From: Matt Corallo Date: Thu, 25 Jul 2019 18:18:33 +0000 (-0400) Subject: Do not require upfront_shutdown as the security gain is marginal X-Git-Tag: v0.0.12~198^2 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=refs%2Fheads%2F2019-07-no-bogus-sec-required;p=rust-lightning Do not require upfront_shutdown as the security gain is marginal There is really no reason to want to never open a channel just because a counterparty doesn't support upfront_shutdown. --- diff --git a/src/ln/msgs.rs b/src/ln/msgs.rs index a61ec5628..f6968c5d3 100644 --- a/src/ln/msgs.rs +++ b/src/ln/msgs.rs @@ -63,13 +63,13 @@ impl LocalFeatures { #[cfg(not(feature = "fuzztarget"))] pub(crate) fn new() -> LocalFeatures { LocalFeatures { - flags: vec![1 << 4], + flags: vec![1 << 5], } } #[cfg(feature = "fuzztarget")] pub fn new() -> LocalFeatures { LocalFeatures { - flags: vec![1 << 4], + flags: vec![1 << 5], } } @@ -96,7 +96,7 @@ impl LocalFeatures { } #[cfg(test)] pub(crate) fn unset_upfront_shutdown_script(&mut self) { - self.flags[0] ^= 1 << 4; + self.flags[0] ^= 1 << 5; } pub(crate) fn requires_unknown_bits(&self) -> bool { @@ -2018,9 +2018,9 @@ mod tests { target_value.append(&mut hex::decode("0000").unwrap()); } if initial_routing_sync { - target_value.append(&mut hex::decode("000118").unwrap()); + target_value.append(&mut hex::decode("000128").unwrap()); } else { - target_value.append(&mut hex::decode("000110").unwrap()); + target_value.append(&mut hex::decode("000120").unwrap()); } assert_eq!(encoded_value, target_value); } diff --git a/src/util/config.rs b/src/util/config.rs index 5b805d45e..0b61a5699 100644 --- a/src/util/config.rs +++ b/src/util/config.rs @@ -152,13 +152,15 @@ pub struct ChannelConfig { /// /// This cannot be changed after the initial channel handshake. pub announced_channel: bool, - /// Set to commit to an upfront shutdown_pubkey at channel opening. In case of mutual - /// closing, the other peer will check that our closing transction output is encumbered - /// by the provided script. + /// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty + /// supports it, they will then enforce the mutual-close output to us matches what we provided + /// at intialization, preventing us from closing to an alternate pubkey. /// - /// We set it by default as this ensure greater security to the user funds. + /// This is set to true by default to provide a slight increase in security, though ultimately + /// any attacker who is able to take control of a channel can just as easily send the funds via + /// lightning payments, so we never require that our counterparties support this option. /// - /// This cannot be changed after channel opening. + /// This cannot be changed after a channel has been initialized. pub commit_upfront_shutdown_pubkey: bool }