate() { + if outp.script_pubkey == revokeable_p2wsh { + to_counterparty_output_info = + Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); } } } @@ -2299,13 +2698,13 @@ impl ChannelMonitorImpl { CounterpartyOfferedHTLCOutput::build(*per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, - preimage.unwrap(), htlc.clone())) + preimage.unwrap(), htlc.clone(), self.onchain_tx_handler.opt_anchors())) } else { PackageSolvingData::CounterpartyReceivedHTLCOutput( CounterpartyReceivedHTLCOutput::build(*per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, - htlc.clone())) + htlc.clone(), self.onchain_tx_handler.opt_anchors())) }; let aggregation = if !htlc.offered { false } else { true }; let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0); @@ -2318,34 +2717,52 @@ impl ChannelMonitorImpl { } /// Attempts to claim a counterparty HTLC-Success/HTLC-Timeout's outputs using the revocation key - fn check_spend_counterparty_htlc(&mut self, tx: &Transaction, commitment_number: u64, height: u32, logger: &L) -> (Vec, Option) where L::Target: Logger { - let htlc_txid = tx.txid(); - if tx.input.len() != 1 || tx.output.len() != 1 || tx.input[0].witness.len() != 5 { - return (Vec::new(), None) - } + fn check_spend_counterparty_htlc( + &mut self, tx: &Transaction, commitment_number: u64, commitment_txid: &Txid, height: u32, logger: &L + ) -> (Vec, Option) where L::Target: Logger { + let secret = if let Some(secret) = self.get_secret(commitment_number) { secret } else { return (Vec::new(), None); }; + let per_commitment_key = match SecretKey::from_slice(&secret) { + Ok(key) => key, + Err(_) => return (Vec::new(), None) + }; + let per_commitment_point = PublicKey::from_secret_key(&self.onchain_tx_handler.secp_ctx, &per_commitment_key); - macro_rules! ignore_error { - ( $thing : expr ) => { - match $thing { - Ok(a) => a, - Err(_) => return (Vec::new(), None) + let htlc_txid = tx.txid(); + let mut claimable_outpoints = vec![]; + let mut outputs_to_watch = None; + // Previously, we would only claim HTLCs from revoked HTLC transactions if they had 1 input + // with a witness of 5 elements and 1 output. This wasn't enough for anchor outputs, as the + // counterparty can now aggregate multiple HTLCs into a single transaction thanks to + // `SIGHASH_SINGLE` remote signatures, leading us to not claim any HTLCs upon seeing a + // confirmed revoked HTLC transaction (for more details, see + // https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-April/003561.html). + // + // We make sure we're not vulnerable to this case by checking all inputs of the transaction, + // and claim those which spend the commitment transaction, have a witness of 5 elements, and + // have a corresponding output at the same index within the transaction. + for (idx, input) in tx.input.iter().enumerate() { + if input.previous_output.txid == *commitment_txid && input.witness.len() == 5 && tx.output.get(idx).is_some() { + log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, idx); + let revk_outp = RevokedOutput::build( + per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, + self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, + tx.output[idx].value, self.counterparty_commitment_params.on_counterparty_tx_csv + ); + let justice_package = PackageTemplate::build_package( + htlc_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp), + height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height + ); + claimable_outpoints.push(justice_package); + if outputs_to_watch.is_none() { + outputs_to_watch = Some((htlc_txid, vec![])); } - }; + outputs_to_watch.as_mut().unwrap().1.push((idx as u32, tx.output[idx].clone())); + } } - - let secret = if let Some(secret) = self.get_secret(commitment_number) { secret } else { return (Vec::new(), None); }; - let per_commitment_key = ignore_error!(SecretKey::from_slice(&secret)); - let per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key); - - log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, 0); - let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, tx.output[0].value, self.counterparty_commitment_params.on_counterparty_tx_csv); - let justice_package = PackageTemplate::build_package(htlc_txid, 0, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height); - let claimable_outpoints = vec!(justice_package); - let outputs = vec![(0, tx.output[0].clone())]; - (claimable_outpoints, Some((htlc_txid, outputs))) + (claimable_outpoints, outputs_to_watch) } - // Returns (1) `PackageTemplate`s that can be given to the OnChainTxHandler, so that the handler can + // Returns (1) `PackageTemplate`s that can be given to the OnchainTxHandler, so that the handler can // broadcast transactions claiming holder HTLC commitment outputs and (2) a holder revokable // script so we can detect whether a holder transaction has been seen on-chain. fn get_broadcasted_holder_claims(&self, holder_tx: &HolderSignedTx, conf_height: u32) -> (Vec, Option<(Script, PublicKey, PublicKey)>) { @@ -2356,18 +2773,28 @@ impl ChannelMonitorImpl { for &(ref htlc, _, _) in holder_tx.htlc_outputs.iter() { if let Some(transaction_output_index) = htlc.transaction_output_index { - let htlc_output = if htlc.offered { - HolderHTLCOutput::build_offered(htlc.amount_msat, htlc.cltv_expiry) + let (htlc_output, aggregable) = if htlc.offered { + let htlc_output = HolderHTLCOutput::build_offered( + htlc.amount_msat, htlc.cltv_expiry, self.onchain_tx_handler.opt_anchors() + ); + (htlc_output, false) + } else { + let payment_preimage = if let Some(preimage) = self.payment_preimages.get(&htlc.payment_hash) { + preimage.clone() } else { - let payment_preimage = if let Some(preimage) = self.payment_preimages.get(&htlc.payment_hash) { - preimage.clone() - } else { - // We can't build an HTLC-Success transaction without the preimage - continue; - }; - HolderHTLCOutput::build_accepted(payment_preimage, htlc.amount_msat) + // We can't build an HTLC-Success transaction without the preimage + continue; }; - let htlc_package = PackageTemplate::build_package(holder_tx.txid, transaction_output_index, PackageSolvingData::HolderHTLCOutput(htlc_output), htlc.cltv_expiry, false, conf_height); + let htlc_output = HolderHTLCOutput::build_accepted( + payment_preimage, htlc.amount_msat, self.onchain_tx_handler.opt_anchors() + ); + (htlc_output, self.onchain_tx_handler.opt_anchors()) + }; + let htlc_package = PackageTemplate::build_package( + holder_tx.txid, transaction_output_index, + PackageSolvingData::HolderHTLCOutput(htlc_output), + htlc.cltv_expiry, aggregable, conf_height + ); claim_requests.push(htlc_package); } } @@ -2390,7 +2817,7 @@ impl ChannelMonitorImpl { /// revoked using data in holder_claimable_outpoints. /// Should not be used if check_spend_revoked_transaction succeeds. /// Returns None unless the transaction is definitely one of our commitment transactions. - fn check_spend_holder_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) -> Option<(Vec, TransactionOutputs)> where L::Target: Logger { + fn check_spend_holder_transaction(&mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L) -> Option<(Vec, TransactionOutputs)> where L::Target: Logger { let commitment_txid = tx.txid(); let mut claim_requests = Vec::new(); let mut watch_outputs = Vec::new(); @@ -2413,7 +2840,7 @@ impl ChannelMonitorImpl { let mut to_watch = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, tx); append_onchain_update!(res, to_watch); fail_unbroadcast_htlcs!(self, "latest holder", commitment_txid, tx, height, - self.current_holder_commitment_tx.htlc_outputs.iter() + block_hash, self.current_holder_commitment_tx.htlc_outputs.iter() .map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } else if let &Some(ref holder_tx) = &self.prev_holder_signed_commitment_tx { if holder_tx.txid == commitment_txid { @@ -2422,7 +2849,7 @@ impl ChannelMonitorImpl { let res = self.get_broadcasted_holder_claims(holder_tx, height); let mut to_watch = self.get_broadcasted_holder_watch_outputs(holder_tx, tx); append_onchain_update!(res, to_watch); - fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, tx, height, + fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, tx, height, block_hash, holder_tx.htlc_outputs.iter().map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } @@ -2441,6 +2868,11 @@ impl ChannelMonitorImpl { let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript); let txid = commitment_tx.txid(); let mut holder_transactions = vec![commitment_tx]; + // When anchor outputs are present, the HTLC transactions are only valid once the commitment + // transaction confirms. + if self.onchain_tx_handler.opt_anchors() { + return holder_transactions; + } for htlc in self.current_holder_commitment_tx.htlc_outputs.iter() { if let Some(vout) = htlc.0.transaction_output_index { let preimage = if !htlc.0.offered { @@ -2474,6 +2906,11 @@ impl ChannelMonitorImpl { let commitment_tx = self.onchain_tx_handler.get_fully_signed_copy_holder_tx(&self.funding_redeemscript); let txid = commitment_tx.txid(); let mut holder_transactions = vec![commitment_tx]; + // When anchor outputs are present, the HTLC transactions are only final once the commitment + // transaction confirms due to the CSV 1 encumberance. + if self.onchain_tx_handler.opt_anchors() { + return holder_transactions; + } for htlc in self.current_holder_commitment_tx.htlc_outputs.iter() { if let Some(vout) = htlc.0.transaction_output_index { let preimage = if !htlc.0.offered { @@ -2520,7 +2957,7 @@ impl ChannelMonitorImpl { if height > self.best_block.height() { self.best_block = BestBlock::new(block_hash, height); - self.block_confirmed(height, vec![], vec![], vec![], &broadcaster, &fee_estimator, &logger) + self.block_confirmed(height, block_hash, vec![], vec![], vec![], &broadcaster, &fee_estimator, &logger) } else if block_hash != self.best_block.block_hash() { self.best_block = BestBlock::new(block_hash, height); self.onchain_events_awaiting_threshold_conf.retain(|ref entry| entry.height <= height); @@ -2557,29 +2994,59 @@ impl ChannelMonitorImpl { let mut watch_outputs = Vec::new(); let mut claimable_outpoints = Vec::new(); - for tx in &txn_matched { + 'tx_iter: for tx in &txn_matched { + let txid = tx.txid(); + // If a transaction has already been confirmed, ensure we don't bother processing it duplicatively. + if Some(txid) == self.funding_spend_confirmed { + log_debug!(logger, "Skipping redundant processing of funding-spend tx {} as it was previously confirmed", txid); + continue 'tx_iter; + } + for ev in self.onchain_events_awaiting_threshold_conf.iter() { + if ev.txid == txid { + if let Some(conf_hash) = ev.block_hash { + assert_eq!(header.block_hash(), conf_hash, + "Transaction {} was already confirmed and is being re-confirmed in a different block.\n\ + This indicates a severe bug in the transaction connection logic - a reorg should have been processed first!", ev.txid); + } + log_debug!