BOLT2: Check we don't send and accept 0-msat HTLC #513
Conversation
There was a problem hiding this comment.
Awesome, thanks for tackling this. Should pass travis if you rebase on master with #514.
| @@ -1597,6 +1597,9 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> { | |||
| if msg.amount_msat > self.channel_value_satoshis * 1000 { | |||
| return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel")); | |||
| } | |||
| if msg.amount_msat == 0 { | |||
There was a problem hiding this comment.
Would be nice to test this line as well. Another way to do it that would be easier to test would be to just set our_htlc_minimum_msat to at least 1 always.
There was a problem hiding this comment.
Add a commit for this, without modifying default config
Codecov Report
@@ Coverage Diff @@
## master #513 +/- ##
==========================================
+ Coverage 90.07% 90.24% +0.16%
==========================================
Files 34 34
Lines 19053 19197 +144
==========================================
+ Hits 17162 17324 +162
+ Misses 1891 1873 -18
Continue to review full report at Codecov.
|
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
b1cd4fc to
91a9321
Compare
|
Rebased 91a9321 |
|
Looks like this needs a further rebase on top of #509. |
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
91a9321 to
3d6b2d9
Compare
|
Rebased 3d6b2d9 |
lightning/src/ln/channel.rs
Outdated
| @@ -1652,6 +1652,9 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> { | |||
| if msg.amount_msat > self.channel_value_satoshis * 1000 { | |||
| return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel")); | |||
| } | |||
| if msg.amount_msat == 0 { | |||
| return Err(ChannelError::Ignore("Remote side tried to send a 0-msat HTLC")); | |||
There was a problem hiding this comment.
I dont think this is right? We should either ::Close() or we should add the HTLC and fail it backwards as soon as they commit.
There was a problem hiding this comment.
You right, should fail the channel IIRC the spec, will update
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
3d6b2d9 to
cf2918f
Compare
|
Updated at cf2918f with rebase errors fixed, ::Ignore() switched for a ::Close() and receiver-test updated to check for channel closing. |
|
I believe this needs further updates (and a rebase onto master to make travis pass). |
Failing this requirement at sending means a strict receiver would fail our channel while processing a HTLC routed from a third-party. Fix by enforcing check on both sender and receiver side.
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
cf2918f to
16edc6d
Compare
|
Rebased 16edc6d |
|
Doesn't build. |
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
16edc6d to
43d7ceb
Compare
|
As discussed, we should never be sending an htlc_minimum_msat of < 1 to any of our peers, so this needs an update to check for that. |
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
43d7ceb to
fe5200d
Compare
lightning/src/util/config.rs
Outdated
| /// Announced in `open_channel`/`accept_channel` according if it's an inbound/outbound | ||
| /// channel. Enforced at `update_add_htlc` reception with other HTLC sanitization checks. |
There was a problem hiding this comment.
| /// Announced in `open_channel`/`accept_channel` according if it's an inbound/outbound | |
| /// channel. Enforced at `update_add_htlc` reception with other HTLC sanitization checks. | |
| /// This value is sent to our counterparty on channel-open and we close the channel any time | |
| /// our counterparty misbehaves by sending us an HTLC with a value smaller than this. | |
| /// | |
| /// If the value is less than 1, it is ignored and set to 1, as is required by the protocol. |
Enforce a minimum htlc_minimum_msat of 1. Instead of computing dynamically htlc_minimum_msat based on feerate, relies on user-provided configuration value. This let user compute an economical-driven channel parameter according to network dynamics.
ariard
force-pushed
the
2020-02-fix-zero-msat-htlc
branch
from
fe5200d to
dd9c476
Compare
Failing this requirement at sending means a strict receiver would
fail our channel while processing at HTLC routed from a third-party.
Fix by enforcing check on both sender and receiver side.
BOLT2:
A sending node MUST offer amount_msat greater than 0.
A receiving node receiving an amount_msat equal to 0, OR less than its own htlc_minimum_msat SHOULD fail the channel.