From: Matt Corallo Date: Fri, 14 Sep 2018 17:35:56 +0000 (-0400) Subject: Do not fail-backwards LocalAnnounced HTLCs upon force-close. X-Git-Tag: v0.0.12~310^2~3 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=5ef88cea34b9cf90fa5198b2ff4347e66e49a927;p=rust-lightning Do not fail-backwards LocalAnnounced HTLCs upon force-close. This is completely unsafe as we have provided the remote side with a commitment_signed which they can broadcast, including the HTLC transaction, and then could claim it on-chain after we've failed it backwards! --- diff --git a/src/ln/channel.rs b/src/ln/channel.rs index 3a627f35b..e71ba9b2c 100644 --- a/src/ln/channel.rs +++ b/src/ln/channel.rs @@ -2551,10 +2551,7 @@ impl Channel { } } - for htlc in self.pending_outbound_htlcs.drain(..) { - if htlc.state == OutboundHTLCState::LocalAnnounced { - dropped_outbound_htlcs.push((htlc.source, htlc.payment_hash)); - } + for _htlc in self.pending_outbound_htlcs.drain(..) { //TODO: Do something with the remaining HTLCs //(we need to have the ChannelManager monitor them so we can claim the inbound HTLCs //which correspond)