(logger, "Skipping redundant processing of confirming tx {} as it was previously confirmed", txid); + continue 'tx_iter; + } + } + for htlc in self.htlcs_resolved_on_chain.iter() { + if Some(txid) == htlc.resolving_txid { + log_debug!(logger, "Skipping redundant processing of HTLC resolution tx {} as it was previously confirmed", txid); + continue 'tx_iter; + } + } + for spendable_txid in self.spendable_txids_confirmed.iter() { + if txid == *spendable_txid { + log_debug!(logger, "Skipping redundant processing of spendable tx {} as it was previously confirmed", txid); + continue 'tx_iter; + } + } + if tx.input.len() == 1 { // Assuming our keys were not leaked (in which case we're screwed no matter what), - // commitment transactions and HTLC transactions will all only ever have one input, - // which is an easy way to filter out any potential non-matching txn for lazy - // filters. + // commitment transactions and HTLC transactions will all only ever have one input + // (except for HTLC transactions for channels with anchor outputs), which is an easy + // way to filter out any potential non-matching txn for lazy filters. let prevout = &tx.input[0].previous_output; if prevout.txid == self.funding_info.0.txid && prevout.vout == self.funding_info.0.index as u32 { let mut balance_spendable_csv = None; log_info!(logger, "Channel {} closed by funding output spend in txid {}.", - log_bytes!(self.funding_info.0.to_channel_id()), tx.txid()); + log_bytes!(self.funding_info.0.to_channel_id()), txid); self.funding_spend_seen = true; let mut commitment_tx_to_counterparty_output = None; if (tx.input[0].sequence.0 >> 8*3) as u8 == 0x80 && (tx.lock_time.0 >> 8*3) as u8 == 0x20 { let (mut new_outpoints, new_outputs, counterparty_output_idx_sats) = - self.check_spend_counterparty_transaction(&tx, height, &logger); + self.check_spend_counterparty_transaction(&tx, height, &block_hash, &logger); commitment_tx_to_counterparty_output = counterparty_output_idx_sats; if !new_outputs.1.is_empty() { watch_outputs.push(new_outputs); } claimable_outpoints.append(&mut new_outpoints); if new_outpoints.is_empty() { - if let Some((mut new_outpoints, new_outputs)) = self.check_spend_holder_transaction(&tx, height, &logger) { + if let Some((mut new_outpoints, new_outputs)) = self.check_spend_holder_transaction(&tx, height, &block_hash, &logger) { debug_assert!(commitment_tx_to_counterparty_output.is_none(), "A commitment transaction matched as both a counterparty and local commitment tx?"); if !new_outputs.1.is_empty() { @@ -2590,51 +3057,64 @@ impl ChannelMonitorImpl { } } } - let txid = tx.txid(); self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid, transaction: Some((*tx).clone()), - height: height, + height, + block_hash: Some(block_hash), event: OnchainEvent::FundingSpendConfirmation { on_local_output_csv: balance_spendable_csv, commitment_tx_to_counterparty_output, }, }); - } else { - if let Some(&commitment_number) = self.counterparty_commitment_txn_on_chain.get(&prevout.txid) { - let (mut new_outpoints, new_outputs_option) = self.check_spend_counterparty_htlc(&tx, commitment_number, height, &logger); + } + } + if tx.input.len() >= 1 { + // While all commitment transactions have one input, HTLC transactions may have more + // if the HTLC was present in an anchor channel. HTLCs can also be resolved in a few + // other ways which can have more than one output. + for tx_input in &tx.input { + let commitment_txid = tx_input.previous_output.txid; + if let Some(&commitment_number) = self.counterparty_commitment_txn_on_chain.get(&commitment_txid) { + let (mut new_outpoints, new_outputs_option) = self.check_spend_counterparty_htlc( + &tx, commitment_number, &commitment_txid, height, &logger + ); claimable_outpoints.append(&mut new_outpoints); if let Some(new_outputs) = new_outputs_option { watch_outputs.push(new_outputs); } + // Since there may be multiple HTLCs for this channel (all spending the + // same commitment tx) being claimed by the counterparty within the same + // transaction, and `check_spend_counterparty_htlc` already checks all the + // ones relevant to this channel, we can safely break from our loop. + break; } } - } - // While all commitment/HTLC-Success/HTLC-Timeout transactions have one input, HTLCs - // can also be resolved in a few other ways which can have more than one output. Thus, - // we call is_resolving_htlc_output here outside of the tx.input.len() == 1 check. - self.is_resolving_htlc_output(&tx, height, &logger); + self.is_resolving_htlc_output(&tx, height, &block_hash, &logger); - self.is_paying_spendable_output(&tx, height, &logger); + self.is_paying_spendable_output(&tx, height, &block_hash, &logger); + } } if height > self.best_block.height() { self.best_block = BestBlock::new(block_hash, height); } - self.block_confirmed(height, txn_matched, watch_outputs, claimable_outpoints, &broadcaster, &fee_estimator, &logger) + self.block_confirmed(height, block_hash, txn_matched, watch_outputs, claimable_outpoints, &broadcaster, &fee_estimator, &logger) } /// Update state for new block(s)/transaction(s) confirmed. Note that the caller must update /// `self.best_block` before calling if a new best blockchain tip is available. More /// concretely, `self.best_block` must never be at a lower height than `conf_height`, avoiding - /// complexity especially in `OnchainTx::update_claims_view`. + /// complexity especially in + /// `OnchainTx::update_claims_view_from_requests`/`OnchainTx::update_claims_view_from_matched_txn`. /// /// `conf_height` should be set to the height at which any new transaction(s)/block(s) were /// confirmed at, even if it is not the current best height. fn block_confirmed( &mut self, conf_height: u32, + conf_hash: BlockHash, txn_matched: Vec<&Transaction>, mut watch_outputs: Vec, mut claimable_outpoints: Vec, @@ -2652,21 +3132,26 @@ impl ChannelMonitorImpl { let should_broadcast = self.should_broadcast_holder_commitment_txn(logger); if should_broadcast { - let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone()); + let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone(), self.channel_value_satoshis, self.onchain_tx_handler.opt_anchors()); let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), false, self.best_block.height()); claimable_outpoints.push(commitment_package); self.pending_monitor_events.push(MonitorEvent::CommitmentTxConfirmed(self.funding_info.0)); let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript); self.holder_tx_signed = true; - // Because we're broadcasting a commitment transaction, we should construct the package - // assuming it gets confirmed in the next block. Sadly, we have code which considers - // "not yet confirmed" things as discardable, so we cannot do that here. - let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height()); - let new_outputs = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, &commitment_tx); - if !new_outputs.is_empty() { - watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs)); + // We can't broadcast our HTLC transactions while the commitment transaction is + // unconfirmed. We'll delay doing so until we detect the confirmed commitment in + // `transactions_confirmed`. + if !self.onchain_tx_handler.opt_anchors() { + // Because we're broadcasting a commitment transaction, we should construct the package + // assuming it gets confirmed in the next block. Sadly, we have code which considers + // "not yet confirmed" things as discardable, so we cannot do that here. + let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height()); + let new_outputs = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, &commitment_tx); + if !new_outputs.is_empty() { + watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs)); + } + claimable_outpoints.append(&mut new_outpoints); } - claimable_outpoints.append(&mut new_outpoints); } // Find which on-chain events have reached their confirmation threshold. @@ -2721,18 +3206,27 @@ impl ChannelMonitorImpl { source: source.clone(), htlc_value_satoshis, })); - if let Some(idx) = commitment_tx_output_idx { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx: idx, payment_preimage: None }); - } + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx, + resolving_txid: Some(entry.txid), + resolving_tx: entry.transaction, + payment_preimage: None, + }); }, OnchainEvent::MaturingOutput { descriptor } => { log_debug!(logger, "Descriptor {} has got enough confirmations to be passed upstream", log_spendable!(descriptor)); self.pending_events.push(Event::SpendableOutputs { outputs: vec![descriptor] }); + self.spendable_txids_confirmed.push(entry.txid); }, OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } => { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx, payment_preimage: preimage }); + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx: Some(commitment_tx_output_idx), + resolving_txid: Some(entry.txid), + resolving_tx: entry.transaction, + payment_preimage: preimage, + }); }, OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } => { self.funding_spend_confirmed = Some(entry.txid); @@ -2741,7 +3235,8 @@ impl ChannelMonitorImpl { } } - self.onchain_tx_handler.update_claims_view(&txn_matched, claimable_outpoints, conf_height, self.best_block.height(), broadcaster, fee_estimator, logger); + self.onchain_tx_handler.update_claims_view_from_requests(claimable_outpoints, conf_height, self.best_block.height(), broadcaster, fee_estimator, logger); + self.onchain_tx_handler.update_claims_view_from_matched_txn(&txn_matched, conf_height, conf_hash, self.best_block.height(), broadcaster, fee_estimator, logger); // Determine new outputs to watch by comparing against previously known outputs to watch, // updating the latter in the process. @@ -2795,10 +3290,24 @@ impl ChannelMonitorImpl { F::Target: FeeEstimator, L::Target: Logger, { - self.onchain_events_awaiting_threshold_conf.retain(|ref entry| if entry.txid == *txid { - log_info!(logger, "Removing onchain event with txid {}", txid); - false - } else { true }); + let mut removed_height = None; + for entry in self.onchain_events_awaiting_threshold_conf.iter() { + if entry.txid == *txid { + removed_height = Some(entry.height); + break; + } + } + + if let Some(removed_height) = removed_height { + log_info!(logger, "transaction_unconfirmed of txid {} implies height {} was reorg'd out", txid, removed_height); + self.onchain_events_awaiting_threshold_conf.retain(|ref entry| if entry.height >= removed_height { + log_info!(logger, "Transaction {} reorg'd out", entry.txid); + false + } else { true }); + } + + debug_assert!