From 9115f66dbc3824b2d655eb5440d122bdd1282eff Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Fri, 13 May 2022 05:11:14 +0000 Subject: [PATCH 01/10] Store the full event transaction in `OnchainEvent` structs When we see a transaction which generates some `OnchainEvent`, its useful to have the full transaction around for later analysis. Specifically, it lets us check the list of outputs which were spent in the transaction, allowing us to look up, e.g. which HTLC outpoint was spent in a transaction. This will be used in a few commits to do exactly that - figure out which HTLC a given `OnchainEvent` corresponds with. --- lightning/src/chain/channelmonitor.rs | 28 +++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 4bb08724c17..5cd031143be 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -315,6 +315,7 @@ struct OnchainEventEntry { txid: Txid, height: u32, event: OnchainEvent, + transaction: Option, // Added as optional, but always filled in, in LDK 0.0.110 } impl OnchainEventEntry { @@ -395,6 +396,7 @@ impl Writeable for OnchainEventEntry { fn write(&self, writer: &mut W) -> Result<(), io::Error> { write_tlv_fields!(writer, { (0, self.txid, required), + (1, self.transaction, option), (2, self.height, required), (4, self.event, required), }); @@ -405,15 +407,17 @@ impl Writeable for OnchainEventEntry { impl MaybeReadable for OnchainEventEntry { fn read(reader: &mut R) -> Result, DecodeError> { let mut txid = Txid::all_zeros(); + let mut transaction = None; let mut height = 0; let mut event = None; read_tlv_fields!(reader, { (0, txid, required), + (1, transaction, option), (2, height, required), (4, event, ignorable), }); if let Some(ev) = event { - Ok(Some(Self { txid, height, event: ev })) + Ok(Some(Self { txid, transaction, height, event: ev })) } else { Ok(None) } @@ -1683,8 +1687,10 @@ impl ChannelMonitor { /// as long as we examine both the current counterparty commitment transaction and, if it hasn't /// been revoked yet, the previous one, we we will never "forget" to resolve an HTLC. macro_rules! fail_unbroadcast_htlcs { - ($self: expr, $commitment_tx_type: expr, $commitment_txid_confirmed: expr, + ($self: expr, $commitment_tx_type: expr, $commitment_txid_confirmed: expr, $commitment_tx_confirmed: expr, $commitment_tx_conf_height: expr, $confirmed_htlcs_list: expr, $logger: expr) => { { + debug_assert_eq!($commitment_tx_confirmed.txid(), $commitment_txid_confirmed); + macro_rules! check_htlc_fails { ($txid: expr, $commitment_tx: expr) => { if let Some(ref latest_outpoints) = $self.counterparty_claimable_outpoints.get($txid) { @@ -1724,6 +1730,7 @@ macro_rules! fail_unbroadcast_htlcs { }); let entry = OnchainEventEntry { txid: $commitment_txid_confirmed, + transaction: Some($commitment_tx_confirmed.clone()), height: $commitment_tx_conf_height, event: OnchainEvent::HTLCUpdate { source: (**source).clone(), @@ -2155,13 +2162,13 @@ impl ChannelMonitorImpl { self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number); if let Some(per_commitment_data) = per_commitment_option { - fail_unbroadcast_htlcs!(self, "revoked_counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "revoked_counterparty", commitment_txid, tx, height, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); } else { debug_assert!(false, "We should have per-commitment option for any recognized old commitment txn"); - fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, tx, height, [].iter().map(|reference| *reference), logger); } } @@ -2179,7 +2186,7 @@ impl ChannelMonitorImpl { self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number); log_info!(logger, "Got broadcast of non-revoked counterparty commitment transaction {}", commitment_txid); - fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, tx, height, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); @@ -2338,7 +2345,7 @@ impl ChannelMonitorImpl { let res = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, height); let mut to_watch = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, tx); append_onchain_update!(res, to_watch); - fail_unbroadcast_htlcs!(self, "latest holder", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "latest holder", commitment_txid, tx, height, self.current_holder_commitment_tx.htlc_outputs.iter() .map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } else if let &Some(ref holder_tx) = &self.prev_holder_signed_commitment_tx { @@ -2348,7 +2355,7 @@ impl ChannelMonitorImpl { let res = self.get_broadcasted_holder_claims(holder_tx, height); let mut to_watch = self.get_broadcasted_holder_watch_outputs(holder_tx, tx); append_onchain_update!(res, to_watch); - fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, tx, height, holder_tx.htlc_outputs.iter().map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } @@ -2514,6 +2521,7 @@ impl ChannelMonitorImpl { let txid = tx.txid(); self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid, + transaction: Some((*tx).clone()), height: height, event: OnchainEvent::FundingSpendConfirmation { on_local_output_csv: balance_spendable_csv, @@ -2932,7 +2940,7 @@ impl ChannelMonitorImpl { let outbound_htlc = $holder_tx == htlc_output.offered; if !outbound_htlc || revocation_sig_claim { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { - txid: tx.txid(), height, + txid: tx.txid(), height, transaction: Some(tx.clone()), event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, preimage: if accepted_preimage_claim || offered_preimage_claim { @@ -2984,6 +2992,7 @@ impl ChannelMonitorImpl { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid: tx.txid(), height, + transaction: Some(tx.clone()), event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, preimage: Some(payment_preimage), @@ -3004,6 +3013,7 @@ impl ChannelMonitorImpl { } else { false }) { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height, event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, @@ -3030,6 +3040,7 @@ impl ChannelMonitorImpl { }); let entry = OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height, event: OnchainEvent::HTLCUpdate { source, payment_hash, @@ -3103,6 +3114,7 @@ impl ChannelMonitorImpl { if let Some(spendable_output) = spendable_output { let entry = OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height: height, event: OnchainEvent::MaturingOutput { descriptor: spendable_output.clone() }, }; From 0ec54ecd977732a83947668e3e6432c7b9dc0295 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Sat, 30 Apr 2022 20:29:31 +0000 Subject: [PATCH 02/10] Track counterparty payout info in counterparty commitment txn When handling a revoked counterparty commitment transaction which was broadcast on-chain, we occasionally need to look up which output (and its value) was to the counterparty (the `to_self` output). This will allow us to generate `Balance`s for the user for the revoked output. --- lightning/src/chain/channelmonitor.rs | 95 +++++++++++++++++++++++---- 1 file changed, 82 insertions(+), 13 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 5cd031143be..fa4ab601121 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -54,6 +54,7 @@ use util::events::Event; use prelude::*; use core::{cmp, mem}; use io::{self, Error}; +use core::convert::TryInto; use core::ops::Deref; use sync::Mutex; @@ -345,6 +346,11 @@ impl OnchainEventEntry { } } +/// The (output index, sats value) for the counterparty's output in a commitment transaction. +/// +/// This was added as an `Option` in 0.0.110. +type CommitmentTxCounterpartyOutputInfo = Option<(u32, u64)>; + /// Upon discovering of some classes of onchain tx by ChannelMonitor, we may have to take actions on it /// once they mature to enough confirmations (ANTI_REORG_DELAY) #[derive(PartialEq)] @@ -372,6 +378,9 @@ enum OnchainEvent { /// The CSV delay for the output of the funding spend transaction (implying it is a local /// commitment transaction, and this is the delay on the to_self output). on_local_output_csv: Option, + /// If the funding spend transaction was a known remote commitment transaction, we track + /// the output index and amount of the counterparty's `to_self` output here. + commitment_tx_to_counterparty_output: CommitmentTxCounterpartyOutputInfo, }, /// A spend of a commitment transaction HTLC output, set in the cases where *no* `HTLCUpdate` /// is constructed. This is used when @@ -436,6 +445,7 @@ impl_writeable_tlv_based_enum_upgradable!(OnchainEvent, }, (3, FundingSpendConfirmation) => { (0, on_local_output_csv, option), + (1, commitment_tx_to_counterparty_output, option), }, (5, HTLCSpendConfirmation) => { (0, commitment_tx_output_idx, required), @@ -714,6 +724,7 @@ pub(crate) struct ChannelMonitorImpl { funding_spend_seen: bool, funding_spend_confirmed: Option, + confirmed_commitment_tx_counterparty_output: CommitmentTxCounterpartyOutputInfo, /// The set of HTLCs which have been either claimed or failed on chain and have reached /// the requisite confirmations on the claim/fail transaction (either ANTI_REORG_DELAY or the /// spending CSV for revocable outputs). @@ -783,6 +794,7 @@ impl PartialEq for ChannelMonitorImpl { self.holder_tx_signed != other.holder_tx_signed || self.funding_spend_seen != other.funding_spend_seen || self.funding_spend_confirmed != other.funding_spend_confirmed || + self.confirmed_commitment_tx_counterparty_output != other.confirmed_commitment_tx_counterparty_output || self.htlcs_resolved_on_chain != other.htlcs_resolved_on_chain { false @@ -962,6 +974,7 @@ impl Writeable for ChannelMonitorImpl { (5, self.pending_monitor_events, vec_type), (7, self.funding_spend_seen, required), (9, self.counterparty_node_id, option), + (11, self.confirmed_commitment_tx_counterparty_output, option), }); Ok(()) @@ -1068,6 +1081,7 @@ impl ChannelMonitor { holder_tx_signed: false, funding_spend_seen: false, funding_spend_confirmed: None, + confirmed_commitment_tx_counterparty_output: None, htlcs_resolved_on_chain: Vec::new(), best_block, @@ -1918,7 +1932,7 @@ impl ChannelMonitorImpl { // First check if a counterparty commitment transaction has been broadcasted: macro_rules! claim_htlcs { ($commitment_number: expr, $txid: expr) => { - let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs($commitment_number, $txid, None); + let (htlc_claim_reqs, _) = self.get_counterparty_output_claim_info($commitment_number, $txid, None); self.onchain_tx_handler.update_claims_view(&Vec::new(), htlc_claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); } } @@ -2097,13 +2111,18 @@ impl ChannelMonitorImpl { /// data in counterparty_claimable_outpoints. Will directly claim any HTLC outputs which expire at a /// height > height + CLTV_SHARED_CLAIM_BUFFER. In any case, will install monitoring for /// HTLC-Success/HTLC-Timeout transactions. - /// Return updates for HTLC pending in the channel and failed automatically by the broadcast of - /// revoked counterparty commitment tx - fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) -> (Vec, TransactionOutputs) where L::Target: Logger { + /// + /// Returns packages to claim the revoked output(s), as well as additional outputs to watch and + /// general information about the output that is to the counterparty in the commitment + /// transaction. + fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) + -> (Vec, TransactionOutputs, CommitmentTxCounterpartyOutputInfo) + where L::Target: Logger { // Most secp and related errors trying to create keys means we have no hope of constructing // a spend transaction...so we return no transactions to broadcast let mut claimable_outpoints = Vec::new(); let mut watch_outputs = Vec::new(); + let mut to_counterparty_output_info = None; let commitment_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers! let per_commitment_option = self.counterparty_claimable_outpoints.get(&commitment_txid); @@ -2112,7 +2131,7 @@ impl ChannelMonitorImpl { ( $thing : expr ) => { match $thing { Ok(a) => a, - Err(_) => return (claimable_outpoints, (commitment_txid, watch_outputs)) + Err(_) => return (claimable_outpoints, (commitment_txid, watch_outputs), to_counterparty_output_info) } }; } @@ -2134,6 +2153,8 @@ impl ChannelMonitorImpl { let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, outp.value, self.counterparty_commitment_params.on_counterparty_tx_csv); let justice_package = PackageTemplate::build_package(commitment_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height); claimable_outpoints.push(justice_package); + to_counterparty_output_info = + Some((idx.try_into().expect("Txn can't have more than 2^32 outputs"), outp.value)); } } @@ -2143,7 +2164,9 @@ impl ChannelMonitorImpl { if let Some(transaction_output_index) = htlc.transaction_output_index { if transaction_output_index as usize >= tx.output.len() || tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { - return (claimable_outpoints, (commitment_txid, watch_outputs)); // Corrupted per_commitment_data, fuck this user + // per_commitment_data is corrupt or our commitment signing key leaked! + return (claimable_outpoints, (commitment_txid, watch_outputs), + to_counterparty_output_info); } let revk_htlc_outp = RevokedHTLCOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, htlc.amount_msat / 1000, htlc.clone(), self.