_ Git - rust-lightning/commit

author	Matt Corallo <git@bluematt.me>
	Mon, 18 Apr 2022 15:42:11 +0000 (15:42 +0000)
committer	Matt Corallo <git@bluematt.me>
	Thu, 26 May 2022 00:53:11 +0000 (00:53 +0000)
commit	28c70ac50685b546a2fbaebea34acf1aa364cf66
tree	79b8ff3edbcad9690d239f4f2c53611ab32225e6	tree \| snapshot
parent	bd1e20d49e5b67b55c22ee8927e546327d98e042	commit \| diff

Ensure all HTLCs for a claimed payment are claimed on startup

While the HTLC-claim process happens across all MPP parts under one
lock, this doesn't imply that they are claimed fully atomically on
disk. Ultimately, an application can crash after persisting one
`ChannelMonitorUpdate` out of multiple monitor updates needed for
the full claim.

Previously, this would leave us in a very bad state - because of
the all-channels-available check in `claim_funds` we'd refuse to
claim the payment again on restart (even though the
`PaymentReceived` event will be passed to the user again), and we'd
end up having partially claimed the payment!

The fix for the consistency part of this issue is pretty
straightforward - just check for this condition on startup and
complete the claim across all channels/`ChannelMonitor`s if we
detect it.

This still leaves us in a confused state from the perspective of
the user, however - we've actually claimed a payment but when they
call `claim_funds` we return `false` indicating it could not be
claimed.

lightning/src/chain/channelmonitor.rs		diff \| blob \| history
lightning/src/ln/channel.rs		diff \| blob \| history
lightning/src/ln/channelmanager.rs		diff \| blob \| history
lightning/src/ln/functional_test_utils.rs		diff \| blob \| history
lightning/src/ln/functional_tests.rs		diff \| blob \| history