Fix sender double-including shadow offset in CLTV expiry height.

The excess delta is included in the final RouteHop::cltv_expiry_delta, so by
adding it explicitly to cur_cltv we were erroneously including it twice in the
total cltv expiry.

This could've add up to an extra MAX_SHADOW_CLTV_DELTA_OFFSET (432) blocks to
the total cltv expiry.

diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs
index b2094af1d6e4f3bd206655d4bcca3f8fa577619d..a3126b3b53744ee2a8fc596e116ddfd354375ea4 100644 (file)
--- a/lightning/src/ln/blinded_payment_tests.rs
+++ b/lightning/src/ln/blinded_payment_tests.rs
@@ -572,6 +572,7 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) {
        let route = if check == ReceiveCheckFail::ProcessPendingHTLCsCheck {
                let mut route = get_route(&nodes[0], &route_params).unwrap();
                // Set the final CLTV expiry too low to trigger the failure in process_pending_htlc_forwards.
+               route.paths[0].hops.last_mut().map(|h| h.cltv_expiry_delta += excess_final_cltv_delta_opt.unwrap() as u32);
                route.paths[0].blinded_tail.as_mut().map(|bt| bt.excess_final_cltv_expiry_delta = excess_final_cltv_delta_opt.unwrap() as u32);
                route
        } else if check == ReceiveCheckFail::PaymentConstraints {
@@ -680,6 +681,7 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) {
                        commitment_signed_dance!(nodes[2], nodes[1], (), false, true, false, false);
                },
                ReceiveCheckFail::ProcessPendingHTLCsCheck => {
+                       assert_eq!(payment_event_1_2.msgs[0].cltv_expiry, nodes[0].best_block_info().1 + 1 + excess_final_cltv_delta_opt.unwrap() as u32);
                        nodes[2].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), &payment_event_1_2.msgs[0]);
                        check_added_monitors!(nodes[2], 0);
                        do_commitment_signed_dance(&nodes[2], &nodes[1], &payment_event_1_2.commitment_msg, true, true);

diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs
index 2d75edd30d0f90e4169e3f424a81de0e11887b79..137699521f482b6b186a4375477284a010bc897b 100644 (file)
--- a/lightning/src/ln/onion_utils.rs
+++ b/lightning/src/ln/onion_utils.rs
@@ -188,11 +188,10 @@ pub(super) fn build_onion_payloads(path: &Path, total_msat: u64, mut recipient_o
                                for (i, blinded_hop) in hops.iter().enumerate() {
                                        if i == hops.len() - 1 {
                                                cur_value_msat += final_value_msat;
-                                               cur_cltv += excess_final_cltv_expiry_delta;
                                                res.push(msgs::OutboundOnionPayload::BlindedReceive {
                                                        sender_intended_htlc_amt_msat: *final_value_msat,
                                                        total_msat,
-                                                       cltv_expiry_height: cur_cltv,
+                                                       cltv_expiry_height: cur_cltv + excess_final_cltv_expiry_delta,
                                                        encrypted_tlvs: blinded_hop.encrypted_payload.clone(),
                                                        intro_node_blinding_point: blinding_point.take(),
                                                });