X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fchain%2Fchannelmonitor.rs;h=b89c58646fbfd960ccf98a5736fc4d300b26db8f;hb=2cf42aa3888e665541faf34a634f054b4580d25f;hp=b2ed3d99de7f39e26c590cecf5e75401d84f2921;hpb=f9febb0351414222dc61e1bef647b140bf7a1e39;p=rust-lightning diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index b2ed3d99..b89c5864 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -190,8 +190,8 @@ pub enum MonitorEvent { /// A monitor event containing an HTLCUpdate. HTLCEvent(HTLCUpdate), - /// A monitor event that the Channel's commitment transaction was broadcasted. - CommitmentTxBroadcasted(OutPoint), + /// A monitor event that the Channel's commitment transaction was confirmed. + CommitmentTxConfirmed(OutPoint), } /// Simple structure sent back by `chain::Watch` when an HTLC from a forward channel is detected on @@ -232,8 +232,13 @@ pub(crate) const CLTV_CLAIM_BUFFER: u32 = 18; /// with at worst this delay, so we are not only using this value as a mercy for them but also /// us as a safeguard to delay with enough time. pub(crate) const LATENCY_GRACE_PERIOD_BLOCKS: u32 = 3; -/// Number of blocks we wait on seeing a HTLC output being solved before we fail corresponding inbound -/// HTLCs. This prevents us from failing backwards and then getting a reorg resulting in us losing money. +/// Number of blocks we wait on seeing a HTLC output being solved before we fail corresponding +/// inbound HTLCs. This prevents us from failing backwards and then getting a reorg resulting in us +/// losing money. +/// +/// Note that this is a library-wide security assumption. If a reorg deeper than this number of +/// blocks occurs, counterparties may be able to steal funds or claims made by and balances exposed +/// by a [`ChannelMonitor`] may be incorrect. // We also use this delay to be sure we can remove our in-flight claim txn from bump candidates buffer. // It may cause spurious generation of bumped claim txn but that's alright given the outpoint is already // solved by a previous claim tx. What we want to avoid is reorg evicting our claim tx and us not @@ -535,6 +540,59 @@ impl_writeable_tlv_based_enum_upgradable!(ChannelMonitorUpdateStep, }, ); +/// Details about the balance(s) available for spending once the channel appears on chain. +/// +/// See [`ChannelMonitor::get_claimable_balances`] for more details on when these will or will not +/// be provided. +#[derive(Clone, Debug, PartialEq, Eq)] +#[cfg_attr(test, derive(PartialOrd, Ord))] +pub enum Balance { + /// The channel is not yet closed (or the commitment or closing transaction has not yet + /// appeared in a block). The given balance is claimable (less on-chain fees) if the channel is + /// force-closed now. + ClaimableOnChannelClose { + /// The amount available to claim, in satoshis, excluding the on-chain fees which will be + /// required to do so. + claimable_amount_satoshis: u64, + }, + /// The channel has been closed, and the given balance is ours but awaiting confirmations until + /// we consider it spendable. + ClaimableAwaitingConfirmations { + /// The amount available to claim, in satoshis, possibly excluding the on-chain fees which + /// were spent in broadcasting the transaction. + claimable_amount_satoshis: u64, + /// The height at which an [`Event::SpendableOutputs`] event will be generated for this + /// amount. + confirmation_height: u32, + }, + /// The channel has been closed, and the given balance should be ours but awaiting spending + /// transaction confirmation. If the spending transaction does not confirm in time, it is + /// possible our counterparty can take the funds by broadcasting an HTLC timeout on-chain. + /// + /// Once the spending transaction confirms, before it has reached enough confirmations to be + /// considered safe from chain reorganizations, the balance will instead be provided via + /// [`Balance::ClaimableAwaitingConfirmations`]. + ContentiousClaimable { + /// The amount available to claim, in satoshis, excluding the on-chain fees which will be + /// required to do so. + claimable_amount_satoshis: u64, + /// The height at which the counterparty may be able to claim the balance if we have not + /// done so. + timeout_height: u32, + }, + /// HTLCs which we sent to our counterparty which are claimable after a timeout (less on-chain + /// fees) if the counterparty does not know the preimage for the HTLCs. These are somewhat + /// likely to be claimed by our counterparty before we do. + MaybeClaimableHTLCAwaitingTimeout { + /// The amount available to claim, in satoshis, excluding the on-chain fees which will be + /// required to do so. + claimable_amount_satoshis: u64, + /// The height at which we will be able to claim the balance if our counterparty has not + /// done so. + claimable_height: u32, + }, +} + /// An HTLC which has been irrevocably resolved on-chain, and has reached ANTI_REORG_DELAY. #[derive(PartialEq)] struct IrrevocablyResolvedHTLC { @@ -860,7 +918,7 @@ impl Writeable for ChannelMonitorImpl { 0u8.write(writer)?; upd.write(writer)?; }, - MonitorEvent::CommitmentTxBroadcasted(_) => 1u8.write(writer)? + MonitorEvent::CommitmentTxConfirmed(_) => 1u8.write(writer)? } } @@ -1302,6 +1360,173 @@ impl ChannelMonitor { pub fn current_best_block(&self) -> BestBlock { self.inner.lock().unwrap().best_block.clone() } + + /// Gets the balances in this channel which are either claimable by us if we were to + /// force-close the channel now or which are claimable on-chain (possibly awaiting + /// confirmation). + /// + /// Any balances in the channel which are available on-chain (excluding on-chain fees) are + /// included here until an [`Event::SpendableOutputs`] event has been generated for the + /// balance, or until our counterparty has claimed the balance and accrued several + /// confirmations on the claim transaction. + /// + /// Note that the balances available when you or your counterparty have broadcasted revoked + /// state(s) may not be fully captured here. + // TODO, fix that ^ + /// + /// See [`Balance`] for additional details on the types of claimable balances which + /// may be returned here and their meanings. + pub fn get_claimable_balances(&self) -> Vec { + let mut res = Vec::new(); + let us = self.inner.lock().unwrap(); + + let mut confirmed_txid = us.funding_spend_confirmed; + let mut pending_commitment_tx_conf_thresh = None; + let funding_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { + Some((event.txid, event.confirmation_threshold())) + } else { None } + }); + if let Some((txid, conf_thresh)) = funding_spend_pending { + debug_assert!(us.funding_spend_confirmed.is_none(), + "We have a pending funding spend awaiting anti-reorg confirmation, we can't have confirmed it already!"); + confirmed_txid = Some(txid); + pending_commitment_tx_conf_thresh = Some(conf_thresh); + } + + macro_rules! walk_htlcs { + ($holder_commitment: expr, $htlc_iter: expr) => { + for htlc in $htlc_iter { + if let Some(htlc_input_idx) = htlc.transaction_output_index { + if us.htlcs_resolved_on_chain.iter().any(|v| v.input_idx == htlc_input_idx) { + assert!(us.funding_spend_confirmed.is_some()); + } else if htlc.offered == $holder_commitment { + // If the payment was outbound, check if there's an HTLCUpdate + // indicating we have spent this HTLC with a timeout, claiming it back + // and awaiting confirmations on it. + let htlc_update_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::HTLCUpdate { input_idx: Some(input_idx), .. } = event.event { + if input_idx == htlc_input_idx { Some(event.confirmation_threshold()) } else { None } + } else { None } + }); + if let Some(conf_thresh) = htlc_update_pending { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } + } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { + // Otherwise (the payment was inbound), only expose it as claimable if + // we know the preimage. + // Note that if there is a pending claim, but it did not use the + // preimage, we lost funds to our counterparty! We will then continue + // to show it as ContentiousClaimable until ANTI_REORG_DELAY. + let htlc_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::HTLCSpendConfirmation { input_idx, preimage, .. } = event.event { + if input_idx == htlc_input_idx { + Some((event.confirmation_threshold(), preimage.is_some())) + } else { None } + } else { None } + }); + if let Some((conf_thresh, true)) = htlc_spend_pending { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + res.push(Balance::ContentiousClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + timeout_height: htlc.cltv_expiry, + }); + } + } + } + } + } + } + + if let Some(txid) = confirmed_txid { + let mut found_commitment_tx = false; + if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { + walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().map(|(a, _)| a)); + if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { + if let Some(value) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticPaymentOutput(descriptor) + } = &event.event { + Some(descriptor.output.value) + } else { None } + }) { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: value, + confirmation_height: conf_thresh, + }); + } else { + // If a counterparty commitment transaction is awaiting confirmation, we + // should either have a StaticPaymentOutput MaturingOutput event awaiting + // confirmation with the same height or have never met our dust amount. + } + } + found_commitment_tx = true; + } else if txid == us.current_holder_commitment_tx.txid { + walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); + if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat, + confirmation_height: conf_thresh, + }); + } + found_commitment_tx = true; + } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { + if txid == prev_commitment.txid { + walk_htlcs!