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_some()); let justice_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, PackageSolvingData::RevokedHTLCOutput(revk_htlc_outp), htlc.cltv_expiry, true, height); @@ -2191,17 +2214,22 @@ impl ChannelMonitorImpl { (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); - let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs(commitment_number, commitment_txid, Some(tx)); + let (htlc_claim_reqs, counterparty_output_info) = + self.get_counterparty_output_claim_info(commitment_number, commitment_txid, Some(tx)); + to_counterparty_output_info = counterparty_output_info; for req in htlc_claim_reqs { claimable_outpoints.push(req); } } - (claimable_outpoints, (commitment_txid, watch_outputs)) + (claimable_outpoints, (commitment_txid, watch_outputs), to_counterparty_output_info) } - fn get_counterparty_htlc_output_claim_reqs(&self, commitment_number: u64, commitment_txid: Txid, tx: Option<&Transaction>) -> Vec { + /// Returns the HTLC claim package templates and the counterparty output info + fn get_counterparty_output_claim_info(&self, commitment_number: u64, commitment_txid: Txid, tx: Option<&Transaction>) + -> (Vec, CommitmentTxCounterpartyOutputInfo) { let mut claimable_outpoints = Vec::new(); + let mut to_counterparty_output_info: CommitmentTxCounterpartyOutputInfo = None; if let Some(htlc_outputs) = self.counterparty_claimable_outpoints.get(&commitment_txid) { if let Some(per_commitment_points) = self.their_cur_per_commitment_points { let per_commitment_point_option = @@ -2215,12 +2243,43 @@ impl ChannelMonitorImpl { if per_commitment_points.0 == commitment_number + 1 { Some(point) } else { None } } else { None }; if let Some(per_commitment_point) = per_commitment_point_option { + if let Some(transaction) = tx { + let revokeable_p2wsh_opt = + if let Ok(revocation_pubkey) = chan_utils::derive_public_revocation_key( + &self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint) + { + if let Ok(delayed_key) = chan_utils::derive_public_key(&self.secp_ctx, + &per_commitment_point, + &self.counterparty_commitment_params.counterparty_delayed_payment_base_key) + { + Some(chan_utils::get_revokeable_redeemscript(&revocation_pubkey, + self.counterparty_commitment_params.on_counterparty_tx_csv, + &delayed_key).to_v0_p2wsh()) + } else { + debug_assert!(false, "Failed to derive a delayed payment key for a commitment state we accepted"); + None + } + } else { + debug_assert!(false, "Failed to derive a revocation pubkey key for a commitment state we accepted"); + None + }; + if let Some(revokeable_p2wsh) = revokeable_p2wsh_opt { + for (idx, outp) in transaction.output.iter().enumerate() { + if outp.script_pubkey == revokeable_p2wsh { + to_counterparty_output_info = + Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); + } + } + } + } + for (_, &(ref htlc, _)) in htlc_outputs.iter().enumerate() { if let Some(transaction_output_index) = htlc.transaction_output_index { if let Some(transaction) = tx { if transaction_output_index as usize >= transaction.output.len() || transaction.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { - return claimable_outpoints; // Corrupted per_commitment_data, fuck this user + // per_commitment_data is corrupt or our commitment signing key leaked! + return (claimable_outpoints, to_counterparty_output_info); } } let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None }; @@ -2247,7 +2306,7 @@ impl ChannelMonitorImpl { } } } - claimable_outpoints + (claimable_outpoints, to_counterparty_output_info) } /// Attempts to claim a counterparty HTLC-Success/HTLC-Timeout's outputs using the revocation key @@ -2502,14 +2561,19 @@ impl ChannelMonitorImpl { log_info!(logger, "Channel {} closed by funding output spend in txid {}.", log_bytes!(self.funding_info.0.to_channel_id()), tx.txid()); self.funding_spend_seen = true; + let mut commitment_tx_to_counterparty_output = None; if (tx.input[0].sequence.0 >> 8*3) as u8 == 0x80 && (tx.lock_time.0 >> 8*3) as u8 == 0x20 { - let (mut new_outpoints, new_outputs) = self.check_spend_counterparty_transaction(&tx, height, &logger); + let (mut new_outpoints, new_outputs, counterparty_output_idx_sats) = + self.check_spend_counterparty_transaction(&tx, height, &logger); + commitment_tx_to_counterparty_output = counterparty_output_idx_sats; if !new_outputs.1.is_empty() { watch_outputs.push(new_outputs); } claimable_outpoints.append(&mut new_outpoints); if new_outpoints.is_empty() { if let Some((mut new_outpoints, new_outputs)) = self.check_spend_holder_transaction(&tx, height, &logger) { + debug_assert!(commitment_tx_to_counterparty_output.is_none(), + "A commitment transaction matched as both a counterparty and local commitment tx?"); if !new_outputs.1.is_empty() { watch_outputs.push(new_outputs); } @@ -2525,6 +2589,7 @@ impl ChannelMonitorImpl { height: height, event: OnchainEvent::FundingSpendConfirmation { on_local_output_csv: balance_spendable_csv, + commitment_tx_to_counterparty_output, }, }); } else { @@ -2661,8 +2726,9 @@ impl ChannelMonitorImpl { OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } => { self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx, payment_preimage: preimage }); }, - OnchainEvent::FundingSpendConfirmation { .. } => { + OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } => { self.funding_spend_confirmed = Some(entry.txid); + self.confirmed_commitment_tx_counterparty_output = commitment_tx_to_counterparty_output; }, } } @@ -3375,12 +3441,14 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> let mut htlcs_resolved_on_chain = Some(Vec::new()); let mut funding_spend_seen = Some(false); let mut counterparty_node_id = None; + let mut confirmed_commitment_tx_counterparty_output = None; read_tlv_fields!(reader, { (1, funding_spend_confirmed, option), (3, htlcs_resolved_on_chain, vec_type), (5, pending_monitor_events, vec_type), (7, funding_spend_seen, option), (9, counterparty_node_id, option), + (11, confirmed_commitment_tx_counterparty_output, option), }); let mut secp_ctx = Secp256k1::new(); @@ -3431,6 +3499,7 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> holder_tx_signed, funding_spend_seen: funding_spend_seen.unwrap(), funding_spend_confirmed, + confirmed_commitment_tx_counterparty_output, htlcs_resolved_on_chain: htlcs_resolved_on_chain.unwrap(), best_block, From 66ced68ec652ff84b654bd50919a70f866418089 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 14 Jul 2022 21:23:39 +0000 Subject: [PATCH 03/10] Clean up nesting in `get_counterparty_output_claim_info` --- lightning/src/chain/channelmonitor.rs | 148 ++++++++++++++------------ 1 file changed, 78 insertions(+), 70 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index fa4ab601121..4d109294cf0 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -2230,82 +2230,90 @@ impl ChannelMonitorImpl { -> (Vec, CommitmentTxCounterpartyOutputInfo) { let mut claimable_outpoints = Vec::new(); let mut to_counterparty_output_info: CommitmentTxCounterpartyOutputInfo = None; - if let Some(htlc_outputs) = self.counterparty_claimable_outpoints.get(&commitment_txid) { - if let Some(per_commitment_points) = self.their_cur_per_commitment_points { - let per_commitment_point_option = - // If the counterparty commitment tx is the latest valid state, use their latest - // per-commitment point - if per_commitment_points.0 == commitment_number { Some(&per_commitment_points.1) } - else if let Some(point) = per_commitment_points.2.as_ref() { - // If counterparty commitment tx is the state previous to the latest valid state, use - // their previous per-commitment point (non-atomicity of revocation means it's valid for - // them to temporarily have two valid commitment txns from our viewpoint) - if per_commitment_points.0 == commitment_number + 1 { Some(point) } else { None } - } else { None }; - if let Some(per_commitment_point) = per_commitment_point_option { - if let Some(transaction) = tx { - let revokeable_p2wsh_opt = - if let Ok(revocation_pubkey) = chan_utils::derive_public_revocation_key( - &self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint) - { - if let Ok(delayed_key) = chan_utils::derive_public_key(&self.secp_ctx, - &per_commitment_point, - &self.counterparty_commitment_params.counterparty_delayed_payment_base_key) - { - Some(chan_utils::get_revokeable_redeemscript(&revocation_pubkey, - self.counterparty_commitment_params.on_counterparty_tx_csv, - &delayed_key).to_v0_p2wsh()) - } else { - debug_assert!(false, "Failed to derive a delayed payment key for a commitment state we accepted"); - None - } - } else { - debug_assert!(false, "Failed to derive a revocation pubkey key for a commitment state we accepted"); - None - }; - if let Some(revokeable_p2wsh) = revokeable_p2wsh_opt { - for (idx, outp) in transaction.output.iter().enumerate() { - if outp.script_pubkey == revokeable_p2wsh { - to_counterparty_output_info = - Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); - } - } - } + + let htlc_outputs = match self.counterparty_claimable_outpoints.get(&commitment_txid) { + Some(outputs) => outputs, + None => return (claimable_outpoints, to_counterparty_output_info), + }; + let per_commitment_points = match self.their_cur_per_commitment_points { + Some(points) => points, + None => return (claimable_outpoints, to_counterparty_output_info), + }; + + let per_commitment_point = + // If the counterparty commitment tx is the latest valid state, use their latest + // per-commitment point + if per_commitment_points.0 == commitment_number { &per_commitment_points.1 } + else if let Some(point) = per_commitment_points.2.as_ref() { + // If counterparty commitment tx is the state previous to the latest valid state, use + // their previous per-commitment point (non-atomicity of revocation means it's valid for + // them to temporarily have two valid commitment txns from our viewpoint) + if per_commitment_points.0 == commitment_number + 1 { + point + } else { return (claimable_outpoints, to_counterparty_output_info); } + } else { return (claimable_outpoints, to_counterparty_output_info); }; + + if let Some(transaction) = tx { + let revokeable_p2wsh_opt = + if let Ok(revocation_pubkey) = chan_utils::derive_public_revocation_key( + &self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint) + { + if let Ok(delayed_key) = chan_utils::derive_public_key(&self.secp_ctx, + &per_commitment_point, + &self.counterparty_commitment_params.counterparty_delayed_payment_base_key) + { + Some(chan_utils::get_revokeable_redeemscript(&revocation_pubkey, + self.counterparty_commitment_params.on_counterparty_tx_csv, + &delayed_key).to_v0_p2wsh()) + } else { + debug_assert!