]> git.bitcoin.ninja Git - rust-lightning/commitdiff
Fix final blinded hop CLTV expiry on send.
authorValentine Wallace <vwallace@protonmail.com>
Wed, 20 Dec 2023 00:16:37 +0000 (19:16 -0500)
committerValentine Wallace <vwallace@protonmail.com>
Thu, 11 Jan 2024 16:36:08 +0000 (11:36 -0500)
Previously, we were setting the final blinded hop's CLTV expiry height to
best_block_height + total_blinded_path_cltv_delta + shadow_cltv_offset. This is
incorrect, it should instead be set to best_block_height + shadow_cltv_offset
only -- it doesn't make sense to include the delta for the other blinded hops
in the final hop's expiry.

The reason this too-high final cltv value didn't cause test failures previously
is because of a 2nd bug that is fixed in an upcoming commit where the sender
adds the shadow offset twice to the total path CLTV expiry. This 2nd offset
meant that intermediate nodes had some buffer CLTV to subtract their delta from
while still (usually) have enough leftover to meet the expiry in the final hop's
onion.

lightning/src/ln/onion_utils.rs

index ac0bb6189c6d750e92b4fdf5f6d061cca46d2cb2..2d75edd30d0f90e4169e3f424a81de0e11887b79 100644 (file)
@@ -192,7 +192,7 @@ pub(super) fn build_onion_payloads(path: &Path, total_msat: u64, mut recipient_o
                                                res.push(msgs::OutboundOnionPayload::BlindedReceive {
                                                        sender_intended_htlc_amt_msat: *final_value_msat,
                                                        total_msat,
-                                                       cltv_expiry_height: cltv,
+                                                       cltv_expiry_height: cur_cltv,
                                                        encrypted_tlvs: blinded_hop.encrypted_payload.clone(),
                                                        intro_node_blinding_point: blinding_point.take(),
                                                });