(!self.onchain_events_awaiting_threshold_conf.iter().any(|ref entry| entry.txid == *txid)); + self.onchain_tx_handler.transaction_unconfirmed(txid, broadcaster, fee_estimator, logger); } @@ -2855,6 +3364,16 @@ impl ChannelMonitorImpl { } fn should_broadcast_holder_commitment_txn(&self, logger: &L) -> bool where L::Target: Logger { + // There's no need to broadcast our commitment transaction if we've seen one confirmed (even + // with 1 confirmation) as it'll be rejected as duplicate/conflicting. + if self.funding_spend_confirmed.is_some() || + self.onchain_events_awaiting_threshold_conf.iter().find(|event| match event.event { + OnchainEvent::FundingSpendConfirmation { .. } => true, + _ => false, + }).is_some() + { + return false; + } // We need to consider all HTLCs which are: // * in any unrevoked counterparty commitment transaction, as they could broadcast said // transactions and we'd end up in a race, or @@ -2920,28 +3439,20 @@ impl ChannelMonitorImpl { /// Check if any transaction broadcasted is resolving HTLC output by a success or timeout on a holder /// or counterparty commitment tx, if so send back the source, preimage if found and payment_hash of resolved HTLC - fn is_resolving_htlc_output(&mut self, tx: &Transaction, height: u32, logger: &L) where L::Target: Logger { + fn is_resolving_htlc_output(&mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L) where L::Target: Logger { 'outer_loop: for input in &tx.input { let mut payment_data = None; - let witness_items = input.witness.len(); - let htlctype = input.witness.last().map(|w| w.len()).and_then(HTLCType::scriptlen_to_htlctype); - let prev_last_witness_len = input.witness.second_to_last().map(|w| w.len()).unwrap_or(0); - let revocation_sig_claim = (witness_items == 3 && htlctype == Some(HTLCType::OfferedHTLC) && prev_last_witness_len == 33) - || (witness_items == 3 && htlctype == Some(HTLCType::AcceptedHTLC) && prev_last_witness_len == 33); - let accepted_preimage_claim = witness_items == 5 && htlctype == Some(HTLCType::AcceptedHTLC) - && input.witness.second_to_last().unwrap().len() == 32; + let htlc_claim = HTLCClaim::from_witness(&input.witness); + let revocation_sig_claim = htlc_claim == Some(HTLCClaim::Revocation); + let accepted_preimage_claim = htlc_claim == Some(HTLCClaim::AcceptedPreimage); #[cfg(not(fuzzing))] - let accepted_timeout_claim = witness_items == 3 && htlctype == Some(HTLCType::AcceptedHTLC) && !revocation_sig_claim; - let offered_preimage_claim = witness_items == 3 && htlctype == Some(HTLCType::OfferedHTLC) && - !revocation_sig_claim && input.witness.second_to_last().unwrap().len() == 32; - + let accepted_timeout_claim = htlc_claim == Some(HTLCClaim::AcceptedTimeout); + let offered_preimage_claim = htlc_claim == Some(HTLCClaim::OfferedPreimage); #[cfg(not(fuzzing))] - let offered_timeout_claim = witness_items == 5 && htlctype == Some(HTLCType::OfferedHTLC); + let offered_timeout_claim = htlc_claim == Some(HTLCClaim::OfferedTimeout); let mut payment_preimage = PaymentPreimage([0; 32]); - if accepted_preimage_claim { - payment_preimage.0.copy_from_slice(input.witness.second_to_last().unwrap()); - } else if offered_preimage_claim { + if offered_preimage_claim || accepted_preimage_claim { payment_preimage.0.copy_from_slice(input.witness.second_to_last().unwrap()); } @@ -2965,7 +3476,7 @@ impl ChannelMonitorImpl { log_error!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}!", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), if outbound_htlc { "outbound" } else { "inbound" }, log_bytes!($htlc.payment_hash.0), - if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back" }); + if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back. We can likely claim the HTLC output with a revocation claim" }); } else { log_info!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), @@ -3012,29 +3523,20 @@ impl ChannelMonitorImpl { if payment_data.is_none() { log_claim!($tx_info, $holder_tx, htlc_output, false); let outbound_htlc = $holder_tx == htlc_output.offered; - if !outbound_htlc || revocation_sig_claim { - self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { - txid: tx.txid(), height, transaction: Some(tx.clone()), - event: OnchainEvent::HTLCSpendConfirmation { - commitment_tx_output_idx: input.previous_output.vout, - preimage: if accepted_preimage_claim || offered_preimage_claim { - Some(payment_preimage) } else { None }, - // If this is a payment to us (!outbound_htlc, above), - // wait for the CSV delay before dropping the HTLC from - // claimable balance if the claim was an HTLC-Success - // transaction. - on_to_local_output_csv: if accepted_preimage_claim { - Some(self.on_holder_tx_csv) } else { None }, - }, - }); - } else { - // Outbound claims should always have payment_data, unless - // we've already failed the HTLC as the commitment transaction - // which was broadcasted was revoked. In that case, we should - // spend the HTLC output here immediately, and expose that fact - // as a Balance, something which we do not yet do. - // TODO: Track the above as claimable! - } + self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { + txid: tx.txid(), height, block_hash: Some(*block_hash), transaction: Some(tx.clone()), + event: OnchainEvent::HTLCSpendConfirmation { + commitment_tx_output_idx: input.previous_output.vout, + preimage: if accepted_preimage_claim || offered_preimage_claim { + Some(payment_preimage) } else { None }, + // If this is a payment to us (ie !outbound_htlc), wait for + // the CSV delay before dropping the HTLC from claimable + // balance if the claim was an HTLC-Success transaction (ie + // accepted_preimage_claim). + on_to_local_output_csv: if accepted_preimage_claim && !outbound_htlc { + Some(self.on_holder_tx_csv) } else { None }, + }, + }); continue 'outer_loop; } } @@ -3066,6 +3568,7 @@ impl ChannelMonitorImpl { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid: tx.txid(), height, + block_hash: Some(*block_hash), transaction: Some(tx.clone()), event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, @@ -3089,6 +3592,7 @@ impl ChannelMonitorImpl { txid: tx.txid(), transaction: Some(tx.clone()), height, + block_hash: Some(*block_hash), event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, preimage: Some(payment_preimage), @@ -3116,6 +3620,7 @@ impl ChannelMonitorImpl { txid: tx.txid(), transaction: Some(tx.clone()), height, + block_hash: Some(*block_hash), event: OnchainEvent::HTLCUpdate { source, payment_hash, htlc_value_satoshis: Some(amount_msat / 1000), @@ -3130,7 +3635,7 @@ impl ChannelMonitorImpl { } /// Check if any transaction broadcasted is paying fund back to some address we can assume to own - fn is_paying_spendable_output(&mut self, tx: &Transaction, height: u32, logger: &L) where L::Target: Logger { + fn is_paying_spendable_output(&mut self, tx: &Transaction, height: u32, block_hash: &BlockHash, logger: &L) where L::Target: Logger { let mut spendable_output = None; for (i, outp) in tx.output.iter().enumerate() { // There is max one spendable output for any channel tx, including ones generated by us if i > ::core::u16::MAX as usize { @@ -3189,7 +3694,8 @@ impl ChannelMonitorImpl { let entry = OnchainEventEntry { txid: tx.txid(), transaction: Some(tx.clone()), - height: height, + height, + block_hash: Some(*block_hash), event: OnchainEvent::MaturingOutput { descriptor: spendable_output.clone() }, }; log_info!(logger, "Received spendable output {}, spendable at height {}", log_spendable!(spendable_output), entry.confirmation_threshold()); @@ -3198,7 +3704,7 @@ impl ChannelMonitorImpl { } } -impl chain::Listen for (ChannelMonitor, T, F, L) +impl chain::Listen for (ChannelMonitor, T, F, L) where T::Target: BroadcasterInterface, F::Target: FeeEstimator, @@ -3213,7 +3719,7 @@ where } } -impl chain::Confirm for (ChannelMonitor, T, F, L) +impl chain::Confirm for (ChannelMonitor, T, F, L) where T::Target: BroadcasterInterface, F::Target: FeeEstimator, @@ -3231,16 +3737,16 @@ where self.0.best_block_updated(header, height, &*self.1, &*self.2, &*self.3); } - fn get_relevant_txids(&self) -> Vec { + fn get_relevant_txids(&self) -> Vec<(Txid, Option)> { self.0.get_relevant_txids() } } const MAX_ALLOC_SIZE: usize = 64*1024; -impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> - for (BlockHash, ChannelMonitor) { - fn read(reader: &mut R, keys_manager: &'a K) -> Result { +impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP)> + for (BlockHash, ChannelMonitor) { + fn read(reader: &mut R, args: (&'a ES, &'b SP)) -> Result { macro_rules! unwrap_obj { ($key: expr) => { match $key { @@ -3250,6 +3756,8 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> } } + let (entropy_source, signer_provider) = args; + let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION); let latest_update_id: u64 = Readable::read(reader)?; @@ -3423,7 +3931,9 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> return Err(DecodeError::InvalidValue); } } - let onchain_tx_handler: OnchainTxHandler = ReadableArgs::read(reader, keys_manager)?; + let onchain_tx_handler: OnchainTxHandler = ReadableArgs::read( + reader, (entropy_source, signer_provider, channel_value_satoshis, channel_keys_id) + )?; let lockdown_from_offchain = Readable::read(reader)?; let holder_tx_signed = Readable::read(reader)?; @@ -3450,6 +3960,8 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> let mut funding_spend_seen = Some(false); let mut counterparty_node_id = None; let mut confirmed_commitment_tx_counterparty_output = None; + let mut spendable_txids_confirmed = Some(Vec::new()); + let mut counterparty_fulfilled_htlcs = Some(HashMap::new()); read_tlv_fields!(reader, { (1, funding_spend_confirmed, option), (3, htlcs_resolved_on_chain, vec_type), @@ -3457,11 +3969,10 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> (7, funding_spend_seen, option), (9, counterparty_node_id, option), (11, confirmed_commitment_tx_counterparty_output, option), + (13, spendable_txids_confirmed, vec_type), + (15, counterparty_fulfilled_htlcs, option), }); - let mut secp_ctx = Secp256k1::new(); - secp_ctx.seeded_randomize(&keys_manager.get_secure_random_bytes()); - Ok((best_block.block_hash(), ChannelMonitor::from_impl(ChannelMonitorImpl { latest_update_id, commitment_transaction_number_obscure_factor, @@ -3488,6 +3999,7 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> counterparty_claimable_outpoints, counterparty_commitment_txn_on_chain, counterparty_hash_commitment_number, + counterparty_fulfilled_htlcs: counterparty_fulfilled_htlcs.unwrap(), prev_holder_signed_commitment_tx, current_holder_commitment_tx, @@ -3509,11 +4021,10 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> funding_spend_confirmed, confirmed_commitment_tx_counterparty_output, htlcs_resolved_on_chain: htlcs_resolved_on_chain.unwrap(), + spendable_txids_confirmed: spendable_txids_confirmed.unwrap(), best_block, counterparty_node_id, - - secp_ctx, }))) } } @@ -3539,27 +4050,26 @@ mod tests { use crate::chain::chaininterface::LowerBoundedFeeEstimator; use super::ChannelMonitorUpdateStep; - use ::{check_added_monitors, check_closed_broadcast, check_closed_event, check_spends, get_local_commitment_txn, get_monitor, get_route_and_payment_hash, unwrap_send_err}; - use chain::{BestBlock, Confirm}; - use chain::channelmonitor::ChannelMonitor; - use chain::package::{weight_offered_htlc, weight_received_htlc, weight_revoked_offered_htlc, weight_revoked_received_htlc, WEIGHT_REVOKED_OUTPUT}; - use chain::transaction::OutPoint; - use chain::keysinterface::InMemorySigner; - use