X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fonchaintx.rs;h=d0d1f29e691f5ea5118d0a06b2e5bf4030fd73aa;hb=e46e183084ed858f41aa304acd78503aea1a96ed;hp=4c935ea654843ab66f6e5a36f0794652e06d3c01;hpb=73e0a0112adae5086ae6617fec2131f362086797;p=rust-lightning

diff --git a/lightning/src/ln/onchaintx.rs b/lightning/src/ln/onchaintx.rs
index 4c935ea6..d0d1f29e 100644
--- a/lightning/src/ln/onchaintx.rs
+++ b/lightning/src/ln/onchaintx.rs
@@ -725,8 +725,17 @@ impl<ChanSigner: ChannelKeys> OnchainTxHandler<ChanSigner> {
 		}
 	}
 
-	pub(super) fn provide_latest_local_tx(&mut self, tx: LocalCommitmentTransaction) {
+	pub(super) fn provide_latest_local_tx(&mut self, tx: LocalCommitmentTransaction) -> Result<(), ()> {
+		// To prevent any unsafe state discrepancy between offchain and onchain, once local
+		// commitment transaction has been signed due to an event (either block height for
+		// HTLC-timeout or channel force-closure), don't allow any further update of local
+		// commitment transaction view to avoid delivery of revocation secret to counterparty
+		// for the aformentionned signed transaction.
+		if let Some(ref local_commitment) = self.local_commitment {
+			if local_commitment.has_local_sig() { return Err(()) }
+		}
 		self.prev_local_commitment = self.local_commitment.take();
 		self.local_commitment = Some(tx);
+		Ok(())
 	}
 }