(false, "Failed to derive a delayed payment key for a commitment state we accepted"); + None + } + } else { + debug_assert!(false, "Failed to derive a revocation pubkey key for a commitment state we accepted"); + None + }; + if let Some(revokeable_p2wsh) = revokeable_p2wsh_opt { + for (idx, outp) in transaction.output.iter().enumerate() { + if outp.script_pubkey == revokeable_p2wsh { + to_counterparty_output_info = + Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); } + } + } + } - for (_, &(ref htlc, _)) in htlc_outputs.iter().enumerate() { - if let Some(transaction_output_index) = htlc.transaction_output_index { - if let Some(transaction) = tx { - if transaction_output_index as usize >= transaction.output.len() || - transaction.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { - // per_commitment_data is corrupt or our commitment signing key leaked! - return (claimable_outpoints, to_counterparty_output_info); - } - } - let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None }; - if preimage.is_some() || !htlc.offered { - let counterparty_htlc_outp = if htlc.offered { - PackageSolvingData::CounterpartyOfferedHTLCOutput( - CounterpartyOfferedHTLCOutput::build(*per_commitment_point, - self.counterparty_commitment_params.counterparty_delayed_payment_base_key, - self.counterparty_commitment_params.counterparty_htlc_base_key, - preimage.unwrap(), htlc.clone())) - } else { - PackageSolvingData::CounterpartyReceivedHTLCOutput( - CounterpartyReceivedHTLCOutput::build(*per_commitment_point, - self.counterparty_commitment_params.counterparty_delayed_payment_base_key, - self.counterparty_commitment_params.counterparty_htlc_base_key, - htlc.clone())) - }; - let aggregation = if !htlc.offered { false } else { true }; - let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0); - claimable_outpoints.push(counterparty_package); - } + for (_, &(ref htlc, _)) in htlc_outputs.iter().enumerate() { + if let Some(transaction_output_index) = htlc.transaction_output_index { + if let Some(transaction) = tx { + if transaction_output_index as usize >= transaction.output.len() || + transaction.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { + // per_commitment_data is corrupt or our commitment signing key leaked! + return (claimable_outpoints, to_counterparty_output_info); } - } + } + let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None }; + if preimage.is_some() || !htlc.offered { + let counterparty_htlc_outp = if htlc.offered { + PackageSolvingData::CounterpartyOfferedHTLCOutput( + CounterpartyOfferedHTLCOutput::build(*per_commitment_point, + self.counterparty_commitment_params.counterparty_delayed_payment_base_key, + self.counterparty_commitment_params.counterparty_htlc_base_key, + preimage.unwrap(), htlc.clone())) + } else { + PackageSolvingData::CounterpartyReceivedHTLCOutput( + CounterpartyReceivedHTLCOutput::build(*per_commitment_point, + self.counterparty_commitment_params.counterparty_delayed_payment_base_key, + self.counterparty_commitment_params.counterparty_htlc_base_key, + htlc.clone())) + }; + let aggregation = if !htlc.offered { false } else { true }; + let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0); + claimable_outpoints.push(counterparty_package); } } } + (claimable_outpoints, to_counterparty_output_info) } From e76ac333304c4080f56f7931ec555d3a1f8269af Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 17 May 2022 23:57:52 +0000 Subject: [PATCH 04/10] Fix off-by-one in test_onchain_htlc_claim_reorg_remote_commitment The test intended to disconnect a transaction previously connected but didn't disconnect enough blocks to do so, leading to it confirming two conflicting transactions. In the next few commits this will become an assertion failure. --- lightning/src/ln/reorg_tests.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lightning/src/ln/reorg_tests.rs b/lightning/src/ln/reorg_tests.rs index cbf920f587d..e4b916c9345 100644 --- a/lightning/src/ln/reorg_tests.rs +++ b/lightning/src/ln/reorg_tests.rs @@ -130,7 +130,8 @@ fn do_test_onchain_htlc_reorg(local_commitment: bool, claim: bool) { assert_eq!(nodes[1].node.get_and_clear_pending_events().len(), 0); if claim { - disconnect_blocks(&nodes[1], ANTI_REORG_DELAY - 2); + // Disconnect Node 1's HTLC-Timeout which was connected above + disconnect_blocks(&nodes[1], ANTI_REORG_DELAY - 1); let block = Block { header: BlockHeader { version: 0x20000000, prev_blockhash: nodes[1].best_block_hash(), merkle_root: TxMerkleNode::all_zeros(), time: 42, bits: 42, nonce: 42 }, From 9469ce0f3877843997f382da2e04e603335e37d7 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 19 May 2022 01:50:37 +0000 Subject: [PATCH 05/10] Track HTLC-Success/HTLC-Timeout claims of revoked outputs When a counterparty broadcasts a revoked commitment transaction, followed immediately by HTLC-Success/-Timeout spends thereof, we'd like to have an `onchain_events_awaiting_threshold_conf` entry for them. This does so using the `HTLCSpendConfirmation` entry, giving it (slightly) new meaning. Because all existing uses of `HTLCSpendConfirmation` already check if the relevant commitment transaction is revoked first, this should be trivially backwards compatible. We will ultimately figure out if something is being spent via the `OnchainTxHandler`, but to do so we need to look up the output via the HTLC transaction txid, which this allows us to do. --- lightning/src/chain/channelmonitor.rs | 44 ++++++++++++--------------- 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 4d109294cf0..0d1c458bc2d 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -369,6 +369,8 @@ enum OnchainEvent { /// transaction which appeared on chain. commitment_tx_output_idx: Option, }, + /// An output waiting on [`ANTI_REORG_DELAY`] confirmations before we hand the user the + /// [`SpendableOutputDescriptor`]. MaturingOutput { descriptor: SpendableOutputDescriptor, }, @@ -390,6 +392,9 @@ enum OnchainEvent { /// * an inbound HTLC is claimed by us (with a preimage). /// * a revoked-state HTLC transaction was broadcasted, which was claimed by the revocation /// signature. + /// * a revoked-state HTLC transaction was broadcasted, which was claimed by an + /// HTLC-Success/HTLC-Failure transaction (and is still claimable with a revocation + /// signature). HTLCSpendConfirmation { commitment_tx_output_idx: u32, /// If the claim was made by either party with a preimage, this is filled in @@ -2965,7 +2970,7 @@ impl ChannelMonitorImpl { log_error!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}!", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), if outbound_htlc { "outbound" } else { "inbound" }, log_bytes!($htlc.payment_hash.0), - if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back" }); + if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back. We can likely claim the HTLC output with a revocation claim" }); } else { log_info!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), @@ -3012,29 +3017,20 @@ impl ChannelMonitorImpl { if payment_data.is_none() { log_claim!($tx_info, $holder_tx, htlc_output, false); let outbound_htlc = $holder_tx == htlc_output.offered; - if !outbound_htlc || revocation_sig_claim { - self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { - txid: tx.txid(), height, transaction: Some(tx.clone()), - event: OnchainEvent::HTLCSpendConfirmation { - commitment_tx_output_idx: input.previous_output.vout, - preimage: if accepted_preimage_claim || offered_preimage_claim { - Some(payment_preimage) } else { None }, - // If this is a payment to us (!outbound_htlc, above), - // wait for the CSV delay before dropping the HTLC from - // claimable balance if the claim was an HTLC-Success - // transaction. - on_to_local_output_csv: if accepted_preimage_claim { - Some(self.on_holder_tx_csv) } else { None }, - }, - }); - } else { - // Outbound claims should always have payment_data, unless - // we've already failed the HTLC as the commitment transaction - // which was broadcasted was revoked. In that case, we should - // spend the HTLC output here immediately, and expose that fact - // as a Balance, something which we do not yet do. - // TODO: Track the above as claimable! - } + self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { + txid: tx.txid(), height, transaction: Some(tx.clone()), + event: OnchainEvent::HTLCSpendConfirmation { + commitment_tx_output_idx: input.previous_output.vout, + preimage: if accepted_preimage_claim || offered_preimage_claim { + Some(payment_preimage) } else { None }, + // If this is a payment to us (ie !outbound_htlc), wait for + // the CSV delay before dropping the HTLC from claimable + // balance if the claim was an HTLC-Success transaction (ie + // accepted_preimage_claim). + on_to_local_output_csv: if accepted_preimage_claim && !outbound_htlc { + Some(self.on_holder_tx_csv) } else { None }, + }, + }); continue 'outer_loop; } } From 04d8f5e3f11c156a862940856002971dcb7ac358 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Sat, 21 May 2022 01:11:52 +0000 Subject: [PATCH 06/10] Track the txid that resolves HTLCs even after resolution completes We need this information when we look up if we still need to spend a revoked output from an HTLC-Success/HTLC-Timeout transaction for balance calculation. --- lightning/src/chain/channelmonitor.rs | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 0d1c458bc2d..377657d6bca 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -588,12 +588,17 @@ pub enum Balance { #[derive(PartialEq)] struct IrrevocablyResolvedHTLC { commitment_tx_output_idx: u32, + /// The txid of the transaction which resolved the HTLC, this may be a commitment (if the HTLC + /// was not present in the confirmed commitment transaction), HTLC-Success, or HTLC-Timeout + /// transaction. + resolving_txid: Option, // Added as optional, but always filled in, in 0.0.110 /// Only set if the HTLC claim was ours using a payment preimage payment_preimage: Option, } impl_writeable_tlv_based!(IrrevocablyResolvedHTLC, { (0, commitment_tx_output_idx, required), + (1, resolving_txid, option), (2, payment_preimage, option), }); @@ -2727,7 +2732,10 @@ impl ChannelMonitorImpl { htlc_value_satoshis, })); if let Some(idx) = commitment_tx_output_idx { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx: idx, payment_preimage: None }); + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx: idx, resolving_txid: Some(entry.txid), + payment_preimage: None, + }); } }, OnchainEvent::MaturingOutput { descriptor } => { @@ -2737,7 +2745,10 @@ impl ChannelMonitorImpl { }); }, OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } => { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx, payment_preimage: preimage }); + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx, resolving_txid: Some(entry.txid), + payment_preimage: preimage, + }); }, OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } => { self.funding_spend_confirmed = Some(entry.txid); From a17794c3800c94fd23e767c1ee3ffd411d7ace81 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 17 May 2022 20:45:17 +0000 Subject: [PATCH 07/10] Scan `onchain_events_awaiting_threshold_conf` once in balance calc Instead of a series of different `onchain_events_awaiting_threshold_conf.iter()...