Force-close channels if closing transactions may be non-standard

If a counterparty (or an old channel of ours) uses a non-segwit
script for their cooperative close payout, they may include an
output which is unbroadcastable due to not meeting the network dust
limit.

Here we check for this condition, force-closing the channel instead
if we find an output in the closing transaction which does not meet
the limit.

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index 57da708baf503ce473807c164bb2a5c21af38206..3faaafe84dda86d48bc5a593c64e8bee9eea7131 100644 (file)
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -3629,6 +3629,12 @@ impl<Signer: Sign> Channel<Signer> {
                        },
                };
 
+               for outp in closing_tx.trust().built_transaction().output.iter() {
+                       if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
+                               return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
+                       }
+               }
+
                assert!(self.shutdown_scriptpubkey.is_some());
                if let Some((last_fee, sig)) = self.last_sent_closing_fee {
                        if last_fee == msg.fee_satoshis {