ln::{PaymentPreimage, PaymentHash}; - use ln::chan_utils; - use ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, ChannelTransactionParameters, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters}; - use ln::channelmanager::PaymentSendFailure; - use ln::features::InitFeatures; - use ln::functional_test_utils::*; - use ln::script::ShutdownScript; - use util::errors::APIError; - use util::events::{ClosureReason, MessageSendEventsProvider}; - use util::test_utils::{TestLogger, TestBroadcaster, TestFeeEstimator}; - use util::ser::{ReadableArgs, Writeable}; - use sync::{Arc, Mutex}; - use io; + use crate::{check_added_monitors, check_closed_broadcast, check_closed_event, check_spends, get_local_commitment_txn, get_monitor, get_route_and_payment_hash, unwrap_send_err}; + use crate::chain::{BestBlock, Confirm}; + use crate::chain::channelmonitor::ChannelMonitor; + use crate::chain::package::{weight_offered_htlc, weight_received_htlc, weight_revoked_offered_htlc, weight_revoked_received_htlc, WEIGHT_REVOKED_OUTPUT}; + use crate::chain::transaction::OutPoint; + use crate::chain::keysinterface::InMemorySigner; + use crate::ln::{PaymentPreimage, PaymentHash}; + use crate::ln::chan_utils; + use crate::ln::chan_utils::{HTLCOutputInCommitment, ChannelPublicKeys, ChannelTransactionParameters, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters}; + use crate::ln::channelmanager::{PaymentSendFailure, PaymentId}; + use crate::ln::functional_test_utils::*; + use crate::ln::script::ShutdownScript; + use crate::util::errors::APIError; + use crate::util::events::{ClosureReason, MessageSendEventsProvider}; + use crate::util::test_utils::{TestLogger, TestBroadcaster, TestFeeEstimator}; + use crate::util::ser::{ReadableArgs, Writeable}; + use crate::sync::{Arc, Mutex}; + use crate::io; use bitcoin::{PackedLockTime, Sequence, TxMerkleNode, Witness}; - use prelude::*; + use crate::prelude::*; fn do_test_funding_spend_refuses_updates(use_local_txn: bool) { // Previously, monitor updates were allowed freely even after a funding-spend transaction @@ -3577,10 +4087,8 @@ mod tests { let node_cfgs = create_node_cfgs(3, &chanmon_cfgs); let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]); let nodes = create_network(3, &node_cfgs, &node_chanmgrs); - let channel = create_announced_chan_between_nodes( - &nodes, 0, 1, InitFeatures::known(), InitFeatures::known()); - create_announced_chan_between_nodes( - &nodes, 1, 2, InitFeatures::known(), InitFeatures::known()); + let channel = create_announced_chan_between_nodes(&nodes, 0, 1); + create_announced_chan_between_nodes(&nodes, 1, 2); // Rebalance somewhat send_payment(&nodes[0], &[&nodes[1]], 10_000_000); @@ -3609,12 +4117,12 @@ mod tests { let (_, pre_update_monitor) = <(BlockHash, ChannelMonitor)>::read( &mut io::Cursor::new(&get_monitor!(nodes[1], channel.2).encode()), - &nodes[1].keys_manager.backing).unwrap(); + (&nodes[1].keys_manager.backing, &nodes[1].keys_manager.backing)).unwrap(); // If the ChannelManager tries to update the channel, however, the ChainMonitor will pass // the update through to the ChannelMonitor which will refuse it (as the channel is closed). let (route, payment_hash, _, payment_secret) = get_route_and_payment_hash!(nodes[1], nodes[0], 100_000); - unwrap_send_err!(nodes[1].node.send_payment(&route, payment_hash, &Some(payment_secret)), + unwrap_send_err!(nodes[1].node.send_payment(&route, payment_hash, &Some(payment_secret), PaymentId(payment_hash.0)), true, APIError::ChannelUnavailable { ref err }, assert!(err.contains("ChannelMonitor storage failure"))); check_added_monitors!(nodes[1], 2); // After the failure we generate a close-channel monitor update @@ -3658,11 +4166,13 @@ mod tests { fn test_prune_preimages() { let secp_ctx = Secp256k1::new(); let logger = Arc::new(TestLogger::new()); - let broadcaster = Arc::new(TestBroadcaster{txn_broadcasted: Mutex::new(Vec::new()), blocks: Arc::new(Mutex::new(Vec::new()))}); + let broadcaster = Arc::new(TestBroadcaster { + txn_broadcasted: Mutex::new(Vec::new()), + blocks: Arc::new(Mutex::new(Vec::new())) + }); let fee_estimator = TestFeeEstimator { sat_per_kw: Mutex::new(253) }; let dummy_key = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap()); - let dummy_tx = Transaction { version: 0, lock_time: PackedLockTime::ZERO, input: Vec::new(), output: Vec::new() }; let mut preimages = Vec::new(); { @@ -3673,7 +4183,7 @@ mod tests { } } - macro_rules! preimages_slice_to_htlc_outputs { + macro_rules! preimages_slice_to_htlcs { ($preimages_slice: expr) => { { let mut res = Vec::new(); @@ -3684,21 +4194,20 @@ mod tests { cltv_expiry: 0, payment_hash: preimage.1.clone(), transaction_output_index: Some(idx as u32), - }, None)); + }, ())); } res } } } - macro_rules! preimages_to_holder_htlcs { + macro_rules! preimages_slice_to_htlc_outputs { ($preimages_slice: expr) => { - { - let mut inp = preimages_slice_to_htlc_outputs!($preimages_slice); - let res: Vec<_> = inp.drain(..).map(|e| { (e.0, None, e.1) }).collect(); - res - } + preimages_slice_to_htlcs!