` calls to scan for HTLC status in balance calculation, pull them all out into one `for ... { match ... }` to do it once and simplify the code somewhat. --- lightning/src/chain/channelmonitor.rs | 115 +++++++++++++++----------- 1 file changed, 65 insertions(+), 50 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 377657d6bca..f08895718f1 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -1449,67 +1449,82 @@ impl ChannelMonitor { ($holder_commitment: expr, $htlc_iter: expr) => { for htlc in $htlc_iter { if let Some(htlc_commitment_tx_output_idx) = htlc.transaction_output_index { - if let Some(conf_thresh) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::MaturingOutput { descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) } = &event.event { - if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx { Some(event.confirmation_threshold()) } else { None } - } else { None } - }) { + let mut htlc_update_pending = None; + let mut htlc_spend_pending = None; + let mut delayed_output_pending = None; + for event in us.onchain_events_awaiting_threshold_conf.iter() { + match event.event { + OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } + if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { + debug_assert!(htlc_update_pending.is_none()); + htlc_update_pending = + Some((htlc_value_satoshis.unwrap(), event.confirmation_threshold())); + }, + OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } + if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { + debug_assert!(htlc_spend_pending.is_none()); + htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); + }, + OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor) } + if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx => { + debug_assert!(delayed_output_pending.is_none()); + delayed_output_pending = Some(event.confirmation_threshold()); + }, + _ => {}, + } + } + let htlc_resolved = us.htlcs_resolved_on_chain.iter() + .find(|v| v.commitment_tx_output_idx == htlc_commitment_tx_output_idx); + debug_assert!(htlc_update_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); + + if let Some(conf_thresh) = delayed_output_pending { debug_assert!($holder_commitment); res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: htlc.amount_msat / 1000, confirmation_height: conf_thresh, }); - } else if us.htlcs_resolved_on_chain.iter().any(|v| v.commitment_tx_output_idx == htlc_commitment_tx_output_idx) { + } else if htlc_resolved.is_some() { // Funding transaction spends should be fully confirmed by the time any // HTLC transactions are resolved, unless we're talking about a holder // commitment tx, whose resolution is delayed until the CSV timeout is // reached, even though HTLCs may be resolved after only // ANTI_REORG_DELAY confirmations. debug_assert!($holder_commitment || us.funding_spend_confirmed.is_some()); - } else if htlc.offered == $holder_commitment { - // If the payment was outbound, check if there's an HTLCUpdate - // indicating we have spent this HTLC with a timeout, claiming it back - // and awaiting confirmations on it. - let htlc_update_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCUpdate { commitment_tx_output_idx: Some(commitment_tx_output_idx), .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some(event.confirmation_threshold()) } else { None } - } else { None } - }); - if let Some(conf_thresh) = htlc_update_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { - claimable_amount_satoshis: htlc.amount_msat / 1000, - claimable_height: htlc.cltv_expiry, - }); - } - } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { - // Otherwise (the payment was inbound), only expose it as claimable if - // we know the preimage. - // Note that if there is a pending claim, but it did not use the - // preimage, we lost funds to our counterparty! We will then continue - // to show it as ContentiousClaimable until ANTI_REORG_DELAY. - let htlc_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some((event.confirmation_threshold(), preimage.is_some())) - } else { None } - } else { None } - }); - if let Some((conf_thresh, true)) = htlc_spend_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::ContentiousClaimable { - claimable_amount_satoshis: htlc.amount_msat / 1000, - timeout_height: htlc.cltv_expiry, - }); + } else { + if htlc.offered == $holder_commitment { + // If the payment was outbound, check if there's an HTLCUpdate + // indicating we have spent this HTLC with a timeout, claiming it back + // and awaiting confirmations on it. + if let Some((value, conf_thresh)) = htlc_update_pending { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: value, + confirmation_height: conf_thresh, + }); + } else { + res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } + } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { + // Otherwise (the payment was inbound), only expose it as claimable if + // we know the preimage. + // Note that if there is a pending claim, but it did not use the + // preimage, we lost funds to our counterparty! We will then continue + // to show it as ContentiousClaimable until ANTI_REORG_DELAY. + debug_assert!(htlc_update_pending.is_none()); + if let Some((conf_thresh, true)) = htlc_spend_pending { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + res.push(Balance::ContentiousClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + timeout_height: htlc.cltv_expiry, + }); + } } } } From f712eb41572d98af2e234bb05013728138f3f4f5 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Wed, 13 Jul 2022 01:20:09 +0000 Subject: [PATCH 08/10] Simplify claimable balance trivially with consistent accessors --- lightning/src/chain/channelmonitor.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index f08895718f1..863ce4759e6 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -1457,8 +1457,8 @@ impl ChannelMonitor { OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { debug_assert!(htlc_update_pending.is_none()); - htlc_update_pending = - Some((htlc_value_satoshis.unwrap(), event.confirmation_threshold())); + debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); + htlc_update_pending = Some(event.confirmation_threshold()); }, OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { @@ -1496,9 +1496,9 @@ impl ChannelMonitor { // If the payment was outbound, check if there's an HTLCUpdate // indicating we have spent this HTLC with a timeout, claiming it back // and awaiting confirmations on it. - if let Some((value, conf_thresh)) = htlc_update_pending { + if let Some(conf_thresh) = htlc_update_pending { res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: value, + claimable_amount_satoshis: htlc.amount_msat / 1000, confirmation_height: conf_thresh, }); } else { From 5a8ede09fb3c8bbcd8694d94c12dac9ea7485537 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 24 May 2022 23:57:56 +0000 Subject: [PATCH 09/10] Expose counterparty-revoked-outputs in `get_claimable_balance` This uses the various new tracking added in the prior commits to expose a new `Balance` type - `CounterpartyRevokedOutputClaimable`. Some nontrivial work is required, however, as we now have to track HTLC outputs as spendable in a transaction that comes *after* an HTLC-Success/HTLC-Timeout transaction, which we previously didn't need to do. Thus, we have to check if an `onchain_events_awaiting_threshold_conf` event spends a commitment transaction's HTLC output while walking events. Further, because we now need to track HTLC outputs after the HTLC-Success/HTLC-Timeout confirms, and because we have to track the counterparty's `to_self` output as a contentious output which could be claimed by either party, we have to examine the `OnchainTxHandler`'s set of outputs to spend when determining if certain outputs are still spendable. Two new tests are added which test various different transaction formats, and hopefully provide good test coverage of the various revoked output paths. --- lightning/src/chain/channelmonitor.rs | 137 ++++- lightning/src/chain/onchaintx.rs | 4 + lightning/src/ln/functional_test_utils.rs | 19 +- lightning/src/ln/monitor_tests.rs | 658 ++++++++++++++++++++++ 4 files changed, 799 insertions(+), 19 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 863ce4759e6..08e5fedd8d3 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -22,6 +22,7 @@ use bitcoin::blockdata::block::BlockHeader; use bitcoin::blockdata::transaction::{TxOut,Transaction}; +use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint; use bitcoin::blockdata::script::{Script, Builder}; use bitcoin::blockdata::opcodes; @@ -382,6 +383,9 @@ enum OnchainEvent { on_local_output_csv: Option, /// If the funding spend transaction was a known remote commitment transaction, we track /// the output index and amount of the counterparty's `to_self` output here. + /// + /// This allows us to generate a [`Balance::CounterpartyRevokedOutputClaimable`] for the + /// counterparty output. commitment_tx_to_counterparty_output: CommitmentTxCounterpartyOutputInfo, }, /// A spend of a commitment transaction HTLC output, set in the cases where *no* `HTLCUpdate` @@ -582,6 +586,18 @@ pub enum Balance { /// done so. claimable_height: u32, }, + /// The channel has been closed, and our counterparty broadcasted a revoked commitment + /// transaction. + /// + /// Thus, we're able to claim all outputs in the commitment transaction, one of which has the + /// following amount. + CounterpartyRevokedOutputClaimable { + /// The amount, in satoshis, of the output which we can claim. + /// + /// Note that for outputs from HTLC balances this may be excluding some on-chain fees that + /// were already spent. + claimable_amount_satoshis: u64, + }, } /// An HTLC which has been irrevocably resolved on-chain, and has reached ANTI_REORG_DELAY. @@ -1421,9 +1437,9 @@ impl ChannelMonitor { /// balance, or until our counterparty has claimed the balance and accrued several /// confirmations on the claim transaction. /// - /// Note that the balances available when you or your counterparty have broadcasted revoked - /// state(s) may not be fully captured here. - // TODO, fix that ^ + /// Note that for `ChannelMonitors` which track a channel which went on-chain with versions of + /// LDK prior to 0.0.108, balances may not be fully captured if our counterparty broadcasted + /// a revoked state. /// /// See [`Balance`] for additional details on the types of claimable balances which /// may be returned here and their meanings. @@ -1432,9 +1448,13 @@ impl ChannelMonitor { let us = self.inner.lock().unwrap(); let mut confirmed_txid = us.funding_spend_confirmed; + let mut confirmed_counterparty_output = us.confirmed_commitment_tx_counterparty_output; let mut pending_commitment_tx_conf_thresh = None; let funding_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { + if let OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } = + event.event + { + confirmed_counterparty_output = commitment_tx_to_counterparty_output; Some((event.txid, event.confirmation_threshold())) } else { None } }); @@ -1446,9 +1466,10 @@ impl ChannelMonitor { } macro_rules! walk_htlcs { - ($holder_commitment: expr, $htlc_iter: expr) => { + ($holder_commitment: expr, $counterparty_revoked_commitment: expr, $htlc_iter: expr) => { for htlc in $htlc_iter { if let Some(htlc_commitment_tx_output_idx) = htlc.transaction_output_index { + let mut htlc_spend_txid_opt = None; let mut htlc_update_pending = None; let mut htlc_spend_pending = None; let mut delayed_output_pending = None; @@ -1456,12 +1477,16 @@ impl ChannelMonitor { match event.event { OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); debug_assert!