From: Matt Corallo Date: Wed, 17 May 2023 00:56:22 +0000 (+0000) Subject: Ensure a 1:1 mapping of value sendable to send success in fuzzing X-Git-Tag: v0.0.116-alpha1~17^2~2 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=66c4f454f0316bb8c79d53a97308c706d2d3725e;p=rust-lightning Ensure a 1:1 mapping of value sendable to send success in fuzzing Now that the value available to send is expected to match the success or failure of sending exactly, we should assert this in the `chanmon_consistency` fuzzer. In the next commit we'll actually rip the checks out of `send_htlc` which will make this a somewhat less useful test, however fuzzing on this specific commit can help to reveal bugs. --- diff --git a/fuzz/src/chanmon_consistency.rs b/fuzz/src/chanmon_consistency.rs index f8c6c08a2..bb4066700 100644 --- a/fuzz/src/chanmon_consistency.rs +++ b/fuzz/src/chanmon_consistency.rs @@ -285,7 +285,7 @@ impl KeyProvider { } #[inline] -fn check_api_err(api_err: APIError) { +fn check_api_err(api_err: APIError, sendable_bounds_violated: bool) { match api_err { APIError::APIMisuseError { .. } => panic!("We can't misuse the API"), APIError::FeeRateTooHigh { .. } => panic!("We can't send too much fee?"), @@ -305,6 +305,7 @@ fn check_api_err(api_err: APIError) { _ if err.starts_with("Cannot send value that would put our exposure to dust HTLCs at") => {}, _ => panic!("{}", err), } + assert!(sendable_bounds_violated); }, APIError::MonitorUpdateInProgress => { // We can (obviously) temp-fail a monitor update @@ -313,17 +314,17 @@ fn check_api_err(api_err: APIError) { } } #[inline] -fn check_payment_err(send_err: PaymentSendFailure) { +fn check_payment_err(send_err: PaymentSendFailure, sendable_bounds_violated: bool) { match send_err { - PaymentSendFailure::ParameterError(api_err) => check_api_err(api_err), + PaymentSendFailure::ParameterError(api_err) => check_api_err(api_err, sendable_bounds_violated), PaymentSendFailure::PathParameterError(per_path_results) => { - for res in per_path_results { if let Err(api_err) = res { check_api_err(api_err); } } + for res in per_path_results { if let Err(api_err) = res { check_api_err(api_err, sendable_bounds_violated); } } }, PaymentSendFailure::AllFailedResendSafe(per_path_results) => { - for api_err in per_path_results { check_api_err(api_err); } + for api_err in per_path_results { check_api_err(api_err, sendable_bounds_violated); } }, PaymentSendFailure::PartialFailure { results, .. } => { - for res in results { if let Err(api_err) = res { check_api_err(api_err); } } + for res in results { if let Err(api_err) = res { check_api_err(api_err, sendable_bounds_violated); } } }, PaymentSendFailure::DuplicatePayment => panic!(), } @@ -351,6 +352,11 @@ fn send_payment(source: &ChanMan, dest: &ChanMan, dest_chan_id: u64, amt: u64, p let mut payment_id = [0; 32]; payment_id[0..8].copy_from_slice(&payment_idx.to_ne_bytes()); *payment_idx += 1; + let (min_value_sendable, max_value_sendable) = source.list_usable_channels() + .iter().find(|chan| chan.short_channel_id == Some(dest_chan_id)) + .map(|chan| + (chan.next_outbound_htlc_minimum_msat, chan.next_outbound_htlc_limit_msat)) + .unwrap_or((0, 0)); if let Err(err) = source.send_payment_with_route(&Route { paths: vec![Path { hops: vec![RouteHop { pubkey: dest.get_our_node_id(), @@ -362,9 +368,15 @@ fn send_payment(source: &ChanMan, dest: &ChanMan, dest_chan_id: u64, amt: u64, p }], blinded_tail: None }], payment_params: None, }, payment_hash, RecipientOnionFields::secret_only(payment_secret), PaymentId(payment_id)) { - check_payment_err(err); + check_payment_err(err, amt > max_value_sendable || amt < min_value_sendable); false - } else { true } + } else { + // Note that while the max is a strict upper-bound, we can occasionally send substantially + // below the minimum, with some gap which is unusable immediately below the minimum. Thus, + // we don't check against min_value_sendable here. + assert!(amt <= max_value_sendable); + true + } } #[inline] fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, dest: &ChanMan, dest_chan_id: u64, amt: u64, payment_id: &mut u8, payment_idx: &mut u64) -> bool { @@ -373,13 +385,19 @@ fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, des let mut payment_id = [0; 32]; payment_id[0..8].copy_from_slice(&payment_idx.to_ne_bytes()); *payment_idx += 1; + let (min_value_sendable, max_value_sendable) = source.list_usable_channels() + .iter().find(|chan| chan.short_channel_id == Some(middle_chan_id)) + .map(|chan| + (chan.next_outbound_htlc_minimum_msat, chan.next_outbound_htlc_limit_msat)) + .unwrap_or((0, 0)); + let first_hop_fee = 50_000; if let Err(err) = source.send_payment_with_route(&Route { paths: vec![Path { hops: vec![RouteHop { pubkey: middle.get_our_node_id(), node_features: middle.node_features(), short_channel_id: middle_chan_id, channel_features: middle.channel_features(), - fee_msat: 50000, + fee_msat: first_hop_fee, cltv_expiry_delta: 100, },RouteHop { pubkey: dest.get_our_node_id(), @@ -391,9 +409,16 @@ fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, des }], blinded_tail: None }], payment_params: None, }, payment_hash, RecipientOnionFields::secret_only(payment_secret), PaymentId(payment_id)) { - check_payment_err(err); + let sent_amt = amt + first_hop_fee; + check_payment_err(err, sent_amt < min_value_sendable || sent_amt > max_value_sendable); false - } else { true } + } else { + // Note that while the max is a strict upper-bound, we can occasionally send substantially + // below the minimum, with some gap which is unusable immediately below the minimum. Thus, + // we don't check against min_value_sendable here. + assert!(amt + first_hop_fee <= max_value_sendable); + true + } } #[inline] diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs index c404b46f1..2ea2ebd58 100644 --- a/lightning/src/ln/channel.rs +++ b/lightning/src/ln/channel.rs @@ -6029,6 +6029,8 @@ impl Channel { return Err(ChannelError::Ignore(format!("Cannot send value that would put our balance under counterparty-announced channel reserve value ({})", chan_reserve_msat))); } + debug_assert!(amount_msat <= self.get_available_balances().next_outbound_htlc_limit_msat); + let need_holding_cell = (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0; log_debug!(logger, "Pushing new outbound HTLC for {} msat {}", amount_msat, if force_holding_cell { "into holding cell" }