From: Antoine Riard Date: Fri, 10 Apr 2020 01:51:29 +0000 (-0400) Subject: Document exactly our CLTV sanitization policy for final incoming HTLCs X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=709220f805af871e2690b66c73f25b6b205aaca7;p=rust-lightning Document exactly our CLTV sanitization policy for final incoming HTLCs We want to avoid a third-party channel closure, where a random node by sending us a payment expiring at current height, would trigger our onchain logic to close the channel due to a near-expiration. PaymentReceived and unknown HTLC cancellation must happen before LATENCY_GRACE_PERIOD_BLOCKS. --- diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs index 374d74f6c..ffa652097 100644 --- a/lightning/src/ln/channel.rs +++ b/lightning/src/ln/channel.rs @@ -1711,8 +1711,6 @@ impl Channel { return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height")); } - //TODO: Check msg.cltv_expiry further? Do this in channel manager? - if self.channel_state & ChannelState::LocalShutdownSent as u32 != 0 { if let PendingHTLCStatus::Forward(_) = pending_forward_state { panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing"); diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs index 4f71f406b..2ea6ff2b0 100644 --- a/lightning/src/ln/channelmanager.rs +++ b/lightning/src/ln/channelmanager.rs @@ -1039,6 +1039,10 @@ impl ChannelMan // OUR PAYMENT! // final_expiry_too_soon + // Final node can't rely on checking a CLTV_EXPIRY_DELTA which enforces by its own length CLTV_CLAIM_BUFFER so make sure + // we don't accept incoming HTLC we wouldn't have time to claim with a worst-case broadcast scenario + // Also, in case of unknown payment hash, makes sure payment logic has time to fail backward HTLC before our onchain + // logic trigger a channel closure. if (msg.cltv_expiry as u64) < self.latest_block_height.load(Ordering::Acquire) as u64 + (CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 { return_err!("The final CLTV expiry is too soon to handle", 17, &[0;0]); } diff --git a/lightning/src/util/events.rs b/lightning/src/util/events.rs index 2c00a1335..bfb29df24 100644 --- a/lightning/src/util/events.rs +++ b/lightning/src/util/events.rs @@ -52,7 +52,8 @@ pub enum Event { /// Indicates we've received money! Just gotta dig out that payment preimage and feed it to /// ChannelManager::claim_funds to get it.... /// Note that if the preimage is not known or the amount paid is incorrect, you must call - /// ChannelManager::fail_htlc_backwards to free up resources for this HTLC. + /// ChannelManager::fail_htlc_backwards to free up resources for this HTLC before + /// LATENCY_GRACE_PERIOD_BLOCKS to avoid any channel-closure by onchain monitoring. /// The amount paid should be considered 'incorrect' when it is less than or more than twice /// the amount expected. PaymentReceived {