($preimages_slice).into_iter().map(|(htlc, _)| (htlc, None)).collect() } } + let dummy_sig = crate::util::crypto::sign(&secp_ctx, + &bitcoin::secp256k1::Message::from_slice(&[42; 32]).unwrap(), + &SecretKey::from_slice(&[42; 32]).unwrap()); macro_rules! test_preimages_exist { ($preimages_slice: expr, $monitor: expr) => { @@ -3715,10 +4224,9 @@ mod tests { SecretKey::from_slice(&[41; 32]).unwrap(), SecretKey::from_slice(&[41; 32]).unwrap(), SecretKey::from_slice(&[41; 32]).unwrap(), - SecretKey::from_slice(&[41; 32]).unwrap(), [41; 32], 0, - [0; 32] + [0; 32], ); let counterparty_pubkeys = ChannelPublicKeys { @@ -3739,24 +4247,26 @@ mod tests { }), funding_outpoint: Some(funding_outpoint), opt_anchors: None, + opt_non_zero_fee_anchors: None, }; // Prune with one old state and a holder commitment tx holding a few overlaps with the // old state. let shutdown_pubkey = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap()); - let best_block = BestBlock::from_genesis(Network::Testnet); + let best_block = BestBlock::from_network(Network::Testnet); let monitor = ChannelMonitor::new(Secp256k1::new(), keys, - Some(ShutdownScript::new_p2wpkh_from_pubkey(shutdown_pubkey).into_inner()), 0, &Script::new(), - (OutPoint { txid: Txid::from_slice(&[43; 32]).unwrap(), index: 0 }, Script::new()), - &channel_parameters, - Script::new(), 46, 0, - HolderCommitmentTransaction::dummy(), best_block, dummy_key); - - monitor.provide_latest_holder_commitment_tx(HolderCommitmentTransaction::dummy(), preimages_to_holder_htlcs!(preimages[0..10])).unwrap(); - let dummy_txid = dummy_tx.txid(); - monitor.provide_latest_counterparty_commitment_tx(dummy_txid, preimages_slice_to_htlc_outputs!(preimages[5..15]), 281474976710655, dummy_key, &logger); - monitor.provide_latest_counterparty_commitment_tx(dummy_txid, preimages_slice_to_htlc_outputs!(preimages[15..20]), 281474976710654, dummy_key, &logger); - monitor.provide_latest_counterparty_commitment_tx(dummy_txid, preimages_slice_to_htlc_outputs!(preimages[17..20]), 281474976710653, dummy_key, &logger); - monitor.provide_latest_counterparty_commitment_tx(dummy_txid, preimages_slice_to_htlc_outputs!(preimages[18..20]), 281474976710652, dummy_key, &logger); + Some(ShutdownScript::new_p2wpkh_from_pubkey(shutdown_pubkey).into_inner()), 0, &Script::new(), + (OutPoint { txid: Txid::from_slice(&[43; 32]).unwrap(), index: 0 }, Script::new()), + &channel_parameters, Script::new(), 46, 0, HolderCommitmentTransaction::dummy(&mut Vec::new()), + best_block, dummy_key); + + let mut htlcs = preimages_slice_to_htlcs!(preimages[0..10]); + let dummy_commitment_tx = HolderCommitmentTransaction::dummy(&mut htlcs); + monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx.clone(), + htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), None)).collect()).unwrap(); + monitor.provide_latest_counterparty_commitment_tx(Txid::from_inner(Sha256::hash(b"1").into_inner()), + preimages_slice_to_htlc_outputs!(preimages[5..15]), 281474976710655, dummy_key, &logger); + monitor.provide_latest_counterparty_commitment_tx(Txid::from_inner(Sha256::hash(b"2").into_inner()), + preimages_slice_to_htlc_outputs!(preimages[15..20]), 281474976710654, dummy_key, &logger); for &(ref preimage, ref hash) in preimages.iter() { let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_estimator); monitor.provide_payment_preimage(hash, preimage, &broadcaster, &bounded_fee_estimator, &logger); @@ -3770,6 +4280,9 @@ mod tests { test_preimages_exist!(&preimages[0..10], monitor); test_preimages_exist!(&preimages[15..20], monitor); + monitor.provide_latest_counterparty_commitment_tx(Txid::from_inner(Sha256::hash(b"3").into_inner()), + preimages_slice_to_htlc_outputs!(preimages[17..20]), 281474976710653, dummy_key, &logger); + // Now provide a further secret, pruning preimages 15-17 secret[0..32].clone_from_slice(&hex::decode("c7518c8ae4660ed02894df8976fa1a3659c1a8b4b5bec0c4b872abeba4cb8964").unwrap()); monitor.provide_secret(281474976710654, secret.clone()).unwrap(); @@ -3777,9 +4290,15 @@ mod tests { test_preimages_exist!(&preimages[0..10], monitor); test_preimages_exist!(&preimages[17..20], monitor); + monitor.provide_latest_counterparty_commitment_tx(Txid::from_inner(Sha256::hash(b"4").into_inner()), + preimages_slice_to_htlc_outputs!(preimages[18..20]), 281474976710652, dummy_key, &logger); + // Now update holder commitment tx info, pruning only element 18 as we still care about the // previous commitment tx's preimages too - monitor.provide_latest_holder_commitment_tx(HolderCommitmentTransaction::dummy(), preimages_to_holder_htlcs!(preimages[0..5])).unwrap(); + let mut htlcs = preimages_slice_to_htlcs!(preimages[0..5]); + let dummy_commitment_tx = HolderCommitmentTransaction::dummy(&mut htlcs); + monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx.clone(), + htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), None)).collect()).unwrap(); secret[0..32].clone_from_slice(&hex::decode("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap()); monitor.provide_secret(281474976710653, secret.clone()).unwrap(); assert_eq!(monitor.inner.lock().unwrap().payment_preimages.len(), 12); @@ -3787,7 +4306,10 @@ mod tests { test_preimages_exist!(&preimages[18..20], monitor); // But if we do it again, we'll prune 5-10 - monitor.provide_latest_holder_commitment_tx(HolderCommitmentTransaction::dummy(), preimages_to_holder_htlcs!(preimages[0..3])).unwrap(); + let mut htlcs = preimages_slice_to_htlcs!(preimages[0..3]); + let dummy_commitment_tx = HolderCommitmentTransaction::dummy(&mut htlcs); + monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx, + htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), None)).collect()).unwrap(); secret[0..32].clone_from_slice(&hex::decode("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap()); monitor.provide_secret(281474976710652, secret.clone()).unwrap(); assert_eq!(monitor.inner.lock().unwrap().payment_preimages.len(), 5);