Fail channel if we can't sign a new commitment tx during HTLC claim

TheBlueMatt · TheBlueMatt · commit dac9f3f02695 · 2021-07-22T21:21:36.000Z
Previously, we could fail to generate a new commitment transaction
but it simply indicated we had gone to doule-claim an HTLC. Now
that double-claims are returned instead as Ok(None), we should
handle the error case and fail the channel, as the only way to hit
the error case is if key derivation failed or the user refused to
sign the new commitment transaction.

This also resolves an issue where we wouldn't inform our
ChannelMonitor of the new payment preimage in case we failed to
fetch a signature for the new commitment transaction.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -1344,10 +1344,13 @@ impl<Signer: Sign> Channel<Signer> {
 		}), monitor_update))
 	}
 
-	pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> Result<Option<(Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)>, ChannelMonitorUpdate)>, ChannelError> where L::Target: Logger {
+	pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> Result<Option<(Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)>, ChannelMonitorUpdate)>, (ChannelError, ChannelMonitorUpdate)> where L::Target: Logger {
 		match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
 			Some((Some(update_fulfill_htlc), mut monitor_update)) => {
-				let (commitment, mut additional_update) = self.send_commitment_no_status_check(logger)?;
+				let (commitment, mut additional_update) = match self.send_commitment_no_status_check(logger) {
+					Err(e) => return Err((e, monitor_update)),
+					Ok(res) => res
+				};
 				// send_commitment_no_status_check may bump latest_monitor_id but we want them to be
 				// strictly increasing by one, so decrement it here.
 				self.latest_monitor_update_id = monitor_update.update_id;
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -2679,16 +2679,14 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 		};
 
 		if let hash_map::Entry::Occupied(mut chan) = channel_state.by_id.entry(chan_id) {
-			let was_frozen_for_monitor = chan.get().is_awaiting_monitor_update();
 			match chan.get_mut().get_update_fulfill_htlc_and_commit(prev_hop.htlc_id, payment_preimage, &self.logger) {
 				Ok(msgs_monitor_option) => {
 					if let Some((msgs, monitor_update)) = msgs_monitor_option {
 						if let Err(e) = self.chain_monitor.update_channel(chan.get().get_funding_txo().unwrap(), monitor_update) {
-							if was_frozen_for_monitor {
-								assert!(msgs.is_none());
-							} else {
-								return Err(Some((chan.get().get_counterparty_node_id(), handle_monitor_err!(self, e, channel_state, chan, RAACommitmentOrder::CommitmentFirst, false, msgs.is_some()).unwrap_err())));
-							}
+							return Err(Some((
+								chan.get().get_counterparty_node_id(),
+								handle_monitor_err!(self, e, channel_state, chan, RAACommitmentOrder::CommitmentFirst, false, msgs.is_some()).unwrap_err(),
+							)));
 						}
 						if let Some((msg, commitment_signed)) = msgs {
 							log_debug!(self.logger, "Claiming funds for HTLC with preimage {} resulted in a commitment_signed for channel {}",
@@ -2708,16 +2706,17 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 					}
 					return Ok(())
 				},
-				Err(e) => {
-					// TODO: Do something with e?
-					// This should only occur if we are claiming an HTLC at the same time as the
-					// HTLC is being failed (eg because a block is being connected and this caused
-					// an HTLC to time out). This should, of course, only occur if the user is the
-					// one doing the claiming (as it being a part of a peer claim would imply we're
-					// about to lose funds) and only if the lock in claim_funds was dropped as a
-					// previous HTLC was failed (thus not for an MPP payment).
-					debug_assert!(false, "This shouldn't be reachable except in absurdly rare cases between monitor updates and HTLC timeouts: {:?}", e);
-					return Err(None)
+				Err((e, monitor_update)) => {
+					if let Err(e) = self.chain_monitor.update_channel(chan.get().get_funding_txo().unwrap(), monitor_update) {
+						log_error!(self.logger, "Critical error: failed to update channel monitor with preimage {:?}: {:?}",
+							payment_preimage, e);
+					}
+					let counterparty_node_id = chan.get().get_counterparty_node_id();
+					let (drop, res) = convert_chan_err!(self, e, channel_state.short_to_id, chan.get_mut(), &chan_id);
+					if drop {
+						chan.remove_entry();
+					}
+					return Err(Some((counterparty_node_id, res)));
 				},
 			}
 		} else { unreachable!(); }