(htlc_update_pending.is_none()); debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); htlc_update_pending = Some(event.confirmation_threshold()); }, OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); debug_assert!(htlc_spend_pending.is_none()); htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); }, @@ -1475,22 +1500,69 @@ impl ChannelMonitor { } } let htlc_resolved = us.htlcs_resolved_on_chain.iter() - .find(|v| v.commitment_tx_output_idx == htlc_commitment_tx_output_idx); + .find(|v| if v.commitment_tx_output_idx == htlc_commitment_tx_output_idx { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = v.resolving_txid; + true + } else { false }); debug_assert!(htlc_update_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); + let htlc_output_to_spend = + if let Some(txid) = htlc_spend_txid_opt { + debug_assert!( + us.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_none(), + "This code needs updating for anchors"); + BitcoinOutPoint::new(txid, 0) + } else { + BitcoinOutPoint::new(confirmed_txid.unwrap(), htlc_commitment_tx_output_idx) + }; + let htlc_output_needs_spending = us.onchain_tx_handler.is_output_spend_pending(&htlc_output_to_spend); + if let Some(conf_thresh) = delayed_output_pending { debug_assert!($holder_commitment); res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: htlc.amount_msat / 1000, confirmation_height: conf_thresh, }); - } else if htlc_resolved.is_some() { + } else if htlc_resolved.is_some() && !htlc_output_needs_spending { // Funding transaction spends should be fully confirmed by the time any // HTLC transactions are resolved, unless we're talking about a holder // commitment tx, whose resolution is delayed until the CSV timeout is // reached, even though HTLCs may be resolved after only // ANTI_REORG_DELAY confirmations. debug_assert!($holder_commitment || us.funding_spend_confirmed.is_some()); + } else if $counterparty_revoked_commitment { + let htlc_output_claim_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { .. } + } = &event.event { + if event.transaction.as_ref().map(|tx| tx.input.iter().any(|inp| { + if let Some(htlc_spend_txid) = htlc_spend_txid_opt { + Some(tx.txid()) == htlc_spend_txid_opt || + inp.previous_output.txid == htlc_spend_txid + } else { + Some(inp.previous_output.txid) == confirmed_txid && + inp.previous_output.vout == htlc_commitment_tx_output_idx + } + })).unwrap_or(false) { + Some(()) + } else { None } + } else { None } + }); + if htlc_output_claim_pending.is_some() { + // We already push `Balance`s onto the `res` list for every + // `StaticOutput` in a `MaturingOutput` in the revoked + // counterparty commitment transaction case generally, so don't + // need to do so again here. + } else { + debug_assert!(htlc_update_pending.is_none(), + "HTLCUpdate OnchainEvents should never appear for preimage claims"); + debug_assert!(!htlc.offered || htlc_spend_pending.is_none() || !htlc_spend_pending.unwrap().1, + "We don't (currently) generate preimage claims against revoked outputs, where did you get one?!"); + res.push(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + }); + } } else { if htlc.offered == $holder_commitment { // If the payment was outbound, check if there's an HTLCUpdate @@ -1534,8 +1606,8 @@ impl ChannelMonitor { if let Some(txid) = confirmed_txid { let mut found_commitment_tx = false; - if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { - walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().map(|(a, _)| a)); + if let Some(counterparty_tx_htlcs) = us.counterparty_claimable_outpoints.get(&txid) { + // First look for the to_remote output back to us. if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { if let Some(value) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { if let OnchainEvent::MaturingOutput { @@ -1554,9 +1626,50 @@ impl ChannelMonitor { // confirmation with the same height or have never met our dust amount. } } + if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { + walk_htlcs!(false, false, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + } else { + walk_htlcs!(false, true, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + // The counterparty broadcasted a revoked state! + // Look for any StaticOutputs first, generating claimable balances for those. + // If any match the confirmed counterparty revoked to_self output, skip + // generating a CounterpartyRevokedOutputClaimable. + let mut spent_counterparty_output = false; + for event in us.onchain_events_awaiting_threshold_conf.iter() { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { output, .. } + } = &event.event { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: output.value, + confirmation_height: event.confirmation_threshold(), + }); + if let Some(confirmed_to_self_idx) = confirmed_counterparty_output.map(|(idx, _)| idx) { + if event.transaction.as_ref().map(|tx| + tx.input.iter().any(|inp| inp.previous_output.vout == confirmed_to_self_idx) + ).unwrap_or(false) { + spent_counterparty_output = true; + } + } + } + } + + if spent_counterparty_output { + } else if let Some((confirmed_to_self_idx, amt)) = confirmed_counterparty_output { + let output_spendable = us.onchain_tx_handler + .is_output_spend_pending(&BitcoinOutPoint::new(txid, confirmed_to_self_idx)); + if output_spendable { + res.push(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: amt, + }); + } + } else { + // Counterparty output is missing, either it was broadcasted on a + // previous version of LDK or the counterparty hadn't met dust. + } + } found_commitment_tx = true; } else if txid == us.current_holder_commitment_tx.txid { - walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat, @@ -1566,7 +1679,7 @@ impl ChannelMonitor { found_commitment_tx = true; } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { if txid == prev_commitment.txid { - walk_htlcs!(true, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: prev_commitment.to_self_value_sat, @@ -1587,8 +1700,6 @@ impl ChannelMonitor { }); } } - // TODO: Add logic to provide claimable balances for counterparty broadcasting revoked - // outputs. } else { let mut claimable_inbound_htlc_value_sat = 0; for (htlc, _, _) in us.current_holder_commitment_tx.htlc_outputs.iter() { diff --git a/lightning/src/chain/onchaintx.rs b/lightning/src/chain/onchaintx.rs index 8f62c43c44e..0f2edff5ed7 100644 --- a/lightning/src/chain/onchaintx.rs +++ b/lightning/src/chain/onchaintx.rs @@ -691,6 +691,10 @@ impl OnchainTxHandler { } } + pub(crate) fn is_output_spend_pending(&self, outpoint: &BitcoinOutPoint) -> bool { + self.claimable_outpoints.get(outpoint).is_some() + } + pub(crate) fn get_relevant_txids(&self) -> Vec { let mut txids: Vec = self.onchain_events_awaiting_threshold_conf .iter() diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs index 4c91d4f7b1c..85077683fbb 100644 --- a/lightning/src/ln/functional_test_utils.rs +++ b/lightning/src/ln/functional_test_utils.rs @@ -1534,13 +1534,11 @@ macro_rules! expect_payment_failed { }; } -pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( - node: &'a Node<'b, 'c, 'd>, expected_payment_hash: PaymentHash, expected_rejected_by_dest: bool, - conditions: PaymentFailedConditions<'e> +pub fn expect_payment_failed_conditions_event<'a, 'b, 'c, 'd, 'e>( + node: &'a Node<'b, 'c, 'd>, payment_failed_event: Event, expected_payment_hash: PaymentHash, + expected_rejected_by_dest: bool, conditions: PaymentFailedConditions<'e> ) { - let mut events = node.node.get_and_clear_pending_events(); - assert_eq!(events.len(), 1); - let expected_payment_id = match events.pop().unwrap() { + let expected_payment_id = match payment_failed_event { Event::PaymentPathFailed { payment_hash, rejected_by_dest, path, retry, payment_id, network_update, short_channel_id, #[cfg(test)] error_code, @@ -1603,6 +1601,15 @@ pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( } } +pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( + node: &'a Node<'b, 'c, 'd>, expected_payment_hash: PaymentHash, expected_rejected_by_dest: bool, + conditions: PaymentFailedConditions<'e> +) { + let mut events = node.node.get_and_clear_pending_events(); + assert_eq!(events.len(), 1); + expect_payment_failed_conditions_event(node, events.pop().unwrap(), expected_payment_hash, expected_rejected_by_dest, conditions); +} + pub fn send_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_paths: &[&[&Node<'a, 'b, 'c>]], recv_value: u64, our_payment_hash: PaymentHash, our_payment_secret: PaymentSecret) -> PaymentId { let payment_id = origin_node.node.send_payment(&route, our_payment_hash, &Some(our_payment_secret)).unwrap(); check_added_monitors!(origin_node, expected_paths.len()); diff --git a/lightning/src/ln/monitor_tests.rs b/lightning/src/ln/monitor_tests.rs index 9be2059a705..67ea07f2abd 100644 --- a/lightning/src/ln/monitor_tests.rs +++ b/lightning/src/ln/monitor_tests.rs @@ -11,6 +11,7 @@ use chain::channelmonitor::{ANTI_REORG_DELAY, Balance}; use chain::transaction::OutPoint; +use chain::chaininterface::LowerBoundedFeeEstimator; use ln::channel; use ln::channelmanager::BREAKDOWN_TIMEOUT; use ln::features::InitFeatures; @@ -228,6 +229,17 @@ fn sorted_vec(mut v: Vec) -> Vec { v } +/// Asserts that `a` and `b` are close, but maybe off by up to 5. +/// This is useful when checking fees and weights on transactions as things may vary by a few based +/// on signature size and signature size estimation being non-exact. +fn fuzzy_assert_eq>(a: V, b: V) { + let a_u64 = a.try_into().map_err(|_| ()).unwrap(); + let b_u64 = b.try_into().map_err(|_| ()).unwrap(); + eprintln!("Checking {} and {} for fuzzy equality", a_u64, b_u64); + assert!(a_u64 >= b_u64 - 5); + assert!(b_u64 >= a_u64 - 5); +} + fn do_test_claim_value_force_close(prev_commitment_tx: bool) { // Tests `get_claimable_balances` with an HTLC across a force-close. // We build a channel with an HTLC pending, then force close the channel and check that the @@ -734,3 +746,649 @@ fn test_balances_on_local_commitment_htlcs() { assert!(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances().is_empty()); test_spendable_output(&nodes[0], &as_txn[1]); } + +fn sorted_vec_with_additions(v_orig: &Vec, extra_ts: &[&T]) -> Vec { + let mut v = v_orig.clone(); + for t in extra_ts { + v.push((*t).clone()); + } + v.sort_unstable(); + v +} + +fn do_test_revoked_counterparty_commitment_balances(confirm_htlc_spend_first: bool) { + // Tests `get_claimable_balances` for revoked counterparty commitment transactions. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + // We broadcast a second-to-latest commitment transaction, without providing the revocation + // secret to the counterparty. However, because we always immediately take the revocation + // secret from the keys_manager, we would panic at broadcast as we're trying to sign a + // transaction which, from the point of view of our keys_manager, is revoked. + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 100_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + // We create five HTLCs for B to claim against A's revoked commitment transaction: + // + // (1) one for which A is the originator and B knows the preimage + // (2) one for which B is the originator where the HTLC has since timed-out + // (3) one for which B is the originator but where the HTLC has not yet timed-out + // (4) one dust HTLC which is lost in the channel closure + // (5) one that actually isn't in the revoked commitment transaction at all, but was added in + // later commitment transaction updates + // + // Though they could all be claimed in a single claim transaction, due to CLTV timeouts they + // are all currently claimed in separate transactions, which helps us test as we can claim + // HTLCs individually. + + let (claimed_payment_preimage, claimed_payment_hash, ..) = route_payment(&nodes[0], &[&nodes[1]], 3_000_000); + let timeout_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 4_000_000).1; + let dust_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 3_000).1; + + let htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + + connect_blocks(&nodes[0], 10); + connect_blocks(&nodes[1], 10); + + let live_htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + let live_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 5_000_000).1; + + // Get the latest commitment transaction from A and then update the fee to revoke it + let as_revoked_txn = get_local_commitment_txn!(nodes[0], chan_id); + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + + let missing_htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + let missing_htlc_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 2_000_000).1; + + nodes[1].node.claim_funds(claimed_payment_preimage); + expect_payment_claimed!(nodes[1], claimed_payment_hash, 3_000_000); + check_added_monitors!(nodes[1], 1); + let _b_htlc_msgs = get_htlc_update_msgs!(&nodes[1], nodes[0].node.get_our_node_id()); + + connect_blocks(&nodes[0], htlc_cltv_timeout + 1 - 10); + check_closed_broadcast!(nodes[0], true); + check_added_monitors!(nodes[0], 1); + + let mut events = nodes[0].node.get_and_clear_pending_events(); + assert_eq!(events.len(), 6); + let mut failed_payments: HashSet<_> = + [timeout_payment_hash, dust_payment_hash, live_payment_hash, missing_htlc_payment_hash] + .iter().map(|a| *a).collect(); + events.retain(|ev| { + match ev { + Event::HTLCHandlingFailed { failed_next_destination: HTLCDestination::NextHopChannel { node_id, channel_id }, .. } => { + assert_eq!(*channel_id, chan_id); + assert_eq!(*node_id, Some(nodes[1].node.get_our_node_id())); + false + }, + Event::HTLCHandlingFailed { failed_next_destination: HTLCDestination::FailedPayment { payment_hash }, .. } => { + assert!(failed_payments.remove(payment_hash)); + false + }, + _ => true, + } + }); + assert!(failed_payments.is_empty()); + if let Event::PendingHTLCsForwardable { .. } = events[0] {} else { panic!(); } + match &events[1] { + Event::ChannelClosed { reason: ClosureReason::CommitmentTxConfirmed, .. } => {}, + _ => panic!(), + } + + connect_blocks(&nodes[1], htlc_cltv_timeout + 1 - 10); + check_closed_broadcast!(nodes[1], true); + check_added_monitors!(nodes[1], 1); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + + // Prior to channel closure, B considers the preimage HTLC as its own, and otherwise only + // lists the two on-chain timeout-able HTLCs as claimable balances. + assert_eq!(sorted_vec(vec![Balance::ClaimableOnChannelClose { + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3 - 2_000 + 3_000, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 2_000, + claimable_height: missing_htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 4_000, + claimable_height: htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 5_000, + claimable_height: live_htlc_cltv_timeout, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &as_revoked_txn[0]); + let mut claim_txn: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().drain(..).filter(|tx| tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid())).collect(); + // Currently the revoked commitment is claimed in four transactions as the HTLCs all expire + // quite soon. + assert_eq!(claim_txn.len(), 4); + claim_txn.sort_unstable_by_key(|tx| tx.output.iter().map(|output| output.value).sum::()); + + // The following constants were determined experimentally + const BS_TO_SELF_CLAIM_EXP_WEIGHT: usize = 483; + const OUTBOUND_HTLC_CLAIM_EXP_WEIGHT: usize = 571; + const INBOUND_HTLC_CLAIM_EXP_WEIGHT: usize = 578; + + // Check that the weight is close to the expected weight. Note that signature sizes vary + // somewhat so it may not always be exact. + fuzzy_assert_eq(claim_txn[0].weight(), OUTBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[1].weight(), INBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[2].weight(), INBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[3].weight(), BS_TO_SELF_CLAIM_EXP_WEIGHT); + + // The expected balance for the next three checks, with the largest-HTLC and to_self output + // claim balances separated out. + let expected_balance = vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3, + confirmation_height: nodes[1].best_block_info().1 + 5, + }, Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 3_000, + }, Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 4_000, + }]; + + let to_self_unclaimed_balance = Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }; + let to_self_claimed_avail_height; + let largest_htlc_unclaimed_balance = Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 5_000, + }; + let largest_htlc_claimed_avail_height; + + // Once the channel has been closed by A, B now considers all of the commitment transactions' + // outputs as `CounterpartyRevokedOutputClaimable`. + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_unclaimed_balance, &largest_htlc_unclaimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + if confirm_htlc_spend_first { + mine_transaction(&nodes[1], &claim_txn[2]); + largest_htlc_claimed_avail_height = nodes[1].best_block_info().1 + 5; + to_self_claimed_avail_height = nodes[1].best_block_info().1 + 6; // will be claimed in the next block + } else { + // Connect the to_self output claim, taking all of A's non-HTLC funds + mine_transaction(&nodes[1], &claim_txn[3]); + to_self_claimed_avail_height = nodes[1].best_block_info().1 + 5; + largest_htlc_claimed_avail_height = nodes[1].best_block_info().1 + 6; // will be claimed in the next block + } + + let largest_htlc_claimed_balance = Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 5_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: largest_htlc_claimed_avail_height, + }; + let to_self_claimed_balance = Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000 + - chan_feerate * claim_txn[3].weight() as u64 / 1000, + confirmation_height: to_self_claimed_avail_height, + }; + + if confirm_htlc_spend_first { + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_unclaimed_balance, &largest_htlc_claimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + } else { + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_claimed_balance, &largest_htlc_unclaimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + } + + if confirm_htlc_spend_first { + mine_transaction(&nodes[1], &claim_txn[3]); + } else { + mine_transaction(&nodes[1], &claim_txn[2]); + } + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_claimed_balance, &largest_htlc_claimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + // Finally, connect the last two remaining HTLC spends and check that they move to + // `ClaimableAwaitingConfirmations` + mine_transaction(&nodes[1], &claim_txn[0]); + mine_transaction(&nodes[1], &claim_txn[1]); + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3, + confirmation_height: nodes[1].best_block_info().1 + 1, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000 + - chan_feerate * claim_txn[3].weight() as u64 / 1000, + confirmation_height: to_self_claimed_avail_height, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 3_000 - chan_feerate * OUTBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: nodes[1].best_block_info().1 + 4, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 4_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: nodes[1].best_block_info().1 + 5, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 5_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: largest_htlc_claimed_avail_height, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &as_revoked_txn[0]); + + let mut payment_failed_events = nodes[1].node.get_and_clear_pending_events(); + expect_payment_failed_conditions_event(&nodes[1], payment_failed_events.pop().unwrap(), + dust_payment_hash, true, PaymentFailedConditions::new()); + expect_payment_failed_conditions_event(&nodes[1], payment_failed_events.pop().unwrap(), + missing_htlc_payment_hash, true, PaymentFailedConditions::new()); + assert!(payment_failed_events.is_empty()); + + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[if confirm_htlc_spend_first { 2 } else { 3 }]); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[if confirm_htlc_spend_first { 3 } else { 2 }]); + expect_payment_failed!(nodes[1], live_payment_hash, true); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[0]); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[1]); + expect_payment_failed!(nodes[1], timeout_payment_hash, true); + assert_eq!(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances(), Vec::new()); +} + +#[test] +fn test_revoked_counterparty_commitment_balances() { + do_test_revoked_counterparty_commitment_balances(true); + do_test_revoked_counterparty_commitment_balances(false); +} + +#[test] +fn test_revoked_counterparty_htlc_tx_balances() { + // Tests `get_claimable_balances` for revocation spends of HTLC transactions. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + // Create some initial channels + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 11_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + let payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 3_000_000).0; + let failed_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 1_000_000).1; + let revoked_local_txn = get_local_commitment_txn!(nodes[1], chan_id); + assert_eq!(revoked_local_txn[0].input.len(), 1); + assert_eq!(revoked_local_txn[0].input[0].previous_output.txid, funding_tx.txid()); + + // The to-be-revoked commitment tx should have two HTLCs and an output for both sides + assert_eq!(revoked_local_txn[0].output.len(), 4); + + claim_payment(&nodes[0], &[&nodes[1]], payment_preimage); + + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + + // B will generate an HTLC-Success from its revoked commitment tx + mine_transaction(&nodes[1], &revoked_local_txn[0]); + check_closed_broadcast!(nodes[1], true); + check_added_monitors!(nodes[1], 1); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + let revoked_htlc_success_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + + assert_eq!(revoked_htlc_success_txn.len(), 2); + assert_eq!(revoked_htlc_success_txn[0].input.len(), 1); + assert_eq!(revoked_htlc_success_txn[0].input[0].witness.last().unwrap().len(), ACCEPTED_HTLC_SCRIPT_WEIGHT); + check_spends!(revoked_htlc_success_txn[0], revoked_local_txn[0]); + check_spends!(revoked_htlc_success_txn[1], funding_tx); + + connect_blocks(&nodes[1], TEST_FINAL_CLTV); + let revoked_htlc_timeout_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(revoked_htlc_timeout_txn.len(), 1); + check_spends!(revoked_htlc_timeout_txn[0], revoked_local_txn[0]); + assert_ne!