(true, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); + if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: prev_commitment.to_self_value_sat, + confirmation_height: conf_thresh, + }); + } + found_commitment_tx = true; + } + } + if !found_commitment_tx { + if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { + // We blindly assume this is a cooperative close transaction here, and that + // neither us nor our counterparty misbehaved. At worst we've under-estimated + // the amount we can claim as we'll punish a misbehaving counterparty. + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat, + confirmation_height: conf_thresh, + }); + } + } + // TODO: Add logic to provide claimable balances for counterparty broadcasting revoked + // outputs. + } else { + let mut claimable_inbound_htlc_value_sat = 0; + for (htlc, _, _) in us.current_holder_commitment_tx.htlc_outputs.iter() { + if htlc.transaction_output_index.is_none() { continue; } + if htlc.offered { + res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { + claimable_inbound_htlc_value_sat += htlc.amount_msat / 1000; + } + } + res.push(Balance::ClaimableOnChannelClose { + claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat + claimable_inbound_htlc_value_sat, + }); + } + + res + } } /// Compares a broadcasted commitment transaction's HTLCs with those in the latest state, @@ -1562,7 +1787,7 @@ impl ChannelMonitorImpl { log_info!(logger, "Broadcasting local {}", log_tx!(tx)); broadcaster.broadcast_transaction(tx); } - self.pending_monitor_events.push(MonitorEvent::CommitmentTxBroadcasted(self.funding_info.0)); + self.pending_monitor_events.push(MonitorEvent::CommitmentTxConfirmed(self.funding_info.0)); } pub fn update_monitor(&mut self, updates: &ChannelMonitorUpdate, broadcaster: &B, fee_estimator: &F, logger: &L) -> Result<(), MonitorUpdateError> @@ -1610,7 +1835,7 @@ impl ChannelMonitorImpl { } else if !self.holder_tx_signed { log_error!(logger, "You have a toxic holder commitment transaction avaible in channel monitor, read comment in ChannelMonitor::get_latest_holder_commitment_txn to be informed of manual action to take"); } else { - // If we generated a MonitorEvent::CommitmentTxBroadcasted, the ChannelManager + // If we generated a MonitorEvent::CommitmentTxConfirmed, the ChannelManager // will still give us a ChannelForceClosed event with !should_broadcast, but we // shouldn't print the scary warning above. log_info!(logger, "Channel off-chain state closed after we broadcasted our latest commitment transaction."); @@ -2132,7 +2357,7 @@ impl ChannelMonitorImpl { let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone()); let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), false, self.best_block.height()); claimable_outpoints.push(commitment_package); - self.pending_monitor_events.push(MonitorEvent::CommitmentTxBroadcasted(self.funding_info.0)); + self.pending_monitor_events.push(MonitorEvent::CommitmentTxConfirmed(self.funding_info.0)); let commitment_tx = self.onchain_tx_handler.get_fully_signed_holder_tx(&self.funding_redeemscript); self.holder_tx_signed = true; // Because we're broadcasting a commitment transaction, we should construct the package @@ -2488,7 +2713,7 @@ impl ChannelMonitorImpl { // we've already failed the HTLC as the commitment transaction // which was broadcasted was revoked. In that case, we should // spend the HTLC output here immediately, and expose that fact - // as a ClaimableBalance, something which we do not yet do. + // as a Balance, something which we do not yet do. // TODO: Track the above as claimable! } continue 'outer_loop; @@ -2885,7 +3110,7 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> for _ in 0..pending_monitor_events_len { let ev = match ::read(reader)? { 0 => MonitorEvent::HTLCEvent(Readable::read(reader)?), - 1 => MonitorEvent::CommitmentTxBroadcasted(funding_info.0), + 1 => MonitorEvent::CommitmentTxConfirmed(funding_info.0), _ => return Err(DecodeError::InvalidValue) }; pending_monitor_events.push(ev);