Skip to content

Fix two edge cases in handling of counterparty revoked commitment txn #1486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 21, 2022
Merged

Fix two edge cases in handling of counterparty revoked commitment txn #1486

merged 2 commits into from
Jun 21, 2022

Conversation

TheBlueMatt
Copy link
Collaborator

@TheBlueMatt TheBlueMatt commented May 17, 2022
edited
Loading

Based on #1481 as the tests are only useful with it.

Discovered while working on #1466.

This adds two new commits which correct some edge-case handling of revoked counterparty commitment transactions. They're both super duper edge, so not worth rushing too much to fix them, but will be needed for #1466 so would be nice to get them soon-ish.

The first case is only relevant for users disconnecting blocks with transaction_unconfirmed, when the counterparty broadcasts a revoked commitment transaction, which is then reorg'd out and replaced with a non-revoked commitment transaction.

The second case handles resolving HTLCs even though we haven't yet spent them, though we have broadcast the spend transactions and should spend them soon. This, too, is only relevant in case the revoked commitment transaction gets reorg'd out and replaced with a non-revoked one (and then the HTLCs claimed by our counterparty).

@TheBlueMatt TheBlueMatt added this to the 0.0.108 milestone May 17, 2022
@TheBlueMatt TheBlueMatt mentioned this pull request May 17, 2022
Merged
@TheBlueMatt TheBlueMatt mentioned this pull request May 25, 2022
Merged
wpaulino
wpaulino reviewed May 27, 2022
View reviewed changes
Copy link
Contributor

@wpaulino wpaulino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after rebase, nice catch and tests!

@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 19f4f99 to 334c0c4 Compare May 27, 2022 18:45
@TheBlueMatt
Copy link
Collaborator Author

Reased after merge of #1481.

tnull
tnull reviewed May 28, 2022
View reviewed changes
@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 334c0c4 to 032673c Compare May 28, 2022 18:55
@codecov-commenter
Copy link

codecov-commenter commented May 28, 2022
edited
Loading

Codecov Report

Merging #1486 (7cd9ebf) into main (4356809) will increase coverage by 0.84%.
The diff coverage is 90.51%.

❗ Current head 7cd9ebf differs from pull request most recent head 70ae45f. Consider uploading reports for the commit 70ae45f to get more accurate results

@@            Coverage Diff             @@
##             main    #1486      +/-   ##
==========================================
+ Coverage   90.96%   91.80%   +0.84%     
==========================================
  Files          80       80              
  Lines       43533    47809    +4276     
  Branches    43533    47809    +4276     
==========================================
+ Hits        39598    43892    +4294     
+ Misses       3935     3917      -18
Impacted Files Coverage Δ
lightning/src/chain/channelmonitor.rs 90.82% <59.37%> (-0.42%) ⬇️
lightning/src/ln/functional_tests.rs 98.42% <100.00%> (+1.28%) ⬆️
lightning/src/ln/monitor_tests.rs 100.00% <100.00%> (ø)
lightning/src/ln/reorg_tests.rs 100.00% <100.00%> (ø)
lightning/src/chain/onchaintx.rs 93.98% <0.00%> (-0.93%) ⬇️
lightning/src/routing/gossip.rs 94.38% <0.00%> (+2.69%) ⬆️
lightning/src/ln/channelmanager.rs 88.06% <0.00%> (+3.72%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4356809...70ae45f. Read the comment docs.

tnull
tnull reviewed Jun 1, 2022
View reviewed changes
@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 032673c to a9ad6f9 Compare June 13, 2022 18:01
tnull
tnull reviewed Jun 13, 2022
View reviewed changes
@wpaulino
Copy link
Contributor

@TheBlueMatt CI is failing now with thread 'ln::reorg_tests::test_counterparty_revoked_reorg' panicked at 'assertion failed: self.node.get_and_clear_pending_events().is_empty()', lightning/src/ln/functional_test_utils.rs:306:13.

@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 4154c55 to 690817e Compare June 14, 2022 09:46
@TheBlueMatt
Copy link
Collaborator Author

Oops, yea, needed to rebase on latest upstream changes.

@tnull
Copy link
Contributor

tnull commented Jun 14, 2022

LGTM, feel free to squash.

@TheBlueMatt
Correct handling of reorg'd-out revoked counterparty transactions
44d1dfa 
Previously, while processing a confirmed revoked counterparty
commitment transaction, we'd populate `OnchainEvent`s for live
HTLCs with a `txid` source of the txid of the latest counterparty
commitment transactions, not the confirmed revoked one. This meant
that, if the user is using `transaction_unconfirmed` to notify us
of reorg information, we'd end up not removing the entry if the
revoked commitment transaction was reorg'd out. This would
ultimately cause us to spuriously resolve the HTLC(s) as the chain
advanced, even though we were doing so based on a now-reorged-out
transaction.

Luckily the fix is simple - set the correct txid in the
`OnchainEventEntry`. We also take this opportunity to update
logging in a few places with the txid of the transaction causing an
event.
@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 690817e to 9854c91 Compare June 15, 2022 14:22
@TheBlueMatt
Copy link
Collaborator Author

Squashed without changes:

$ git diff-tree -U1 690817ee 9854c913
$

tnull
tnull previously approved these changes Jun 15, 2022
View reviewed changes
wpaulino
wpaulino previously approved these changes Jun 15, 2022
View reviewed changes
valentinewallace
valentinewallace reviewed Jun 16, 2022
View reviewed changes
@TheBlueMatt TheBlueMatt dismissed stale reviews from wpaulino and tnull via 0e38bd5 June 17, 2022 15:49
@TheBlueMatt
Don't fail HTLCs in revoked commitment txn until we spend them
70ae45f 
When we see a counterparty revoked commitment transaction on-chain
we shouldn't immediately queue up HTLCs present in it for
resolution until we have spent the HTLC outputs in some kind of
claim transaction.

In order to do so, we first have to change the
`fail_unbroadcast_htlcs!()` call to provide it with the HTLCs which
are present in the (revoked) commitment transaction which was
broadcast. However, this is not sufficient - because all of those
HTLCs had their `HTLCSource` removed when the commitment
transaction was revoked, we also have to update
`fail_unbroadcast_htlcs` to check the payment hash and amount when
the `HTLCSource` is `None`.

Somewhat surprisingly, several tests actually explicitly tested for
the old behavior, which required amending to pass with the new
changes.

Finally, this adds a debug assertion when writing `ChannelMonitor`s
to ensure `HTLCSource`s do not leak.
@TheBlueMatt TheBlueMatt force-pushed the 2022-05-revoked-txn-edge-cases branch from 7cd9ebf to 70ae45f Compare June 21, 2022 16:15
@TheBlueMatt
Copy link
Collaborator Author

Rebased without change:

$ git diff-tree -U1 7cd9ebfa7 70ae45fea
$

@TheBlueMatt TheBlueMatt merged commit c502e8d into lightningdevkit:main Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnull tnull tnull approved these changes

@wpaulino wpaulino wpaulino approved these changes

@valentinewallace valentinewallace valentinewallace approved these changes

Assignees

@valentinewallace valentinewallace

Labels
None yet
Projects
LDK Roadmap
Status: Done
Milestone
0.0.109
Development

Successfully merging this pull request may close these issues.
5 participants
@TheBlueMatt @codecov-commenter @wpaulino @tnull @valentinewallace