(revoked_htlc_success_txn[0].input[0].previous_output, revoked_htlc_timeout_txn[0].input[0].previous_output); + assert_eq!(revoked_htlc_success_txn[0].lock_time.0, 0); + assert_ne!(revoked_htlc_timeout_txn[0].lock_time.0, 0); + + // A will generate justice tx from B's revoked commitment/HTLC tx + mine_transaction(&nodes[0], &revoked_local_txn[0]); + check_closed_broadcast!(nodes[0], true); + check_added_monitors!(nodes[0], 1); + check_closed_event!(nodes[0], 1, ClosureReason::CommitmentTxConfirmed); + let to_remote_conf_height = nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1; + + let as_commitment_claim_txn = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_commitment_claim_txn.len(), 2); + check_spends!(as_commitment_claim_txn[0], revoked_local_txn[0]); + check_spends!(as_commitment_claim_txn[1], funding_tx); + + // The next two checks have the same balance set for A - even though we confirm a revoked HTLC + // transaction our balance tracking doesn't use the on-chain value so the + // `CounterpartyRevokedOutputClaimable` entry doesn't change. + let as_balances = sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in B's revoked commitment + claimable_amount_satoshis: 1_000_000 - 11_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + confirmation_height: to_remote_conf_height, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 3_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]); + assert_eq!(as_balances, + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &revoked_htlc_success_txn[0]); + let as_htlc_claim_tx = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_htlc_claim_tx.len(), 2); + check_spends!(as_htlc_claim_tx[0], revoked_htlc_success_txn[0]); + check_spends!(as_htlc_claim_tx[1], revoked_local_txn[0]); // A has to generate a new claim for the remaining revoked + // outputs (which no longer includes the spent HTLC output) + + assert_eq!(as_balances, + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + assert_eq!(as_htlc_claim_tx[0].output.len(), 1); + fuzzy_assert_eq(as_htlc_claim_tx[0].output[0].value, + 3_000 - chan_feerate * (revoked_htlc_success_txn[0].weight() + as_htlc_claim_tx[0].weight()) as u64 / 1000); + + mine_transaction(&nodes[0], &as_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in B's revoked commitment + claimable_amount_satoshis: 1_000_000 - 11_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + confirmation_height: to_remote_conf_height, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 3); + test_spendable_output(&nodes[0], &revoked_local_txn[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output to B + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + 2, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], 2); + test_spendable_output(&nodes[0], &as_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], revoked_htlc_timeout_txn[0].lock_time.0 - nodes[0].best_block_info().1); + expect_pending_htlcs_forwardable_and_htlc_handling_failed_ignore!(&nodes[0], + [HTLCDestination::FailedPayment { payment_hash: failed_payment_hash }]); + // As time goes on A may split its revocation claim transaction into multiple. + let as_fewer_input_rbf = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + for tx in as_fewer_input_rbf.iter() { + check_spends!(tx, revoked_local_txn[0]); + } + + // Connect a number of additional blocks to ensure we don't forget the HTLC output needs + // claiming. + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 1); + let as_fewer_input_rbf = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + for tx in as_fewer_input_rbf.iter() { + check_spends!(tx, revoked_local_txn[0]); + } + + mine_transaction(&nodes[0], &revoked_htlc_timeout_txn[0]); + let as_second_htlc_claim_tx = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_second_htlc_claim_tx.len(), 2); + + check_spends!(as_second_htlc_claim_tx[0], revoked_htlc_timeout_txn[0]); + check_spends!(as_second_htlc_claim_tx[1], revoked_local_txn[0]); + + // Connect blocks to finalize the HTLC resolution with the HTLC-Timeout transaction. In a + // previous iteration of the revoked balance handling this would result in us "forgetting" that + // the revoked HTLC output still needed to be claimed. + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 1); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &as_second_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_second_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &as_second_htlc_claim_tx[1]); + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_self output in B's revoked commitment + claimable_amount_satoshis: as_second_htlc_claim_tx[1].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_second_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 2, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 2); + test_spendable_output(&nodes[0], &as_second_htlc_claim_tx[0]); + connect_blocks(&nodes[0], 1); + test_spendable_output(&nodes[0], &as_second_htlc_claim_tx[1]); + + assert_eq!(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances(), Vec::new()); +} + +#[test] +fn test_revoked_counterparty_aggregated_claims() { + // Tests `get_claimable_balances` for revoked counterparty commitment transactions when + // claiming with an aggregated claim transaction. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + // We broadcast a second-to-latest commitment transaction, without providing the revocation + // secret to the counterparty. However, because we always immediately take the revocation + // secret from the keys_manager, we would panic at broadcast as we're trying to sign a + // transaction which, from the point of view of our keys_manager, is revoked. + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 100_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + // We create two HTLCs, one which we will give A the preimage to to generate an HTLC-Success + // transaction, and one which we will not, allowing B to claim the HTLC output in an aggregated + // revocation-claim transaction. + + let (claimed_payment_preimage, claimed_payment_hash, ..) = route_payment(&nodes[1], &[&nodes[0]], 3_000_000); + let revoked_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 4_000_000).1; + + let htlc_cltv_timeout = nodes[1].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + + // Cheat by giving A's ChannelMonitor the preimage to the to-be-claimed HTLC so that we have an + // HTLC-claim transaction on the to-be-revoked state. + get_monitor!(nodes[0], chan_id).provide_payment_preimage(&claimed_payment_hash, &claimed_payment_preimage, + &node_cfgs[0].tx_broadcaster, &LowerBoundedFeeEstimator::new(node_cfgs[0].fee_estimator), &nodes[0].logger); + + // Now get the latest commitment transaction from A and then update the fee to revoke it + let as_revoked_txn = get_local_commitment_txn!(nodes[0], chan_id); + + assert_eq!(as_revoked_txn.len(), 2); + check_spends!(as_revoked_txn[0], funding_tx); + check_spends!(as_revoked_txn[1], as_revoked_txn[0]); // The HTLC-Claim transaction + + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + + { + let mut feerate = chanmon_cfgs[0].fee_estimator.sat_per_kw.lock().unwrap(); + *feerate += 1; + } + nodes[0].node.timer_tick_occurred(); + check_added_monitors!(nodes[0], 1); + + let fee_update = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id()); + nodes[1].node.handle_update_fee(&nodes[0].node.get_our_node_id(), &fee_update.update_fee.unwrap()); + commitment_signed_dance!(nodes[1], nodes[0], fee_update.commitment_signed, false); + + nodes[0].node.claim_funds(claimed_payment_preimage); + expect_payment_claimed!(nodes[0], claimed_payment_hash, 3_000_000); + check_added_monitors!(nodes[0], 1); + let _a_htlc_msgs = get_htlc_update_msgs!(&nodes[0], nodes[1].node.get_our_node_id()); + + assert_eq!(sorted_vec(vec![Balance::ClaimableOnChannelClose { + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 4_000, + claimable_height: htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 3_000, + claimable_height: htlc_cltv_timeout, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &as_revoked_txn[0]); + check_closed_broadcast!(nodes[1], true); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + check_added_monitors!(nodes[1], 1); + + let mut claim_txn: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().drain(..).filter(|tx| tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid())).collect(); + // Currently the revoked commitment outputs are all claimed in one aggregated transaction + assert_eq!(claim_txn.len(), 1); + assert_eq!(claim_txn[0].input.len(), 3); + check_spends!(claim_txn[0], as_revoked_txn[0]); + + let to_remote_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + confirmation_height: to_remote_maturity, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + // Confirm A's HTLC-Success tranasction which presumably raced B's claim, causing B to create a + // new claim. + mine_transaction(&nodes[1], &as_revoked_txn[1]); + expect_payment_sent!(nodes[1], claimed_payment_preimage); + let mut claim_txn_2: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().clone(); + claim_txn_2.sort_unstable_by_key(|tx| if tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid()) { 0 } else { 1 }); + // Once B sees the HTLC-Success transaction it splits its claim transaction into two, though in + // theory it could re-aggregate the claims as well. + assert_eq!(claim_txn_2.len(), 2); + assert_eq!(claim_txn_2[0].input.len(), 2); + check_spends!(claim_txn_2[0], as_revoked_txn[0]); + assert_eq!(claim_txn_2[1].input.len(), 1); + check_spends!(claim_txn_2[1], as_revoked_txn[1]); + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + confirmation_height: to_remote_maturity, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + // The amount here is a bit of a misnomer, really its been reduced by the HTLC + // transaction fee, but the claimable amount is always a bit of an overshoot for HTLCs + // anyway, so its not a big change. + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 5); + test_spendable_output(&nodes[1], &as_revoked_txn[0]); + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + // The amount here is a bit of a misnomer, really its been reduced by the HTLC + // transaction fee, but the claimable amount is always a bit of an overshoot for HTLCs + // anyway, so its not a big change. + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &claim_txn_2[1]); + let htlc_2_claim_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::ClaimableAwaitingConfirmations { // HTLC 2 + claimable_amount_satoshis: claim_txn_2[1].output[0].value, + confirmation_height: htlc_2_claim_maturity, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 5); + test_spendable_output(&nodes[1], &claim_txn_2[1]); + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &claim_txn_2[0]); + let rest_claim_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(vec![Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: claim_txn_2[0].output[0].value, + confirmation_height: rest_claim_maturity, + }], + nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances()); + + assert!(nodes[1].node.get_and_clear_pending_events().is_empty()); // We shouldn't fail the payment until we spend the output + + connect_blocks(&nodes[1], 5); + expect_payment_failed!(nodes[1], revoked_payment_hash, true); + test_spendable_output(&nodes[1], &claim_txn_2[0]); + assert!(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances().is_empty()); +} From d8651e3dd57673792344d6aff65eb79fc9f2340b Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Sat, 16 Jul 2022 20:41:45 +0000 Subject: [PATCH 10/10] Move per-HTLC logic out of get_claimable_balances into a helper Val suggested this as an obvious cleanup to separate per_HTLC logic from the total commitment transaction logic, separating the large function into two. --- lightning/src/chain/channelmonitor.rs | 275 ++++++++++++++------------ 1 file changed, 146 insertions(+), 129 deletions(-) diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 08e5fedd8d3..500f2b521dd 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -1427,7 +1427,150 @@ impl ChannelMonitor { pub fn current_best_block(&self) -> BestBlock { self.inner.lock().unwrap().best_block.clone() } +} + +impl ChannelMonitorImpl { + /// Helper for get_claimable_balances which does the work for an individual HTLC, generating up + /// to one `Balance` for the HTLC. + fn get_htlc_balance(&self, htlc: &HTLCOutputInCommitment, holder_commitment: bool, + counterparty_revoked_commitment: bool, confirmed_txid: Option) + -> Option { + let htlc_commitment_tx_output_idx = + if let Some(v) = htlc.transaction_output_index { v } else { return None; }; + + let mut htlc_spend_txid_opt = None; + let mut holder_timeout_spend_pending = None; + let mut htlc_spend_pending = None; + let mut holder_delayed_output_pending = None; + for event in self.onchain_events_awaiting_threshold_conf.iter() { + match event.event { + OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } + if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); + debug_assert!(holder_timeout_spend_pending.is_none()); + debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); + holder_timeout_spend_pending = Some(event.confirmation_threshold()); + }, + OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } + if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); + debug_assert!(htlc_spend_pending.is_none()); + htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); + }, + OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor) } + if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx => { + debug_assert!(holder_delayed_output_pending.is_none()); + holder_delayed_output_pending = Some(event.confirmation_threshold()); + }, + _ => {}, + } + } + let htlc_resolved = self.htlcs_resolved_on_chain.iter() + .find(|v| if v.commitment_tx_output_idx == htlc_commitment_tx_output_idx { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = v.resolving_txid; + true + } else { false }); + debug_assert!(holder_timeout_spend_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); + + let htlc_output_to_spend = + if let Some(txid) = htlc_spend_txid_opt { + debug_assert!( + self.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_none(), + "This code needs updating for anchors"); + BitcoinOutPoint::new(txid, 0) + } else { + BitcoinOutPoint::new(confirmed_txid.unwrap(), htlc_commitment_tx_output_idx) + }; + let htlc_output_spend_pending = self.onchain_tx_handler.is_output_spend_pending(&htlc_output_to_spend); + if let Some(conf_thresh) = holder_delayed_output_pending { + debug_assert!(holder_commitment); + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else if htlc_resolved.is_some() && !htlc_output_spend_pending { + // Funding transaction spends should be fully confirmed by the time any + // HTLC transactions are resolved, unless we're talking about a holder + // commitment tx, whose resolution is delayed until the CSV timeout is + // reached, even though HTLCs may be resolved after only + // ANTI_REORG_DELAY confirmations. + debug_assert!(holder_commitment || self.funding_spend_confirmed.is_some()); + } else if counterparty_revoked_commitment { + let htlc_output_claim_pending = self.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { .. } + } = &event.event { + if event.transaction.as_ref().map(|tx| tx.input.iter().any(|inp| { + if let Some(htlc_spend_txid) = htlc_spend_txid_opt { + Some(tx.txid()) == htlc_spend_txid_opt || + inp.previous_output.txid == htlc_spend_txid + } else { + Some(inp.previous_output.txid) == confirmed_txid && + inp.previous_output.vout == htlc_commitment_tx_output_idx + } + })).unwrap_or(false) { + Some(()) + } else { None } + } else { None } + }); + if htlc_output_claim_pending.is_some() { + // We already push `Balance`s onto the `res` list for every + // `StaticOutput` in a `MaturingOutput` in the revoked + // counterparty commitment transaction case generally, so don't + // need to do so again here. + } else { + debug_assert!(holder_timeout_spend_pending.is_none(), + "HTLCUpdate OnchainEvents should never appear for preimage claims"); + debug_assert!(!htlc.offered || htlc_spend_pending.is_none() || !htlc_spend_pending.unwrap().1, + "We don't (currently) generate preimage claims against revoked outputs, where did you get one?!"); + return Some(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + }); + } + } else if htlc.offered == holder_commitment { + // If the payment was outbound, check if there's an HTLCUpdate + // indicating we have spent this HTLC with a timeout, claiming it back + // and awaiting confirmations on it. + if let Some(conf_thresh) = holder_timeout_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } + } else if self.payment_preimages.get(&htlc.payment_hash).is_some() { + // Otherwise (the payment was inbound), only expose it as claimable if + // we know the preimage. + // Note that if there is a pending claim, but it did not use the + // preimage, we lost funds to our counterparty! We will then continue + // to show it as ContentiousClaimable until ANTI_REORG_DELAY. + debug_assert!(holder_timeout_spend_pending.is_none()); + if let Some((conf_thresh, true)) = htlc_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::ContentiousClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + timeout_height: htlc.cltv_expiry, + }); + } + } + None + } +} + +impl ChannelMonitor { /// Gets the balances in this channel which are either claimable by us if we were to /// force-close the channel now or which are claimable on-chain (possibly awaiting /// confirmation). @@ -1468,136 +1611,10 @@ impl ChannelMonitor { macro_rules! walk_htlcs { ($holder_commitment: expr, $counterparty_revoked_commitment: expr, $htlc_iter: expr) => { for htlc in $htlc_iter { - if let Some(htlc_commitment_tx_output_idx) = htlc.transaction_output_index { - let mut htlc_spend_txid_opt = None; - let mut htlc_update_pending = None; - let mut htlc_spend_pending = None; - let mut delayed_output_pending = None; - for event in us.onchain_events_awaiting_threshold_conf.iter() { - match event.event { - OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } - if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { - debug_assert!(htlc_spend_txid_opt.is_none()); - htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); - debug_assert!(htlc_update_pending.is_none()); - debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); - htlc_update_pending = Some(event.confirmation_threshold()); - }, - OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } - if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { - debug_assert!(htlc_spend_txid_opt.is_none()); - htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); - debug_assert!(htlc_spend_pending.is_none()); - htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); - }, - OnchainEvent::MaturingOutput { - descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor) } - if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx => { - debug_assert!(delayed_output_pending.is_none()); - delayed_output_pending = Some(event.confirmation_threshold()); - }, - _ => {}, - } - } - let htlc_resolved = us.htlcs_resolved_on_chain.iter() - .find(|v| if v.commitment_tx_output_idx == htlc_commitment_tx_output_idx { - debug_assert!(htlc_spend_txid_opt.is_none()); - htlc_spend_txid_opt = v.resolving_txid; - true - } else { false }); - debug_assert!(htlc_update_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); - - let htlc_output_to_spend = - if let Some(txid) = htlc_spend_txid_opt { - debug_assert!( - us.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_none(), - "This code needs updating for anchors"); - BitcoinOutPoint::new(txid, 0) - } else { - BitcoinOutPoint::new(confirmed_txid.unwrap(), htlc_commitment_tx_output_idx) - }; - let htlc_output_needs_spending = us.onchain_tx_handler.is_output_spend_pending(&htlc_output_to_spend); + if htlc.transaction_output_index.is_some() { - if let Some(conf_thresh) = delayed_output_pending { - debug_assert!($holder_commitment); - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else if htlc_resolved.is_some() && !htlc_output_needs_spending { - // Funding transaction spends should be fully confirmed by the time any - // HTLC transactions are resolved, unless we're talking about a holder - // commitment tx, whose resolution is delayed until the CSV timeout is - // reached, even though HTLCs may be resolved after only - // ANTI_REORG_DELAY confirmations. - debug_assert!($holder_commitment || us.funding_spend_confirmed.is_some()); - } else if $counterparty_revoked_commitment { - let htlc_output_claim_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::MaturingOutput { - descriptor: SpendableOutputDescriptor::StaticOutput { .. } - } = &event.event { - if event.transaction.as_ref().map(|tx| tx.input.iter().any(|inp| { - if let Some(htlc_spend_txid) = htlc_spend_txid_opt { - Some(tx.txid()) == htlc_spend_txid_opt || - inp.previous_output.txid == htlc_spend_txid - } else { - Some(inp.previous_output.txid) == confirmed_txid && - inp.previous_output.vout == htlc_commitment_tx_output_idx - } - })).unwrap_or(false) { - Some(()) - } else { None } - } else { None } - }); - if htlc_output_claim_pending.is_some() { - // We already push `Balance`s onto the `res` list for every - // `StaticOutput` in a `MaturingOutput` in the revoked - // counterparty commitment transaction case generally, so don't - // need to do so again here. - } else { - debug_assert!(htlc_update_pending.is_none(), - "HTLCUpdate OnchainEvents should never appear for preimage claims"); - debug_assert!(!htlc.offered || htlc_spend_pending.is_none() || !htlc_spend_pending.unwrap().1, - "We don't (currently) generate preimage claims against revoked outputs, where did you get one?!"); - res.push(Balance::CounterpartyRevokedOutputClaimable { - claimable_amount_satoshis: htlc.amount_msat / 1000, - }); - } - } else { - if htlc.offered == $holder_commitment { - // If the payment was outbound, check if there's an HTLCUpdate - // indicating we have spent this HTLC with a timeout, claiming it back - // and awaiting confirmations on it. - if let Some(conf_thresh) = htlc_update_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { - claimable_amount_satoshis: htlc.amount_msat / 1000, - claimable_height: htlc.cltv_expiry, - }); - } - } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { - // Otherwise (the payment was inbound), only expose it as claimable if - // we know the preimage. - // Note that if there is a pending claim, but it did not use the - // preimage, we lost funds to our counterparty! We will then continue - // to show it as ContentiousClaimable until ANTI_REORG_DELAY. - debug_assert!(htlc_update_pending.is_none()); - if let Some((conf_thresh, true)) = htlc_spend_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::ContentiousClaimable { - claimable_amount_satoshis: htlc.amount_msat / 1000, - timeout_height: htlc.cltv_expiry, - }); - } - } + if let Some(bal) = us.get_htlc_balance(htlc, $holder_commitment, $counterparty_revoked_commitment, confirmed_txid) { + res.push(bal); } } }